Privacy Statement for ESIIG 2 - Gateway as provided for by article 13, d. lgs. june 30, 2003, n. 196 (“Data Protection Code”)

The following statement describes how users personal information are collected and processed while navigating or browsing through the ESIIG 2 Second European Summit on Interoperability in the iGovernment website (hereinafter just “website” or “ESIIG 2 website”).

This information is based on the provisions set for by article 13 d. lgs. 30 june n. 196/2003 (“Data Protection Code”, better known as “Privacy Code”) and describes all the purposes, the terms, the duration and the type of data that data controllers shall provide to users while browsing throughout the website, regardless the specific scopes of each connection.

The information is provided only with regard to the data collected and processed by browsing throughout the ESIIG 2 website and its services and it is not extended to other external websites eventually browsed by users with a link connection located in the website.

Scope and purposes of the data collection and processing
This information specifically concerns:

• the collection of users data with refer to browsing operations made throughout the website;
• the collection and the processing of users personal data provided by email messages sent to the addresses indicated in each section of the website and/or by registering to public areas and forums in which each user shall ask questions, provide personal contents and contact the management team to ask for any information.

The main purposes of the data processing described above is to provide the services based on ESIIG 2, such as (but not limited to) providing the information required by users and the assistance sought with refer to website’s general information, any users matters arisen while browsing through the website, etc.

Data Controller
Regione Lazio, as data controller, operates data collection and processing throughout this website with its registered offices in 00145 Rome, via Rosa Raimondi Garibaldi n. 7.

Data collection and processing are also operated with the help of LAit S.p.A., as data controller as provided for by Privacy Code, article 28, with its own registered offices in 00145 Roma, via Adelaide Bono Cairoli 68. Data controllers could be supported in data processing operations by specific “persons in charge of the processing”, as provided for by Privacy Code, article 30, in compliance with the binding instructions provided by data controllers.

Data processing location
Data are processed and collected in data controllers’ registered offices as described above; the operations are processed by persons in charge of the processing with specific technical competence, or some other persons occasionally charged of the processing for maintenance purposes. No data processed are communicated or disseminated, except when required by law. Personal data provided by users are needed only to provide the services required with respect to the purposes described above and can be communicated to third parties only if it is strictly necessary.

Type of data processed
Browsing operations throughout theESIIG 2 website allows the processing of personal data that can identify (even indirectly) user’s identity. No sensitive data are processed.

Cookies and browsing data
Like most web sites, ESIIG 2 websiteuses cookies and web log files to track site usage. A cookie is a tiny data file which resides on user’s computer which could the controller to recognize user’s identity when returning to the website using the same computer and web browser in the same browsing session.

Session cookies will disappear at the end of each browsing session. The use of session cookies is strictly limited to session identifying data (such as casual numbers generated by Gateway server) needed to grant browsing security and efficiency throughout  the website.

Session cookies used in this website avoid any prejudice to users navigation and do not allow users personal data capture.

No personal data are captured by ESIIG 2 website and no cookies are applied for tracing purposes and/or to transfer users personal data to third parties.

Due to the communications standards on the Internet, the website automatically receives the URL of the site from which each user came and the site to which user is going when leaving website. Internet protocol (IP) address of user computer (or the proxy server used to access the World Wide Web), computer operating system and type of web browser used is also received by controller, as well as the name of users ISP. This information is used to analyze overall trends to help controller to improve the service. The linkage between users IP address and its own personally identifiable information is never shared with third-parties without users permission or except when required by law.

Data collected by ESIIG 2 websitecould also be processed in order to seek user responsibility due to the breach of current laws or for the investigation of computer crimes, when required by competent Authorities as provided by law and in compliance with their institutional powers and procedures.

Information voluntarily provided by users

While sending a clear, non binding and voluntary email message to the addresses indicated in each section of the website, each user allows the recipient to retain its own address and other personal data which are necessary to provide the service required by user.

The website contains also public areas (such as forums), in which each user can provide personal contents and/or suggestions to improve the services provided in the website, ask for information or claim any service dysfunction. Users email addresses will not be extracted and used for structure’s information purposes, except when expressly required by users.

Way of processing
Data processing will be operated manually and with the support of electronic means for a period not exceeding the duration and the purposes of the processing described above. Personal data will be stored in physical and electronic archives, in order to be identified or selected only as aggregate data.

Specific security measures are adopted in order to avoid data loss or destruction, illegal or incorrect use of information, not authorized accesses, in compliance with current privacy law.

Each user is charged to verify that its own personal data are correct and eventually modify, upgrade or in any case correct the information provided during the processing.

Data dissemination and communication
Browsing data will not in any case be disseminated or communicated, except when required by law or for institutional purposes. Users personal data provided in the email messages sent to any section of the ESIIG 2 website will not be communicated to third parties.

Data subject’s rights 
Each user who provides its own personal data for registration purposes or to use the services provided by any other section of the website in which data collection is operated (i.e., forum, public areas, assistance services, etc.), shall always have the right to be informed (as provided for by article 7 of the Privacy Code):

• of the source of personal data and the existence of a data processing with refer to its own personal information;
• of the purposes of the processing;
• of the logic applied to the processing, if the latter is carried out with electronic means;
• of the identification data concerning data controller, data processors and the representative eventually designated.

Each user shall also be entitled to obtain:

• the updating, rectification or, where interested therein, integration of the data;
• erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed.

And to object, in whole or in part:

• on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
• to the processing of personal data concerning him/her, where it is carried out for the purposes of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.