1. Why this information
Pursuant to EU Regulation 2016/679 (Regulation below) and Legislative Decree 30 June 2003, n. 196 and subsequent amendments, this information describes the methods of processing the personal data of users who consult the web pages and use any services at the address https://www.healitalia.com/
It is aimed at those who interact with this site and not with others, possibly reached via links present here, but referring to external resources.
2. The Data Controller
“Health Extended ALLiance for Innovative Therapies, Advanced Lab-research, and Integrated Approaches of Precision Medicine” Foundation (HEAL ITALIA)
Steri Monumental Complex, Piazza Marina 61 – 90133 Palermo (PA)
3. Data Protection Officer
The Data Protection Officer can be reached at the email address: firstname.lastname@example.org
4. The processing of personal data via the web
The personal data indicated on this page are processed by the Foundation to achieve its institutional purposes, including that of promoting and providing scientific training and the dissemination of culture in institutional sectors, always in the execution of its tasks of public interest or connected to the exercise of public powers.
By processing we mean all operations or sets of operations concerning the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
The data processed through the use of the Foundation’s web pages are of the types specified below
5. Types of data processed
5.1 Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category includes: the user’s IP addresses, the type of browser used, the addresses of the websites from which access was made, the pages visited within the site, the access time, the code numeric indicating the status of the response given by the server and other parameters relating to the operating system and the user’s IT environment.
These data, necessary for the use of web services, are used to obtain anonymous statistical information on the use of the site and to check its correct functioning. The same could be used to ascertain responsibility in the event of the commission of computer crimes or acts of damage to the site. Except for this eventuality, they are not kept beyond the time necessary to carry out the checks aimed at guaranteeing the security of the system, equal to a maximum of 7 days.
5.2. Data communicated by the user
These are all personal data provided by the user while browsing the site, for example by registering, accessing a reserved area or a service.
The processing carried out for these purposes is carried out with the specific consent provided by the user and the data is stored only for the duration of the requested activity. Specific information may be published for the provision of certain activities.
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
The processing of sensitive or judicial data is excluded which, if provided by the user, will be deleted.
5.3 Cookies and widgets used
5.3.1 Technical cookies
This site uses technical cookies, necessary for its correct functioning and to manage authentication for online services and reserved areas. The use of these cookies, which are not stored permanently on the user’s computer and are deleted when the browser is closed, is strictly limited to the transmission of session identifiers. Their deactivation could jeopardize the use of part of the online services.
6. Communication and diffusion
The data may be communicated by the Data Controller in carrying out its activities and to provide its services, to:
Technical service providers, hosting providers and cloud service providers;
The data collected will not be disclosed or communicated to third parties, except in the cases provided for by the information and by law and, in any case, in the manner permitted by them. The data may come to the attention of the Foundation’s staff, within the scope of their respective functions and in accordance with the instructions received, only for the achievement of the purposes indicated in this information.
The recipients are appointed, if necessary, as Data Processors by the Data Controller, who may be requested to provide an updated list of Data Processors. The latter, based on the stipulated contract, are required to use personal data exclusively for the purposes indicated by the Data Controller, not to keep them beyond the indicated duration nor to transmit them to third parties without his explicit authorization.
The personal data provided by users who forward requests for information and suggestions are used for the sole purpose of carrying out the service or provision requested and are possibly communicated to other areas within the Foundation or to other public or private entities only in the case in which this is necessary to complete the request.
The data is not transferred to non-EU countries.
No data deriving from the web service is disseminated.
7. Treatment methods
The processing of personal data is carried out mainly using electronic procedures and media and in a lawful, correct, relevant manner, limited to what is necessary to achieve the purposes of the processing, only for the time necessary to achieve the purposes for which they were collected and in any case in compliance with the principles indicated in the art. 5 of the Regulation.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
8. Place of data processing
The processing of personal data connected to the web services of this site takes place at the ICSC facilities and is handled only by technical staff of the office in charge of processing, or by managers designated by the owner who operate within the European Union.
9. Rights of interested parties
Interested parties have the right to ask the data controller to access their personal data and to rectify or delete them or limit the processing that concerns them or to oppose the processing in accordance with the articles. 15 and following of the Regulation. The specific request must be submitted by contacting the Data Protection Officer at the address indicated above.
Interested parties also have the right to lodge a complaint with the Guarantor (https://garanteprivacy.it) as supervisory authority or to appeal to the appropriate judicial offices (articles 77 and 79 of the Regulation).
This information is subject to updates in compliance with national and community legislation on the matter, we therefore invite you to consult it periodically.
In case of non-acceptance of the changes made to this information, the user can request the Data Controller to delete their personal data.