Privacy policy - Data protection policy
(Art. 13-14 G.D.P.R. No.2016/679)
This page describes how the site is managed with regard to the processing of personal data that C.I.S.I.A. carries out when users consult it.
This information is also provided pursuant to Art. 13-14 of G.D.P.R. no. 2016/679 to those who interact with the web services of this site for the protection of personal data, which can be accessed electronically from the address cisiaonline.it corresponding to the home page of the site.
It is ensured that all processing is carried out in accordance with the principles set out in the GDPR, with particular regard to the lawfulness, fairness and transparency of processing, the use of data for specified, explicit, legitimate purposes, in a manner relevant to the processing, respecting the principles of data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability.
Finally, it should be noted that this information is provided for the CISIA website only and not for other websites linked to it, which the user may eventually consult and which may have a different privacy policy.
THE ‘DATA CONTROLLER’
Data relating to identified or identifiable persons may be processed, following consultation of this site.
The 'Data Controller' is CISIA, which is based at Via Malagoli, no. 12 in Pisa, email: privacy@cisiaonline.it.
All persons within the Consortium who carry out processing operations have been appropriately trained and designated as persons in charge/authorised for processing.
THE 'DATA PROTECTION OFFICER'
The 'Data Protection Officer'/DPO is Lavinia Vizzoni, email: lavinia.vizzoni@hotmail.it.
PURPOSES OF PROCESSING
Data provided voluntarily by the user may be processed exclusively for the following purposes:
- registration, activation and account maintenance
- anonymised data are used, also in aggregate form, for the purpose of preparing studies and statistics.
Personal data will be processed using electronic and manual means, in a manner compatible with the purposes of the same, such as to guarantee the confidentiality, security and integrity of the data.
CATEGORIES OF DATA PROCESSED
In the course of their normal operation, the navigation data, computer systems and software procedures used to operate this website acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified data subjects, but by its very nature, it could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user's operating system and computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check the correct functioning of same. They are deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical cybercrimes against the site: except for this possibility, at present, data on web contacts do not persist for more than seven days.
DATA PROVIDED VOLUNTARILY BY THE USER
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, which is necessary to reply to requests, as well as any other personal data included in the message.
As mentioned in the paragraphs above, specific summary information will be progressively reported or displayed on the pages of the site set up for particular services available on request.
RIGHTS OF THE DATA SUBJECT
The data subject has the right to request from the data controller access to and rectification or erasure of personal data and to object to the processing of personal data concerning them, in addition to the right to data portability and to lodge a complaint with a supervisory authority. Requests should be addressed to the Data Controller.
SOURCE FROM WHICH PERSONAL DATA ORIGINATE
The personal data processed by CISIA all originate from the data subject.
AUTOMATED DECISION-MAKING
The CISIA does not provide for any automated decision-making processes, including profiling, resulting from the use of data collected through the data subject's mere browsing of the website.
PLACE OF DATA PROCESSING
The processing operations connected to the web services of this site take place at the aforementioned premises of the Data Controller and are carried out only by technical personnel in charge of processing, or by persons in charge of occasional maintenance operations.
PERSONAL DATA RETENTION PERIOD
Personal data collected through browsing the C.I.S.I.A. website are stored. The data collected will be retained for the time period stipulated by current laws.
COOKIES
COMMUNICATION OF DATA TO THIRD PARTIES
No data derived from merely browsing the website will be disclosed or disseminated.
Personal data provided by users who submit requests for site registration are used for the sole purpose of performing the service or provision requested and are communicated to third parties only if necessary for that purpose. For the aforementioned cases, please refer to the specific policy statements.
This is without prejudice to the communication by CISIA to third parties in the event of a request to communicate personal data provided by the student/user to:
law enforcement agencies, public authorities or legal advisers in connection with alleged offences or violations of the terms of use, or in cases provided for by law.