Privacy

INFORMATION NOTICE – PRIVACY POLICY pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

This document describes the management methods of the website www.trovastrutture.agenas.it (hereinafter referred to as the “site”) with regard to the processing of personal data of users who visit it. This is a general document that provides information on the criteria for the proper processing of personal data carried out on or through the site. The information regarding the individual services available to users, drafted pursuant to Article 13 of the General Regulation (EU) 679/2016 on the protection of personal data and the free movement of personal data (hereinafter the “Regulation”), can be consulted on the website in the specific sections and obtained from the data controller’s offices.

This information is provided pursuant to Article 13 of the Regulation to those who interact with the website’s web services and does not include data processing performed on other websites that may be accessed by the user via links on the website. Users are encouraged to read this information carefully before submitting any personal information.

The owner of the personal data processing

Following consultation of this site, data relating to identified or identifiable individuals (data subjects pursuant to the Regulation, hereinafter referred to as “user”) may be processed. The data controller is the National Agency for Regional Health Services – AGE.NA.S (hereinafter, for brevity, also referred to as “AGE.NA.S” or “controller”). As of today, all information regarding the controller, along with an updated list of any designated data processors and system administrators, is available at the AGE.NA.S. headquarters, at Via Puglie n. 23 – 00187 Rome, email info@agenas.it – certified email (PEC) agenas@pec.agenas.it

Purpose, lawfulness of processing, types of data and criteria used to determine the retention period of personal data

Browsing data

Browsing the site involves the acquisition of some personal data, the transmission of which is implicit in the use of Internet communication protocols (browsing data). This information is not collected to be associated with identified users, but by its very nature, it could, through processing and association with data held by third parties, allow users to be identified. This category of data includes Internet Protocol (IP) addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) ​​addresses of requested resources, the time of the request, the method used to submit the request to the server hosting the site or managing the requested services, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.

The purposes for which the user’s personal data is processed are listed below:

• • use of the site;

• • any statistics on the use of the service (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);

• • any checks on the correct functioning of the services offered.

All personal data of the user are processed by the data controller to perform a task carried out in the public interest or in connection with the exercise of official authority (Article 6.1 letter e) of the Regulation).

The user’s personal browsing data is retained for the period necessary to achieve the purposes for which it is collected and in any case no longer than twelve months, without prejudice to the time required to satisfy requests received from the Judicial Authority for the purposes of defense and/or state security and/or the prevention, detection, or suppression of crimes or to satisfy requests received from the Italian Data Protection Authority.

Contact section

The personal data provided by users who send requests to the contacts listed in the relevant section will be used solely to respond to requests. The optional, explicit, and voluntary sending of emails to the addresses listed on the site, by its very nature, entails the subsequent acquisition of the sender’s email address, necessary to respond to requests, as well as any other personal data included in the message.

The lawfulness of processing personal data is based on the need to perform a contract to which the user is a party or to take steps at the user’s request prior to entering into a contract (Article 6.1, letter b) of the Regulation), or to perform a task carried out in the public interest or in the exercise of official authority (Article 6.1, letter e) of the Regulation), which consists in responding to requests received.

The user’s personal data is retained for the time necessary to respond to the user and, in any case, for a period no longer than necessary to manage any appeals and/or disputes. Failure to provide personal data will make it impossible for the Data Controller to respond to the user.

Methods of processing personal data

The processing of the user’s personal data takes place at the data controller’s headquarters, or, if necessary, at the headquarters of any data processors identified and designated pursuant to Article 28 of the Regulation, or at the offices indicated in the “Communication and dissemination of personal data” section. Personal data is processed using automated tools. Specific security measures are implemented to prevent loss, illicit and/or incorrect use, and unauthorized access to data. Personal data is processed only to the extent strictly necessary to perform the functions for which the service is requested. Processing is excluded when the intended purposes can be achieved using anonymous data or methods that allow the user to be identified only when necessary.

Communication and dissemination of personal data

Personal data may, if necessary, be disclosed (this term means disclosing it to one or more specific parties) to those whose right to access the data is recognized by national and European Union laws, as well as to the data controller’s employees/collaborators, as part of their respective duties and/or any contractual obligations (including data processors, identified and appointed pursuant to the Regulation). Personal data will not be disseminated under any circumstances, this term meaning disclosing it in any way to an unspecified number of parties.

Social network plugins

The site also incorporates social media plugins and/or buttons to allow easy sharing of content on the user’s favorite social networks. These plugins are programmed to not set any cookies when accessing the page, to protect the user’s privacy. Cookies are set, if required by the social networks, only when the user actually and voluntarily uses the plugin. Please note that if the user logs in to a social network using their login credentials, they have already consented to the use of cookies when registering. The collection and use of information obtained through the plugins are governed by the respective privacy policies of the social networks, to which we encourage you to refer.

Changes to the information

The data controller reserves the right to make changes to this policy at any time by notifying the user on this page. Therefore, users are encouraged to check this page frequently for updates.

Data Protection Officer (DPO) / Responsabile della Protezione dei dati (RPD) Il Data Protection Officer/The Data Protection Officer identified by the organization is the following individual:

Rights of the interested party (user)

Please be advised that you may exercise the following rights at any time:

• • the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided;

• • right to obtain access to your personal data;

• • right to obtain the rectification of your personal data where this does not conflict with the current legislation on data retention;

• • right to obtain the erasure of your personal data where this does not conflict with current legislation on data retention;

• • right to obtain restriction of processing of your personal data;

• • right to object at any time, for reasons relating to your particular situation, to the processing of your personal data.

The user may exercise the above rights by submitting an informal request to the data controller or by contacting the Data Protection Officer. The data subject may exercise the above rights by submitting an informal request to the data controller by hand delivery, postal mail, registered letter, fax, or email to the following address: responsabileprotezionedati@agenas.it.

To facilitate the exercise of these rights, the Italian Data Protection Authority has prepared a specific form that can be downloaded from the website www.garanteprivacy.it.

Right to lodge a complaint

The user has the right to lodge a complaint with a supervisory authority (in particular the Italian Data Protection Authority www.garanteprivacy.it).

Cookie

The specific information describing the use of cookies by the site is available and can be consulted in the document “Cookie policy”.