Privacy Policy


Pursuant to and for the purposes of article 13 and article 14 of Regulation (EU) no. 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals with regard to the processing of Personal Data, as well as the free circulation of such Data (General Data Protection Regulation, hereinafter, also, “Regulation” or “GDPR”) which repeals Directive 95/46/EC, we inform you that the Personal Data you voluntarily made available to the “Musicus Concentus di Firenze” Cultural Association (hereinafter also only the “Musicus Concentus”) will be processed in compliance with current legislation on the protection of Personal Data and, in any case, with the principles of confidentiality which inspire the activity of the Association.

  1. Data Controller
    The Data Controller is the Musicus Concentus Association, with head office in Piazza del Carmine, 19 – 50124 Florence – tel. 055 287347 – –, where the processed data resides.
  2. Data Protection Officer (DPO)
    The data protection officer is the President of the Musicus Concentus Association, Mr. Fernando Fanutti, tel. 055 287347 –
  3. Object of the Treatment
    The processing treatment of data will concern the personal, identifying data you provided (name, surname, address, telephone, e-mail).
  4. Purpose of the treatment
    The processing of personal data supplied by you by manual and electronic means is solely aimed at subscribing to the newsletter and booking tickets for the concerts organized by the Musicus Concentus Association. The processing of the personal data you provide is also aimed at protecting and safeguarding the rights of the Data Controller connected to privacy, security and risk management, property, as well as for the protection and defense of the rights of its employees, collaborators and partners.
  5. Methods of treatment
    The treatment of data will be carried out in an automated and/or manual form, in compliance with the provisions of art. 32 of EU Reg. 2016/679 and Annex B of Legislative Decree 196/2003 (articles 33 – 36 of the Code) regarding security measures, by the Data Controller and/or specifically appointed persons and in compliance with the provisions of art. 29 of EU Reg. 2016/679.
  6. Provision of data
    The provision of common personal data, or of particular categories of data, is mandatory, as it is necessary for the performance of the activities referred to in point 4 (Purpose of the processing). Any refusal by the interested party to provide such personal data, therefore, will make it impossible to fulfill the activities referred to in point 4 (Purpose of the processing).
  7. Data Retention
    The data processed for the purposes referred to in point 4 (Purpose of processing) will be kept for a period of 10 years from the time they were originally collected.
  8. Data communication
    Personal data may come to the attention of those in charge of the treatment and may be communicated, for the purposes referred to in point 4, only to designated persons in charge of the treatment, any managers, external collaborators and other subjects involved in the organization and management of the activity of the Association.
  9. Data dissemination
    The data collected may be communicated and disseminated in the performance of the service requested by you by the employees, or by the collaborators of the Association.
  10. Rights of the interested party
    At any time, you can exercise, free of charge, pursuant to art. 15 – 22 of EU Reg. 2016/679, as well as art. 7 of Legislative Decree 196/2003, the following rights: a) right to be informed on the purposes and methods of treatment; b) right of access; c) the right to obtain a copy of the personal data held and information on where they are stored; d) right to request the updating, rectification or integration of personal data; e) right to request the deletion of personal data; f) right to limit processing only if one of the following conditions occurs: (i) the data is not accurate or updated; (ii) the illegitimacy of the processing is proven; (iii) the data are necessary for the exercise or defense of legal claims; and (iv) the data subject has objected to the processing; g) the right to object to the processing, in whole or in part, even where it is carried out through an automated decision-making process, including profiling; h) right to withdraw consent to data processing freely and at any time; i) the right to contact the data protection officer; j) right to lodge a complaint with the competent national data protection authority or ad judicial authorities.
    Starting from 25 May 2018, the deadline for full application of the GDPR, in addition to the rights listed, the interested party is also granted the right to data portability: i.e. the right to receive an electronic copy of the personal data concerning him, for any transfer to the interested party or to another owner.
    To exercise their rights, the interested party can contact the Association at the following e-mail address:

Florence, 24 May 2018

Musicus Concentus