Privacy Policy

Information Notice on the Processing of Personal Data of Users Visiting the Website of the Municipality of Oliveto Lario, pursuant to Article 13 of Regulation (EU) 2016/679

Pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter, the “Regulation”), this page describes the methods for processing the personal data of users who visit the website of the Municipality of Oliveto Lario, whose home page is available at:
https://www.comune.olivetolario.lc.it

This notice is provided exclusively for the website of the Municipality of Oliveto Lario and not for other websites, pages, or online services that may be reached through hyperlinks published on the Municipality’s website but referring to resources outside the Municipality’s domain.

Data Controller

The Data Controller is the Municipality of Oliveto Lario (hereinafter, the “Controller”), located at Via Paolo Carcano 4, 23865 Oliveto Lario (LC), Italy.
Email: segreteria@comune.olivetolario.lc.it
PEC (certified email): comune.olivetolario@pec.regione.lombardia.it
Telephone: +39 031 969778

Data Protection Officer (DPO/RPD)

The Data Protection Officer (DPO/RPD) is Trust Data Solutions S.r.l., located at Viale Cesare Cattaneo 10B, 22063 Cantù (CO), Italy.
Contact details of the Trust Data Solutions DPO Team:
Tel.: +39 031 707879
Email: dpo@trustds.it
PEC: dpotrustds@legalmail.it

Legal Basis for Processing

The processing of personal data described in this Notice is necessary for the Controller to comply with a legal obligation pursuant to Article 6(1)(c) of the Regulation, in accordance with the provisions of Legislative Decree no. 82/2005 (“Digital Administration Code”) and the Design Guidelines for Public Administration websites and digital services issued by AgID on 27 July 2022 and subsequent amendments.

Processing of personal data relating to the use of a website by the Controller is also necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, pursuant to Article 6(1)(e) of the Regulation and Article 2-ter of Legislative Decree no. 196/2003 (“Personal Data Protection Code”).

Purposes of Processing, Categories of Personal Data Processed, and Data Retention Period

The processing of personal data of users visiting the Controller’s website is carried out in any case to ensure the technical functioning of the site and/or to enable the performance of tasks of public interest or official authority vested in the Controller, pursuant to Article 6(1)(e) of the Regulation and Article 2-ter of Legislative Decree no. 196/2003.

According to Article 4(1) of the Regulation, “personal data” means “any information relating to an identified or identifiable natural person (data subject).” Visiting the Controller’s website involves the processing of personal data belonging to one or more of the categories listed below.

Browsing Data

The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of the computers and terminals used by users, addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.

For purposes related to the operation and maintenance of the website, system logs may also be collected—i.e., files (electronic documents) that record interactions and may contain personal data such as users' IP addresses.

Cookies and Other Tracking Technologies

Cookies are text strings that websites visited by a user place and store on the user’s device, and are sent back to those same websites during subsequent visits, carrying a series of information relating to the user’s previous browsing activity.

Cookies can be grouped into two broad categories: “technical cookies” and “profiling cookies.” Both types can be either “first-party cookies” or “third-party cookies.”

Profiling cookies are used to create profiles of individual users in order to display advertisements aligned with their browsing preferences. Installing such cookies requires the user’s prior consent. This website does not use profiling cookies.

Technical cookies allow users to navigate websites efficiently and use their functionalities. Their use does not require user consent.

This website uses technical session cookies to transmit session identifiers (consisting of random numbers generated by the server) necessary to allow efficient browsing. These session cookies are not stored permanently on the user’s device and disappear when the browser is closed.

Information on Processing of Personal Data via Social Media Platforms Used by the Controller

With regard to personal data processing carried out by the operators of any social media platforms used by the Controller, reference must be made to the privacy notices provided by such platforms.

The Controller processes personal data provided by users through the official social media pages dedicated to the Municipality, within the scope of its institutional purposes, solely to manage interactions with users (comments, public posts, etc.), and in compliance with applicable legislation.

Processing Methods

Processing is carried out by individuals authorized by the Controller for the purposes described. Authorized persons are bound by professional confidentiality.

Processing may also be performed with the support of other entities appointed as Data Processors, who process data in accordance with the purposes and means determined by the Controller pursuant to Article 28 of the Regulation. The list of Data Processors is available upon request.

Processing is carried out in compliance with fundamental rights and freedoms and in accordance with the principles set out in Article 5 of the Regulation, including lawfulness, fairness, and transparency. The Controller ensures that processed information is relevant and proportionate to the purposes pursued.

Categories of Data Recipients

Processing is carried out by authorized personnel bound to confidentiality and assigned to the relevant operational areas of the Controller, in accordance with the purposes outlined above.

In the performance of its activities and in the provision of its services, the Controller may disclose data to the following categories of recipients:

  • Public authorities;

  • Technical service providers (e.g., hosting providers);

  • Public entities in compliance with legal obligations.

Recipients who are not autonomous Data Controllers are appointed as Data Processors pursuant to Article 28 of the Regulation. The updated list of Data Processors may be requested from the Controller.

Service providers appointed as Data Processors are contractually bound to process personal data exclusively for the purposes indicated by the Controller, not to retain them beyond the specified duration, and not to disclose them to third parties without explicit authorization, in accordance with Article 28 of the Regulation.

Data Transfers Outside the EU

Personal data processed for the purposes described above are not transferred to third countries outside the European Union or the European Economic Area (EEA), nor to international organizations.

In any case, the Controller undertakes to transfer data to countries outside the EEA only in compliance with Chapter V of the Regulation.

Data Subjects’ Rights

Data subjects (natural persons to whom the data refer) may exercise the rights provided under Articles 15 et seq. of the Regulation, including the right to access their personal data, request rectification, restriction, or erasure where appropriate, as well as the right to data portability and the right to object to processing.

To exercise these rights, data subjects may contact the Controller or the Data Protection Officer using the contact details provided in this Notice.

If data subjects believe that the processing of their personal data through this website violates the Regulation or other applicable laws, they have the right to lodge a complaint with the Italian Data Protection Authority (Garante), pursuant to Article 77 of the Regulation, or alternatively, to seek judicial remedy pursuant to Article 79 of the Regulation. Contact details for the Italian Data Protection Authority are available at www.garanteprivacy.it.

Changes to This Notice

The Controller reserves the right to amend this Notice at any time by publishing updates on this page. Users are therefore encouraged to check this page frequently, referring to the date of the last update indicated below. Unless otherwise specified, the previous version of the Notice will continue to apply to personal data collected up until that time.

Date of last update of this Notice: 22/05/2024