Privacy Policy

PRIVACY POLICY

This document is a privacy notice provided pursuant to Articles 13 et seq. of EU Regulation 679/2016 (“GDPR“) to all those who visit the Site and/or interact with Musa – Multilayered Urban Sustainability Action S.c.a.r.l. (“MUSA”).
This document describes the methods of management of the website https://musascarl.it/ (“Website”), with reference to the processing of personal data of users (“User/Users”) who consult it, as well as the further processing carried out by MUSA.

The information is provided only for the Website and not also for other websites that may be consulted by the User through links on the Website.

1. Data controller 

The data controller is MUSA – Multilayered Urban Sustainability Action S.c.a.r.l., with registered office in Piazza dell’Ateneo Nuovo n. 1 – 20126 Milan, e-mail address info@musascarl.it and pec musa-scarl@legalmail.it (“Controller“).

The Controller acknowledges that it has appointed a Data Protection Officer (“DPO“) who can be contacted at the following email address: dpo@musascarl.it

2. Types of data processed

2.1 Navigation data

The computer systems and software procedures used to operate the Website acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. 

This is information that is not collected in order to be associated with identified individuals, but which by its very nature could make it possible to identify Users. This category of data includes (i) the IP addresses or domain names of the computers used by Users who connect to the Site, (ii) the URI (Uniform Resource Identifier) notation addresses of the requested resources, (iii) the time of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response given by the server (successful, error) and (vii) other parameters relating to the User’s operating system and computer environment.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and is deleted immediately after processing.

2.2 Cookies

For data processing via cookies, please see the relevant policy, available at the following link. 

2.3 Data voluntarily provided by the User

The optional, explicit and voluntary sending of electronic mail to the Controller’s email addresses indicated on the Website entails the acquisition and processing by the Controller of such data and any other information contained in such communications for the purposes indicated in paragraph 3.2 below.

2.4 Data provided as part of surveys and censuses conducted by the Data Controller

The Controller processes the personal data collected as part of the surveys and censuses it organises in order to acquire information on the progress of the activities carried out within the MUSA Project, for the purposes indicated in section 3.3 below.

3. Purpose and legal basis for processing

The processing of the User’s personal data by the Controller is for the purpose of:

1. to pursue, in accordance with Article 6.1(f) of the GDPR, its own legitimate interest, consisting in ensuring the security of the Site and the information exchanged on it, i.e. the ability of such Website to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the related services offered or made accessible;
2. fulfil the requests made by the User by sending electronic mail to the Controller’s email addresses indicated on the Website, pursuant to Article 6.1(b) of the GDPR;
3. enable the Controller to pursue its legitimate interest, consisting of conducting surveys and censuses on specific projects related to activities carried out within the MUSA Project, pursuant to Article 6.1(f) of the GDPR.

4. Consequences of any refusal to respond

The provision of data for the purposes referred to in the preceding paragraph is optional. A refusal, however, would result in the impossibility for the User to communicate with the Controller and for the Controller to fulfil the User’s requests, as well as to ensure the security of the Website and the information exchanged on it.

5. Methods of processing

Personal data are processed using manual, computer and automated systems. In order for the data to be processed correctly, it is necessary for the data subject to communicate any changes in them in a timely manner.

It should be noted, in particular, that the User’s personal data are processed by persons duly appointed for the performance of such tasks, constantly identified and/or appointed, duly instructed and made aware of the constraints imposed by law, as well as through the use of security measures designed to ensure the protection of your confidentiality and to avoid the risks of loss or destruction, unauthorized access, unauthorized processing or processing that does not comply with the above purposes. Security measures are constantly improved according to technological development.

6. Communication and dissemination of data

Personal data collected on the Website may not be disclosed, sold or transferred to third parties, except as required by law.

This is without prejudice, in any case, to the communication of data to companies expressly appointed to perform certain services within the scope of the activity carried out by the Controller and/or, in general, in its favor, which will operate as autonomous data controllers and/or data processors, as well as the communication and/or dissemination of data required, in accordance with the law, by police forces, judicial authorities, information and security bodies or other public entities for purposes of defense or state security or the prevention, detection or repression of crimes.

7. Extra-EU data transfer

Users’ data may be subject to transfer to non-EU countries, which will take place in accordance with the provisions of Articles 44 et seq. of the GDPR. In particular, the transfer may take place on the basis of an adequacy decision adopted by the European Commission (Art. 45 GDPR) or, for those countries where there is no Commission decision, on the basis of adequate safeguards, such as standard contractual clauses or other appropriate instrument under Art. 46 GDPR, supplemented with additional security measures.  

8. Rights of the data subject

Pursuant to Articles 15 et seq. of the GDPR, the User has the right to obtain:

1. confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in intelligible form and/or access to them;
2. a copy of your personal data;
3. the rectification of any of your personal data that may be inaccurate;
4. the deletion of your personal data;
5. the restriction of the processing of your personal data;
6. in a structured, commonly used and machine-readable format the personal data that you have provided to us or that you yourself have created-excluding judgments created by the Controller and/or persons authorized to process your data on behalf of the Controller pursuant to Article 4 of the Regulations-and to transmit them to another data controller (so-called right to data portability);
7. indication:
   1. of the origin of personal data; 
   2. of the categories of personal data processed;
   3. of the purposes and methods of processing;
   4. of the logic applied in the case of processing carried out with the aid of electronic instruments;
   5. of the identification details of the Controller and any processors;
   6. of the retention period of your personal data or the criteria useful for determining this period;
   7. of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of the data in their capacity as designated representative in the territory of the State, as managers or persons authorized to process the data in the name and on behalf of the Controller ex art. 4 of the GDPR;
   8. the updating, rectification or, when interested, the integration of data;
   9. the transformation into anonymous form or the blocking of data in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
   10. certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the right protected

You also have the right to object, in whole or in part:

1. for legitimate reasons, to the processing of personal data concerning you, even if relevant to the purpose of collection.

To exercise the above rights, Users may send a written request to the e-mail address info@musascarl.it or by contacting the DPO atdpo@musascarl.it indicating “Privacy – Exercise of Privacy Rights” in the subject line.

Finally, we inform you that if you believe that your rights have been violated by the Controller and/or a third party, you have the right to file a complaint with the Data Protection Authority and/or other competent supervisory authority under the GDPR.

9. Duration of processing and storage of personal data

The User’s personal data will be processed by the Controller only for the period of time necessary to achieve the purposes of the processing referred to in paragraph 3 above, after which it will be kept only in execution of the relevant legal obligations, for administrative purposes and/or to assert or defend one’s right, in case of litigation and pre-litigation. 

The processing of the User’s data for the purposes referred to in paragraph 3.1 above will be carried out for the time strictly necessary to provide feedback to the User and in any case no longer than 12 months.

*** *** ***

This Privacy policy was updated on 06.02.2025. Any updates will always be posted on this page.