Website policy on the use of personal data and cookies

The website of the Museo Galileo – Istituto e Museo di Storia della Scienza (hereafter Museo Galileo) consists of several sections, and therefore will be referred to in this document as the Portal. The policy described below applies to all of the sites accessible through the Portal, which can be found in the following domains:

• museogalileo.it
• imss.fi.it
• latoscanadileonardo.it
• reneu.eu

This information is being provided to the interested parties (hereafter referred to as Users and User), in accordance with articles 13 and 14 of the EU General Data Protection Regulation (GDPR) 679/2016, by the owner of the website, Museo Galileo ­– Istituto e Museo di Storia della Scienza (Piazza dei Giudici n. 1, Florence, Italy; e-mail This email address is being protected from spambots. You need JavaScript enabled to view it., tel. +39 055 265 311) and pertains to the Portal of the Museo Galileo.

It is the responsibility of the Users to read this document carefully before providing any personal information or completing and sending any form hosted at this Portal.

The data collected at this website includes:

Log Data

This data acquired by the Portal in order to carry out its operations (e.g., information conveyed through internet protocols). None of it will be communicated to third parties or disseminated in any form.

This category of data includes the IP addresses or domain names of the computers and terminals of the Users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the pages visited, the date and time of visits, the method used to send requests to the server, the size of the page accessed, server response status codes (e.g., successful response, error message, etc.), and other parameters pertaining to the operating system and the Users’ browsing history. 

This data is required to carry out anonymous statistical analyses of website use (most visited pages, number of pages visited daily or in a given time band, the geographic location of Users, etc.) and to monitor the functioning of the website.

Data provided by the User through:

• signing up for the Museo Galileo – IMSS newsletter
• signing up to the website biglietteria.museogalileo.it
• comments sent to the Portal
• use of the institute’s library services and its on-line library
• the User’s participation in projects connected with the Museo Galileo

This data will be used only for the purposes specified on the information page of the websites hosted at the Portal of the Museo Galileo relative to their services and activities.

All processing and use of personal data will be carried out in a manner consistent with the restrictions and with the requirements of legality, confidentiality, accuracy and completeness set out in article 5 of the GDPR and other regulations in force.

The museum’s technical staff has installed reliable and secure procedures for the collection and management of all personal data in conformity with article 32 of the EU Regulation, ensuring the security of this data against loss, unlawful or incorrect use, or access by unauthorized parties.

The legal basis for the use of personal data for the purposes specified above lies in the express consent of the User. If the requested consent is not given, the website will not be able carry out the operations described above.

Personal data may be processed and used not only by authorized staff members of the Museo Galileo, but also by outside companies, institutions, associations, consultants and professionals employed to provide specific technical or administrative services connected with the website’s activities, in conformity with article 28 of GDPR.
A list of authorized persons can be provided on request.
Access to the personal data of Users may also be granted to other third parties on the basis of the rules outlined above. These include:

• civil service personnel who are legally entitled to receive such information in the conduct of their regular duties
• individuals working in the private or public sector, in both EU and non-EU countries, with whom the Museum has signed agreements to collaborate in the provision of its services.

In keeping with the principles of reasonable and commensurate use, no personal data will be stored for longer than is necessary to serve its purpose, or longer than the time specified on the information page of the websites hosted at the Portal and responsible for specific activities and services of the Museo Galileo.

The GDPR specifies a series of rights as outlined in articles 15 to 22, which include the User’s right to view, correct or cancel the personal data stored; restrictions to the processing of this data; the User’s right (if specified by the website) to refuse consent to their use; and the right to have a copy of the personal data collected in a standard format. The User has the right to revoke his/her consent at any time, while the status of the data gathered based on previously granted consent remains legal.

As stipulated in article 77 of the GDPR, the User has the right to file complaints with the relevant administrative authority – the Garante per la Protezione dei Dati Personali.

Cookies are packets of information that are sent from the website to the user’s device (computer, tablet, etc.) to store data and personalize settings relating to the services of the site. When the User visits a page, the website sends information to the User’s browser, which creates a cookie. Thereafter, each time the User returns to the site the browser retrieves this information and sends it to the site’s server. The types of cookies used by the Museo Galileo Portal are:

Technical cookies

These are used exclusively to allow access to the services of the Portal and contain information such as the choice of language. They may be of two types: session cookies, which are automatically deleted when the User leaves the browser, or persistent cookies that expire after a specified length of time.

Third-party cookies

These are collected by third parties (such as Google Analytics, which uses personal data to conduct anonymous statistical analyses of site usage) while the User is browsing the Portal.

The User who continues to navigate the website of the Museo Galileo Portal implicitly accepts the cookie policy and the use of cookies within the limits described here.

If the User decides not to accept the terms described here, he/she is invited to change the browser settings or to leave the website. The disactivation of certain cookies may limit the functionality of the website.

Information pursuant to articles 13 and 14 of EU Regulation no. 679/2016 dated 27 April 2016, “on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/ED (General Data Protection Regulation, hereinafter referred to as the GDPR)”

Pursuant to articles 13 and 14 of Regulation EU 2016/679 we herewith inform visitors to the Museo Galileo and users of the services provided by the museum of the following:

1. The Museo Galileo – Istituto e Museo di Storia della Scienza located in Piazza dei Giudici n° 1, Florence (hereinafter also referred to as “Museum”) is the responsible entity to this agreement.
2. The personal data furnished by users will be processed by the Museum itself for the purposes of the institution, connected with or contributing to the activities of the Museo Galileo, and therefore necessary for the provision of its contractual services and the fulfillment of its legal obligations in terms of its administration and bookkeeping, as well as all other legal obligations assumed as the responsible entity to this agreement. The Museum will in addition, for the same purposes as specified above, conduct statistical studies on aggregate, duly anonymized data.
3. The processing of all personal data will be conducted in conformity with the principles of lawfulness, accuracy, fairness, transparency, and confidentiality as required by article 5 of the GDPR and the other laws and regulations in force. All data will be processed in a correct and transparent manner either manually or by computer and stored in printed, digital and/or other forms in designated archives that will be constantly monitored using adequate procedures and security measures, in conformity with the requirements laid out in article 32 of Regulation EU 2016/679 in order to safeguard and ensure the confidentiality of all personal data, and to prevent any loss or illicit use of, or unauthorized access to this data.
4. The legal basis for the processing of personal data as per point 2 lies in the specific contractual agreement established for the provision of services and the fulfillment of the associated legal obligations. The processing of this data is retained to be indispensable to the execution of the contract to which the user is co-signatory and refusal of consent by the user will render the Museum unable to proceed with the execution of the services themselves.
5. The processing of personal data will be undertaken by members of the Museum staff at the express request of organizations, companies or consortiums, and also by outside professionals and consultants designated as per article 28 of the above-cited EU regulation. These contracted service providers will furnish specific data processing or administrative services or carry out functions connected with, necessary to, or in adjunct support of the Museum and its activities as outlined above.
   A list of the duly authorized Museum personnel and outside service providers is available on request from the Museum.
6. The personal data referred to above may be provided by the Museum to public entities, as allowed for by the relevant laws and regulations, in order to enable them to carry out their duly mandated administrative functions.
7. In adherence to the EU’s principles of necessity and proportionality, the data as specified in point 2 will not be kept for periods longer than is indispensible for the realization of the objectives outlined above and therefore the time necessary for the proper execution of its contractual obligations, and in any case no longer than the 10 years stipulated in the Civil Code on this matter.
8. The GDPR recognizes a series of rights held by the user as dictated in articles 15 to 22, among them full access rights to his/her own personal data, the right to correct or cancel any of this data, to limit its processing, and to deny permission for its use in direct marketing activities. The interested party has the right to revoke his/her consent at any time, without prejudicing the legality of the use by the Museum of the data as consented to by the interested party up to the date of the his/her revocation of consent.
9. The interested party has the right to file a complaint regarding the improper use of his/her data with the relevant authorities as provided for in art. 77 of EU regulation 2016/679.

The responsible party to this agreement may be directly contacted at any time: Museo Galileo – Istituto e Museo di Storia della Scienza - Tel. 055 265311 - Fax 055 2653130 - E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

The data controller

Museo Galileo

Information pursuant to articles 13 and 14 of EU Regulation no. 679/2016 dated 27 April 2016, “on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/ED (General Data Protection Regulation, hereinafter referred to as the GDPR)”)”

Pursuant to articles 13 and 14 of Regulation EU 2016/679 we herewith inform visitors to the Museo Galileo and users of the services provided by the museum of the following:

1. The Museo Galileo – Istituto e Museo di Storia della Scienza located in Piazza dei Giudici n° 1, Florence (hereinafter also referred to as “Museum”) is the responsible entity to this agreement.
2. The personal data furnished by users will be processed by the Museum itself:
   a) for the purposes of the institution, connected with or contributing to the activities of the Museo Galileo, and therefore necessary for the provision of its contractual services and the fulfillment of its legal obligations in terms of administration and bookkeeping, and all other obligations assumed as the responsible entity to this agreement;
   b) for the purposes of sending information to users regarding the cultural activities organized by the Museum via the Newsletter, mailings, etc., and for the analysis of data for the purposes of marketing research.
   The Museum will in addition, for the same purposes as specified above, conduct statistical studies on aggregate, duly anonymized data.
3. The processing of all personal data will be conducted in conformity with the principles of lawfulness, accuracy, fairness, transparency, and confidentiality as required by article 5 of the GDPR and the other laws and regulations in force. All data will be processed in a correct and transparent manner either manually or by computer and stored in printed, digital and/or other forms in designated archives that will be constantly monitored using adequate procedures and security measures in conformity with the requirements laid out in article 32 of Regulation EU 2016/679 in order to safeguard and ensure the confidentiality of all personal data, and to prevent any loss or illicit use of, or unauthorized access to this data.
4. The legal basis for the processing of personal data as per point 2a lies in the specific contractual agreement established and in the institution’s compliance with the legal obligations contained therein. The processing of this data is retained to be indispensable to the execution of the contract to which the user is co-signatory and refusal of consent by the user will render the Museum unable to respect its side of the contract. The legal basis for the processing of personal data as per point 2b lies in the express consent given by the user, which is required if the Museum is to carry out its activities and realize its objectives as listed above, and in the absence of which it will not be possible to conduct these activities for the benefit of the interested party.
5. The processing of personal data will be undertaken by members of the Museum staff as expressly requested by organizations, companies or consortiums, as well as by outside professionals and consultants designated as per article 28 of the above-cited EU regulation. These contracted service providers will furnish specific data processing or administrative services or carry out functions connected with, necessary to, or in adjunct support of the Museum and its activities as outlined above, such as the delivery of the newsletter, booking services, or market research.
   A list of the duly authorized Museum personnel and outside service providers is available on request from the Museum.
6. The personal data referred to above may be provided by the Museum to public entities, as allowed for by the relevant laws and regulations, in order to enable them to carry out their duly mandated administrative functions.
7. In adherence to the EU’s principles of necessity and proportionality, the data as specified in point 2a will not be kept for periods longer than is indispensible for the realization of the objectives outlined above and therefore for the time necessary to properly fulfill its contractual obligations, and in any case no longer than the 10 years stipulated in the Civil Code on this matter. The personal data referred to in point 2b will be conserved for 24 months from the date of the most recent consent given. At the end of this period a renewal of the interested party’s consent to the processing of his or her personal data will be requested and if withheld, this data will be cancelled.
8. The GDPR recognizes a series of rights held by the user as dictated in articles 15 to 22, among them full access rights to his/her own personal data, the right to correct or cancel any of this data, to limit its processing, and to deny permission for its use in direct marketing activities. The interested party has the right to revoke his/her consent at any time, without prejudicing the legality of the use by the Museum of the data as consented to by the interested party up to the date of his/her revocation of consent.
9. The interested party has the right to file a complaint regarding the improper use of his/her data with the relevant authorities as provided for in article 77 of EU regulation 2016/679.

The responsible entity to this agreement may directly contacted at any time: Museo Galileo – Istituto e Museo di Storia della Scienza - Tel. 055 265311 - Fax 055 2653130 - E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

The Data Controller

Museo Galileo