Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

For users who visit the website: www.comune.carbonia.su.it Pursuant to article 13 of Regulation (EU) 2016/679 “GDPR”.

The Municipality of Carbonia, in compliance with the principles of Regulation (EU) no. 2016/679 “GDPR” on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) and the provisions of the “Privacy Code” referred to in Legislative Decree no. 196/2003 (as amended by Legislative Decree no. 101 of 10 August 2018), offers users the opportunity to interact with its portal to consult or use the related services accessible from the above address which corresponds to the home page (ie the “Homepage”) of the institutional website of the Municipality of Carbonia.

It is noted that the information below on the processing of personal data may be modified from time to time following the introduction of new services or the entry into force of new legislation, so it is advisable to visit this page periodically to benefit from up-to-date information.

This page describes how the site is managed with regard to the processing of personal data of users who consult it. The information is provided only for the website of the Municipality of “Carbonia” and not for other websites, pages or online services that can be consulted by the user via hypertext links that may be published on the site but refer to resources outside the scope of the owner.

The information is also based on Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (the so-called Privacy and Electronic Communications Directive).

DATA CONTROLLER

The “Data Controller” is the Municipality of Carbonia, with registered office in Carbonia, Piazza Roma n.1, CAP 09013 , CF 81001610922, P. IVA 01514170925, Tel:07816941, in the person of the Mayor as its legal representative pro tempore.

If the interested party wishes to receive further information on the personal data made available to him, he can contact the Data Controller by telephone or send a request by post or registered letter to the above address or, alternatively, send a communication to the following addresses:

E-mail: comcarbonia@comune.carbonia.ca.it

PEC: comcarbonia@pec.comcarbonia.org

Further information on the policy on processing and protection of personal data adopted by the Municipality can be found on the Municipality’s website.

DATA PROTECTION OFFICER (RPD OR DPO)

The appointed Data Protection Officer (DPO) (for further details on the appointment and duties, see Articles 37-39 “GDPR”) can be contacted at the following addresses:

Email: privacy@comune.it

PEC: privacy@pec.comune.it

The full contact details of the Data Protection Officer can be found in the “Transparent Management” section on the Municipality of Carbonia website.

PURPOSE OF THE PROCESSING AND LEGAL BASIS FOR THE PROCESSING

The personal data will be processed in connection with the services offered by the Municipality of Carbonia through its portal, exclusively for the performance of tasks carried out in the public interest or related to the exercise of official authority vested in the Data Controller (Article 6, paragraph 1, letter e, “GDPR”), as well as for the fulfillment of obligations provided for by laws or regulations to which the Data Controller is subject (Article 6, paragraph 1, letter c, “GDPR”).

RECIPIENTS OF PERSONAL DATA

The data provided will under no circumstances be disclosed or transmitted to third parties, with the exception of subjects whose right to access the data is recognized by law or administrative orders, as well as to subjects external to the institution, appointed by a specific written document as “data processors” pursuant to art. 28 “GDPR” that the Data Controller uses to carry out activities necessary and/or auxiliary to the services offered through the institutional website.

PLACE AND METHOD OF PROCESSING

The processing of data related to the website’s web services takes place mainly at the Municipality of Carbonia and possibly in collaboration with other subjects specifically appointed as “data processors” pursuant to article 28 “GDPR”.

The data will be processed only for the time strictly necessary to achieve the intended purposes, respecting security measures to prevent data loss, illicit or incorrect use and unauthorized access.

The data will be processed exclusively by expressly designated/authorized personnel pursuant to art. 29 and 32, paragraph 4, “GDP” and art. 2-quaterdecies of Legislative Decree. 196/2003, in compliance with the principles of art. 5 “GDPR” and in particular in compliance with the principles of lawfulness, correctness, transparency, accuracy, integrity, confidentiality, minimization in relation to the purposes of collection and subsequent processing.

The personal data processed are not subject to automated decision-making, including profiling.

The personal data provided by users who register on the website of the Municipality of Carbonia or use its services may be used for other processing compatible with the purpose of the collection, such as sending communications to institutions and public bodies by e-mail.

TYPE AND NATURE OF THE DATA PROCESSED

Navigation data

Access to the site requires the registration of data solely to ensure the correct functioning of the site.

Among the data collected are the IP addresses and/or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) ​​notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the user’s computer environment.

These data are not collected to be associated with identified subjects but, by their nature, could allow users to be identified through processing and association with data held by third parties, in particular when it is necessary to ascertain liability in the event of hypothetical computer crimes detrimental to the site.

Data provided by the user

The optional, explicit and voluntary sending of electronic mail to the addresses indicated in the various access channels to the website and the completion of the formats (masks) entail the acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

In this case, the Data collected are processed solely to respond to Users’ requests, for example those concerning the use of a service, problems connecting to the Site, problems navigating the Site, problems accessing the Site’s services or problems accessing their account.

In order to better contextualize the Application, Users may be contacted by email, by PEC, by telephone or by other communication systems by an operator designated by the Administration.

Specific summary information is provided or displayed on the pages of the Site dedicated to specific services, upon request.

Cookies and other tracking systems

No cookies are used to create user profiles.

Instead, session cookies (non-persistent cookies) are used, strictly limited to what is necessary for safe and efficient navigation on the Sites. The storage of session cookies in terminals or browsers is under the control of the user, while on the servers, at the end of HTTP sessions, information related to the cookies remains stored in the service logs, with retention times specific to each third party. The data that can be acquired through cookies and the ways in which they are managed are detailed in the “Cookie Policy” document.

TYPES OF CONTRIBUTION

Apart from the data provided for browsing, the user is free to provide the personal data indicated as optional in the request forms or, in any case, indicated during contacts with the Municipality of Carbonia to send communications or documentation.

Failure to provide the data necessary to provide the service may result in the user not receiving what he requested.

RETENTION PERIOD

The data provided will be processed exclusively for the requested service or for the duration of the procedure, unless archiving is required. In this case, they will be kept in accordance with the rules on the retention of administrative documents.

DATA TRANSFER ABROAD

The data will not be transferred to third countries or international organizations.

However, should the Controller decide to transfer personal data of data subjects to third countries or international organizations, he will comply with the following alternative conditions, subject to the updating of this notice (see Article 13 paragraph 1 letter f “GDPR”):

the existence of an ‘adequacy decision’ by the Commission pursuant to Article 45 GDPR guaranteeing a level of data protection essentially equivalent to that guaranteed in the Union; the third country or international organisation has provided appropriate safeguards to protect the data subject (standard clauses, codes of conduct and certifications pursuant to Article 46(2) GDPR) and the data subject has enforceable rights through effective legal remedies; the processing falls under one of the cases covered by the specific exceptions under Art. 49 GDPR (e.g. consent of the data subject, performance of a contract with the data subject, performance of a contract for the benefit of the data subject, important reasons of public interest, exercise or defence of a right before a court, data from a public register, etc.).

RIGHTS OF THE DATA SUBJECT

Please note that the data subject (i.e. the “identified or identifiable natural person” to whom the personal data refer, pursuant to Article 4(1) GDPR) may at any time exercise the following rights:

the right of access to his/her own personal data pursuant to Article 15 of the General Data Protection Regulation;

the right to rectification of his/her own personal data pursuant to Article 16 GDPR, provided that this does not conflict with applicable legislation on data retention;

the right to erasure (“right to be forgotten”) of his/her own personal data (ex-Article 17 “GDPR”), provided that the latter does not conflict with applicable legislation on data retention;

right to restriction of processing (ex-Article 18 “GDPR”);

right to object to the processing of personal data concerning him/her (ex Art. 21 “GDPR”).

All the above rights, the content of which is established in the aforementioned legislative articles, can be exercised by submitting a request to the Data Controller, also through the appointed Data Protection Officer (DPO) at the addresses indicated above.

Should the Data Controller decide to outsource the processing and appoint a data processor, he will ensure, through precise instructions and an agreement pursuant to art. 28 “GDPR”, that the latter is able to carry out his tasks in such a way that the Data Controller does not have difficulty in pursuing the exercise of the rights in question within the time frame established by the “GDPR”.

The exercise of the aforementioned rights can be carried out pursuant to art. 2 subsections of Legislative Decree. 196/2003 (“Limitations on the rights of the data subject”).

The form for exercising the rights is available on the website of the Data Protection Authority.

RIGHT TO LODGE A COMPLAINT TO THE SUPERVISORY AUTHORITY

Without prejudice to any other administrative or judicial remedy, a data subject who considers that the processing of personal data concerning him or her through this website infringes the provisions of Regulation (EU) 2016/679 “GDPR” has the right to lodge a complaint with a supervisory authority in the Member State in which he or she habitually resides, works or in which the alleged infringement occurred.

More information and a complaint form are available on the website of the Data Protection Authority.