Information on personal data processing
in order to allow you the access to the pages on the “Stommac” website (hereinafter also “Website”), we kindly ask you to read the rules we apply for management of personal data in accordance with the provisions of the European Regulation 2016/679 (“GDPR”) and in compliance with the Provision of the Italian Protection Authority for Personal Data Processing n. 229 of 8 May 2014.
The disclosure is provided only for the above-mentioned Website and not for other websites that may be accessed by the user through links to other domains.
Therefore, following consultation of the Website, data may be processed on persons identified or identifiable, for which we provide the following information:
The Data Controller for data provided by users is the Fondazione Istituto Italiano di Tecnologia (hereinafter “IIT”), based in Genova, Via Morego n. 30 – phone +39 010 28961.
Data Protection Officer
Purposes and Legal bases of data processing
The purposes of data processing refer to Internet browsing on the Website and to the possible sending of data related to your person for the request of information by filling out specific forms.
The processing of your personal data is based on the following purposes and legal bases:
Without your prior consent for the purposes of service and, in particular, to:
- perform the contract and/or pre-contractual commitments:
- satisfy the information request;
- use the Website;
- manage a contact request from you, also including the procedures to recover your Username and Password to access to the reserved area;
- provide appropriate tecnical assistance.
- pursuit a legitimate interest of the Data controller:
- manage and maintain the Website;
- prevent or detect fraudulent activity or harmful abuse to the Website;
- exercise the rights of the Data controller, for example the right of defence in court;
- comply with legal obligations:
- comply with the obligations provided for by laws, regulations, EU regulations, orders and prescriptions of the competent authorities.
Types of data processed
The IT systems and software procedures for operation of the Website acquire, during normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols.
This is information is not collected in order to be associated with identified parties concerned, but that by its very nature could, through processing and association with data held by third parties, allow identifying users.
This category of data includes IP addresses or domain names of computers used by users connecting to the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
These data are only used to obtain anonymous, statistical information regarding website use and to verify its correct operation and they are deleted after processing. The data could be used to ascertain liability in case of hypothetical computer crimes against the website.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mail to the addresses indicated on the Website involves the subsequent acquisition of the sender’s address required to reply to information requests, and any other personal data included in the message. Personal data can also be acquired through the compilation of contact request forms.
The use of so-called browsing/session cookies (which are not stored permanently on the user’s computer and are deleted once the browser is closed) is strictly limited to the transmission of session identifiers (formed by random numbers generated by the server) which are necessary to enable a safe and efficient exploration of the website.
In particular, the IT systems and software procedures for operation of the website acquire, during normal operation, some data transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified parties concerned, but that by its very nature could, through processing and association with data held by third parties, allow identifying users.
The use of the so-called cookies analytics is done for the sole purpose of obtaining anonymous statistical information on the use of the website (e.g. the number of website visitors, their origin or the operating system used) and to check its proper functioning.
This category of data includes IP addresses or domain name systems of computers used by users that connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and the user’s IT environment.
The functionality cookies on the website improve the service by allowing users to navigate as a function of certain pre-determined criteria. The functionality cookies are used, for example, in order to identify which is the first connection of the user, in order not to ask the user to connect again, as well as for the user search.
Methods of processing and storage of data
The data may be processed either by electronic means or paper for the time strictly necessary to achieve the purposes for which they were collected, complying with the rules on protection of personal data, including those related to data security, to prevent data loss, illegal or incorrect use and unauthorized access.
Mandatory or optional nature of providing data
The provision of data for the above-mentioned purposes is mandatory. Refusal to provide such data makes it impossible to follow up on the processing.
Furthermore, the user can prevent their data from being processed by Google Analytics using the tool Google Analytics opt-out browser.
Below, the links that show the procedures to follow in order to configure the settings of the most used browsers:
Categories of recipients of personal data
Any data provided by users will be disclosed only to IIT’s Staff who manage the Website.
However, the obligation of IIT to communicate the data to the Judicial Authority remains unaffected, whenever a specific request is made in this regard, even without your consent, for the above-mentioned purposes to control bodies, law enforcement agencies or the judiciary that will process them, at their express request, as independent Data controllers for institutional purposes and/or by law during investigations and controls. The data may also be disclosed to third parties (for example, partners, professionals, agents, etc.), as independent Data controllers, for the performance of instrumental activities to the above-mentioned purposes.
Rights of the data subject
The subjects to which the personal data refer have the right to obtain at any time confirmation of the existence of such data and to know the content and origin verify its accuracy or request its integration or updating, or correction (Article 12 of GDPR).
In particular, the interested subject has the right to obtain indication on (Article 15 of GDPR):
- the origin of personal data;
- purposes and methods of treatment;
- the procedure applied in case of treatment made with electronic means;
- the identification data of the manager, of responsible and representative persons appointed under Article 5, paragraph 2 of GDPR;
- the subjects or categories of subjects to whom the data may be communicated or that may become aware of them, as appointed representative in the State territory, or as managers or appointees.
The interested subject has the right to obtain:
- update, rectification or, when interested, integration of data (Article 16 of GDPR);
- the cancellation, anonymization or blocking of data processed unlawfully, including data whose storage is not required in relation to the purposes for which the data were collected or subsequently processed (Article 17 of GDPR).