Main container

Privacy


INFORMATION ABOUT PROCESSING OF PERSONAL DATA THROUGH COOKIES AND OTHER WEB TECHNOLOGIES 

(Art. 13 of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016)

Pursuant to the General Data Protection Regulation, (hereinafter the "GDPR"), this document describes the methods for processing personal data and the management of cookies resulting from the consultation of the website of the Rizzoli Institute (hereinafter the “Institute") and connected websites (e.g. Rizzoli-Sicilia Department), accessible by electronic means at the following address: www.ior.it.
The website consultation implies the processing of data relating to natural persons (identified or identifiable). This information does not concern other sites, pages or online services that can be reached through hypertext links - referring to resources outside the Institute's domain - that may be published on the sites.

PURPOSE AND LEGAL BASIS OF DATA PROCESSING

Personal data are processed by the Institute in the performance of tasks of public interest or otherwise connected with the exercise of its public powers, including the task of informing, disseminating and promoting health education, health protection and health service management.

TYPES OF DATA PROCESSED AND PURPOSE OF PROCESSING
Navigation data

The website computer systems and software procedures acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes: the IP addresses or domain names of users’ computers and terminals, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to user's operating system and computing environment.
These data, necessary for the use of web services, are also processed for the purpose of obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.) and checking the correct functioning of the services offered.
Browsing data do not persist for more than a few hours for those collected with technical session cookies, up to a maximum of 7 days for those collected with other technical cookies necessary to provide the functions of the site itself, such as those used to hide the warning of the use of cookies (except in the case of any need to ascertain criminal offences by the judicial authorities).

Data communicated by users

The optional, explicit and voluntary sending of messages to the Institute's contact addresses, as well as the completion and forwarding of the forms on the Institute's website, entail the acquisition of senders' contact data, necessary for replying, as well as all the personal data included in the communications.
Specific information will be published on the web pages of the Institute's website set up for the provision of certain services.

Cookies and other tracking systems

No cookies are used for user profiling and no other tracking methods are employed.
Instead, technical cookies, such as session (non-persistent) cookies, are used strictly limited to what is necessary for the safe and efficient navigation of the IOR websites. The storage of technical cookies in the terminals or browsers is under users’ control, where on the servers, at the end of HTTP sessions, information relating to the cookies remains recorded in the logs of the services and stored for the time strictly necessary, with retention times as stated above.

Third-party cookies

These cookies are set by domains other than the one indicated in the browser address bar, i.e. by organisations that do not correspond to the owners of websites.
Cookies used, for example, to collect information for advertising and content customisation purposes, as well as to process web statistics, may be "third-party cookies".
Third-party cookies allow for more comprehensive surveys of users' browsing habits. They are believed to be more sensitive from an integrity perspective. For this reason, most web browsers allow you to change the settings so that such cookies are not accepted.
Below is a list of the services used on our site that set third-party cookies:

OpenStreetMap Widget is a map display and geolocation service provided by the OpenStreetMap Foundation integrated within the pages of the site. It uses "cookies" through which it collects personal user data that is transmitted to, and stored on, the OpenStreetMap Foundation's servers (London). If you refuse the use of cookies by selecting the appropriate setting on your browser, you may not be able to use certain features of this website. For more information on the use of Personal Data by the OpenStreetMap Foundation please see the following link: https://wiki.osmfoundation.org/wiki/Privacy_Policy
Social Widgets/Buttons Services that allow users to interact with social networks directly within other websites:
Facebook social buttons/widgets (Facebook) Service operated by Facebook Inc. a company that is certified under the EU-U.S. Privacy Shield Framework, ensuring that Personal Data is processed in line with European security standards. The service enables the User to interact with the social network via this website. Facebook, thanks to the User's click, acquires data relating to the User's visit to the Site. 

Facebook does not share any information or data in its possession with the Site or the Data Controller. For more information on the use of Personal Data by Facebook Inc. please see the following link: www.facebook.com/privacy/explanation.php
Twitter social buttons/widgets (Twitter) Service managed by Twitter, a company that adheres to the Safe Harbor Privacy Policy Framework initiative, guaranteeing the processing of Personal Data in line with European security standards. The service allows the User to interact with the social network through this website. Twitter, thanks to the User's click, acquires data relating to the User's visit on the Website. Twitter does not share any information or data in its possession with the Site or the Data Controller. For further information on the use of Personal Data by Twitter, please consult the following link: http://twitter.com/privacy.

RECIPIENTS OF DATA

Personal data collected as a result of consultation of the institutional website are processed by the staff of the Rizzoli Orthopaedic Institute, who act on the basis of specific instructions provided with regard to the purposes and methods of processing. They may also be communicated to the following entity designated as Data Processor pursuant to Article 28 of the GDPR: Almaviva S.p.A., as provider of web platform development and maintenance services.

RIGHTS OF THE DATA SUBJECT

You may at any time exercise your right to request access to your personal data, rectification of inaccurate data, integration of incomplete data, pursuant to and within the limits of Articles 15 and 16 of the GDPR. Furthermore, in the cases and for the reasons laid down by law, in particular in Articles 18 and 21 of the GDPR, you may request the restriction of the processing of your data and you may exercise your right to object to the processing.
If the conditions are met, you also have the right to lodge a complaint with the Data Protection Authority or with the supervisory authority of the EU Member State in which you habitually reside or work or in the place where the alleged infringement occurred, in accordance with the procedures provided for in Article 77 of the GDPR.

CONTACT DETAILS

The Data Controller is the Rizzoli Orthopaedic Institute with headquarters in Bologna, Via di Barbiano n.1/10, telephone 051.6366704, PEC direzione.generale@pec.ior.it

The Data Protection Officer (DPO), based in Bologna c/o University Hospital Sant'Orsola-Malpighi, can be contacted at the e-mail address dpo@aosp.bo.it PEC dpo@pec.aosp.bo.it