INFORMATION ON THE PROCESSING OF PERSONAL DATA FOR INGV WEB SERVICES PURSUANT TO ART. 13 REG. EU 679/2016 (GDPR)
the Data Controller of personal data, National Institute of Geophysics and Volcanology (INGV) with registered office in via di Vigna Murata 605 00143 Rome (Italy) and e-mail address:
For the GDPR, the legislation on the processing of personal data in the EU Reg. n. 679 of 2016 and the Privacy Code as amended by Legislative Decree 101/2018, you are the "interested person" and have rights and obligations which we illustrate below.
INGV will process your data according to the principles of lawfulness, correctness, transparency, limitation of purposes and conservation, minimization of data, accuracy, integrity and confidentiality.
3. CATEGORIES OF DATA PROCESSED
3.1. Navigation data
The computer systems and programs used for the activity of the site can collect some personal data whose transmission is implicit in the use of Internet communication protocols (e.g. IP addresses, domain names of the computers used by users who connect to the site, the URI - Uniform Resource Identifier - addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code about the status of the response given by the server and other parameters relating to the operating system and user environment). These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Service and to check its correct functioning. However, the aforementioned data could be used to ascertain responsibility in the event of computer crimes against the services offered or to other sites connected or connected to it: except for this eventuality, at present the data on web contacts do not persist if not for up to 365 days.
A cookie is a small text file within which brief information relating to a user's activity on a website is collected and stored on the device that has accessed the web service. In compliance with provisions n. 229 of 8 May 2014 and 231 of 10 June 2021 of the Guarantor for the Protection of Personal Data, we inform you that this web service uses only technical cookies (which DO NOT require consent): they are necessary for the functioning of the web service and allow to access its functions (so-called navigation cookies) and are mostly session cookies whose use is limited to the sole transmission of session identification data in the form of numbers automatically generated by the server necessary to allow safe and efficient exploration of the site and manage authentication for online services and restricted areas. They can be used for analytical/monitoring functions to collect information, in aggregate form, on the number of users and how they visit the site in order to perform anonymous statistical analysis for site optimization without the use of analytical cookies. Session cookies are not stored permanently on the user's computer and are deleted when the browser is closed. The session cookies used on this site avoid the use of other IT techniques potentially prejudicial to the confidentiality of users' browsing and do not allow the acquisition of personal identification data of the user. Other technical cookies have a longer duration specified in the list below. Cookies are not used to transmit information of a personal nature. User profiling cookies are not used.
3.3. Data provided voluntarily by the user
For the consultation of the site, no provision of personal data by the user is required. However, any contacts with the Data Controller, for example to request information via a form, or the spontaneous sending of messages, by e-mail or traditional mail, to the contact details of the Data Controller involve the subsequent acquisition of such personal data of the sender, necessary to respond to requests, as well as any other personal data entered voluntarily by the user in the relative communications (the communication of personal data relating to a minor must be carried out by both parents or by a person exercising parental authority over the minor).
4. PURPOSES AND LEGAL BASES OF THE TREATMENT
4.1. The Data Controller carries out the Processing for the purpose:
• a) Allow you to browse and use the services;
• b) perform the services or provision requested;
• c) fulfill administrative, financial, accounting and/or tax obligations;
• d) fulfill any obligation established by law and/or an order from the Public Authority;
• e) possibly, to assert or defend a right in court;
• f) your data may also be processed to send you communications of public interest or public utility;
4.2. The legal bases of the Processing are as follows:
• a) the need to allow you to browse and access the requested web services, as well as to render the service itself;
• b) carry out the previous points 4.1 af;
• c) the processing is necessary for the execution of a task in the public interest or connected to the exercise of public powers vested in the Data Controller;
• d) any tax data: need to fulfill the obligations referred to in the preceding points 4.1 of the EC.
5. NOTICE TO ADDRESSEES AND DISSEMINATION
5.1. The Data is possibly communicated to third party recipients (including the Public Administration or Judicial Authorities) only to the extent strictly necessary in relation to the aforementioned purposes, or in any case only for the fulfilments necessary for the Service, or those of the law or by order of the Authority.
5.2. The categories of Recipients are as follows:
• a) subjects necessary for the execution of the activities connected and consequent to the execution of the services, linked by a data processing agreement (external managers pursuant to article 28 of the GDPR);
• b) Appointees and persons authorized by the Data Controller who are committed to confidentiality or have an adequate legal obligation of confidentiality (eg employees and collaborators of the Data Controller);
5.3. The Data Controller may also have to communicate data to fulfill legal obligations or to comply with orders from public authorities, including judicial authorities.
5.4. The data will not be disseminated.
6. DATA RETENTION PERIOD
6.1. The Data Controller keeps your Data for the time strictly necessary to achieve the Purposes referred to in point 4.
6.2. These data will be deleted when they are no longer necessary for the purposes indicated above, subject to further conservation obligations established by law.
7. NATURE OF DATA COMMUNICATION
7.1. The communication of personal data referred to in point 3.1 is necessary for navigation: failure to provide it could not connect the source and destination of the packets on the network.
7.2. The communication of personal data referred to in point 3.3 is optional.
8 CONSEQUENCE OF REFUSAL TO COMMUNICATE DATA
8.1. As specified in point 7.1 above, it is not technically possible to refuse to communicate navigation data (insofar as they are personal data).
8.2 In case of refusal to communicate the Personal Data referred to in point 3.3 it will not be possible to respond to requests and/or render the service.
9. RIGHTS OF THE INTERESTED PARTY
9.1. You, as a data subject, have the right to:
a) access your data held by the Data Controller and obtain a copy;
b) request rectification and/or cancellation, where and within the limits in which the conditions are met;
c) request the Limitation of Treatment, where and within the limits in which the conditions are met;
d) oppose, for reasons related to his particular situation, the processing of personal data concerning him.
e) lodge a complaint with the Guarantor for the Protection of Personal Data (www.garanteprivacy.it).
10. INFORMATION UPDATES
10.1. This information refers to the methods of processing visitors' personal data while browsing and using web services. The possible entry into force of new sector regulations, as well as the constant examination and updating of the Service, could lead to the need to vary these methods over time. We therefore invite you to periodically consult this page. For this purpose, this document indicates the date of update.
11. THE DATA PROTECTION OFFICER
10.1. The Data Controller has a Data Protection Officer of the Data Controller (also "RPD" or "DPO"), who you can contact at the following addresses:
Ver. 2.0 Last updated: March 30, 2022