INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to Article 13 of Regulation (EU) 2016/679
WHY THIS INFORMATION
Pursuant to Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation”), this page describes how the personal data of users consulting the site are processed.
This information does not concern other sites, pages or online services that can be reached through hypertext links that may be published on the sites.
DATA CONTROLLER
Following consultation of the sites listed above, data relating to identified or identifiable natural persons may be processed.
DATA PROTECTION OFFICER
The Data Protection Officer (DPO) can be reached at the following address: Garante per la protezione dei personali – Data Protection Officer, Piazza Venezia 11, IT-00187, Rome, email: rpd@gpdp.it.
LEGAL BASIS FOR PROCESSING
The personal data indicated on this page are processed by the Garante in the performance of its tasks of public interest or otherwise connected with the exercise of its public powers, including the task of promoting awareness and fostering public understanding of the risks, rules, safeguards and rights in relation to the processing and, likewise, of promoting the awareness of data controllers and processors of the obligations imposed on them by the Regulation (Art. 57(1)(b) and (d) of the Regulation).
TYPES OF DATA PROCESSED AND PURPOSES OF PROCESSING
Browsing data
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.
These data, necessary for the use of web services, are also processed in order to
obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.)
checking the correct functioning of the services offered.
Browsing data do not persist for more than seven days (except in the event of the need to ascertain crimes by the judicial authorities).
Data communicated by the user
The optional, explicit and voluntary sending of messages to the contact addresses of the Garante, private messages sent by users to institutional profiles/pages on social media (where this option is available), as well as the completion and submission of forms on the Authority’s websites, entail the acquisition of the sender’s contact data, necessary for replying, as well as all the personal data included in the communications.
Specific information will be published on the pages of the Garante’s sites set up for the provision of certain services.
Cookies and other tracking systems
Cookies are not used for user profiling, nor are any other tracking methods employed.
Instead, session (non-persistent) cookies are used strictly limited to what is necessary for the safe and efficient navigation of the sites. The storage of session cookies in terminals or browsers is under the user’s control, whereas on the servers, at the end of HTTP sessions, information relating to cookies remains recorded in the logs of the services, with a storage period in any case not exceeding seven days like other browsing data.
RECIPIENTS OF THE DATA
The recipients of the data collected following consultation of the sites listed above are the following subjects designated by the Garante, pursuant to Article 28 of the Regulation, as data processors.
The personal data collected are also processed by the personnel of the Garante, who act on the basis of specific instructions provided with regard to the purposes and methods of processing.
RIGHTS OF THE DATA SUBJECTS
Data subjects have the right to obtain from the Garante, in the cases provided for, access to their personal data and the rectification or erasure of such data or the restriction of processing concerning them or to object to processing (Art. 15 et seq. of the Regulation).