Information Privacy

What are cookies?

PRIVACY INFORMATION

Updated in accordance with REG. EU 2016/679 and the Privacy Code, as amended by Legislative Decree 101/2018

(General Terms of Use and Consultation of the Site)

The Istituto Superiore di Sanità, with its registered office at Viale Regina Elena n.299, C.F./P. IVA 80211730587, as the Data Controller, informs, pursuant to Article 13 of Regulation EU 2016/679 (hereinafter "GDPR") and the Privacy Code, as amended by Legislative Decree 101/2018, that the processing of personal data of users who consult the site https://jahee.iss.it/ will be carried out in the ways and for the purposes described below.

The privacy information is provided only for the site https://jahee.iss.it/ and not for other websites that the user may consult via links.

Upon consultation of this site, data relating to identified or identifiable individuals may be processed.

The privacy information also takes into account Recommendation No. 2/2001 issued by the European Data Protection Authorities, convened in the Group established by Article 29 of Directive 95/46/EC, which was adopted on May 17, 2001, to identify some minimum requirements for the collection of personal data online, and, in particular, the methods, times, and nature of the information that data controllers must provide to users when they access web pages, regardless of the purposes of the connection.

Additionally, the following privacy information takes into account the provisions of the domestic legislation – Legislative Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018, and is updated according to the new European directives under Regulation EU 2016/679.

The purpose of the privacy information is to provide maximum transparency regarding the information the site collects and how it uses them.

Subject of the Processing

Upon consultation of this site, data relating to identified or identifiable individuals may be processed.

Personal data is processed when a user consults the site https://jahee.iss.it/.

Purposes of Processing

The processing of personal data of those who consult the above-mentioned site will occur for purposes related to the management of the site and its operation.

The processing of "browsing data" is carried out automatically to extract anonymous statistics on the use of the site and to monitor its proper functioning, and these are stored in the Istituto Superiore di Sanità’s database. The data could be used to determine liability in the event of potential cybercrimes against the site; unless this occurs, web contact data will be deleted from the system after 30 days from the conclusion of the project or upon direct request from the data subject.

Legal Basis for Processing

The legal basis for processing lies in the legitimate interest of the Data Controller in ensuring efficient and secure navigation on the website, including interactive functionalities.

Categories of Data Processed

Browsing Data

The IT systems and software procedures used for the functioning of this website acquire, during their normal operation, some personal and non-personal data whose transmission is implicit in the use of Internet communication protocols (log files).

These are data that are not collected to be associated with identified data subjects but that, by their very nature, could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, viewed pages, average time spent on the site, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server's response (successful, error, etc.), and other parameters related to the user's operating system and IT environment.

Location and Processing Operations

The processing activities related to the web services of this site take place at the registered office of the Istituto Superiore di Sanità and are handled only by technical personnel responsible for processing.

Personal data processing, for various purposes, is carried out in accordance with Article 4, Paragraph 1, Number 2 of the GDPR: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data.

Personal data is processed through automated means for the time strictly necessary to achieve the purposes for which they were collected and is deleted from the system after 30 days from the conclusion of the project or upon request by the data subject.

Specific technical and organizational security measures are implemented to prevent data loss, unlawful or incorrect use, and unauthorized access (data breach).

Access to Personal Data

For the purposes described above, personal data may be accessible:

• To the collaborators of the Data Controller in their capacity as authorized persons for processing and/or system administrators;
• To third-party companies performing outsourcing activities for the Data Controller in their capacity as data processors.

Transfer of Personal Data

Personal data processing activities are mainly carried out in-house; however, the Istituto Superiore di Sanità reserves the right to transfer the data to third-party operators and/or suppliers for the pursuit of the above-mentioned purposes.

Any transfer of personal data to a third country or international organization will only take place if a positive assessment of the protection standards is obtained through an adequacy decision by the European Commission under Article 45 of the GDPR, or, alternatively, if appropriate guarantees are recognized under Article 46 of the GDPR.

If the communication and/or transfer of personal data is to a third country not considered adequate by the Commission or that does not present adequate guarantees, an additional information appendix will be required, containing all the legal requirements that allow specific exceptions under Article 49 of the GDPR. In the absence of this information and your subsequent explicit consent, no communication and/or transfer of your data will be made.

Rights of the Data Subject

The data subject has the rights under Article 15 of the GDPR and following, specifically the right of access, right of rectification, right to erasure, right to restrict processing, right to data portability, right to object, and the right to lodge a complaint with the Supervisory Authority (Article 77 of the GDPR and Article 141 of the Privacy Code, as amended by Legislative Decree 101/2018).

How to Exercise the Rights

The data subject can exercise their rights at any time by sending:

• A registered letter with acknowledgment of receipt to the Istituto Superiore di Sanità, Viale Regina Elena n.299, Roma, -00161- or an email to protocollo.centrale@pec.iss.it .

Data Controller and Data Protection Officer (DPO)

The Data Controller is the Istituto Superiore di Sanità, with its registered office at Viale Regina Elena n.299, Roma, -00161-, P. IVA 80211730587, represented by its President, Prof. Rocco Bellantone.

The Data Protection Officer (Personal Data Protection Officer) is Scudo Privacy s.r.l., represented by Dr. Carlo Villanacci, who can be reached at the following email address: responsabile.protezionedati@iss.it.