Policy on data processing under EU Regulation no. 679/2016
Pursuant to EU Regulation n. 2016/679 (“GDPR” or “Regulation”), processing procedures are described for the benefit of users of the Web site http://www.arlef.it
In the navigation in the above Web site, data on persons that are identified or identifiable may be processed.
The Controller is ARLeF – Agenzia regionale per la lingua friulana (“ARLEF” or “Agency”), having its registered office in via della Prefettura 13, Udine (UD), Italy.
You can contact the Controller to exercise your rights under EU REGULATION no. 2016/679 (“GDPR” or “Regulation”) or for any query on processing of your personal data: Ph. +39 0432 555812, e-mail firstname.lastname@example.org
The Controller has appointed a Processor that you may contact at the following address: email@example.com
INFORMATION ON DATA THAT ARE PROCESSED
The Web site IT systems and software procedures acquire, in their ordinary operation, some personal data whose provision is implicitly required in the use of Internet communication protocols.
This data category includes IP addresses, users’ computer and device domain names, URI/URL (Uniform Resource Identifier/Locator) addresses of the required resources, the time of the request, the method to transfer the request to the server, the size of the file that has been provided as a response, the numeric code on the response state from the server (successful, error, etc.) and any other parameters on the operating systems and the IT environment of users.
Purposes and legal basis for processing
(Art. 13, paragraph 1, point c)
||These data are used to check the proper operation of the Web site and to extract statistic data (most visited pages, number of visitors by time or day, geographic areas of visitors, etc.). Data may also be used to prove any liability in case of IT crimes against the Web site (legitimate interests of the Controller).|
|Period of data storage (Art. 13, paragraph 2, point a)||Save as any investigation on illegal activities, as a rule, data are stored up to seven days.|
|Provision (Art. 13, paragraph 2, point f)||Data are not provided by data subjects, they are acquired automatically by the Web site technical systems.|
Cookies and other tracing systems
This Web site uses technical cookies not requiring any consent from data subjects.
Third party Cookie Analytics are also used and they are treated as technical cookies, as appropriate tools are used to reduce their identification potential (i.e. masking significant parts of the IP address) and, in the agreement between the Web site administrator and the third party, the latter expressly represents that cookies will only be used to provide the service, they will be stored separately and they will not be “enriched” and “not compared” with other available data.
This Web site uses Google Analytics, using cookies to perform aggregate statistical analysis on its use.
The terms of service of Google Analytics that also refer to the policy on data protection of Google inc., independent Controller for Google Analytics, visit this page https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
If you wish to prevent Google Analytics from using your personal data, you may install a browser add-on that you can download here: http://tools.google.com/dlpage/gaoptout?hl=it
For any further information on this procedure, see the instructions on your browser. Data subject may also obtain specific instructions at the following links:
For any further information on cookies that are stored on your device and on how to deactivate them individually, visit the following page:
Any cookies that have already been stored in the hard disk may be deleted at any time.
CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Personal data may only be accessed by authorised persons and any person processing data on behalf of the Controller, that has been appointed as Processors (including but not limited to providers of IT, telematic or technology services). These persons are required to keep personal data confidential also under any appropriate internal rules.
Data that are processed for the above purposes will not be disclosed to any third party, save as to the extent required by the law, to comply with orders of public authorities or to exercise any rights in any legal proceedings or in any other proceeding.
Personal data may not be transferred nor disclosed.
For any further information, you may contact the Controller as specified above.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
As a rule, data processed for the above purposes will not be transferred outside the European Economic Area. Should this be necessary (also in the framework of any relevant IT tool), the Controller hereby represents that the transfer will fully comply with the provisions of Chapter V of the GDPR, i.e.:
– Article 45 Transfers on the basis of an adequacy decision;
– Article 46 Transfers subject to appropriate safeguards;
– Article 47 Binding corporate rules.
If these provisions are not applicable, article 49 applies to such transfer.
RIGHTS OF DATA SUBJECTS
Data subject are entitled to request:
- Access to personal data and information (art. 15 of the GDPR);
- Rectification or erasure of data (art. 16 and 17 of the GDPR);
- Restriction of processing (art. 18 of the GDPR).
Data subjects may also:
- Object to processing under the terms and the limits specified in art. 21 of the GDPR;
- Exercise the right of data portability (art. 20 of the GDPR).
As for consent-based operations (art. 6, paragraph 1, point a) and art. 9, paragraph 2, point a) of the GDPR), data subjects are entitled to withdraw their consent at any time (notwithstanding the lawfulness of the processing based on consent before the withdrawal).
Finally, if, in the opinion of any data subjects, processing of their data infringes the provisions of the GDPR, they are entitled to lodge a complaint to a supervisory authority (personal data supervision authority or any other competent authority) pursuant to article 77 and following articles of the GDPR.