This document containing information on personal data processing is provided, pursuant to articles 13 and 14 of the EU General Data Protection Regulation No. 2016/679 (GDPR) and pursuant to articles 77, 80, 121, 122 of the Legislative Decree 101/2018 (additions and amendments to Legislative Decree 196/03), to the users of A.S.P. Ragusa’s website, which is digitally accessible from the home page http://www.asp.rg.it.
This information note describes how the processing of the personal data of the users visiting the website is managed. As for the use of specific services that require user registration, such as WEBSANITY or others, please refer to the specific information note available during registration.
1. Data controller
Navigation on the website entails the processing of personal data for the use of cookies; please refer to section 6 for information about the different categories of cookies used on the website.
The Data Controller is A.S.P. Ragusa, with registered office in Piazza Igea 1 – 97100 Ragusa.
2. Personnel designated to data processing
Data processing pertaining the services of the website is mainly performed in the offices of A.S.P. Ragusa. It is carried out by identified and specifically designated personnel.
As for the data processing described herein, A.S.P. Ragusa can avail itself of the support of external companies, consultants, consortia, providers of software and operating services, by means of identified and designated personnel, within the purposes which are provided for, and ensuring the highest level of data security and privacy.
3. Types of data processed
- Browsing the portal: browsing data
IT Systems and the operating procedures which are used to operate the website, during their normal operations, acquire some data whose transmission is inherent in the communication protocols of the Internet.
Such information is used to acquire anonymous statistical information about portal use and to monitor its proper functioning, and it is not associated to identified users; however, due to its inherent characteristics and by means of associations with data held by third parties, it could allow the identification of data subjects. For example, the IP address of the system used for connecting the website belongs to such category.
These data are removed from the systems after statistics processing and they are stored offline exclusively for ascertaining the responsibility in case of computer crimes, and they can be consulted only upon request of the judicial authority.
- Data voluntarily provided by the user when using online services
For the use of online services that involve authentication, registration or the sending of emails, personal data, freely provided by users through different methods, are used. To this end, please refer to the privacy and cookies policy pertaining the use of online services such as WEBSANITY and/or other services provided by the portal, which is available during user registration.
4. Optional nature of data provision
The act itself of browsing the website implies having read and accepting this privacy and cookies policy.
5. Processing Methods
Personal data are processed by means of automated instruments, for the amount of time that is strictly necessary to fulfill the purposes for which they have been collected.
Specific security measures are applied in order to prevent any loss, illegal use or misuse of data, as well as any unauthorized access thereto.
6. Rights of data subjects
In accordance with the articles 15-22 of GDPR, data subjects may exercise:
the right to know:
- the source of the personal data,
- the purposes and the methods of data processing,
- the logic employed in case of processing carried out via electronic means,
- the identification details of the data controller, of the persons in charge, of the persons or categories of persons to whom personal data may be communicated or who may be informed about them;
the right to obtain, from the data controller or the person in charge, without delay:
- the updating, the rectification, or, if desired, the integration of data,
- the deletion, the anonymization, or the blocking of unlawfully processed data, including those whose storage is not required in relation to the purposes for which data have been collected or subsequently processed,
- the attestation that the operations referred to in the previous two points have been reported to those to whom data have been communicated or spread, also with regard to their content; except in the case where this fulfillment proves to be impossible or implies the use of means that are manifestly disproportionate in relation to the right that is protected;
the right to object, completely or partially:
- for legitimate reasons, to the processing of the personal data concerning them, even though they are relevant to the purpose of the collection,
- to the processing of the personal data concerning them for the purpose of the sending of material for market researches or marketing communication.
The rights can be exercised by making an application to the Data controller (A.S.P. Ragusa - Piazza Igea, 1 – 97100 Ragusa).