top of page


The data controller reports the information pursuant to art. 12, 13 and 14 of the GDPR relating to the processing of personal data provided by the Customer / interested party through the compilation and subscription by spontaneously uploading personal data to this website (in particular by filling in forms) or simply by browsing it.

  1. Data controller and contact details

The data controller is  Malmadur - Ass. Cult. H2O non-potable theater, based in Venice, Santa Croce 1538A, PI 04217050279, tel. 340 4878558 , email , web

  1. Principles applicable to processing

In accordance with the provisions of the GDPR, the data controller continuously strives to ensure that personal data are:

  • processed lawfully, transparently and correctly;

  • collected for specific, explicit and legitimate purposes, and subsequently processed in a way that is not incompatible with these purposes;

  • adequate, relevant and limited to what is necessary with respect to the purpose for which they are processed;

  • accurate and, if necessary, updated;

  • archived for a period of time not exceeding the fulfillment of the purposes for which they are processed;

  • processed, through appropriate technical and organizational measures, in order to guarantee security;

  • processed, if by virtue of consent, by decision freely taken by the Customer / interested party, on the basis of the request presented in a clearly distinguishable way from the rest, in an understandable and easily accessible form, using simple and clear language.

The data controller uses compliant technical and organizational measures in order to ensure the protection of personal data from the design stage and to ensure that, by default, only the data necessary for each specific processing purpose are processed.
The data controller collects and takes the utmost account of the indications, observations and opinions of the Customer / interested party transmitted to the addresses indicated above, in order to increase the dynamic privacy management system that ensures effective protection of people, with regard to the processing of their data.

  1. Methods of processing personal data

The processing of personal data is carried out manually and with electronic tools, in order to guarantee the security and confidentiality of the data.

  1. Categories of personal data processed

The data controller mainly processes identification / contact data (name, surname, addresses, telephone numbers, e-mail addresses.
The computer systems and applications that allow websites to function correctly acquire, during their function, some personal data, the transmission of which is included in the use of internet communication protocols. This is information that is not collected to be associated with identified subjects, but which, by its very nature, could allow the data subject to be identified. This category of information includes geolocation data, IP addresses, browser type, operating system, domain name and addresses of websites from which access or exit was made, information on the pages visited by users within of the site, access time, stay on the single page, analysis of the internal path and other parameters relating to the operating system and the user's IT environment. It is therefore information that allows users to be identified through processing and association also with data held by third parties. The Site can then use cookies, both session (which are not stored on the computer of the interested party and disappear when the browser is closed) and persistent, for the transmission of information of a personal nature, or in any case systems for tracking of interested parties.

  1. Source of personal data

The personal data that the data controller processes are collected directly by the data controller from the Customer / interested party at the time of, and during, navigation of this on the Site (or using other social or web applications of the data controller.

  1. Criteria for determining the retention period of personal data

The retention period of the personal data released by the Customer / interested party, and their possible treatment, coincides with the limitation period of the rights / duties (legal, tax, etc.) described in the Contract: basically 10 years, therefore, except for the occurrence of interrupting events of the ordinance that could extend the expiry period.

  1. Rights of the Customer / interested party

The data controller recognizes - and facilitates the exercise, by the Customer / interested party, of - all the rights provided for by the GDPR, in particular the right to request access to their personal data and to extract a copy (Article 15 of the GDPR ), to the rectification (Article 16 of the GDPR) and to the cancellation of the same (Article 17 of the GDPR), to the limitation of the processing that concerns them (Article 18 of the GDPR), to the portability of data (Article 20 of the GDPR, where the conditions) and to oppose the treatment that concerns him (articles 21 and 22 GDPR, for the hypotheses mentioned therein and, in particular, to the treatment for marketing purposes or that results in an automated decision-making process, including profiling, which produces legal effects concerning him, where the conditions exist). The data controller also recognizes the Customer / interested party the right to withdraw said consent at any time, if the processing is based on consent, without prejudice to the lawfulness of the processing based on the consent given before the revocation. To do this, the Customer / interested party can unsubscribe at any time on the Site or using the appropriate link at the bottom of each commercial communication received, or by contacting the data controller directly at the addresses indicated above. The data controller also informs the Customer / interested party of the right to lodge a complaint with the Guarantor Authority for the Protection of Personal Data, as a supervisory authority operating in Italy, and to propose a judicial appeal, so much against a decision of the Guarantor Authority. , as well as towards the data controller himself and / or a data processor.

  1. Systems and personal data security

The data controller undertakes to ensure that anyone who works under his own authority and has access to personal data does not process such data unless instructed to do so by the data controller himself. That said, the Customer / interested party acknowledges and accepts that no security system guarantees absolute protection in terms of certainty; therefore, the data controller is not liable for acts or facts of third parties who illegally, despite the appropriate precautions taken, should access the systems without the necessary authorizations.

  1. Automated decision-making processes, including profiling

The data controller may carry out automated processing, including the profiling, above, to optimize the navigability of the Site (or the usability of other social or web applications of the data controller), except as specified above with regard to the rights of opposition and revocation. of the consent from the Customer / interested party. Profiling means any form of automated processing of personal data aimed at measuring certain parameters regarding a natural person, in particular to study or predict aspects concerning, for example, interests, preferences or where the aforementioned person is located, including at in order to create profiles, or groups of similar subjects by characteristics, tastes or behaviors.

bottom of page