PRIVACY POLICY FOR INTERACTION WITH THE CNIT WEBSITE

Information provided pursuant to EU Regulation No. 679/2016, National Legislative Decree No. 196/2003 and National Legislative Decree No. 101/2018 to those who interact with the CNIT – National Inter-University Consortium for Telecommunications – Web system, starting from https://www.cnit.it, corresponding to the homepage of the system.

The information is provided for the website https://www.cnit.it only and not for other websites that may be consulted by the user through links. The presence of the information ensures that the user is within the CNIT web system.

Legal basis of the processing

In the use of this site, data relating to identified or identifiable persons may be processed. This site processes data based on consent. By using or consulting this site, visitors and users explicitly approve this privacy statement and consent to the processing of their personal data in relation to the methods and purposes described below.

Types of data processed and purposes

– Navigation data

The computer systems and software procedures used for the deployment of sites of CNIT Web system acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols or is used to improve the quality of service.

This is information that is not collected to be associated with identified users, but which by their nature could, through processing and associations, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file transmitted, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are periodically deleted. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the system or third parties.

– Data provided voluntarily by the user

Any personal data acquired through the CNIT web system will be processed for the performance of institutional activities, within the limits established by law and regulations, in compliance with the general principles of transparency, correctness and confidentiality.

It ensures, however, that this treatment is based on principles of correctness, lawfulness and transparency and protection of confidentiality as indicated in EU Regulation No. 679/2016, National Legislative Decree No. 196/2003 and National Legislative Decree No. 101/2018.

Specific summary information is shown or displayed on the pages prepared for these services.

Cookies

The sites of the CNIT Web system make use of the following set of cookies:

– Cookies of anonymous visitor:

  • Session cookies: no personal data of users is acquired by the site;
  • Permanent cookies: no personal data of users is acquired by the site.

– Cookies of the registered visitor:

  • Session cookies: this cookie is used for the sole purpose of accessing and using the reserved services and to navigate the site maintaining the authentication. The use of these cookies avoids the use of other technologies that could compromise the privacy of users and to improve the quality of the service. Any processing of acquired data is used only for institutional purposes in an aggregated and anonymous manner.

The Cookies policy can be found at this link: https://www.cnit.it/en/cookies-policy/

Faculty of data providing

Apart from that specified for navigation data, the user is free to provide personal data contained in the documents or website forms the CNIT web system or otherwise indicated during contacts with the CNIT to solicit the sending of material, other communications or to access specific services.

Failure to provide such data could make the requested service impossible to obtain.

Specific summary information is shown or displayed on the pages prepared for these services.

Transfer of data to third parties

Personal data are processed by the Data Controller, by the Data Processors appointed by the Data Controller and by the personnel in charge who have been strictly authorized, as well as by any persons responsible for occasional maintenance operations of the consortium’s web platform. For particular services, data may be communicated to CNIT members for the sole purpose of providing the service requested and fulfilling all obligations, and may be disclosed to third parties only if this is necessary for that purpose. In the event of inspections or controls, your data may be communicated to all inspection bodies responsible for inspections and controls relating to legal obligations.

Personal data will not be disclosed.

Data retention periods

Personal data is kept for the time strictly necessary to provide the requested service.

Existence of an automatic decision-making process (profiling)

No automatic decision making is used.

Transfer of data to third countries or international organizations

The Data Controller does not intend to transfer the collected data to third countries or international organizations.

Data Controller

The Controller of the processing of data is CNIT (National Inter-University Consortium for Telecommunications), with premises in Viale G.P. Usberti, 181/A Pal.3 – 43124 Parma (PR), in the person of its legal representative.

Contact details of the Data Controller: phone: +39 0521 905757, e-mail: direzione[at]cnit.it

The Data Protection Officer

The Data Protection Officer (DPO) of the CNIT was appointed.

Contact details of DPO: dpo[at]cnit.it.

Place of data processing

The treatments connected to the CNIT web system take place at the aforementioned Registered Office and at the decentralized administrative and technical structures. The managers of these structures can be found at the website: https://www.cnit.it; for more information on the managers it is advisable to contact the secretariat of the CNIT Registered Office.

Rights of the data subjects

Pursuant to the EU Regulation No. 679/2016, National Legislative Decree No. 196/2003 and National Legislative Decree No. 101/2018, the data subject is entitled at any time to:

– receive confirmation of the existence or otherwise of personal data that are of concern, including where those data have not yet been recorded, and to have those data communicated in an intelligible form.

– be informed of:

  • the source of the personal data;
  • the purposes and methods of processing;
  • the logic applied in the event that processing is carried out electronically;
  • details identifying the Data Controller, the Data Processor and the representative appointed pursuant to article 15 of the EU Regulation 679/2016 and article 5, paragraph 2 of Legislative Decree 196/2003 and Legislative Decree 101/2018;
  • the entities or categories of entities whom or which the personal data may be communicated to or who or which may get to know such data.

– have:

  • the data updated, rectified or, where he so wishes, supplemented;
  • where data are processed in breach of the law, including data which, in light of the purposes for which they were collected or subsequently processed, do not necessarily need to be stored, to have those data deleted, made anonymous or blocked;
  • a statement confirming that the steps specified herein, and the contents of those steps, have been brought to the attention of parties to whom the data have been communicated or disseminated, save where this proves to be impossible or would require the use of resources that is manifestly disproportionate to the right being protected.

–  object – in whole or in part – on lawful grounds to:

  • the processing of personal data that are of concern to the user, including where the processing is relevant to the purposes for which they were collected;
  • the processing of personal data that are of concern to the user in order to send advertising material or for the purposes of direct sales or to carry out market research or for the purposes of commercial communications.

In particular, the data subject is entitled to ask at any time to the Data Controller the access to personal data and the rectification, erasure or limitation of the processing of data concerning him or to object to their processing, in addition to the right of data portability. Moreover, the data subject is entitled to withdraw his consent at any time without affecting the lawfulness of the processing based on the consent given before withdrawing it. The data subject is entitled to lodge a complaint with the supervisory Authority.

Rights can be exercised by sending a written communication to the CNIT, writing to the secretariat at the registered office, viale G. P. Usberti n. 181 / A, 43100 Parma (PR), or via mail to direzione[at]cnit.it and dpo[at]cnit.it.

Reference Legislation 

The main legal references regarding the protection of personal data are the following:

Reference link: www.garanteprivacy.it

This Privacy Policy is updated as of November 24, 2022.