DISCLOSURE PURSUANT TO ARTICLE 13 OF 2016/679 EU REGULATION CONCERNING PERSONAL DATA PROCESSING
(GDPR-General Data Protection Regulation)
The notice herein has been drawn up by ENEA - Italian National Agency for New Technologies, Energy and Sustainable Economic Development, in accordance with art.13 of Regulation EU 2016/679 – General Data Protection Regulation, concerning processing of personal data submitted via the web site https://www.inmri.enea.it (hereinafter also “Site”).
This notice only concerns personal data regarding Users (the processed subjects concerned), which data has been collected via the Site. It does not concern other sites that may be accessed via links (such as is the case with links to social network pages).
1. DATA CONTROLLER. IDENTITY AND CONTACT DETAILS
The Data Controller is ENEA - Agenzia nazionale per le nuove tecnologie, l’energia e lo sviluppo economico sostenibile, with offices in Rome 00196, Lungotevere Thaon di Revel, 76. The Data Controller can be contacted by writing to the address above or by sending an e-mail message to the following certified electronic mail address: .
2. DATA PROTECTION OFFICER. CONTACT DETAILS
3. PURPOSE AND LEGAL BASIS OF PROCESSING
The personal data of the Users are processed for the following purposes:
- responding to requests made via the e-mail addresses on the web site;
- providing the services offered by Enea and requested by the User (i.e. access to training courses etc.);
- compliance with legal or administrative obligations.
4. NATURE OF DATA COLLECTION
Submission of personal data via the registration forms, and of correspondence transmitted to the e-mail addresses on the Site when requesting information, is facultative in nature. However, in the event of a failure to submit the requested data, ENEA shall not be able to provide the User with services that are from time to time requested.
5. TYPE OF DATA PROCESSED
5.1. Browsing data
The IT systems and applications designated for the operation of this Website detect, during the course of their ordinary operation, certain data – the transmission of which is implicit in the use of Internet communication protocols – not associated with directly identifiable users.
The data collected include IP addresses of computers used by Users connecting to the site, the URI – Uniform Resource Identifier – addresses of the resources requested, the time of the request, the method used to send the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (completed successfully, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
5.2. Data provided voluntarily by the user
Other personal data collected are those provided by the User when corresponding with the e-mail addresses indicated on the Site and when registering on the Site (Name, Surname, Username, password, e-mail address, Institution/Body).
The sending of personal, non mandatory data also by email on an optional, explicit and voluntary basis to the addresses indicated on this website means that the address of the sender is then acquired, this being necessary in order to respond to the request, together with any other personal data included in the message.
6. HOW DATA ARE PROCESSED AND DATA RETENTION PERIOD
The personal data are processed by electronic means in compliance with the provisions of art. 32 of GDPR 2016/679 and of other regulations, and in compliance with the specific Provisions of the Italian Data Protection Authority, regarding personal data and security measures.
The Data Controller must ensure that the personal data being processed:
- are processed lawfully, properly and transparently, vis-à-vis the subject concerned;
- are collected and recorded for specific, explicitly declared and lawful purposes, and are used during other processing operations in manners compatible with the said purposes, and in any case only to the extent that such processing becomes necessary for the aforesaid ends (in this regard, use of personal and identification data must be kept to a strictly necessary minimum);
- are precise and if necessary, updated;
- are pertinent and complete and fall within the purposes for which they were collected and subsequently processed;
- are archived in a form such as enables erasure and correction of the same (as well as subsequent notification to any addressees receiving the personal data which are the object of a request for modification or erasure), and that they are in a form such as enables restriction of or opposition to the processing in question;
- are stored in such a manner that identification of the subject concerned is enabled for a period of time of no greater duration than that required for the purposes for which the said data were collected and subsequently processed.
Specifically, the navigation data shall be stored for the duration of the navigation session on the Sites. On the other hand, the personal data submitted voluntarily by the User shall be stored for the period of time necessary for the purposes of responding to the said subject’s requests, for the period of time necessary for provision of services requested via the Site, and for the scheduled storage time period set forth by legal obligations or regulations.
The sending of emails to the addresses indicated on this Website means that the address of the sender is then acquired, this being necessary in order to respond to the request, together with any other personal data included in the message.
The personal data provided by the subjects concerned who transmit the said requests are used solely for the purpose of providing the services as foreseen, or of responding to such requests. The said data are transmitted to third parties only if this is necessary to further the said operations.
ENEA adopts the necessary security measures set forth in the GDPR in order to protect collected data, and rule out the risk of data loss or theft, of unauthorised access, and of unlawful use or misuse.
7. CATEGORIES OF RECIPIENTS
For the purposes set forth in art. 3, the personal data of the User may be submitted or made available to:
- employees of, and collaborators with, ENEA, in their capacities as officers authorised to process the data, in accordance with art. 29 GDPR;
- in the event, other outsourced service providers operating on behalf of the Data Controller (e.g. IT service providers and/or postal service providers), in their capacities as Data Processors;
- all subjects to whom authorisation to access the said data has been granted in accordance with regulations or the provisions of pertaining authorities, all natural persons and/or corporate bodies, public and/or private, when submission is necessary for, or conducive to, provision of the services requested via the Site, in the manners and for the ends set forth above.
Under no circumstances shall the personal data be transmitted, divulged, ceded or in any way transferred to third persons for unlawful purposes. In any case, a pertaining notice must to be issued to the subjects concerned, and the prior consent of the said subjects shall be obtained where required by law.
Transmission of data following requests received from the Courts or public security forces shall take place in the manners and in the circumstances legally provided for. Personal data shall not be transmitted abroad to Countries or International Organisations not based on the European Union, which countries or organisations are incapable of providing an adequate level of protection, as per art. 45 GDPR, in accordance with a decision regarding adequacy issued by the EU Commission. If required for provision of the Site’s services, transfer of personal data to non-EU Countries or International Organisations, in respect of which the Commission has issued no decision regarding adequacy as per art. 45 GDPR, shall take place only in the presence of adequate guarantees provided by the addressee Country or Organisation, as per art. 46 GDPR, on condition furthermore that the subjects concerned effectively enjoy rights to seek judicial remedy and to appeal.
In the absence of a decision regarding adequacy issued by the Commission, pursuant to art. 45 GDPR, or in the absence of adequate guarantees pursuant to art. 46 GDPR, including binding corporate rules, transfer abroad is conditional upon efficacy of one of the terms set forth in art. 49 GDPR.
8. RIGHTS OF THE DATA INDIVIDUALS
Articles 15-22 of the Regulation confer upon the subject concerned enjoyment of the rights to:
- request confirmation that the said subject’s personal data exist or do not exist (art. 15 par 1);
- obtain indications concerning the purposes of processing, the categories of the personal data, the subjects or the categories of subjects that have received or that shall receive the personal data, and, when possible, the storage time period (art.15 par.1 lett a, c);
- obtain the correction of incorrect personal data (articles 16 and 17);
- obtain a restriction of processing (art.18);
- obtain from the Data Controller information on the addressees to whom the personal data have been transmitted and, in the event, correction or erasure or restriction of processing (art. 19):
- obtain portability of the data, or receipt of the said data from a Data Controller, in a structured, commonly used, machine-readable format for transmission of the data without hindrance to another Data Controller (art. 20);
- oppose an automated decision-making process concerning natural persons, including profiling (art.21 and art. 22);
- if treatment is consequent to consent, revoke such consent at any time (art.7 par.3).
The subjects concerned are entitled to submit complaints to the controlling Authority in accordance with art. 77 of the Regulation, or are entitled to take legal action as appropriate.
9. EXERCISE OF RIGHTS
The rights set forth above may be exercised following a request to this end addressed to the Data Controller, to be sent by electronic mail to the address, . The request may be drawn up in the manner decided upon by the requesting subject and with no specific formalities applying. The said subject is entitled to receive a reply within a reasonable period of time, depending upon the pertaining circumstances.
The subject concerned may, in order to exercise his or her rights, enlist the assistance of bodies, organisations or non-profit making associations the aims of which are, as set forth on their charters, in the public interest, and which are active in the sector of protection of the rights and freedoms of the subjects concerned with respect to protection of personal data. The said subject may thus empower such bodies, organisations or associations accordingly. The subject concerned may also enlist the assistance of a trusted individual.
To obtain information on ones rights, or to issue a complaint or provide information or appeal, and also to be fully updated at all times on the regulations governing protection of persons in respect of personal data processing, the subjects concerned may address their concerns to the Data Protection Authority, or may visit the following web site: https://www.garanteprivacy.it/web/guest/home_en
10.1. What is a cookie? What do cookies do?
Cookies are small files that are sent to the browser and that are saved on the user’s device when he or she accesses and uses the web site, https://www.inmri.enea.it (hereinafter also “Site”). Cookies enable efficient functioning and enhanced performance of the Site, also by means of collection and analysis of information in aggregate form, this enabling the manager of the Site to evaluate possibilities for improving the structure of the Site and its sections. By means of cookies, it is also possible to collect information for statistical purposes, mainly with a view to personalizing user navigation experiences by recording their preferences (e.g. language, currency etc.).
10.2. Which cookies do we use?
Technical cookies may be classed on the one hand as navigation or session cookies, which ensure normal Site navigation and use (enabling for example, coordination of the forms making up the site pages or correlation of the pages visited during a given working session). On the other hand, they may be classed as analytic cookies, which may be considered equivalent to technical cookies only if used for the purpose of optimizing the Site directly by the Site manager (termed first party cookies), which cookies can collect information in aggregate form on the number of users and the manner in which they visited the Site (e.g. in order to produce statistical data on the pages most frequently visited, or in order to collect aggregate data on visits by operating system, by browser etc.).
The use of session cookies is strictly limited to the transmission of session identifiers (made up of server-generated random numbers) and of data related to the software use necessary to allow for the safe and efficient browsing of the Website: the session variables (so-called cookies) may avoid recourse being made to IT techniques that may adversely affect the confidentiality of the user's browsing experience and do not allow us to acquire personal data that identify the user. The session cookies are not stored for any considerable length of time on the user’s device. They are registered locally for lengths of time set as a function of session variables (the values of which, stored on the fixed disk, can in any case be erased; it is furthermore possible to disable the cookies by following the indications provided by the major browsers).
The session cookies installed by Enea are:
Third party cookies
Third party cookies are set up by a web site that is not the web site that the user is visiting. They reside on servers other than that of the site visited. Use of the data collected by these external operators by means of their cookies is therefore governed by those respective privacy policies.
For further information on the manners of use and the types of cookies used by Google, and management of the cookies on the user’s browser, the reader may examine Google’s policy regarding cookies via the following link https://policies.google.com/technologies/cookies?hl=en&gl=en.
While navigating on this web site, users may also receive on their devices cookies sent for the purposes of direct interaction with social network platforms.
The Site includes Facebook, Twitter and Instagram buttons and widgets.
The proprietor of the Site cannot access the data collected by these means, which is processed in a fully autonomous manner by the managers of the said social network platforms.
For further information on the manners of processing data collected by social networks, please examine the notices concerning privacy issued by the providers of these services.
10.3. How can I disable cookies?
Most browsers are configured to accept, check or in the event disable cookies via the settings. Please note that disabling technical cookies even in part may compromise the functioning of the Site and/or limit the Site’s functionalities.
Conversely, disabling third party cookies shall not adversely affect navigability in any way.
The links below provide access to the directions issued by major navigation browsers for managing cookie installation settings: