INFORMATION NOTICE ON PERSONAL DATA PROCESSING
Information on personal data processing
in order to allow you the access to the pages on the websites whose Internet domain is registered by the Fondazione Istituto Italiano di Tecnologia (hereinafter “IIT Websites”), we kindly ask you to read the rules we apply for management of personal data in accordance with the provisions of Article 12 of the European Regulation 679/2016 (“GDPR”) and in compliance with the Provision of the Protection Authority for Personal Data Processing n. 229 of 8 May 2014.
The disclosure is provided only for the above-mentioned domains and not for other websites that may be accessed by the user through links to other domains.
Therefore, following consultation of IIT Websites, data may be processed on persons identified or identifiable, for which we provide the following information:
The Data Controller for data provided by users is the Fondazione Istituto Italiano di Tecnologia, based in Genova, Via Morego n. 30.
Data Protection Officer
The Responsible person of the Data Protection Department, Rödl&Partner, Milan – Telephone +39 010 71781 – email: email@example.com.
Purposes of data processing
The purposes of data processing refer to Internet browsing on the IIT Websites, and to the possible sending of data related to your person for the request of information by filling out specific forms.
Types of data processed
The IT systems and software procedures for operation of the IIT Websites acquire, during normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified parties concerned, but that by its very nature could, through processing and association with data held by third parties, allow identifying users.
This category of data includes IP addresses or domain names of computers used by users that connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and the user’s IT environment.
This data is only used to obtain anonymous, statistical information regarding websites use and to verify its correct operation and they are deleted after processing. The data could be used to ascertain liability in case of hypothetical computer crimes against the IIT Websites.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mail to the addresses indicated on the IIT Websites involves the subsequent acquisition of the sender’s address required to reply to information requests, and any other personal data included in the message.
In this regard, no user personal data is acquired by the IIT Websites.
Cookies will not be used for the transmission of information of a personal nature, nor so-called persistent cookies of any kind will be used for the tracking of users.
The use of so-called browsing/session cookies (which are not stored permanently on the user’s computer and are deleted once the browser is closed) is strictly limited to the transmission of session identifiers (formed by random numbers generated by the server) which are necessary to enable a safe and efficient exploration of the IIT Websites.
In particular, the IT systems and software procedures for operation of the websites acquire, during normal operation, some data transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified parties concerned, but that by its very nature could, through processing and association with data held by third parties, allow identifying users.
The use of the so-called cookies analytics is done for the sole purpose of obtaining anonymous statistical information on the use of IIT Websites (e.g. the number of website visitors, their origin or the operating system used) and to check its proper functioning.
This category of data includes IP addresses or domain name systems of computers used by users that connect to the websites, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and the user’s IT environment.
The Functionality cookies on the IIT Websites are exclusively used to allow the user to browser according to the chosen language (Italian or English).
Third party cookies
In particular, cookies from youtube.com are used to allow the availability of videos from the aforementioned website, cookies from google.com are used for navigation statistics (Google Analytics), while cookies from twitter.com and from facebook.com enable users to interact with social network.
Methods of processing and storage of data
The data may be processed either by computer or paper for the time strictly necessary to achieve the purposes for which they were collected, complying with the rules on protection of personal data, including those related to data security, to prevent data loss, illegal or incorrect use and unauthorized access.
Mandatory or optional nature of providing data
Apart what specified for browsing data, the user is free to provide personal data contained in the request forms in order to request the sending of information material or other communications.
Failure to provide such data may, sometimes, lead to not obtain what requested.
Below, the links that show the procedures to follow in order to configure the settings of the most used browsers:
• Mozilla firefox
• Internet Explorer
Categories of recipients of personal data
Any data provided by users will not be disclosed by IIT to external parties. Furthermore, the IIT’s obligation to communicate data to the Judicial Authority remains in place, whenever, in this regard, a specific request is sent.
Rights of the data subject
The parties to which the personal data refer have the right to obtain at any time confirmation of the existence of such data and to know the content and origin, verify its accuracy or request its integration or updating, or correction (article 12 of GDPR).
In particular, the interested subject has the right to obtain indication on:
• the origin of personal data,
• purposes and methods of treatment;
• the procedure applied in case of treatment made with electronic means;
• the identification data of the manager, of responsible and representative persons appointed under Article 5, paragraph 2 of GDPR;
• the subjects or categories of subjects to whom the data may be communicated or that may become aware of them, as appointed representative in the State territory, or as managers or appointees.
The interested subject has the right to obtain:
a. update, rectification or, when interested, integration of data;
b. the cancellation, anonymization or blocking of data processed unlawfully, including data whose storage is not required in relation to the purposes for which the data were collected or subsequently processed;
c. certification that the operations under letters a) and b) have been notified, also regarding their content, to those to whom the data were communicated or made known, except where such compliance is impossible or involves a manifestly disproportionate use of means with respect to the protection of this right.