INFORMATION ON THE PROCESSING
OF PERSONAL DATA
of the users visiting the websites of the Italian data protection authority
Pursuant to Article 13 of the EU Regulation 2016/679
WHAT IS THIS INFORMATION?
The information provided below describes, as required by the EU Regulation 2016/679, the processing operations performed on the personal data of the users visiting the Italian data protection authority’s (hereinafter, the “Garante”) websites. Those websites include the following:
The information provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above websites but relate to resources outside the Garante’s domain.
Visiting the websites listed above may result into processing data relating to identified or identified natural persons.
The data controller is the Garante per la protezione dei dati personali, located in Piazza Venezia, 11, IT-00187, Roma (Email: email@example.com, PEC-certified email: firstname.lastname@example.org, phone (switchboard): +39 06.696771).
DATA PROTECTION OFFICER
The Garante’s Data Protection Officer (DPO) can be contacted here: Garante per la protezione dei personali – Responsabile della Protezione dei dati personali, Piazza Venezia, 11, IT-00187, Roma, email: email@example.com.
LEGAL BASIS FOR THE PROCESSING
The personal data mentioned on this page are processed by the Garante in discharging its tasks that serve the public interest or are related to the exercise of its official authority; this includes raising public awareness and fostering public knowledge of the risks, rules, safeguards and rights concerning the processing of personal data as well as promoting data controllers’ and processors’ knowledge of the obligations imposed on them by the Regulation (Article 57(1), letters b) and d), of the Regulation).
CATEGORIES OF PERSONAL DATA AND PURPOSES OF THE PROCESSING
The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols.
This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user’s operating system and computer environment.
These data are necessary to use web-based services and are also processed in order to
– extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.);
– check functioning of the services.
Browsing data are kept for no longer than seven days (except where judicial authorities need such data for establishing the commission of criminal offences).
Data communicated by users
Sending messages, on the basis of the user’s free, voluntary, explicit choice, to the Garante’s contact addresses, or sending private messages to the Garante’s social media pages and profiles (where this option is available), and filling in and sending the forms made available on the Garante’s websites entail the acquisition of the sender’s contact information – which is necessary to provide a reply – as well as of any and all the personal data communicated in that manner.
Specific information notices will be displayed on the pages of the Garante’s websites that are used for providing certain services.
Cookies and other tracking devices
No cookies are used to profile users nor are other user tracking systems implemented.
So-called session (non-persistent) cookies are used exclusively to the extent this is necessary to enable secure, efficient browsing. Storage of session cookies in terminal equipment or browsers is under the user’s control, whilst cookie-related information is stored server-side after HTTP sessions in the service logs for no longer than seven days like all other browsing data.
The following entities are recipients of the data collected in the course of visiting the websites listed above. They have been appointed as data processors by the Garante pursuant to Article 28 of the Regulation:
Etcware S.r.l., as for www.garanteprivacy.it, garanteprivacy.it, www.gpdp.it, gpdp.it, www.dataprotection.org, dataprotection.org, being a provider of the web platform development and maintenance services;
Almaviva – The Italian Innovation Company S.p.A., as for servizi.gpdp.it, being the provider of the development and operational supply and management services for the technological platforms relied upon.
The personal data collected as above are also processed by staff from the Garante, acting on specific instructions concerning purposes and arrangements of such processing.
DATA SUBJECTS’ RIGHTS
Data subjects have the right to obtain from the Garante, where appropriate, access to their personal data as well as rectification or erasure of such data or the restriction of the processing concerning them, and to object to the processing (pursuant to Articles 15 to 22 of the Regulation). Please contact the Garante’s DPO (Garante per la protezione dei personali – Responsabile della Protezione dei dati personali, Piazza Venezia, 11, IT-00187, Roma, email: firstname.lastname@example.org) to lodge all requests to exercise these rights.
RIGHT TO LODGE A COMPLAINT
If a data subject considers that the processing of personal data relating to him or her as performed via this website infringes the Regulation, he or she has the right to lodge a complaint with the Garante pursuant to Article 77 of the Regulation, or else to bring a judicial proceeding against the Garante pursuant to Article 79 of the Regulation.