INFORMATION ON THE TREATMENT OF PERSONAL DATA of users consulting the website of the Rizzoli Orthopaedic Institute, in accordance with article 13 of (EU) Regulation 2016/679
Why this information?
In accordance with the (EU) Regulation 2016/679 (General Data Protection Regulation, hereinafter “Regulation”), this page describes the modalities for the treatment of personal data of users consulting the Rizzoli Orthopaedic Institute (hereinafter “Institute”) website, accessible electronically at the following address: www.ior.it.
The consultation of the website implies the treatment of data related to physical persons (identified or identifiable).
The present information do not pertain to other websites, pages or online services reachable through hypertextual links, possibly published on the websites but referring to resources that are external to the Institute’s domain.
Controller is the Institute, located in via di Barbiano 1/10, Bologna (postal code 40136), Italy.
PROCESSOR FOR DATA PROTECTION
The processor for Data Protection (“Responsabile della protezione dei dati”, RPD) or Data Protection Officer (DPO) can be reached at the following address:
c/o IRCCS Azienda Ospedaliero - Universitaria di Bologna
PURPOSE AND LEGAL BASIS OF THE PROCESSING
Personal data are treated by the Institute in the execution of duties of public interest, or in any case connected to its exercise of public powers, included the duty to inform, spread and promote health education, health protection and the management of health services.
DATA TYPES AND PURPOSE OF THE PROCESSING
In the course of their regular operations, IT systems and software procedures in charge of the functioning of the present website acquire some personal data, their transmission being implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computer and terminals utilized by the users; URI/URL (Uniform Resource Identifier/Locator) notation addresses of the requested resources; the request time; the method utilized in the submission of the request to the server; the dimension of the file obtained in return; the numeric code signaling the status of the response by the server (ok, error, and so forth); and other parameters, related to the user’s operative system and IT environment.
Such data, necessary for the fruition of web services, are also treated with the purpose of:
- Obtaining statistical information on the utilization of the services (most visited pages, number of visitors by time slot or day of the week, geographic areas of provenience, and so forth);
- Controlling the correct functioning of the offered services.
Browsing data are kept for a maximum of 7 days and are immediately cancelled after their aggregation (except for necessities concerning criminal investigations by the judicial authority).
Data communicated by the user
The facultative, explicit and voluntary sending of messages to the contact addresses of the Institute, as well as the compilation and submission of modules present on the Institute website, imply the acquisition of the sender’s contact data, necessary to reply, in addition to personal data included in the communication.
Specific circulars will be published on the Institute website pages that are preset for the provision of particular services.
Cookies and other tracking systems
Cookies are not utilized for the profiling of users, nor other tracking methods are employed.
We do utilize session (non-persistent) cookies, their use being strictly limited to the operations necessary for a safe and efficient browsing. The memorization of session cookies on the terminals or browsers is under the user’s control; at the end of the HTTP session, servers maintain information related to cookies on the services’ logs, storing them only as long as strictly necessary, and in any case for a maximum of 7 days, samely as other browsing data.
The following subjects, appointed by the Controller as data processors, are recipients of the data gathered from the consultation of the aforementioned websites, according to article 28 of the Regulation:
- Lepida S.c.p.A. for what concerns the website www.ior.it and its connected websites, as provider of development and web platform maintenance services;
- Lepida S.c.p.A. for what concerns the website www.ior.it and its connected websites, as provider of development, supply and operative management services on the utilized technological platforms.
Data gathered from the consultation of the website are also treated by the Institute personnel, operating on the basis of specific instructions provided for what concerns the objectives and modalities of such treatment.
At any time, the citizen can exercise his/her right to request access to his/her personal data, the correction of incorrect data, the integration of incomplete data, according and limited to articles 15 and 16 of the Regulation. In addition, in the cases and for the reasons provided by law, and especially articles 18 and 21 of the Regulation, he/she can require limitations on the treatment of his/her data and can exercise his/her right to deny treatment.
Under gives premises, citizens also have the right to submit a complaint to the Authority for the protection of personal data, that is, the Authority in charge within the EU State Member in which he/she usually resides and works, that is, the location where the alleged violation took place, according to the procedures provided according to article 77 of the Regulation.