Privacy Policy
Municipality of Reana del Rojale
Information notice pursuant to Article 13 of Regulation (EU) 2016/679 (G.D.P.R.)
The above-mentioned Local Authority, acting as Data Controller, considers privacy and the protection of personal data to be a primary objective of its activities. Before transmitting any personal data to the Data Controller, you are invited to carefully read this Notice, which contains important information regarding the processing of personal data.
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more elements specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
This Notice:
– applies to the website https://www.itinerarirojale.it/ (hereinafter: the “Website”) and does not extend to other websites that may be accessed by the user via links on the Website;
– forms an integral part of the Website and the services provided by the Authority;
– is provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter: the “Regulation”) to those who interact with the Website and the Controller’s web services, whether by simple browsing or by using specific services made available through the Website.
In accordance with the Regulation, processing carried out by the Controller will be based on the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity and confidentiality.
The following information is therefore provided:
Data Controller
Municipality of Reana del Rojale
(Contact details are provided in full at the bottom of the Institutional Website: https://www.comune.reanadelrojale.ud.it/ ) Data Protection Officer (DPO) The DPO can be contacted using the details provided at the bottom of the Institutional Website: https://www.comune.reanadelrojale.ud.it/
Data Protection Officer (DPO)
The DPO can be contacted using the details provided at the bottom of the Institutional Website: https://www.comune.reanadelrojale.ud.it/
1. TYPES OF PERSONAL DATA PROCESSED
Following navigation of the Website, the Controller may process the user’s personal data, which may consist of identifiers such as name, identification number, online identifier, or one or more elements characteristic of the user’s physical, economic, cultural or social identity.
Additional personal data may be processed if voluntarily provided by the user via email (for example, to request information about routes or events).
Any “special categories of personal data” referred to in Article 9(1) of the Regulation will not be processed without the user’s explicit consent.
Browsing Data
The IT systems and software procedures used to operate the Website acquire certain personal data during normal operation, the transmission of which is implicit in the use of Internet communication protocols.
Such information is not collected to be associated with identified individuals; however, by its nature, it could, through processing and association with data held by third parties, allow users to be identified.
This category includes:
- IP addresses or domain names of users’ devices
- URI (Uniform Resource Identifier) addresses of requested resources
- Time of request
- Method used to submit the request
- Size of the file obtained
- Numerical code indicating server response status
- Other parameters relating to the user’s operating system and IT environment
These data are used solely to obtain anonymous statistical information and to verify the proper functioning of the Website. They are deleted immediately after processing.
Except in the event of investigations concerning potential cybercrimes against the Website or third parties, web contact data are not retained for more than fourteen days.
1.1 Data Voluntarily Provided by the User
The optional, explicit and voluntary sending of emails to the addresses indicated on this Website results in the acquisition and processing of the data necessary to provide the requested service and/or respond to inquiries.
If access to specific services requires prior registration and communication of personal data:
- Personal data will be processed by authorized employees and will not be disclosed to third parties except where required by law;
- The data subject may exercise the rights set out in this Notice.
1.2 Cookies
The Website uses cookies to improve the browsing experience.
Cookies are small text strings that websites visited by the user send to their device (computer, smartphone, tablet), where they are stored and later retransmitted to the same website on subsequent visits.
Cookies may be:
- Persistent (stored for a defined period)
- Session-based (deleted when the browser closes)
- First-party (set by the Website visited)
- Third-party (set by other websites)
They may serve various purposes such as authentication, session monitoring and storage of user preferences.
The Website uses:
- Technical cookies (necessary for proper functioning)
- Functional cookies Analytical cookies
- Technical cookies ensure efficient browsing, session stability, login persistence and correct service delivery.
The Website participates in the AGID Web Analytics Italia project. For related privacy information, please refer to: https://webanalytics.italia.it/privacy
2. PURPOSES OF PROCESSING
Personal data will be processed for the following purposes:
a) Inclusion in the Authority’s databases
b) Subscription to the newsletter (if active)
c) Responding to user requests
d) Compliance with legal, accounting and tax obligations
e) Ensuring Website accessibility and monitoring proper operation
f) Tracking access to the Authority’s IT network for defensive checks or judicial authority requests
3. LEGAL BASIS
Processing is lawful pursuant to:
- Articles 6(1)(c) and 6(3)(b) GDPR and Article 2-ter of Legislative Decree 196/2003 (legal obligation);
- Article 6(1)(f) GDPR (legitimate interest).
4. CATEGORIES OF DATA RECIPIENTS
Personal data may be communicated to:
a) Data Processors pursuant to Article 28 GDPR (e.g. consultants, hosting providers, IT maintenance providers);
b) Public authorities or entities where required by law;
c) Authorized personnel pursuant to Article 29 GDPR.
A list of data processors may be requested from the Controller.
5. PROCESSING METHODS
Personal data are processed mainly by electronic means, although paper-based processing is not excluded.
6. DATA RETENTION PERIOD
Personal data are retained only for the time strictly necessary to achieve the stated purposes, in compliance with storage limitation principles.
The Controller complies with administrative record retention regulations and AGID digital preservation rules.
After the retention period expires, data will be deleted or anonymized, unless further retention is required for legal or regulatory reasons.
7. SECURITY MEASURES
The Controller adopts appropriate technical and organizational measures to prevent data loss, unauthorized access or unlawful processing.
8. USER RIGHTS
Pursuant to Articles 15 et seq. GDPR, users have the right to:
- Access their personal data
- Request rectification or erasure
- Request restriction of processing
- Receive data in a structured, commonly used, machine-readable format
- Withdraw consent (where applicable)
- Lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali)
- Object to processing under Article 21 GDPR
- 9. PROVISION OF PERSONAL DATA
Providing personal data is mandatory where required by law. Failure to provide such data may result in the inability to deliver the requested service.
Page updated on 12/02/2024