Information on the processing of personal data

This page describes how this site is managed with regard to the processing of personal data of users who consult them. This information is provided in accordance with the current legislation on personal data for users who interact with the services of this site within the framework of the EU Regulation 2016/679. The information is given only for this site and not also for other websites that may be consulted by the user through our links.

The "owner" of the treatment
Following consultation of the site, data related to identified or identifiable persons may be processed. The "owner" of their processing is the association Comitato Tutela Devero ODV - Via Canuto 12 - 28845 Domodossola

Place of data processing
Processing related to web services is handled only by internal or external technical personnel in charge of processing and authorized to perform this function, or by any persons in charge of occasional maintenance operations. No data from the web service is communicated or disseminated.

Purpose of processing and legal basis for processing
Personal data provided by users who submit requests or intend to join the Committee's proposals as well as to receive further specific content are used primarily for the purpose of responding to such requests or memberships and are disclosed to third parties only if necessary for this purpose. The legal basis for these processing operations is the need to respond to requests from data subjects or execute activities stipulated in the agreements defined with data subjects. By executing the activity for which the data subject has filled out the forms prepared by the Data Controller, the data may be used for institutional communication activities related to the initiatives organized by the data controller. Legal basis for this processing is the consent freely expressed by the interested party. Outside these hypotheses, users' browsing data are kept for the time strictly necessary for the management of processing activities within the limits provided by law.

Types of data processed
Navigation data
The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its proper functioning and are deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Data voluntarily provided by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the site involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.

A cookie is defined as a textual element that is placed on a computer's hard drive only upon authorization. Cookies have the function of streamlining web traffic analysis or signaling when a specific site is visited and allow web applications to send information to individual users. No personal user data is acquired by the site in this regard. No use is made of cookies to transmit information of a personal nature, nor are so-called persistent cookies of any kind, i.e. systems for tracking users, used. The use of c.d. session cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable the safe and efficient exploration of the site. The c.d. session cookies used in the site avoid the use of other computer techniques potentially prejudicial to the confidentiality of user navigation and do not allow the acquisition of personal identification data of the user.

Optional provision of data
Apart from what is specified for navigation data, the user is free to provide personal data to request the services offered by the Owner. Failure to provide them may result in the impossibility of obtaining what has been requested.

Method of processing and data retention time
Personal data are processed by automated means for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. The data are kept for the time strictly necessary for the pursuit of the purposes indicated in this policy and will be deleted at the end of this period, unless the data must be kept for legal obligations or to enforce a right in court.

Rights of data subjects
To the extent and under the conditions prescribed by law, the owner is obliged to respond to requests from the data subject regarding personal data concerning him or her.
Specifically, according to current regulations:
1. The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organizations; when possible, the period for which the personal data are to be retained or, if this is not possible, the criteria used to determine that period the existence of the data subject's right to request from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing; the right to lodge a complaint with a supervisory authority; if the data are not collected from the data subject, all available information about their origin; the existence of automated decision making, including profiling
2. The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration.
3. The data subject shall have the right to obtain from the data controller the erasure of personal data concerning him/her without undue delay, and the data controller shall be obliged to erase personal data without undue delay within the limits and in the cases provided for by current legislation. The data controller shall notify each of the recipients to whom the personal data have been transmitted of any rectification or erasure or limitation of processing within the limits and in the forms provided for by current legislation.
4. The data subject has the right to obtain from the data controller the restriction of processing.
5. The data subject has the right to receive in a structured, commonly used and machine-readable format personal data concerning him or her that have been provided to a data controller and has the right to transmit such data to another data controller without hindrance from the data controller to whom he or she has provided them.

In order to exercise the rights listed above, the data subject should submit a request using the following contact points through which the Data Protection Officer can also be contacted. Requests should be addressed to the Data Controller at the following address Comitato Tutela Devero ODV - Via Canuto 12- 28845 Domodossola through which the Data Protection Officer designated by the Data Controller, if any, may be contacted. This version of the information on the processing of personal data was updated on August 15, 2022.