Last update: 28 may 2025 

SEE ALSO THE SOCIAL MEDIA POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA
of users who visit the websites of the
Garante per la protezione dei dati personali

pursuant to Article 13 of Regulation (EU) 2016/679

WHY WE PROVIDE THIS INFORMATION

Pursuant to Regulation (EU) 2016/679 (hereinafter referred to as the ‘Regulation’), this page describes how we process the personal data of users who visit the websites of the Garante per la protezione dei dati personali (hereinafter referred to as the ‘Garante’). The websites may be accessed at the following addresses:

• https://www.garanteprivacy.it

• https://garanteprivacy.it

• https://www.gpdp.it

• https://gpdp.it

• https://www.dataprotection.org

• https://dataprotection.org

• https://servizi.gpdp.it

• https://gws.gpdp.it

• https://garanteprivacy.portaleamministrazionetrasparente.it/

• http://appalti.gpdp.it   

• https://learn.gpdp.it    

• https://sendfile.gpdp.it

• https://g7privacy2024.gpdp.it

This information does not apply to other websites, pages or online services as accessible via hypertext links that may be provided on the websites but refer to resources outside the Garante’s domain .

DATA CONTROLLER

As a consequence of visiting the websites listed above, we may process data concerning identified or identifiable natural persons.

The data controller is the Garante per la protezione dei dati personali based at Piazza Venezia 11, IT-00187, Rome (Email: protocollo@gpdp.it, Certified email*: protocollo@pec.gpdp.it, switchboard +39 06.696771).

LEGAL BASIS FOR THE PROCESSING

We process the personal data indicated on this page for the performance of tasks carried out in the public interest or connected with the exercise of official authority, including the task to promote public awareness and understanding of the risks, rules, safeguards and rights in relation to processing as well as  to promote the awareness of controllers and processors of their obligations under the Regulation (Art. 57(1)(b) and (d) of the Regulation).

TYPES OF DATA PROCESSED AND PURPOSES OF THE PROCESSING

Browsing data

During their normal operation, the IT systems and software procedures used to operate this website collect certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the return code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the user's operating system and IT environment.

These data, which are necessary for the use of web services, are also processed for the purpose of:

- obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);

- checking the correct functioning of the services offered.

Browsing data are not retained for more than seven days (except in the case of investigations by the judicial authorities).

Data provided by users

Optionally, explicitly or voluntarily sending messages to the Garante’s contact addresses , sending private messages to official profiles/pages on social media (where this option is available), as well as filling in and submitting forms on the Garante's websites entail the collection of the sender's contact details, which are necessary in order to reply, as well as of all the personal data included in the communications.

Specific information will be provided on the pages of the Garante's websites created for the provision of certain services or for participation in specific initiatives.

Cookies and other tracking systems

Cookies

Cookies are text files that the websites visited by users send to their terminals and that are sent back to the websites on each subsequent visit. Cookies can be divided into two main categories: “profiling cookies” and “technical cookies”.

Profiling cookies

This website does not use profiling cookies, i.e. cookies designed to create user profiles in order to send messages that match the preferences expressed during browsing.

Technical cookies

This website uses technical cookies to enable safe, fast and efficient browsing of the site and to provide the services requested. Users' prior consent is not required for the installation of these cookies.

Session (technical) cookies

Session cookies are used for browsing and for authentication to online services and restricted areas. The use of these cookies (which are not persistently stored on the user's computer and are deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the site to be browsed effectively.

The use of permanent cookies, with pseudonymised data, is strictly limited to collecting statistical data in order to gauge the level of use of the individual site.

The implemented configuration, which is designed to avoid processing any identifying data, collects the following information:

• The IP address, which is masked by clearing the last 2 bytes (xxx.xxx.0.0)

• The operating system

• The type of browser

• The type of device (PC, smartphone, etc.)

Third-party cookies

No third-party cookies are installed.

Information on the processing of personal data carried out through the social media platforms used by the Garante.

With regard to the processing of personal data carried out by the providers of the social media platforms used by the Garante, please refer to the information provided in their respective privacy policies. The Garante processes the personal data provided by users through the pages of the social media platforms dedicated to the Garante, as part of its institutional purposes, exclusively to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation. (SEE ALSO THE SOCIAL MEDIA POLICY)

DATA RECIPIENTS

The recipients of the data collected through the use of some of the above services are listed below and have been appointed by the Garante as data processors pursuant to Article 28 of the Regulation.

These processors may appoint sub-processors for the purposes specified herein, in compliance with Article 28 of the Regulation:

• Polo Strategico Nazionale S.p.A., as the provider of IaaS services supporting the web platform of the sites that are accessible at the following addresses: www.garanteprivacy.it, garanteprivacy.it; www.gpdp.it; gpdp.it; www.dataprotection.org; dataprotection.org;

• Almaviva - The Italian Innovation Company S.p.A., as the provider of development, deployment, operational management and security services for the technological platforms of the websites that are accessible at the following addresses: www.garanteprivacy.it, garanteprivacy.it; www.gpdp.it; gpdp.it; www.dataprotection.org; dataprotection.org; servizi.gpdp.it;

• ISWEB S.p.A. as for the management of the website https://garanteprivacy.portaleamministrazionetrasparente.it/

• Studio Amica srl as for the service TuttoGare (Tenders and contracts) http://appalti.gpdp.it      

• Reevo spa, as for the file submission service for reporting revenge porn cases https://sendfile.gpdp.it

• SALESFORCE.COM Italy S.r.l.  as for the services provided through the website https://servizi.gpdp.it  

RIGHTS OF DATA SUBJECTS

Data subjects have the right to obtain from the Garante, where applicable, access to their personal data, as well as the rectification or erasure of such data, the restriction of processing, or to object to the processing (Articles 15 et seq. of the Regulation). Specific requests addressed to the Garante may be submitted by contacting the Data Protection Officer (Garante per la protezione dei personali – Data Protection Officer, Piazza Venezia, 11, IT-00187, Rome, email: rpd@gpdp.it).

RIGHT TO LODGE A COMPLAINT

If data subjects consider that the processing of personal data relating to them as carried out through this website infringes the Regulation, they have the right to lodge a complaint with the Garante  pursuant to Article 77 of the Regulation, or to  take legal action (Article 79 of the Regulation).
 
________________________________________

* (This address can ONLY receive communications from certified e-mail addresses)