Privacy Policy

Privacy Notice provided pursuant to Legislative Decree 196/2003 and EU Regulation 679/2016 – General Data Protection Regulation.

In accordance with the regulations indicated, the processing of data is based on the principles of correctness, lawfulness, transparency and protection of the confidentiality and rights of the user.

This information is provided, pursuant to art. 13 of Legislative Decree 196/2003 (Personal Data Protection Code), to users/visitors interacting with the Viareggio Digitale website: https://viareggiodigitale.it/ and has been updated in accordance with EU Regulation 2016/679 on “natural persons with regard to the processing of personal data and on the free movement of such data” and the regulation of cookies on the network and in particular the issuance of the Provision of the Privacy Guarantor of 8 May 2014 “Identification of the simplified procedures for the provision of information and the acquisition of consent for the use of cookies” and the subsequent “Clarifications regarding the implementation of the legislation on cookies” issued on 5 June 2015.

It only describes the management methods of the Viareggio Digitale website, with reference to the processing of personal data of users/visitors consulting it, and not of external websites that can be consulted by users by clicking on the links on that site.

Additional information may be provided within specific sections.

1. TYPE OF DATA PROCESSED AND PURPOSE OF THE PROCESSING

1.1. Navigation data

The computer systems and applications dedicated to the operation of this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, make it possible to identify users/visitors. The data collected include the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.

These data are processed, for the time necessary to achieve the purpose for which they are collected, for the sole purpose of obtaining anonymous statistical information on the use of the site (accesses to the site) and to check its proper functioning.

The data could be used to ascertain liability in the event of hypothetical computer crimes against the site.

The site adheres to AgID’s national open source platform, called WAI – Web Analytics Italia, for the collection of usage statistics with the aim of improving the evolutionary process of the online services of the Public Administration ( WAI privacy policy).

1.2. Data provided voluntarily by the user

Sending e-mail messages to the addresses indicated on this site (e.g. in order to request information) entails the acquisition of the sender’s address, as well as any other personal data included in the messages. This data will be processed solely for the purpose of processing the request and will be disclosed to third parties only in cases where this is necessary for the fulfilment of the request (e.g. dispatch of the requested documentation).

We list below the optional data required for the various services

• Contact form – Name and Surname, email address and town of residence

The – non-identifying – data submitted by the user when filling in the Digital Quotient test are stored on the website in an anonymous form and used for statistical purposes only.

1.3. Cookies

Description of Cookies

Cookies are small text files that are sent from the website visited by the user to the user’s device (usually to the browser), where they are stored so that this device can be recognised on the user’s next visit to the site. On each subsequent visit, cookies are sent back from the user’s device to the site.

Cookies can be ‘installed’ (more precisely, stored and accessed), however, not only by the same operator of the site visited by the user (first-party cookies), but also by a different site that ‘installs’ cookies through the first site (third-party cookies) and is able to recognise them. This happens because on the site visited there may be elements (images, maps, sounds, links to web pages of other domains, etc.) that reside on servers other than that of the site visited.

Depending on the purpose, cookies are divided into technical cookies and profiling cookies.

Technical cookies are “installed” for the sole purpose of “carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service” (see Art. 122, para. 1, of Legislative Decree 196/2003 – the so-called Privacy Code – as amended by Legislative Decree 69/2012).

They are usually used to allow efficient navigation between pages, store user preferences (e.g. font size, language, country, etc.), store information about specific user configurations, manage user authentication, etc. Some of these cookies (called essential or strictly necessary), such as the session cookies used to manage shopping carts on e-commerce sites, enable functions without which certain operations could not be carried out. Pursuant to the aforementioned Art. 122, para. 1 of the Privacy Code, the use of technical cookies does not require the users’ consent.

Technical cookies are assimilated to technical cookies (and, therefore, for their installation, the users’ consent is not required, nor the further regulatory requirements) the so-called “analytics” cookies that serve to monitor the use of the site by users for optimisation purposes – if used directly by the first party site (without, therefore, the intervention of third parties), as well as analytical cookies made by the first party site (without, therefore, the intervention of third parties). “analytics” cookies are assimilated to technical cookies (and, therefore, the installation of such cookies does not require the users’ consent, nor any further legal requirements), as well as analytical cookies created and made available by third parties and used by the website for mere statistical purposes, if suitable means are adopted to reduce their identification power (for example, by masking significant portions of the IP address) and the third party expressly undertakes not to “cross” the information contained in such cookies with other information available to it.

Profiling cookies are used to track the user’s navigation and analyse his/her behaviour for marketing purposes and are aimed at creating profiles of the user and are used in order to send advertising messages in line with the preferences expressed by the user while surfing the web. These cookies may only be installed on the user’s terminal if the user has given his or her consent in the manner set out in the Provision.

According to their duration, cookies are divided into persistent cookies, which remain stored, until their expiry date, on the user’s device, unless removed by the user, and session cookies, which are not stored persistently on the user’s device and disappear when the browser is closed. Usually, profiling cookies are persistent cookies.

Cookies used on this site

This site makes use of technical cookies, to enable safe and efficient navigation on the site and to monitor its functioning.

How to delete cookies

Please note that by default almost all web browsers are set to automatically accept first-party cookies. Browsers can, in any case, change the default configuration through the browser settings; however, disabling/blocking cookies or deleting them may preclude the optimal use of the site or certain areas of it. The way cookies are handled depends on the type of browser used, and often on the specific browser version. In any case, it is usually necessary to access the browser’s settings and take action

on the preset rules, deciding which types of cookies to disable and/or removing existing ones. Detailed information on the procedure for configuring cookie settings can be found in the guides of the browser used (generally accessible from a PC by pressing the F1 key or clicking on the question mark icon generally present within the browser itself). Please also refer to the deletion guides of the main browsers and to the links below:

Chrome: https://support.google.com/chrome/answer/95647?hl=it 

Firefox: http://support.mozilla.org/it/kb/Eliminare%20i%20cookie 

Internet Explorer: http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-10 

Opera: http://www.opera.com/help/tutorials/security/privacy/  

Safari: https://support.apple.com/kb/ph21411?locale=it_IT 

2. METHODS OF TREATMENT

Personal data is processed by automated means (e.g. using electronic procedures and media) and/or manually (e.g. on paper) for the time strictly necessary to achieve the purposes for which the data was collected and, in any case, in accordance with the relevant statutory provisions.

Data processing will also be carried out with organisational and processing logics strictly related to the purposes themselves and in any case in such a way as to guarantee the security, integrity and confidentiality of the data themselves in compliance with the organisational, physical and logical measures provided for by the provisions in force.

3. OPTIONALITY OF DATA SUBMISSION.

Except as specified above for navigation data and cookies, visitors are free to provide or not to provide their personal data, as in the case of requests for information or contact sent by e-mail or requests for access to freely chosen services, utilities and applications. Failure to provide such data may make it impossible to obtain what has been requested and may preclude the Municipality of Viareggio. the possibility of fulfilling contractual obligations as provided for in the contract of mandate.

4. EMPLOYEES, RESPONSIBILITIES AND CATEGORIES OF EMPLOYEES

The Data Controller is the Municipality of Viareggio, with registered office at Piazza Nieri e Paolini – Viareggio, postal code: 55049

Processing related to the web services of this site is handled exclusively by technical personnel, who are in charge of processing.

In addition to the Controller’s employees, some personal data processing operations may also be carried out by third parties, to whom the company entrusts the management/maintenance of the site. In this case, the same subjects will be appointed as Data Processors.

Information on the data controllers can be easily found by sending an email to the following addresses:

urp@comune.viareggio.lu.it or to the address comune.viareggio@postacert.toscana.it or by writing to Comune di Viareggio – Ufficio Privacy, Piazza Nieri e Paolini – Viareggio, CAP: 55049

The data will not be disseminated.

5. RIGHTS OF INTERESTED PARTIES

The persons to whom the personal data refer have the right, at any time, to obtain confirmation of the existence or non-existence of such data and to be informed of their content and origin, to verify their accuracy or to request that they be supplemented or updated, or corrected in accordance with Article 7 of Legislative Decree 196/2003. Pursuant to the same article, data subjects also have the right to request the deletion, transformation into anonymous form or blocking of data concerning them, processed in breach of the law, as well as to oppose in any case, for legitimate reasons, their processing.

Pursuant to Art. 13 EU GDPR the data subjects always have the right to know the identity and contact details of the Data Controller and where necessary of its representative, the contact details of the Data Protection Officer, the purposes of the processing for which the personal data are intended as well as the legal basis of the processing, the legitimate interests pursued by the Data Controller or third parties appointed as data controllers, any recipients or categories of recipients of personal data, the data retention period and the intention of the Data Controller to transfer personal data to a third country or international organisation.

There is a general ban on the processing of sensitive and hypersensitive data such as health, genetic and biometric data. However, specific exceptions to the ban are provided for, such as those in cases where:

• the person concerned has given his or her consent,
• the data are processed to perform an employment contract and for related security and social protection needs,
• data are processed for the protection of a vital interest of the data subject,
• personal data have been made public by the person concerned.

Subjects to whom the data refer, pursuant to Art. 13 GDPR EU 679/2016 may also at any time exercise the right to:

• have access to personal data;
• obtain the rectification or erasure of the data or the restriction of processing concerning him;
• object to the processing of data;
• use data portability;
• revoke consent at any time without affecting the lawfulness of the processing based on the consent given before revocation;
• file a complaint with a supervisory authority, for Italy Garante Privacy;
• be informed about the possibility that the disclosure of personal data may be a legal or contractual obligation or a necessary requirement for the conclusion of a contract, and whether the data subject is under an obligation to provide personal data, as well as the possible consequences of not providing such data;
• be informed of the existence of an automated decision-making process, including profiling, and in such cases, receive meaningful information on the logic used, as well as on the significance and expected consequences of such processing for the data subject.

Pursuant to Art. 14 EU GDPR if the data have not been obtained from the data subject, the Data Controller Comune di Viareggio will provide the data subject with the following information:

1.

1. the identity and contact details of the data controller and, where applicable, its representative;
2. the contact details of the data protection officer, where applicable;
3. the purposes of the processing for which the personal data are intended and the legal basis of the processing;
4. the categories of personal data in question;
5. the possible recipients or categories of recipients of the personal data;
6. where applicable, the intention of the data controller to transfer personal data to a recipient in a third country and the existence or absence of an adequacy decision of the European Commission, or in necessary cases the reference to appropriate or adequate safeguards and the means of obtaining a copy of such data or the place where they have been made available.

2.

In addition to the information referred to in paragraph 1, the data controller shall provide the data subject with the following information necessary to guarantee

1. the period of retention of personal data or, if this is not possible, the criteria used to determine this period;
2. the legitimate interests pursued by the data controller or a third party;
3. the existence of the data subject’s right to request from the data controller access to and rectification or erasure of personal data and to object to the processing of personal data concerning him/her, as well as the right to data portability;
4. the existence of the right to revoke consent at any time without affecting the lawfulness of the processing based on consent before revocation;
5. the right to lodge a complaint with a supervisory authority, for Italy Garante Privacy;
6. the source from which the personal data originated and, if applicable, whether the data came from publicly accessible sources;
7. the existence of an automated decision-making process, including profiling, and, at least in such cases, meaningful information on the logic used, as well as the importance and expected consequences of such processing for the data subject;

3.

The data controller Municipality of Viareggio shall provide the information referred to in paragraphs 1 and 2:

1. within a reasonable time after obtaining the personal data, but at the latest within one month, taking into account the specific circumstances in which the personal data are processed;
2. where the personal data are intended for communication with the data subject, at the latest at the time of the first communication to the data subject; or where communication to another recipient is intended, at the latest at the time of the first communication of the personal data.

4.

If the controller intends to further process the personal data for a purpose other than that for which they were obtained, it shall provide the data subject with information about that other purpose and any relevant information referred to in paragraph 2 prior to such further processing.

For any information on data processing, users can send a PEC message to comune.viareggio@postacert.toscana.it .

This Privacy Policy is subject to updates.