PRIVACY POLICY
This Privacy Policy is provided in accordance to the art. 13 from the European Regulation 679/2016 (GDPR) to those who connect to the website: www.comune.assisi.pg.it in order to acces or use its services.
This policy also applies to the following websites:
suape.regione.umbria.it/assisi
This policy only applies to the website listed above and does not apply to other websites which can be found outside the portal and eventually accessible by link.
While browsing the website mentioned above it is possible that users’ personal data may
be processed.
Policies referring to specific events:
Informativa sull’iniziativa Privacy Policy for the event “Assisi 2020 un patto per la rinascita” (.pdf format)
WhistleBlowing service (.pdf format)
1) Data Controller
Data Controller processing personal data through its website is Comune di Assisi, located in piazza del Comune 10; e-mail [email protected]; P.E.C. [email protected]
The Comune di Assisi nominated a Data Protection Officer (DPO) which can be reached by email at [email protected]
2) Definitions
Given as a factuality the full reference to the definitions contained in the art. 4 GDPR, in order to understand the following information, one has to intend as:
Processing personal data: any operation or set of operations performed with or without the aid of automated processes and applied to personal data or set of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication through transmission,
dissemination or any other form of making available, disclosure, interlinking, limitation, deletion and destruction;
Personal Data: any information concerning a phisical person identified or identifiable (“the person concerned”); it is intended as an identifiable person the physical person who can be identified, directly or indirectly, with particular reference to some identification data as name, identification number, data concerning the location, some online identification data or one or more elements that can identifier of its physical identity, physiological identity, its genetics, psychological status, economic, cultural and social status.
Special categories of Data: personal data concerning and showing ethnic or racial origins, political opinions, religious believes or trade union membership as well asì generic data, biometric data aimed for the unequivocal identification of a physical person, data concerning the health and sexual orientation of a person.
Anonimous Data: that data which originally, or as a result of data processing, can not be associated to some identified or identifiable subject;
Data Subject: the physical person to which personal data are referred;
Data Controller: the physical person or the juridical person, public authority, service or other agency that, by itself or together with someone else, determines the purposes and means of processing personal data, including the security profile;
Data Processor: the physical or legal person, public authority, department or other organism processing personal data on behalf of the controller;
Authorized Subject: the physical person authorised by the controller, or the Data Processor to carry out processing operations;
Here are listed all the useful contacts, for further information:
Normative regulation (EU) 2016/679
European Data Protection Supervisor (EDPS)
3) Principles of Data Processing
The processing of personal data will apply the principles of lawfulness, fairness and transparency. Personal data will be collected for specific, explicit and legitimate purposes (purpose limitation) and will be appropriate, relevant and limited to the purposes for which data are processed (minimisation of the data). They will always be up-to-date and accurate and kept for no longer than necessary for the prosecution of the purposes of the Data Controller (limitation of storage), after which they will be deleted. Finally, they will be treated by taking all the appropriate security measures to ensure the integrity and non-accessibility by unauthorised third parties (integrity and confidentiality).
4) Nature of the data processed.
a) Navigation data
After the consultation of this site, may be processed data related to identified or identifiable persons.
The computer systems and software procedures used to operate this domain, acquire during their normal operation, certain personal data whose transmission is implicit in the use of internet communication protocols. This is an information that is collected not to be associated with identified data subjects, but because of their very nature could, through processing and associations with data held by third parties, enable users identification.
This data category includes IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) of the resources
requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response given by the server (good
purpose, error, etc. ) and other parameters related to the operating system and computer environment of the user.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its proper functioning and are deleted immediately after processing.
The data may be used to establish liability in
Case of hypothetical computer crimes in damage to the site.
b) Data provided by the user
The voluntary, explicit and voluntary sending of electronic mail to the addresses indicated in the different accesses to the site and filling in the data collection forms or registration to the Municipality’s institutional newsletter will be followed by the acquisition of the address of the user, necessary to respond to his requests, as well as any other personal data included in the letter.
In this case, the data acquired will be processed exclusively to respond to requests from users.
In order to better contextualize the question users can be contacted by email, by telephone or other means of communication from a local authority operator.
Where necessary, specific summary information will be provided or displayed on the site pages prepared for particular services on request.
c) Cookies
Please refer to the specific Cookies Policy published on the site for all information necessary on the type and mode of operation of cookies and other services and active features on the website.
5) Purpose and legal basis.
Personal data will be processed depending on the services offered by the Municipality of Assisi through its own portal, exclusively for the purposes falling within its institutional and public interest or for the fulfilment of requirements laid down by law or regulation.
Within these purposes, the data processing also concerns data necessary for the management of relations with the City of Assisi, as well as to allow effective institutional communication and to comply with any legal obligations of regulation and/ or contractual.
The legal basis for this processing is constituted by the law and the regulations attributing the relevant functions of the Municipality.
In the case of subscription to the newsletter of the Municipality for institutional communications or sending its own requests for information, the legal basis of the
processing is the exercise of the institutional tasks of the Municipality and the consent of the user.
Regarding the provision of personal data to process requests submitted to the Municipality and to receive the institutional newsletter, it is not mandatory but is necessary and indispensable for the issuance of what is required and also to perform all the duties that are attributed to the holder by law and regulations.
6) Data processing methods.
In relation to the purposes indicated, the data are subject to computer and paper processing. The logic of the processing is closely related to the purposes described above and personal data will be subject to electronic and manual processing.
The processing of data takes place for the time strictly necessary to achieve the purposes of the Municipality, including through the use of automated tools observing security measures aimed at preventing the loss of data, illegal or incorrect uses and access not authorized.
7). Recipients of data.
The personal data provided are processed by the controller’s employees specifically authorised for this purpose and by third parties that provide specific processing services or carry out related activities, instrumental or support to those that are the object of the functions of the Municipality, with which specific contracts for appointment as data
controller are concluded, pursuant to art. 28 GDPR.
The personal data of the interested parties may be communicated to third parties, private companies and public bodies that have relations with the holder in the context of its
institutional functions.
The updated list of data processors is available at the Human Resources Office of the Municipality.
8). Retention periods for personal data.
The data processed for the above purposes will be deleted as soon as they are no longer necessary, subject to the retention obligations provided by law for the purpose
administrative-accounting and for documentary or archival reasons of the municipal administration.
9). Transfer of personal data abroad.
The data subject of the processing reside in servers located in the Italian territory. In any case, in the event of their transfer outside the European Union, so that they are there servers of some service providers, the owner will adopt all appropriate guarantees required by the GDPR in order to protect the personal data of the data subjects.
10). Rights of information and access.
Articles 15 to 22 of the GDPR grant data subjects the exercise of specific rights.
Art. 15 gives the data subject the right to access their personal data and to obtain a copy of it.
The right to obtain a copy of data must not infringe on the rights and freedoms of others. With the request for access, the data subject has the right to obtain confirmation from the municipality whether or not processing of his personal data is taking place and to know the purposes and categories of data processed, the third parties and data controllers to whom the data are communicated and if the data is transferred to a country outside Europe with adequate guarantees. The data subject also has the right to know the retention period of his or her personal data.
11). Other rights.
With respect to your personal data, the interested party has the right to request the correction of inaccurate data and the integration of incomplete data, the deletion (right to
be forgotten) under the conditions indicated by art. 17, GDPR, the limitation of processing, data portability and the right to object, for reasons related to your particular situation, to an automated process.
The rights can be exercised by e-mail to the address of the holder [email protected], or by regular mail to the address of its headquarters in Piazza del Comune, 10.
The data controller may need to identify the data subject by requesting a copy of his or her identity document.
An answer will be provided without delay and in any case within one month of the request.
12). Complaint to a supervisory authority.
If you believe that the processing of your personal data is contrary to provisions of the GDPR has the right to submit a complaint to the Data Protection Authority based in
Rome, pursuant to art. 77, GDPR, as well as appeal to the Judicial Authority.
