PRIVACY POLICY
Last update: 28/02/2022
1. What personal data we collect and why we collect it
This information is provided in application of EU Regulation 2016/679, General Data Protection Regulation and of D.Lgs. Decree 196/2003, as modified by D.Lgs 101/2018. This information describes the methods of processing the personal data of users who consult the web pages and use any services at the addresses:
· www.cloud.infn.it
· guides.cloud.infn.it
· status.cloud.infn.it
It is addressed to those who interact with the sites listed above and not with others, reached through links present there, but referring to external resources.
2. INFN-Cloud
The INFN Cloud infrastructure is based on a core backbone that connects the large data centers of CNAF and Bari, and on several federated sites that connect to the backbone. The services on the INFN cloud backbone are typically reserved for specific tasks (such as automated replication of multisite data), while the other INFN sites that are part of the INFN Cloud infrastructure can transparently run one or more of its services, with flexible policies of orchestration. The integration of a site to the INFN Cloud infrastructure is governed by its Rules of participation and must be approved by the INFN Cloud Project Management Board. In case of specific agreements, INFN Cloud infrastructure can be transparently extended to other public or private Cloud providers to increase its capacity or solutions.
3. Data Controller
Istituto Nazionale di Fisica Nucleare (INFN)
Via E. Fermi n. 40, Frascati (Roma)
e-mail: presidenza@presid.infn.it
PEC: amm.ne.centrale@pec.infn.it
4. Data protection officer
The Data Protection Officer can be contacted at the email address: dpo@infn.it
5. Nature of the Processed data and purposes of the processing
INFN processes the collected data of this web page for the purpose of their institutional goals.
The personal data indicated on this page are processed by INFN for the achievement of its institutional purposes, which include the promotion and provision of scientific training and the dissemination of culture in institutional sectors, always in any case in the performance of their public interest tasks or related to the exercise of public powers. Data processing includes all operations or set of operations concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, block communication, cancellation and destruction of data. Data collected by INFN web pages are of the types specified below.
6. Types of processed data
6.1 Navigation data
Computer systems and software procedures used to operate this website collect some personal data through Internet communication protocols.
Data included in this category may be: IP addresses, the type of browser used, the addresses of the sites from which access was made, the pages visited within the site, the time of access, the numeric code returned by the server and other parameters related to the operating system and the user’s environment.
These data, necessary for the use of web services, are used to obtain anonymous statistical information on the use of the site and to check its correct functionality. The same data could be used to ascertain responsibility in the event of computer crimes or acts of damage to the site. Apart from these cases, they are not stored for more than 30 days the time necessary for carrying out the checks to ensure the security of the system.
6.2. Data provided by the user on a voluntary basis
These are all personal data provided by the user while browsing the site, for example by registering, accessing a reserved area or a service. The processing of the above-mentioned personal data is carried out with the specific consent provided by the user and the data are kept only for the duration of the requested activity. Specific information may be published for the provision of certain activities. The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. The processing of sensitive or judicial data is excluded which, if provided by the user, will be deleted.
6.3 Cookies and widgets used
6.3.1 Technical and session cookies
This website uses technical and session cookies. They are necessary to make this website work properly and to manage access to online services, the intranet and restricted areas. These cookies are not permanently stored in the user’s computer, they are deleted when the user closes his/her browser. Cookie’s lifetimes limited to the transmission of session identifiers. Disabling cookies may affect the correct use of online services.
6.3.2 Analytical cookies
This site uses analytical cookies, used by the site manager to collect information, in aggregate form, on the number of users and on the methods of visits.
They have been created and made available by third parties. Tools have been adopted to reduce their identification power (for example by masking significant portions of the IP address). Their use is subject to a contractual relationship with the supplier in which the latter has undertaken to use the collected data exclusively for the provision of the service, to keep them separately and not to “enrich” them or not to “cross” them with other information that may be available. [2].
Analytical cookies can be disabled without any consequence on navigation: to disable them please see the section “How to disable cookies”.
In particular [3]:
- Google Analytics, an analysis tool of the company Google, Inc. which allows to obtain anonymous and aggregate statistics, useful for optimizing navigation and the offered services; for more information, please see the IP Anonymization page in Analytics [4].
- Visiting cookies - to store the agreement of website policy.
6.3.3 Third-party cookies and widgets
The system uses, within some pages, features (widgets) and / or third-party profiling cookies. The aim is to evaluate the effectiveness of institutional communication activities and provide visibility to institutional activities and / or contents on issues of public and social interest.
In particular, the following features are used:
- java script code that records and sends to Facebook, LinkedIn, Google, Twitter the information concerning the users who have viewed a specific page following the publication of advertisements on Facebook.
- services that allow interaction with social networks or other external platforms [7].
Access to the site after authentication with your account on the platforms mentioned above, could allow their managers to acquire some personal information of the user. You can find more details about the management of the information collected, in the technical documentation of the specific platform.
Below are the addresses of the various information and methods for managing cookies [8].
- Twitter: Twitter’s use of cookies and other similar technologies[11] and Twitter’s Privacy Policy[12],
6.4 How to disable cookies
6.4.1 All cookies
You can deny consent to the use of cookies by properly configuring your browser. These are the instructions for the most popular browsers:
- Internet Explorer[17]
- Google Chrome[18]
- Mozilla Firefox[19]
- Apple Safari[20]
6.4.2 Third party cookies
To disable some specific third-party cookies, please refer to the respective documents listed above.
You can enable only Google Analytics cookies, to use the add-on[21] provided by Google for the main browsers[22].
6.4.3 Deletion of cookies already stored
Disabling third-party cookies does not result in the cancellation of those that may already be present on the user’s browser. To delete them, select the specific option in your browser privacy settings (usually indicated as “Clear browsing data”).
7. Communication and disclosure
The data may be communicated by the Data Controller in carrying out its activities and to provide its services, to:
- Public administrations;
- Technical service providers, hosting provider and cloud service provider.
- Judicial authority.
The data collected will not be disclosed or communicated to third parties, except in the cases provided for by the information and by law and, in any case, under the terms required by law.
The data may be disclosed to the INFN staff, within the scope of their respective functions and in accordance with the instructions received, only for the achievement of the purposes indicated in this policy.
The recipients are appointed, if necessary, as Data Processors by the Owner, who may be asked for the updated list of Managers. The latter, based on the stipulated contract, are required to use personal data exclusively for the purposes indicated by the Data Controller, not to store them beyond the indicated duration or to transmit them to third parties without his explicit authorization.
The data are not transferred to non-EU countries[23].
No data deriving from the web service is disclosed.
8. Processing of personal data
The processing of personal data is carried out using electronic devices and media, in a relevant way, limited to what is necessary to achieve the purposes of the processing, only for the time necessary to achieve the proposes for which they were collected and in any case in compliance with the principles referred to in 5 of the EU Regulation 2016/679 GDPR.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
9. Place of data processing
The processing of personal data related to the web services of this site takes place at the INFN facilities and is handled only by technical staff of the office in charge of the processing, or by the managers designated by the owner who operate within the EU.
10. Right of data subject
Website users (data subject) can exercise the rights referred to in EU Regulation 2016/679: the right to access to personal data and the right to request form the controller rectification or erasure of registration personal data or restriction of processing; in accordance with the provisions of Article 15 and subsequent of Regulation. The appropriate application must be submitted by contacting the Data Protection Officer at the address indicated above.
The data subject also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) (https://garanteprivacy.it).
11. Data retention period
The personal data acquired to guarantee the use of the services provided by INFN-Cloud are kept for a period not exceeding one year and can be used by delegated and competent personnel only for control purposes and for the optimization of systems.
User data will be deleted within six months from the termination of the relationship. Should proxy servers or other session control systems capable of storing log files containing information relating to web pages, internal or external, accessed by local nodes, be installed, such information, kept for a period not exceeding seven days at care of the delegated personnel, they may be examined or processed if the need to guarantee the safety or proper functioning of the system is identified.
12. Update
This information is subject to updates in compliance with national and EU legislation on the subject, therefore we invite you to consult it periodically.
In case of non-acceptance of the changes made to this information, the user can request the Data Controller to delete his/her personal data. Unless otherwise specified, the privacy policy published on the site continues to apply to the processing of personal data collected until the time of its replacement.