Information on the processing of personal data of users visiting the EpiCentro web pages of the Istituto Superiore di Sanità pursuant to article 13 of the General Data Protection Regulation (EU) 2016/679.
When the EpiCentro website of the Istituto Superiore di Sanità (ISS) is visited, information relating to an identified or identifiable natural person (personal data) may be processed. This page describes how the website (available at https://www.epicentro.iss.it) manages the processing of personal data of its visitors. This Policy is provided pursuant to article 13 of Regulation (EU) 2016/679 (hereinafter, "Regulation") on the "Protection of natural persons with regard to the processing of personal data and on the free movement of such data".
This Policy only applies to the EpiCentro website and does not cover any online websites, pages or services that may be linked to from that website but relate to external resources.
The Data Controller is the Istituto Superiore di Sanità, located in Rome, Viale Regina Elena 299, 00161 (email: firstname.lastname@example.org)
Data Protection Officer
The Data Protection Officer (DPO) can be contacted at this email address: email@example.com
Legal basis for processing
Personal data are processed by the ISS for the performance of tasks carried out in the public interest or in the exercise of its institutional functions.
Types of processed data and purposes of the processing
a) Browsing data
During their normal operation, the IT systems and software procedures used to run this website acquire personal data, the transmission of which is implicit in the use of Internet communication protocols. Such data are not collected to be associated with any identified data subject but could, by their very nature and as a result of processing and association with information held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used to access the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used to submit a request to the server, the size of the response file, the numerical code identifying the server response status (e.g., successful, error) and other parameters related to the user’s operating system and computer environment. Such data are used for the sole purpose of obtaining anonymous statistical information on the usage of the website and verifying its correct functioning, and are deleted immediately after processing. Data could be used to identify those responsible for any cybercrime targeting the website.
b) Data provided voluntarily by the user
Optionally, explicitly and voluntarily sending messages to the addresses listed on this website, sending private messages to institutional profiles/pages on social media (where this option is available), and filling in and sending forms available on the pages of the website will result in the acquisition of the sender’s contact details, which are needed to respond to their requests, and of all personal data included in the communications. Failure to provide such information may make it impossible to process the requests. The email addresses of users who have subscribed to the newsletter are used for the sole purpose of sending them the EpiCentro weekly update. This is sent as a blind carbon copy so that recipients will not be able to see each other’s addresses.
Cookies and other tracking devices
Visitors are informed that, in the light of the simplified arrangements to provide information and obtain consent regarding cookies - 8 May 2014 (published in the Official Gazette n. 126 of 3 June 2014), this website directly uses only technical cookies. The following cookies are used:
- ShinyStat for elaborate statistics on visits with anonymized IP
- Google Analitycs for elaborate statistics on visits with anonymized IP
- ShareThis for statistics on the use of share buttons
These analytics cookies can be considered as third-party technical cookies used to collect aggregate information on the number of users and how they use the website.
Such cookies can be installed without the user’s prior consent, without prejudice to the website operator’s obligation, pursuant to Article 13 of the Regulation, to provide all relevant information in the way that they consider most appropriate, if only such devices are used.
Rights of data subjects
The data subject has the right to request from the Data Controller, where appropriate and by sending an email to firstname.lastname@example.org, access to and rectification or erasure of personal data, or restriction of processing of personal data, as well as the right to object to such processing (articles 15 - 22 of the Regulation).
The data subject has also the right to lodge a complaint with the Italian Data Protection Authority, located in Rome, Piazza Venezia 11, 00187, at the addresses specifically provided on the Authority’s website (www.garanteprivacy.it).