Information on the processing of personal data pursuant to Regulation (EU) 679/2016
Pursuant to Regulation (EU) 2016/679 (hereinafter "GDPR"), the following is a description of the methods for processing personal data of users consulting the website www.ogs.it (hereinafter "the Website").
DATA CONTROLLER
The data controller of personal data is the Istituto Nazionale di Oceanografia e di Geofisica Sperimentale - OGS (hereinafter also referred to as "OGS" or "Data Controller"), with headquarters in Borgo Grotta Gigante 42/c - 34010 Sgonico (TS).
To exercise the rights recognized by the REGULATION (EU) 2016/679 (hereinafter "GDPR" or "Regulation") or to request any clarification on the processing of personal data, you can contact the Controller at the following addresses:
telephone 04021401, e-mail PEC ogs@pec.it.
The Data Controller has appointed a Data Protection Officer, who can be reached at the following address: dpo@inogs.it.
INFORMATION ON THE TYPES OF DATA PROCESSED
Navigation data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
Purpose and legal basis of processing
(GDPR Art.13, paragraph 1, lett. c)
This data is used to check the correct functioning of the site and to obtain statistical information (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.). The data could also be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site (legitimate interests of the Data Controller).
Scope of communication
(GDPR Art.13, paragraph 1, lett. e, f)
Only persons authorised to process personal data and subjects who, processing data on behalf of the Data Controller, have been identified as Data Processors may access the data. These subjects are bound to secrecy and confidentiality also on the basis of specific internal regulations. Except as indicated in relation to cookies, the data will not be transferred to third countries.
Period of data retention
(GDPR Art.13, paragraph 2, lett. a)
Except for the need to investigate unlawful acts, data are generally kept for the time strictly necessary to ensure the smooth operation of the site.
Conferment
(GDPR Art.13, paragraph 2, lett. e)
The data is not consigned by the interested party but automatically acquired by the technological systems of the site.
Cookies and other tracking tools
Cookies are small text files that sites you visit send to your browser, where they are stored and then transmitted back to the same sites the next time you visit.
The site only uses technical cookies, used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or to the strictly necessary extent for the provider of an information society service explicitly requested by the subscriber or user to provide such service".
Data provided by the interested party
The optional, explicit and voluntary sending of messages to the contact addresses involves the acquisition and processing of the sender's contact data, necessary to reply, as well as any personal data included in the communications.
Purpose and legal basis of processing
(GDPR Art. 13, paragraph 1, lett. c)
Contact data is requested and processed to provide a response and/or contact the interested party.
Scope of communication
(GDPR Art. 13, paragraph 1, lett. e,f)
Only persons authorised to process personal data and subjects who, processing data on behalf of the Data Controller, have been identified as Data Processors may access personal data. These subjects are bound to secrecy and confidentiality also on the basis of specific internal regulations. Except as indicated in relation to cookies, the data will not be transferred to third countries.
Period of data retention
(GDPR Art. 13, paragraph 2, lett. a)
The data is stored for the time necessary to respond to the message and to manage and process user requests.
Conferment
(GDPR Art. 13, paragraph 2, lett. e)
Failure to provide the mandatory data will make it impossible to send the message.
RIGHTS OF THE INTERESTED PARTY
The Data Controller informs that the Data Subject, has the right to request:
● access to personal data and information (art. 15 of the GDPR);
● the rectification or erasure of the same (Articles 16 and 17 of the GDPR);
● the limitation of the processing of personal data (Article 18 of the GDPR).
Finally, you may:
● object to the processing of your personal data under the conditions and within the limits set out in Article 21 of the GDPR;
● exercise the right to data portability (Art. 20 GDPR).
With regard to processing operations based on consent (pursuant to Articles 6(1)(a) and 9(2)(a) of the GDPR), we inform you that the Data Subject has the right to withdraw such consent at any time (without affecting the lawfulness of the processing based on the consent given before the withdrawal).
Finally, we would remind you that the Data Subject, if they consider that the processing concerning themselves is in breach of the Regulation, has the right to lodge a complaint with a supervisory authority (Personal Data Protection Authority or other competent authority) pursuant to Article 77 et seq. of the GDPR.