Information note on the processing of personal data


1. Why this information note

Pursuant to EU Regulation 2016/679 (Regulations below) and Legislative Decree 30 June 2003, n. 196 and s.m.i, this information describes how to process the personal data of users who consult the web pages and use any services at

It is aimed at those who interact with the site listed above and not with others, eventually reached via links there, but referring to external resources.

2. The Data Controller

3. The Data Protection Officer

The Data Protection Manager can be reached at the e-mail address:

4. The processing of personal data via the web

The personal data indicated on this page are processed by the INFN for the achievement of its institutional purposes, including that of promoting and providing for scientific training and dissemination of culture in the institutional sectors, always in the execution of its public-interest tasks o connected with the exercise of public authority.

Treatment refers to all operations or complex operations concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.

The data processed through the use of the Institute's web pages are of the types specified below.

5. Types of data processed

5.1 Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category includes: the user's IP addresses, the type of browser used, the addresses of the websites from which they were accessed, the pages visited on the site, the access time, the code numeric indicating the status of the response given by the server and other parameters related to the operating system and the user's computer environment.

These data, necessary for the use of web services, are used to obtain anonymous statistical information on the use of the site and to check its correct functioning. The same could be used to ascertain responsibility in case of computer crimes or acts of damage to the site.

Save this eventuality, they are not kept beyond the time necessary to perform the checks to ensure the security of the system, equal to a maximum of 7 days.

5.2. Data communicated by the user

These are all personal data provided by the user while browsing the site, for example by registering, accessing a reserved area or a service.

The treatments put in place for these purposes are carried out with the specific consent provided by the user and the data are kept only for the duration of the requested activity. Specific information can be published for the provision of certain activities.

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.

It is excluded the processing of sensitive or judicial data that, if supplied by the user, will be deleted.

5.3 Cookies and widgets used

This site does not use cookies for user profiling. nor are other tracking methods used.

5.3.1 Session cookies

This site uses session cookies, necessary for the proper functioning of the same and to manage authentication to online services, intranets and restricted areas. The use of these cookies, which are not stored permanently on the user's computer and are deleted when the browser is closed, is strictly limited to the transmission of session identifiers. Their deactivation could impair the use of part of the online services.

5.3.2 Analytical cookies

This site does not use analytical cookies, used by the site operator to collect information, in aggregate form, on the number of users and on the methods of visits.

5.3.3 Third-party cookies and widgets

The system does not use functionality (widgets) and / or third-party profiling cookies.

6. Communication and dissemination

The data may be communicated by the Data Controller in the performance of his activities and to provide his services, to:

The data collected will not be disseminated or communicated to third parties, except in the cases provided for by the information and by the law and, in any case, in the manner permitted by them.

The data may be made known to the staff of the Institute, within the scope of their respective functions and in accordance with the instructions received, only for the achievement of the purposes indicated in this information note.

The recipients are appointed, if necessary, "Case Handlers" by the Data Controller, which may be requested an updated list of Handlers. The latter, according to the stipulated contract, are obliged to use the personal data exclusively for the purposes indicated by the Data Controller, not to store them beyond the indicated duration or to transmit them to third parties without his explicit authorization.

The personal data provided by users who send requests for information and suggestions are used only to perform the service or provision requested and are eventually communicated to other areas within the Institute or to other public or private entities only in case this is necessary to complete the request.

Data are not transferred to non-EU countries.

No data deriving from the web service is disseminated.

7. Processing methods

The processing of personal data is carried out mainly using electronic procedures and media and in a lawful, correct, relevant, limited to what is necessary to achieve the purposes of the processing, for the only time necessary to achieve the purposes for which they were collected and in any case in compliance with the principles indicated in the art. 5 of the Rules.

Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

8. Place of data processing

The processing of personal data related to the web services of this site takes place at INFN facilities and is only handled by technical staff of the office in charge of processing, or by the managers designated by the owner operating within the EU.

9. Rights of the interested parties

The interested parties have the right to ask the Data Controller to access the personal data and to correct or cancel the data or limit the processing that concerns them or to oppose the processing in accordance with the provisions of art. 15 and following of the Rules.

The appropriate request must be submitted by contacting the Data Protection Manager at the address indicated above.

The interested parties also have the right to lodge a complaint with the Guarantor

as a supervisory authority or to take appropriate judicial offices (articles 77 and 79 of the Rules).

10. Update

This information is subject to updates in compliance with national and EU legislation on the subject, so please consult it periodically. In case of non-acceptance of the changes made to this information note, the user can request the Data Controller to delete their personal data. Unless otherwise specified, the privacy policy published on the site continues to apply to the processing of personal data collected until the time of its replacement.