INFORMATION ABOUT PROCESSING OF PERSONAL DATA THROUGH COOKIES AND OTHER WEB TECHNOLOGIES
(Art. 13 of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016)
Pursuant to the General Data Protection Regulation, (hereinafter the "GDPR"), this document describes the methods for processing personal data and the management of cookies resulting from the consultation of the website of the Rizzoli Institute (hereinafter the “Institute") and connected websites (e.g. Rizzoli-Sicilia Department), accessible by electronic means at the following address: www.ior.it.
The website consultation implies the processing of data relating to natural persons (identified or identifiable). This information does not concern other sites, pages or online services that can be reached through hypertext links - referring to resources outside the Institute's domain - that may be published on the sites.
PURPOSE AND LEGAL BASIS OF DATA PROCESSING
Personal data are processed by the Institute in the performance of tasks of public interest or otherwise connected with the exercise of its public powers, including the task of informing, disseminating and promoting health education, health protection and health service management.
TYPES OF DATA PROCESSED AND PURPOSE OF PROCESSING
The website computer systems and software procedures acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes: the IP addresses or domain names of users’ computers and terminals, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to user's operating system and computing environment.
These data, necessary for the use of web services, are also processed for the purpose of obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.) and checking the correct functioning of the services offered.
Data communicated by users
The optional, explicit and voluntary sending of messages to the Institute's contact addresses, as well as the completion and forwarding of the forms on the Institute's website, entail the acquisition of senders' contact data, necessary for replying, as well as all the personal data included in the communications.
Specific information will be published on the web pages of the Institute's website set up for the provision of certain services.
Cookies and other tracking systems
No cookies are used for user profiling and no other tracking methods are employed.
Instead, technical cookies, such as session (non-persistent) cookies, are used strictly limited to what is necessary for the safe and efficient navigation of the IOR websites. The storage of technical cookies in the terminals or browsers is under users’ control, where on the servers, at the end of HTTP sessions, information relating to the cookies remains recorded in the logs of the services and stored for the time strictly necessary, with retention times as stated above.
These cookies are set by domains other than the one indicated in the browser address bar, i.e. by organisations that do not correspond to the owners of websites.
Cookies used, for example, to collect information for advertising and content customisation purposes, as well as to process web statistics, may be "third-party cookies".
Third-party cookies allow for more comprehensive surveys of users' browsing habits. They are believed to be more sensitive from an integrity perspective. For this reason, most web browsers allow you to change the settings so that such cookies are not accepted.
Below is a list of the services used on our site that set third-party cookies:
RECIPIENTS OF DATA
Personal data collected as a result of consultation of the institutional website are processed by the staff of the Rizzoli Orthopaedic Institute, who act on the basis of specific instructions provided with regard to the purposes and methods of processing. They may also be communicated to the following entity designated as Data Processor pursuant to Article 28 of the GDPR: Almaviva S.p.A., as provider of web platform development and maintenance services.
RIGHTS OF THE DATA SUBJECT
You may at any time exercise your right to request access to your personal data, rectification of inaccurate data, integration of incomplete data, pursuant to and within the limits of Articles 15 and 16 of the GDPR. Furthermore, in the cases and for the reasons laid down by law, in particular in Articles 18 and 21 of the GDPR, you may request the restriction of the processing of your data and you may exercise your right to object to the processing.
If the conditions are met, you also have the right to lodge a complaint with the Data Protection Authority or with the supervisory authority of the EU Member State in which you habitually reside or work or in the place where the alleged infringement occurred, in accordance with the procedures provided for in Article 77 of the GDPR.
The Data Controller is the Rizzoli Orthopaedic Institute with headquarters in Bologna, Via di Barbiano n.1/10, telephone 051.6366704, PEC email@example.com
The Data Protection Officer (DPO), based in Bologna c/o University Hospital Sant'Orsola-Malpighi, can be contacted at the e-mail address firstname.lastname@example.org PEC email@example.com