Pursuant to sect. 13 (for the collection of data from the data subject) and 14 (for data collected otherwise) of (EU) Regulation 2016/679 (GDPR) the users of this Website are provided with the following information, relating only to the processing carried out by the Website, and not to any other website visited through links from this Website, in relation to which we recommend to read the policies provided by the relevant Data Controllers.
Istituto Zooprofilattico Sperimentale delle Venezie
Istituto Zooprofilattico Sperimentale delle Venezie, with registered office in Viale Università 10 – 35020 Legnaro (PD), Italy, VAT 00206200289, in the person of its Director general and pro-tempore legal representative, tel. 0498084242 , e-mail email@example.com.
The Controller may appoint as Processor of the personal data processed for technical assistance, maintenance and/or technical management purposes of this Website a web agency, whose details may be disclosed upon request sent at the addresses specified above.
The Controller and the Processor shall process the data of the Users also by means of their internal officers, who shall be provided with the instructions for the proper processing of the personal data, including orally.
Types of data processed and sourced of collection
- Connection data
- Data voluntarily provided by the user, including: o Common data (identification data, personal details, invoicing data, etc.)
Sources: Internet browsing, other websites, cookies and the like; user; public sources
We may also process data voluntarily provided by the user, such as those disclosed through registration forms, contact forms and/or e-mail communications, including common personal data (identification data, personal details, invoicing data), insofar as it is required by the request received.
Data may be collected from automated sources or voluntary sources, as well as from public sources. For instance, they may be gathered from the Internet browsing of the user, which may include information related to visits of other websites, with particular reference to cookies and similar technologies. Data may also be voluntarily provided by the user or parties related to him/her. Other data may be collected from public sources, such as those processed within the framework of researches and coming from company searches, researches on public databases and the like.
Purpose of treatment
- provision of the Website services to the Users
- cookies handling
- provision of information
- processing of users’ requests
- carrying out of its institutional activity by the Controller
- performance of a legal obligation
- performance of obligations arising under any contract and/or agreement
- Website Users’ personal data, as described above, shall be processed in accordance with the provisions of GDPR, in relation to the performance of the features of the Website, including, without limitation, data collection, contact forms, registration procedure/access to the reserved area, subscription to the mailing list, registration procedure to the training course selected, described therein.
In particular, the personal data provided to the Data Controller will be processed for the pursuit of the following purposes:
- handling specific requests addressed by the User to the Controller by the Website and its communication tools (contact forms, inquiry forms, etc.);
- performing legal obligations;
- performing obligations arising under any contract and/or agreement;
- informative communications relating to services of the Controller, following an inquiry by e-mail or by filling out the contact form and/or other communication tools;
- other purposes, related or connected to those specified above or, however, falling within the scope of the Website.
The processing of the data provided in general terms, shall be carried out, including in case of automated collection during the navigation, only for the purposes of monitoring the accesses to the Website.
Legal basis of the processing
- performance of contractual of social obligations
- performance of legal obligations
The processing of the personal data is based on the right of information, on the performance of contractual or social obligations or, where applicable, on the free and informed consents given by filling out the relevant forms.
Legitimate interest of the controller
- Exercise of the rights of the information society
- Performance of the service by the Controller
- Soft Spam
The processing of the personal data is also based on the legitimate interests of the Controller, such as the exercise of its rights related to the information society, the performance of the contractual services, as well as the performance of legal obligations.
Obligation to provide data
- Some data are mandatory, other are optional, depending on the purposes of the processing from time to time specified.
The provision of the connection data by the Users, for the purposes specified above, depends on the privacy degree enabled or disabled on the browser. In some cases, the disabling of cookies may affect some features of the Website. For some sections of this Website, the provision of the connection data and/or the use of technical cookies is required for the proper operation of the Website.
However, the provision of some personal data is required for the performance of some purposes of the Controller, including, without limitation:
- to send e-mail and contact form message, the minimum mandatory data therein required shall be provided, such as name, surname and/or e-mail address and/or other identification data of the sender;
- for the performance of the activity of the Controller;
- to handle the requests sent by the User/Data Subject by the Website.
Any other request of optional data shall be preceded by an approval tick.
The provision of any other data is optional, in accordance with the type of information that the User wishes to provide to the Website.
Effects of non-provision
- The Controller may not handle the requests from the Data Subject
- The Controller mat not perform its institutional activity towards the Data Subject.
- possibility to establish a contractual relationship.
The non-provision of mandatory personal data shall prevent the Controller from performing services to the Data Subjects, including, without limitation, the provision of information to the Data Subject, the processing of the requests sent by the Data Subject through the Website, as well as the general performance by the Controller of its institutional activity towards the Data Subject.
Recipients of the personal data
- Disclosure: YES
- Recipients: partner companies and advisors of the Controller
- Public bodies, including for accreditation purposes.
- Intra-EU transfer: YES
- Extra-EU transfer: YES (under Privacy Shield)
The data may be disclosed to affiliates, associates or subsidiaries of the Controller, as well as to Public Bodies, including in relation to the performance of the institutional activity of the Controller.
Furthermore, the data may be disclosed to parties specifically appointed by the Controller, advisors, professionals, as well as to third parties contributing, including in the name and on behalf of the Controller, to the performance of the services related to the purposes specified in this policy, both inside and outside the EU (in the latter case, it shall only include parties acceding to the Privacy Shield protocol).
Data retentio period
- Until withdrawal
- Until performance of the services/tasks
The data provided by the Data Subject shall be retained until the explicit withdrawal of the consent by the Data Subject, including if provided by means of any action on his/her browser, cookies erasure, explicit request or otherwise. The connection data shall be retained for the technical time required to perform the purposes in relation to which they have been collected.
Rights of the data subject
Rights (sect. 15 – 22 GDPR):
Methods and terms of exercise: sect. 12 GDPR
Via e-mail – firstname.lastname@example.org
Pursuant to sect. from 15 to 22 of GDPR, each Data Subject has the right to access, rectification, erasure (right to be forgotten), restriction, receive a notice in case of rectification, erasure or restriction, portability, objection and to refuse to be subject to individual automated decision-making processes, including profiling.
These rights may be exercised according to the methods and the terms specified in sect. 12 GDPR, by sending a written notice by e-mail to the Controller, to the following address email@example.com.
The Controller shall properly and timely respond to the request, within 1 month from its receipt.
Right to withdraw the consent
- by e-mail - firstname.lastname@example.org
- at the registered office of the Controller
It is possible to withdraw this consent at any time, as follows:
- sending an e-mail to the Controller’s address – email@example.com
- explicit communication at the Controller’s registered office.
Complaint (sect 77 GDPR): to the Data Protection Authority
Each Data Subject has the right to lodge a complaint, pursuant to sect. 77 et. seq. of GDPR, to a supervisory authority, which in Italy is embodied by the Italian Data Protection Authority (Garante per la protezione dei dati personali).
The methods and the terms to lodge a complaint are set out and governed by the applicable national law.
The complaint shall not constitute a waiver of any administrative or legal action, that in Italy may be brought to the same Authority (Garante) or to the competent Court.