PERSONAL DATA PROCESSING POLICY
D.Lgs.196/2003 – Reg. UE 2016/679
Personal data is information that can be used to identify or contact an individual.
This website, which abides by personal data protection European Regulation n. 679/2016, c.d. GDPR and National legislation - Lgs D. June 30th 2003 n. 196, (c.d. Codice Privacy) and subsequent amendments, pursues and protects User privacy, making sure every possible and proportionate effort is made not to infringe user rights.
- Legal basis of the processing
The provision of data and Consent to collect and process data are optional, the User can deny consent and can revoke consent if already given by simply forwarding a request to the Holder at any time. Denying consent may make it impossible to provide certain services and the browsing experience on the website could be compromised.
- Purposes of the data collected
Personal data is collected and processed by the Holder of the processing for purposes strictly connected to the use of the Website and its informative services as well as retention, archiving and elaboration operations are compatible with such purposes.
In particular, personal data can be processed for the following:
- provide the requested service
- answer possible requests
- fulfil legal obligations
- send communications after express authorisation
In addition, it is also noted that like all websites this website too uses log files in which information collected automatically during user visits is retained .
- The collected information could be the following:
- internet protocol address (IP);
- type of browser and parameters of the system used to connect to the website;
- the name of the internet service provider (ISP);
- date and time of visit;
- webpage of origin of the visitor (referral) and exit page;
- possibly the number of clicks.
- Information is processed automatically in order to verify the correct functioning of the website and, from 25/5/2018, it is processed pursuing the legitimate interests of the Holder of the treatment for security reasons.
- For safety purposes (antispam filters, firewall, virus detection), data automatically registered could also include personal data like IP addresses. Abiding to applicable laws, this could be used to block attempts to damage the website itself or harm other users, as well as any criminal damaging activity. Such data is never used to identify or profile the user but only to protect the website and its users.
- The data collected by the website during its functioning is used exclusively for the abovementioned purposes and it is retained for the time strictly necessary to carry out the specific activities. The data collected by the website will not be shared with third parties unless the User gives express consent, or in case the judicial authority legitimately requests it and only in the cases provided by law.
- Place of processing
The Holder of the Processing treats the data collected by the website at its Headquarters and inside the Hosting Provider. The latter is nominated Responsible of the data processing and elaborates data on behalf of the Holder within the European Economic Area and acts in accordance with European laws.
- Transfer of data in non-EU countries
This website may share some of the collected data with services which are located outside the European Union. In particular, with Google, Facebook and Microsoft (LinkedIn) through social plug-ins and the Google Analytics service. The transfer is authorized on the basis of specific European Union decisions and those of the Guarantor for the protection of personal data, in particular decision 1250/2016 (Privacy Shield - https://www.garanteprivacy.it), hence no additional consent is due. The abovementioned companies guarantee their acceptance of the Privacy Shield.
- Categories of recipients of personal data
Personal data may be communicated to subjects typically acting as responsible of the processing ex art. 28 of the Regulation, that is:
- persons, companies or professional offices carrying out assistance or consultancy for the Holder on accounting, administrative, legal, tax and debt collection / legal advice matters connected to the provision of the Services;
- subjects with whom it is necessary to interact for the provision of the Services (for example the Hosting provider);
- subjects in charge of technical maintenance (including maintenance of the network devices and electronic communication networks);
- subjects, institutions and authorities, which are autonomous holders of the processing or to whom it is mandatory to communicate the data in accordance with provisions of law and orders from the Authorities;
- persons “authorized” ex art. 29 of the Regulation by the Holder to process personal data, who are necessary to carry out the activities strictly connected to supplying the Services.
The Holder will make the list of such subjects available to the Interested Person on request.
- Security measures
This website processes data from the users in a legitimate and correct manner, adopting the appropriate security measures to prevent non-authorized accesses, disclosures, modifications or destruction of data. The processing is carried out by means of IT tools with organizational and logistic modalities strictly connected to the stated aims.
- User rights
Under EU rules (UE Regulation 2016/679) and National legislation, Users can, in accordance with foreseen modalities and limitations, exercise the following rights:
- request confirmation of the existence of personal data regarding them (right of access);
- know its origin;
- receive intelligible communication about it;
- receive information about the logistics, the modalities and the aims of the processing;
- request the updating of their data, i.e. correction, integration, cancellation, modification to anonymous form, blocking of the processed data if violating the law, including data that is no longer necessary to pursue the aims for which it was collected in the first place;
- in case the processing is based upon consent, receive the data given to the Holder, at the mere cost of eventual support, in a structured and legible form for a data processor and in a format commonly used by an electronic device;
- the right to make a complaint to the Supervisory Authority (Privacy Authority);
as well as, in general, exercise every right recognised to the user by the legal provisions in force.
The requests are to be forwarded to the Holder of the processing.
In case the processing of data is based on legitimate interests, the rights of the persons involved in the processing are however guaranteed (except the right to the portability which is not foreseen by the rules), in particular the right to object to the processing that can be exercised by sending a request to the Holder of the treatment.
- Holder of the processing
- External Data Processors
Cookies are small text files that the websites visited by Users sent to their terminals, where they are memorised to be then transmitted to the same websites when they are visited again. Third-party cookies are, instead, those placed by a different website other than the visited one. This happens because on every website there may be elements (images, maps, sounds, specific links to web pages belonging to other domains, etc.) located on servers other than the visited one.
Types of cookies
Depending on their characteristics and usage, cookies are distinguished by different categories:
- Technical cookies: they are those used only to "carry out the transmission of communication through electronic communication networks, or to the extent strictly necessary for the service provider of the information company to supply the service explicitly requested by the subscriber or the user" (see art. 122, comma 1, of the Code). They are not used for any further purpose and are usually installed directly by the holder or manager of the website. They can be divided into browsing or session cookies, which allow for normal browsing and use of the website; cookie analytics, integrated with technical cookies when they are directly used by the website manager to collect information, in aggregate form, about the number of users and how they visit the website; functionality cookies, which allow the user to brows following a series of criteria selected to improve the service. To install such cookies no prior consent in required from users, while it remains mandatory that the policy be provided pursuant to art. 13 of the Code, and the manager of the website, if only such devices are used, can supply it in the way considered more suitable.
- Profiling cookies: these are aimed to create User profiles and are used to send advertising messages in accordance with the preferences shown when browsing. Because these devices may be particularly invasive as far as the users’ private lives are concerned, European and Italian legislation foresees that users have to be duefully informed about their purpose so they can express their valid consent (art. 7 of Reg. UE 2016/679). This website does not use profiling cookies.
- Cookie analytics
This website also includes components transmitted by Google Analytics, a service that analyses web traffic and is supplied by Google, Inc. ("Google"). Such cookies are used with the only purpose of monitoring and improving the performance of the website. For further information, please visit the link below:
Users can deactivate the actions of Google Analytics selectively by installing the opt-out component provided by Google on their browsers. To deactivate Google Analytics actions, please visit the following link:
Duration of cookies
Some cookies (session cookies) remain active only until the browser is switched off or until logout. Other cookies "survive " after switching off the browser and are still available when the user visits the site again. These cookies are called persistent and their duration is set by the server when they are created. In some cases a deadline is set, in others their duration is unlimited.
Users can decide either to accept cookies or not by using the settings of their browsers.
Attention: when technical cookies are deactivated either totally or partially it can compromise the optimal usage of the website. Deactivating “third-party” cookies does not compromise browsing in any way.
Settings may be defined specifically for different websites and web applications. Moreover, browsers allow to define different settings for “owner” cookies and "third-party" cookies. For example, in the menu Tools->Options->Privacy in Firefox, it is possible to access a control panel where to either accept the various types of cookies or not and proceed to their removal. On the internet it is easy to find documentation on how to manage cookies for the used browser. Please find some examples of addresses regarding the main browsers below.
Types of cookies used by our website
|_ga_031HNLVN7Y||.spitaler.it||No description||1 years 11 months 28 days 23 hours 59 minutes||Other|
|_ga||.spitaler.it||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.||1 years 11 months 28 days 23 hours 59 minutes||Analytics|