1. Purpose for policy
In accordance with EU Regulation 2016/679 (Regulation found below) and Legislative Decree June 30th, 2003, n.196, and as amended or added, this policy describes the use of personal data of users browsing the web pages and using the services provided at the supercomputing-icsc.it web address. The policy is addressed to individuals interacting with this website, not with others that can be reached by links present here yet are connected to external resources.
2. Party responsible for processing data
3. Party responsible for data protection
4. Processing personal data via web
The personal data found on this page are processed by the Foundation solely for its own institutional purposes, e.g., promoting and fostering scientific training and education and spreading culture in institutional sectors, nevertheless within the fulfilment of its duties of public interest or connected to the exercise of public authority.
Data processing consists of all operations or group thereof regarding collection, registration, sorting, conservation, consultation, processing, modification, selection, extraction, comparison, usage, interconnection, blocking, communication, cancellation, and distribution of data.
5. The types of data processed through the use of the Foundation’s web pages are listed below
5.1 Browsing data
While regularly running, IT systems and software procedures responsible for the functioning of this website acquire some personal data, the transfer of which is implicit in the use of protocols of Internet communications. This category includes user’s IP address, type of browser used, website addresses through which they accessed the site, web pages browsed within the website, access time, numerical code showing the status of response given by the server and other parameters related to the operating system and the user’s IT environment.
Necessary for the use of web services, these data are used to gather anonymous statistical information on the site and to monitor its proper functioning. They may also be used to assess responsibility in the event of IT crimes or damage to the website. Except for this case, data is not kept longer than necessary for assessment aimed to guarantee system security, i.e., a maximum of 7 days.
5.2. Data provided by the user
These are all the personal data provided by the user while browsing the website, e.g., registering, accessing a private area or a service.
Data processing for these purposes is implemented with specific consent given by the user and data collected are kept solely for the duration of the service requested. Designated policies can be published to provide certain services.
Optional, explicit, and voluntary submission of emails to the addresses on this site involves the subsequent acquisition of the sender’s address, necessary to reply to requests made, not to mention any additional data provided in the e-mail.
Processing of sensitive or legal data is excluded; in the event they be provided by the user, they are erased immediately.
5.3 Cookie e widget used
5.3.1 Technical Cookie
This site uses technical cookies which are critical for its proper functioning and to manage authentication to online services and restricted areas. The use of these cookies – which are saved only for a short time onto the user’s device and are eliminated upon closing the browser – are strictly limited to transferring session ID. Their deactivation may compromise the use of a part of the online services.
6. Communication and discolsure
User data may be delivered by the Responsible Party (when performing its activities and to provide its services) to:
- Public Administration Institutions;
- Providers of technical services, hosting provider e cloud service provider;
- Legal Authorities;
The data collected will not be delivered to third parties, with the exception of cases established by the policy, and, nevertheless by the priorly consented means. The data may come to the knowledge of Foundation staff, in compliance with their roles and as previously instructed, solely for the purposes mentioned in this policy.
If need be, recipients are appointed as Responsible Parties and may be requested to provide the updated list of Responsible Parties. based on the agreed contract, the latter are expected to use personal data solely for the intended purposes and must not hold data any later than the period established by the Responsible Party nor share these data with third parties without explicit authorisation.
personal data provided by users forwarding requests for information and suggestions are used for the sole purpose of providing the service requested and are sent to other areas within the Foundation or to other public or private individuals only when this is deemed necessary in order to fulfil the request.
The data are not transferred to non-EU countries. No data from the web service are released.
7. Processing methods
- Processing of personal data is carried out mainly using procedures and electronic devices legally, correctly, pertinently, and limitedly to what is necessary to reach policy objectives, exclusively for the time needed to achieve the purpose for which data was collected and in compliance with the principles stated in art.5 of the Policy.
- Specific security measures are respected to avoid loss of data, illicit or improper use and unauthorised access.
8. Data processing location
Processing of personal data connected to this site’s web services take place in ICSC buildings and are monitored solely by technical staff of the designated office, or by the officers appointed by the chief and who operate inside the EU.
9.Legal rights of parties concerned
Those concerned have the right to ask the Responsible Party to access the personal data and rectify or cancel them or limit processing or oppose processing in accordance with art. 15 et seq. of the Policy. The specific instance must be presented by contacting the data Protection officer at the aforementioned address.
The parties concerned may file a complaint to the Guarantor (https://garanteprivacy.it) as the supervisory authority or appeal to the designated courts (artt.77 and 79 of the Policy).
This policy is regularly updated in compliance with national and EU policies on the issue, therefore users are greatly encouraged to check it periodically.
In the event of rejection of the amendments made to this policy, the user may request that the Data Policy authority cancel their data.