INFORMATION ON THE PROCESSING OF PERSONAL DATA

of users consulting the website www.cantierenuovogaslini.org pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (so-called GDPR)

 

 

WHY THIS INFORMATION

Pursuant to Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation”), this page describes how the personal data of users who consult the website “Cantiere Nuovo Gaslini” (hereinafter also referred to as “Nuovo Gaslini”), accessible electronically at www.cantierenuovogaslini.org are processed.

This information does not concern other sites, pages or online services that can be reached through hypertext links that may be published on the site, but refer to resources outside the domain www.cantierenuovogaslini.org

 

 

DATA CONTROLLER

The data controller of personal data is IRCCS Istituto Giannina Gaslini (hereinafter also “Institute”), with registered office at Via Gerolamo Gaslini n. 5 – 16100 Genova, P.Iva 00577500101, (PEC: protocollo@gaslini.org – URP: relpublico@gaslini.org).

 

DATA PROTECTION OFFICER

The Data Protection Officer (DPO or DPO) can be reached at the following address: IRCCS Istituto Giannina Gaslini, Via Gerolamo Gaslini n. 5 – 16100 Genova – email: dpo@gaslini.org

 

CATEGORIES OF PERSONAL DATA PROCESSED

IRCCS Istituto Giannina Gaslini, as Data Controller will process through the website www.cantierenuovogaslini.org the following personal data:

  1. Navigation data  

The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, make it possible to identify the Interested Parties.

This category of data includes the IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

These data, necessary for the use of web services, are also processed in order to obtain anonymous statistical information on the use of the site and to check the proper functioning of the services offered.

  1. Data communicated by the user

The optional, explicit and voluntary sending of messages to the addresses indicated on this site, as well as the compilation and forwarding of requests and/or reports through the form on the site involves the acquisition of the sender’s contact data, necessary to respond or follow up on requests, as well as all personal data included in text communications.

In particular, the Data Controller processes for the purpose of forwarding the communication and/or report:

  • personal data (e.g., first and last name)
  • contact data (email address)
  • additional data entered freely in the text mask

Specific information is published on the pages of the site prepared for the provision of this service.

 

PURPOSE OF PROCESSING, LEGAL BASIS AND STORAGE PERIOD

The personal data of data subjects are processed by the Data Controller to the extent strictly necessary to provide the services requested. Where the purposes pursued can be achieved by means of anonymous data or methods that make it possible to identify the Data Subject only in case of necessity, the Data Controller guarantees the exclusion of the processing.

In particular, the Data Controller processes the data of the Data Subject for the following purposes:

Site navigation and use of the contact form

 

  • The Data Subject’s personal data (e.g., IP address, email) are processed to enable navigation on this website.
    No use is made of cookies for user profiling, nor are any other tracking methods employed.
    Instead, use is made of technical cookies, particularly session (non-persistent) cookies in a manner strictly limited to what is necessary for the safe and efficient navigation of the sites. The storage of session cookies in the terminals or browsers is under the control of the user, where on the server, at the end of https sessions, information relating to cookies remains recorded in the logs of the services, with retention times in any case not exceeding seven days on a par with other navigation data.
  • The Owner will process the user’s identification data necessary to follow up on requests submitted through the appropriate email address or contact form. The personal data indicated on this page are also processed by the Institute in the performance of its tasks of public interest or in any case related to the exercise of its public powers, including the obligations of transparency, legal publicity and information of citizenship.

In order to enable proper navigation on the website, personal data, including through technical cookies, will be processed only for the time strictly necessary to ensure navigation on the site without being subject to storage.

In the case of receipt of a contact request, the personal data of the data subject will be kept for the time strictly necessary to fulfill the request and immediately afterwards deleted.

 

DATA RECIPIENTS AND TRANSFER OUTSIDE THE EU

Personal data collected through this site are processed by specially authorized and trained staff of the Institute, who act on the basis of specific instructions given regarding the purposes and methods of such processing.

Within the limits pertinent to the processing purposes indicated above, the data may also be communicated to third parties such as, as appropriate:

  • Autonomous data controllers whose right to access the data is recognized by provisions of national and European Union law, such as public authorities, as well as to third parties in order to fulfill requests forwarded by the data subject through the site;
  • Data processors pursuant to Article 28 of the Regulations such as, purely by way of example and not limited to, companies in charge of carrying out maintenance of the website and information systems, companies that offer messaging services (email, sms), consultants and professionals who provide assistance and advice in favor of the Institute and/or who perform for the latter services related and instrumental to the purposes pursued.

The use of this website does not involve transfer of data to non-EU countries or international organizations, nor any automated decision-making process.

 

RIGHTS OF DATA SUBJECTS

Data subjects have the right to obtain from the Data Controller, in the cases provided for, access to their personal data and the rectification or erasure thereof or the restriction of processing concerning them or to object to processing (Articles 15 et seq. of the Regulations). The appropriate petition can be submitted to the Data Controller at the above addresses or through the Data Protection Officer (so-called DPO) who can always be contacted at the email address dpo@gaslini.org

 

RIGHT TO COMPLAIN

Data subjects who believe that the processing of personal data relating to them carried out through this site is in violation of the provisions of the Regulation also have the right to lodge a complaint with the Data Protection Authority, as provided for in Article 77 of the Regulation itself, or to take appropriate legal action (Article 79 of the Regulation).