INFORMATION ON THE PROCESSING OF PERSONAL DATA OF USERS ACCESSING WWW.UPMC.IT PURSUANT TO ART. 13 OF EU REGULATION 2016/679
The following information is provided pursuant to art. 13 of EU Regulation 2016/679 ("Regulation") and applies to users accessing services from www.upmc.it ("Website"). When consulting the Website, information of the users may be collected that constitute personal data pursuant to the Regulation. The Information Note is provided exclusively for the above mentioned Website and does not concern any other site accessed by users from links available on the Website such as, for example, links to social media (Facebook, YouTube, Linkedin, etc.).
The data controller is UPMC Italy S.r.l., with registered office in Discesa dei Giudici 4, 90133 Palermo, Italy (hereinafter, "UPMCI" or "data controller").
DATA PROTECTION OFFICER (DPO)
The DPO can be reached at: UPMC Italy S.r.l. – Responsabile della Protezione dei dati personali, Discesa dei Giudici 4, 90133 Palermo, Italy; e-mail: email@example.com.
LEGAL BASIS OF DATA PROCESSING
Personal data listed on this page are processed by the data controller in the execution of his or her institutional tasks, to provide information or services to users, and to fulfill the governing law (see art. 6.1(b) and art. 6.1(c) of the Regulation).
LOCATION OF DATA PROCESSING
The data processing connected to the web services of the Website takes place at the server farms Azure cloud Western EU Tenet.
TYPES OF DATA PROCESSED AND PURPOSE OF DATA PROCESSING
During standard operations the computer systems and software procedures used to operate the Website acquire personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified subjects. However, due to its nature, this may allow to identify users, through the processing and association with third-party data. Such data includes IP addresses or domain names of computers used by users connecting to the Website, URI (Uniform Resource Identifier) of requested resources, time of request, method used to submit requests to the server, size of file received in reply, numerical code indicating status of response from the server (e.g., successful, error, etc.), and other metrics concerning the operating system and the user IT environment.
These data, necessary to access web services, are also used in an aggregate form to obtain statistical (and therefore anonymous) information on the use of the Website (most visited pages, number of visitors by time or by day, etc.) and to check its correct functioning.
Navigation data are not retained for more than 7 days (except in cases of crime investigation by the judicial authority).
Data supplied voluntarily by users
The optional, explicit, and voluntary submission of electronic mail to the addresses included on the Website, or when filling out on-line forms, implies the acquisition of the e-mail address and other personal data included in the message, and the sender/user data required to answer a query or provide requested services. Specific summary information shall be provided for particular services.
Data communicated by users will be used only for the purpose of responding to requests, and will be stored for the time required for such purpose.
The recipients of data collected during access to the Website are the following subjects, appointed by the data controller pursuant to art. 28 of the Regulation, in their role of data processors:
- Microsoft Corporation.
- UPMC Digital Marketing team and Information Services Division - 600 Grant Street, Pittsburgh, PA 15219.
Personal data are also processed by employees of the data controller acting in compliance with specific instructions on objects and purposes of the data processing.
RIGHTS OF THE DATA SUBJECTS
Data subject have the right to obtain from the data controller authorization to access, rectify or delete, and to limit or deny the processing of your personal data (art. 15 et seq., Regulation). The request must be filled to the UPMC Data Protection Officer (UPMC Italy S.r.l. – Responsabile della Protezione dei dati, Discesa dei Giudici 4, 90133 Palermo, Italy; e-mail: firstname.lastname@example.org. A form to exercise the rights is available on the Italian Data Protection Authority ("Garante") website at this link https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.
RIGHT TO COMPLAINT
Should the data subjects deem their personal data was processed in breach of the Regulation, they have the right to file a complaint to the Garante using this link https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524 pursuant to art. 77 of the Regulation, or to start judicial proceedings (art. 79 of the Regulation).
Last update: October 2022