EX ART 13 GDPR 2016/679
In compliance with EU Regulation no. 679/2016 (‘General Data Protection Regulation’, GDPR) and Italian Legislative Decree no. 196/2003 (hereinafter Privacy Code) and subsequent amendments, hereafter we inform you on how the personal data of users visiting and interacting with SubRISK+ website are processed. This privacy policy is referred to users who access the website via the public link: https://www.subrisk.eu/, whilst it does not refer to other external websites that may be linked thereto.
The Data Controller is the National Research Council (CNR), with registered head office in Piazzale Aldo Moro 7, 00185 Rome, Italy, e-mail: privacy@cnr.it
The Data Protection Officer (DPO), who can be contacted for any aspect relating to the processing of personal data, can be reached at the following email address: rpd@cnr.it
Personal Data Processed
Following the consultation of SubRISK+ website, personal data may be processed, collected automatically, also through automated systems, or, voluntarily provided by the users in the following forms:
- Browsing data: the PC and software operating the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. Such information is not associated directly with specific users, however, its nature could allow users to be identified through processing with data held by third parties. Browsing data include, for instance, the IP addresses or domain of PCs or other tools used by the users to connect to the website, URI addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file and the status of the response given by the server, and other parameters relating to the operating system and the users’ computing environment.
- Data provided voluntarily: The optional, explicit and voluntary sending of e-mail messages to the contact addresses on the website, to receive information or assistance, involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
- Data collected through Cookies: only technical cookies that are essential to guarantee safe and efficient navigation on the website are used. They are saved on the users’ PC and remain active only until the browser is closed or the logout command is executed. Technical cookies also include those used to statistically analyse accesses or visits to the website (namely, analytical cookies), aimed to improve the service offering and collect information in aggregate form, without the possibility of tracing the identification of the individual user. With regard to such statistical data, CNR guarantees the anonymization of users’ IP addresses, limiting the analysis to the logs of the displayed variables, to collecting in aggregate form the total number of visitors, also possibly divided by geographical area, the connection time slot and the average browsing time, according to daily/weekly and monthly reports. The installation of these cookies does not require the prior consent of users.
Legal Basis
Personal data are processed by CNR, pursuant to art. 6, par. 1, letter e) of the GDPR, in the performance of its tasks of public interest or in any case connected to the exercise of its public powers linked to its institutional task of, among others, promoting research activities and enhancing the utilisation of research results (CNR Statute ref. 93/2018).
Purpose
All personal data provided through SubRISK+ website shall be lawfully and correctly processed for the purpose of providing safe and efficient access to SubRISK+ project outputs, aiming to enhancing the users’ understanding of land subsidence hazard and risk induced by groundwater exploitation towards sustainable urban development.
Processing Methods
Personal data are processed electronically, following the principles of lawfulness, fairness and transparency. Specific security measures are applied to prevent any loss, illegal use or misuse of the users’ data, as well as any unauthorised access thereto.
Retention Period
Personal data will be retained by the Data Controller for the amount of time that is strictly necessary to fulfil the purposes set out above. Personal data for which there is no longer a legal basis for its retention will be irreversibly anonymised, or securely destroyed.
Users’ Rights
Pursuant to art. 15 and ff. of the GDPR and in the cases set forth, the users may, at any point in time, exercise their rights and, in particular, the right to access their personal data, to request that their data be rectified or restricted, updated if incomplete or wrong, and erased if collected in violation of the law, as well as to object to their processing, unless the Data Controller has legitimate reasons. Such requests shall be sent to the DPO at the email address: rpd@cnr.it
Complaints
The users, who believe that the processing of their personal data is in violation of the provisions of the GDPR, have the right to lodge a complaint to the Supervisory Authority for the protection of personal data (see art. 77 of the GDPR), by following the procedures and instructions published on the Italian Supervisory Authority’s website: www.garanteprivacy.it