Video surveillance information

Index

Information on the processing of personal data in the field of video surveillance

Why this information?

This notice is provided pursuant to Art. 13 of Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR) – regarding the processing of your personal data collected through the video surveillance systems installed at the National Museum of Abruzzo in L’Aquila (MuNDA).

  • 16th-century Castle (Viale Benedetto Croce, 67100 L’Aquila)
  • Former Slaughterhouse (Via Tancredi da Pentima, Borgo Rivera, 67100 L’Aquila)
  • Roman Amphitheater – Amiternum Archaeological Park (SS 80 DIR, KM 0+650, 67100 L’Aquila)
  • Roman Theater – Amiternum Archaeological Park (SS 80 KM 9+500 L’Aquila, 67100 L’Aquila)

In video-monitored areas, specific concise information is displayed on signs placed within the cameras’ range, with references to this complete information.

Personal data will be processed in compliance with the principles of lawfulness, fairness, transparency, relevance, minimization, accuracy, integrity, confidentiality, and accountability, as set forth in the GDPR.

 

Data controller

Who determines the purposes and means of processing your personal data?

Ministry of Culture
Via del Collegio Romano, 27 – 00186 Rome

Acting as
Director of the National Museum of Abruzzo in L’Aquila.
Email: mn-abr@cultura.gov.it
Certified Email: mn-abr@pec.cultura.gov.it
Telephone: +39 0862 085900.

Data Protection Officer

Who oversees the protection of your personal data?
Contact details of the Data Protection Officer (DPO)
Email: rpd@cultura.gov.it
Certified email: rpd@pec.cultura.gov.it

Purpose and legal basis of data processing

For what purpose do we process your personal data?
The installation of video surveillance systems meets the following specific, explicit, and legitimate purposes:
a) Protection of cultural heritage
b) Personal safety
c) Complying with requests from judicial authorities or the police.

The systems are not used for remote monitoring of employees. The video surveillance systems are installed in compliance with Law 300/70 (Workers’ Statute).

Why is the processing of your personal data lawful?
 The processing of personal data through video surveillance systems is lawful because it is necessary to perform a task carried out in the public interest or in connection with the exercise of official authority and to implement the agreement reached with trade union representatives (Article 1, paragraph 1, of Legislative Decree No. 433 of 14 November 1992; Article 6, paragraph 1, letter e) of the GDPR; Articles 4 of Law No. 300/70 and 114 of the Code).

Categories of personal data processed

What types of personal data do we process ?

1. Common personal data
Video images of natural persons captured by cameras (visitors, employees, collaborators, suppliers);

2. Personal data relating to workers
Limited to cases in which the personnel operate in the filmed areas:

  • images that may refer to employees or similar persons during the performance of their work activities;
  • Data processed not for the purposes of monitoring work performance, but merely incidentally and instrumentally to the purposes of security and asset protection.

Retention period

How long is your personal data kept?

Images recorded by video surveillance systems are retained for a period no longer than seven days from their detection, after which they are automatically deleted by overwriting.
The retention period may be exceptionally extended:

  • in case of holidays or closure of some offices;
  • or if it is necessary to retain the images to ascertain an illegal act or to comply with requests from the judicial or public security authorities.

 

Data recipients

To whom can your personal data be disclosed?

Personal data collected through the video surveillance system may be communicated exclusively in the cases and within the limits established by current legislation , and in particular to:

1. Authorized internal personnel:
personnel of the Data Controller expressly authorized pursuant to art. 29 GDPR and art. 2-quaterdecies of the Code.
2. Data Processors:
any external suppliers entrusted with the technical management and maintenance of video surveillance systems, formally designated as Data Processors pursuant to art. 28 GDPR. In particular, companies providing maintenance services and security companies may access the video surveillance systems, within the limits of their respective duties and instructions received.
3. Competent public authorities:
Judicial authorities , police forces, or other public authorities, in the cases provided for by law or upon formal request.

Rights of interested parties

What are your rights and how can you exercise them?

As a data subject, you may exercise, within the limits and under the conditions set forth in Regulation (EU) 2016/679 (Articles 15–22), the following rights:

  • right of access to your personal data (art. 15);
  • right to rectification of your personal data, where specifically applicable to the nature of the data processed (Article 16);
  • right to erasure of your personal data, in the cases provided for by the
  • applicable legislation (art. 17);
  • right to restriction of processing (Article 18);
  • right to object to processing (art. 21).

You can exercise these rights by submitting a request to the Data Controller or directly to the Data Protection Officer (DPO), as indicated above.

How can you file a complaint?

If you believe that the processing of your personal data violates applicable data protection legislation, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), pursuant to Article 77 of the GDPR. The Authority is located at Piazza di Monte Citorio no. 121, 00187 Rome. The procedures for filing a complaint are available on the Authority’s official website: www.garanteprivacy.it. In any case, you have the right to appeal to the competent judicial authority, pursuant to Article 79 of the GDPR.

Will you be profiled?

Your personal data will never be used to obtain information about your preferences or behavior, nor will you be subjected to any decision based solely on the automated processing of your personal data, including profiling.

Will your personal data be transferred outside the European Union?

The processing of personal data (e.g., storage, archiving, and retention of data on our servers or in the cloud) will be limited to the areas of circulation and processing of personal data in countries within the European Economic Area. We are expressly prohibited from transferring personal data to non-EU countries that do not guarantee (or lack) an adequate level of protection, or in the absence of the protection measures provided for by EU Regulation 2016/679 (third country deemed adequate by the European Commission, group BCRs, model contractual clauses, data subject consent, etc.).

PDF Document

Download the documentation

Notices

Extraordinary openings and closings
immagine per Sala 10. I Polittici del XV Secolo

Jun 09, 2026

Jun 26, 2026

Notice to visitors: rooms 10 and 11

immagine per Avviso ai visitatori: Sala 9

May 18, 2026

May 19, 2026

Notice to visitors. Room 9

immagine per la locandina di Come ha fatto un Mammut ad entrare in un castello?

May 13, 2026

Dec 31, 2026

How Did a Mammoth get into a Castle?