Breadcrumb

INFORMATION ON THE PROCESSING OF PERSONAL DATA

Last update: may 30th 2023

SEE ALSO THE SOCIAL MEDIA POLICY

 

INFORMATION ON THE PROCESSING
OF PERSONAL DATA
of the users visiting the websites of the Italian data protection authority

 


Pursuant to Article 13 of the EU Regulation 2016/679

WHAT IS THIS INFORMATION?

The information provided below describes, as required by the EU Regulation 2016/679, the processing operations performed on the personal data of the users visiting the Italian data protection authority's (hereinafter, the "Garante") websites. Those websites include the following:

  • www.garanteprivacy.it
  • garanteprivacy.it
  • www.gpdp.it
  • gpdp.it
  • www.dataprotection.org
  • dataprotection.org
  • servizi.gpdp.it
  • https://gws.gpdp.it
  • https://ambasciatoriprivacy.it/

The information provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above websites but relate to resources outside the Garante's domain.

DATA CONTROLLER

Visiting the websites listed above may result into processing data relating to identified or identified natural persons.

The data controller is the Garante per la protezione dei dati personali, located in Piazza Venezia, 11, IT-00187, Roma (Email: protocollo@gpdp.it, PEC-certified email: protocollo@pec.gpdp.it, phone (switchboard): +39 06.696771).

DATA PROTECTION OFFICER

The Garante's Data Protection Officer (DPO) can be contacted here: Garante per la protezione dei personali - Responsabile della Protezione dei dati personali, Piazza Venezia, 11, IT-00187, Roma, email: rpd@gpdp.it.

LEGAL BASIS FOR THE PROCESSING

The personal data mentioned on this page are processed by the Garante in discharging its tasks that serve the public interest or are related to the exercise of its official authority; this includes  raising public awareness and fostering public knowledge of the risks, rules, safeguards and rights concerning the processing of personal data as well as promoting data controllers' and processors' knowledge of the obligations imposed on them by the Regulation (Article 57(1), letters b) and d), of the Regulation).

CATEGORIES OF PERSONAL DATA AND PURPOSES OF THE PROCESSING

Browsing data

The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols.

This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment.

These data are necessary to use web-based services and are also processed in order to

- extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.);

- check functioning of the services.

Browsing data are kept for no longer than seven days (except where judicial authorities need such data for establishing the commission of criminal offences). 

Data communicated by users

Sending messages, on the basis of the user’s free, voluntary, explicit choice, to the Garante’s contact addresses, or sending private messages to the Garante’s social media pages and profiles (where this option is available), and filling in and sending the forms made available on the Garante’s websites entail the acquisition of the sender’s contact information – which is necessary to provide a reply – as well as of any and all the personal data communicated in that manner.

Specific information notices will be displayed on the pages of the Garante's websites that are used for providing certain services.

Cookies and other tracking devices

No user profiling cookies are used. The only processing operation we perform is related to the creation of statistics via pseudonymised data concerning navigation on the www.garanteprivacy.it, garanteprivacy.it, www.gpdp.it, gpdp.it, www.dataprotection.org, dataprotection.org websites.

Based on the implemented configuration, which does not rely on identifying information, the following data are collected:

- IP address, which is masked by setting the final 2 bytes to ‘0’ (xxx.xxx.0.0)

- Operating system

- Browser type

- Device type (PC, smartphone, etc.)

Non-persistent session cookies are used as strictly necessary to allow secure, efficient navigation.

Information on the processing of personal data by way of the social media platforms used by the Garante

As for the processing of personal data that is carried out by the social media platforms used by the Garante, please consider the information provided by those platforms through their privacy policies. The personal data made available by users through the social media pages the Garante manages as part of its institutional purposes are processed exclusively in order to handle user interactions (comments, public posts, etc) in full compliance with the applicable legislation.

DATA RECIPIENTS

The following entities are recipients of the data collected in the course of visiting some of the services listed above. They have been appointed as data processors by the Garante pursuant to Article 28 of the Regulation:

- Almaviva - The Italian Innovation Company S.p.A., being the provider of the development and operational supply and management services for the technological platforms of the websites that can be reached at www.garanteprivacy.it, garanteprivacy.it, www.gpdp.it, gpdp.it, www.dataprotection.org, dataprotection.org, servizi.gpdp.it ;

- Skuola Network s.r.l., as to the management of the website https://ambasciatoriprivacy.it

- Manafactory s.r.l., as to the management of the Garante social account on Twitter.

DATA SUBJECTS' RIGHTS

Data subjects have the right to obtain from the Garante, where appropriate, access to their personal data as well as rectification or erasure of such data or the restriction of the processing concerning them, and to object to the processing (pursuant to Articles 15 to 22 of the Regulation). Please contact the Garante's DPO (Garante per la protezione dei personali - Responsabile della Protezione dei dati personali, Piazza Venezia, 11, IT-00187, Roma, email: rpd@gpdp.it) to lodge all requests to exercise these rights.

RIGHT TO LODGE A COMPLAINT

If a data subject considers that the processing of personal data relating to him or her as performed via this website infringes the Regulation, he or she has the right to lodge a complaint with the Garante pursuant to Article 77 of the Regulation, or else to bring a judicial proceeding against the Garante pursuant to Article 79 of the Regulation.

* (Please note that this account is configured to only receive certified email messages)