Privacy Policy


INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to article 13 of the 2016/679 EU Regulation

This information is provided to inform you pursuant to art. 13 of the European Regulation n. 679/2016 (hereafter GDPR) regarding the use of your personal data. The Entity undertakes to respect and protect its confidentiality by processing the personal data provided by you in compliance with the provisions of law aimed at ensuring the security, accuracy, updating and relevance of the data with respect to the stated purposes. processing of your personal data.


  1. Identity and contact details of the Data Controller
  2. Contact details of the Data Protection Officer (“RPD”)
  3. Purpose and legal basis of the processing
  4. Type of data and methods of processing
  5. Recipients of personal data
  6. Data controllers and authorized parties
  7. Data retention period
  8. Rights of the interested party


  1. Identity and contact details of the owner

The Data Controller is the Pompeii Archaeological Park, located in Via Plinio 4, Pompeii (NA).


  1. Contact Data of the Data Protection Officer (“RPD”)

As foreseen by the art. 37 of the GDPR, the Authority has proceeded to designate with a formal act the Person in charge of Protection of Personal Data (RPD), which can be contacted at the following e-mail address: or at the headquarters.


  1. Purpose and legal basis of the processing

The personal data provided by users who request dispatch of informative material (newsletters, requests, brochures and documents, reports relating to services or to the site itself …) are used only to perform the service or provision requested upon release of consent.

In addition, the website of the Entity acquires, during normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols and for which reference is made to the Cookie Policy.


  1. Type of data and methods of processing

The optional, explicit and voluntary sending of e-mail messages to the addresses indicated on the website entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the same request. The optional, explicit and voluntary registration through the appropriate web form (newsletter) on our site entails the subsequent acquisition of all the data reported in the fields filled in by the user and the processing is carried out exclusively in fulfillment of the institution’s own institutional activities.

The data provided will be processed with the aid of automated processes suitable to guarantee the security, confidentiality and integrity of the data, exclusively by technical personnel authorized to process and for the time strictly necessary to achieve the purposes for which they were collected in compliance with the legislation on the protection of personal data.

Specific security measures have been adopted to prevent the loss of data, illicit or incorrect use and unauthorized access.


  1. Recipients of personal data

Your personal data will not be disclosed to third parties or disseminated.


  1. Data Processors and Authorized Persons

The Entity may use third parties for the performance of activities and related processing of personal data of which it retains ownership. In accordance with the provisions of the law, these subjects ensure levels of experience, capacity and reliability that ensure compliance with the current provisions on data processing, including data security and have been designated for this purpose as Data Processors by formal deed. . The Managers are subject to periodic checks in order to ascertain the maintenance of the levels of guarantee registered when the initial assignment was entrusted.

Your personal data are also processed by previously authorized internal staff and to whom appropriate instructions are given in order to measures, expedients, modus operandi, aimed at ensuring the concrete protection of your personal data.


  1. Data retention period

Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected.


  1. Rights of the interested party

Pursuant to art. 13, paragraph 2, letters (b) and (d) and 14, paragraph 2, letters (d) and (e), as well as articles 15, 16, 17, 18, and 21 of the GDPR, the subjects to whom the personal data refer have the right at any time to ask the Data Controller to access personal data, rectification, integration, deletion of themselves, the limitation of the processing of data concerning them or to oppose the processing of the same if the conditions laid down by the GDPR occur.

The above rights may be exercised by the interested party by sending a request to the Data Protection Officer, available at the following address:

The interested party has the right to lodge a complaint with the Guarantor for the protection of personal data, following the procedures and indications published on the official website of the Authority:

You may at any time revoke your consent to the processing pursuant to article 7, paragraph 3 of the GDPR by sending a communication to the following address:

The withdrawal of consent does not affect the lawfulness of the treatment based on the consent issued prior to the revocation.