Privacy policy

Dear User,
this privacy notice is provided by ERPAC FVG, in its capacity as Data Controller, in compliance with Regulation 679/2016 (GDPR) on the protection of personal data, in order to describe the methods of processing personal data of users who browse and interact with this website.

Data Controller

The Data Controller is ERPAC FVG, represented by the General Director, Dr Lydia Alessio-Vernì, with its registered office at Palazzo Alvarez - Via Diaz, 5 - 34170 Gorizia. You can contact us via email at erpac@regione.fvg.it, PEC: erpac@certregione.fvg.it, telephone: +39 0481.385300; fax: +39 0481.386336.

Data Protection Officer (DPO)

The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted at the following email address: dpo@studiolegalevicenzotto.it.

Website browsing data processing notice – Art. 13 Reg. 679/16

The personal data collected on this website, as well as any other information directly or indirectly linked to you, are processed and used in accordance with EU Regulation 679/2016 (GDPR) on personal data protection.

In particular, the IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified individuals but, due to its nature, could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the response file, the numerical code indicating the response status provided by the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment. These data are used solely for the purpose of obtaining anonymous statistical information on the website’s use and to ensure its proper functioning.

Furthermore, the Data Controller informs you that the data you provide are processed through IT tools and procedures for the following purposes:

• To manage and improve website navigation;
• To ensure the technical management of navigation (see the Cookie Policy page).

The data you provide will only be accessible to the Controller’s staff and collaborators, and potentially to companies that process data on behalf of the Controller as part of outsourced services, solely for the purpose of fulfilling the activities you request.

Some data may be processed for the exclusive purpose of technical/IT management of the web service by the Controller’s technology partners. In any case, the data will never be disclosed.

 

EXERCISING YOUR RIGHTS REGARDING PERSONAL DATA PROTECTION

You may contact the Data Controller or the DPO to exercise your rights under Articles 13, 15, 16, 17, 18, 20, 21, and 77 of Regulation 679/16, which are summarised below for your convenience.

1) Right to withdraw consent (Art. 13):
You have the right to withdraw consent at any time for any processing activities based on your explicit consent. Specifically, consent withdrawal applies to processing carried out for direct marketing purposes, including sending advertising material, direct sales, market research, or promotional communication, even if performed under Article 130(4) of Legislative Decree 196/03. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

2) Right of access to data (Art. 15):
You may request:
a) The purposes of processing;
b) The categories of personal data involved;
c) The recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organisations;
d) Where possible, the expected period of data retention or, if not possible, the criteria used to determine such period;
e) The right to request rectification or erasure of personal data or restriction of processing, or to object to processing;
f) The right to lodge a complaint with a supervisory authority;
g) If the data are not collected directly from you, any available information about their source;
h) The existence of automated decision-making, including profiling as per Article 22(1) and (4), and, in such cases, meaningful information about the logic involved and the significance and consequences of such processing.

You have the right to request a copy of the processed personal data.

3) Right to rectification (Art. 16):
You have the right to request the correction of inaccurate personal data concerning you and to have incomplete personal data completed.

4) Right to erasure ("Right to be forgotten") (Art. 17):
You have the right to request the deletion of personal data concerning you if:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- You withdraw your consent and there is no other legal ground for processing;
- You object to processing and there are no overriding legitimate grounds for profiling;
- The data have been unlawfully processed;
- There is a legal obligation to delete the data;
- The data were collected in relation to web services offered to minors without consent.

Deletion may not apply where the right to freedom of expression and information prevails, where data are kept to comply with a legal obligation, or for the performance of a task in the public interest, or for reasons of public interest in public health, archival purposes, scientific or historical research, statistical purposes, or for legal claims.

5) Right to restriction of processing (Art. 18):
You have the right to obtain restriction of processing if:
- You contest the accuracy of the personal data (for the time necessary to verify its accuracy);
- Processing is unlawful;
- You need the data for legal claims.

6) Right to data portability (Art. 20):
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit them to another controller if processing is based on consent or contract and carried out by automated means, provided it does not infringe third-party rights.

7) Right to lodge a complaint with the Data Protection Authority (Art. 77):
Without prejudice to any other administrative or judicial remedy, if you believe that your personal data processing infringes GDPR regulations, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State where you habitually reside, work, or where the alleged infringement occurred.

Please note that exercising these rights is subject to the limits, rules, and procedures provided by the aforementioned Regulation. In accordance with Article 12(3), the Controller will provide relevant information about the action taken without undue delay and, at the latest, within one month of receiving the request. This period may be extended by two months if necessary due to the complexity and number of requests. The Controller will inform you of any extension within one month of receiving your request.

To exercise these rights, you can use the following form:

DATA SUBJECT RIGHTS REQUEST FORM,
which must be sent to the Data Controller or the DPO, duly completed and signed in accordance with DPR 445/00 and Legislative Decree 82/05.