Privacy
PRIVACY POLICY PURSUANT TO ART. 13 OF REGULATION (EU) 679/2016 ON THE PROCESSING OF PERSONAL DATA (GDPR - General Data Protection Regulation)
This privacy policy is provided by ENEA - National Agency for New Technologies, Energy and Sustainable Economic Development pursuant to art. 13 of EU Regulation 2016/679 - General Data Protection Regulation, with respect to the processing of personal data provided through the website www.eera-jpnm.eu/orient-nm/ (hereinafter also "Website").
This policy is provided only for the processing of personal data of Users (Data Subjects) collected through the Website and not for other websites that may be viewed by clicking on links (such as in the case of redirection to social networks).
1. IDENTITY AND CONTACT INFO OF THE DATA CONTROLLER
The Data Controller is ENEA - National Agency for New Technologies, Energy and Sustainable Economic Development, based at Lungotevere Thaon di Revel 76, 00196, Rome. You can contact the Data Controller by writing to the address above, or by sending an email to the following certified email address: enea@cert.enea.it.
2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER (DPO)
The Data Protection Officer (DPO) for ENEA was appointed by Provision no. 34/2020/PRES of 6 February 2020. For communications relating exclusively to the processing of personal data, the DPO can be contacted at the following email address: uver.dpo@enea.it.
3. PURPOSES AND LEGAL BASES FOR THE PROCESSING
Users' personal data are processed in order to:
- Reply to requests sent to email addresses on the website.
- Provide the services offered by the website and requested by the User (i.e. participation in courses, etc.).
- Fulfil legal or administrative obligations.
4. NATURE OF DATA PROVISION
The provision of personal data through registration forms and the sending of communications to the email addresses on the Website for requesting information is optional. However, in the event of failure to provide the requested data, the website will not be able to provide the User with services that may be requested.
5. TYPES OF DATA PROCESSED
5.1. Navigation data
During their normal operation, the computer systems and applications used to operate this Website acquire some data (whose transmission is implicit in the use of Internet communication protocols) that are not associated with directly identifiable users.
The data collected include IP addresses of the computers used by Users connecting to the website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment.
5.2. Data provided voluntarily by the User
Other personal data collected are those provided by the User by sending communications to the email addresses specified on the Website and when registering.
The optional, explicit and voluntary sending of non-compulsory personal data, including through the sending of emails to the addresses specified on this website, entails the subsequent acquisition thereof, the sender's address necessary to respond to requests, as well as any other personal data included in the message.
6. PROCESSING METHOD AND STORAGE PERIOD
Personal data are processed using electronic tools in compliance with the provisions of art. 32 of the GDPR 2016/679 and the other regulations and specific Provisions of the Personal Data Protection Authority regarding security measures.
The Data Controller shall ensure that the personal data being processed are:
- Processed in a lawful, proper and transparent manner with respect to the Data Subject.
- Collected and recorded for specific, explicit and legitimate purposes, and used in other processing operations in that are terms compatible with these purposes, and in any case to the extent that the processing is necessary for the fulfilment of the aforementioned purposes (in this regard, the use of personal data and identifying data must be reduced to a minimum).
- Accurate, and updated if necessary.
- Pertinent, complete and not exceeding the purposes for which they are collected and subsequently processed.
- Stored in a form that allows their deletion, correction (as well as the consequent notification of any recipients to which the personal data subject to a request for correction or deletion have been disclosed), as well as the restriction or objection to their processing;
- Stored in a form that allows the identification of the data subject for a period of time not exceeding what is necessary for the purposes they were collected and subsequently processed for.
More specifically, browsing data shall be kept for the duration of the browsing session on the Websites, while personal data voluntarily provided by the User shall be kept for the time necessary to respond to the requests of the Data Subject, for the time necessary for the performance of the services requested through the Website and for the data retention times imposed by legal or regulatory obligations.
The sending of emails to the addresses specified on this Website entails the subsequent acquisition of the sender's address, necessary to respond to the requests, as well as any other personal data included in the message.
The personal data provided by the Data Subjects who submit such requests are used only to perform the services envisaged or to respond to any questions and are disclosed to third parties only if necessary for such fulfilment.
ENEA adopts the necessary security measures envisaged by the GDPR to protect the data collected in order to prevent the risks of loss or theft of data, unauthorised access or illegal or improper uses.
7. CATEGORIES OF RECIPIENTS
For the purposes detailed in art. 3, Users' personal data may be disclosed or made accessible to:
- ENEA employees and contractors in their capacity as persons authorised to process data pursuant to art. 29 GDPR.
- Any additional outsourced service providers on behalf of the Data Controller (e.g. IT service providers and/or postal services) as Data Processors.
- All parties whose right to access such data is recognised by regulatory or authoritative measures; to all natural and/or legal persons, public and/or private when necessary or functional to the performance of the services requested through the Website, in the ways and for the purposes illustrated above.
In no case will personal data be disclosed, disseminated, sold or otherwise transferred to third parties for unlawful purposes, and in any case without providing suitable information to the Data Subjects and obtaining their consent in advance, where required by law.
This without prejudice to any disclosure of data at the request of judicial or public security authorities, in the manner and in the cases envisaged by law. Personal data shall not be transferred abroad to countries or international organisations not belonging to the European Union that do not guarantee an adequate level of protection, recognised pursuant to art. 45 GDPR on the basis of an adequacy decision of the EU Commission. If for the provision of the services of the Website it is necessary to transfer personal data to countries or international organisations outside the EU for which the Commission has not adopted any adequacy decision pursuant to art. 45 GDPR, this will take place only in the presence of adequate guarantees provided by the recipient country or organisation pursuant to art. 46 GDPR and provided that the data subjects have actionable rights and effective remedies.
In the absence of an adequacy decision by the Commission pursuant to art. 45 GDPR or of adequate guarantees pursuant to art. 46 GDPR, including binding corporate rules, the cross-border transfer shall only take place if one of the conditions indicated in art. 49 GDPR occurs.
8. RIGHTS OF THE DATA SUBJECTS
Articles 15-22 of the Regulation grant the data subject the exercise of the following rights:
- Request confirmation of the existence or otherwise of one's personal data (art. 15 par. 1).
- Obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, and when possible the storage period (art. 15 par.1 lett a, c).
- Have the data corrected or deleted (art. 16 and 17).
- Obtain the restriction of processing (art. 18).
- Obtain information from the Data Controller on the recipients which the personal data have been disclosed to and any corrections or deletions or restrictions on processing (art. 19).
- Obtain the portability of the data, i.e. receive them from a Data Controller in a structured, commonly used format that is readable by automatic devices, and transmit them to another data controller without impediment (art. 20).
- Object to an automated decision-making process relating to natural persons, including profiling (art. 21 and 22).
- If the processing is based on consent, be able to withdraw such consent at any time (art. 7, para. 3).
Data Subjects have the right to lodge a complaint with the Supervisory Authority pursuant to art. 77 of the Regulation, or to take appropriate legal action.
9. HOW TO EXERCISE YOUR RIGHTS
The above rights are exercised by submitting a request to the Data Controller by sending an email to privacy@enea.it. The request can be made freely and without following any specific format by the Data Subject, who shall be entitled to receive an appropriate reply within a reasonable amount of time, depending on the circumstances of the case.
To exercise his/her rights, the Data Subject may use non-profit bodies, organisations or associations whose statutory objectives are in the public interest and which are engaged in the protection of Data Subjects' rights and freedoms with regard to the protection of personal data, for this purpose giving them an appropriate mandate. The Data Subject may also be assisted by a trusted person.
You can receive more information on the purposes and methods of processing your personal data by writing to privacy@enea.it and specifying "Privacy" in the subject.
To know your rights, lodge a complaint/report/appeal and to remain updated on the laws regarding the protection of individuals with regard to the processing of personal data, the Data Subject can contact the Personal Data Protection Authority, consulting the website at http://www.garanteprivacy.it/.
COOKIE POLICY
1. What is a cookie and what is it for?
A cookie is a small file that is sent to the browser and saved on the user's device (PC, Tablet etc.) when you access and use the website.
Cookies allow an efficient operation of the Website and improve its performance, including through the collection and analysis of aggregate information, which allow the Website operator to understand how to improve the Website's structure and sections. Using cookies it is also possible to collect information for statistical purposes, mainly to personalise the user's browsing experience, remembering their preferences (e.g. language, currency etc.).
Cookies are classified according to their duration and the website that set them, so different cookies are used depending on the individual purposes.
2. What cookies do we use?
Technical cookies
Technical cookies can be divided into browsing or session cookies, which guarantee normal browsing and use of the Website (e.g. coordinating the modules that make up the pages of the Website or correlating the pages visited to the same working session), and analytical cookies, similar to technical cookies only if used for optimising the Website directly by the website operator (so-called first-party analytical cookies), who may collect aggregate information on the number of users and how they visit the Website (e.g. to compile statistics on the most-visited pages, to collect aggregate data on visits by operating system, browser etc.).
Session cookies
Use of session cookies is strictly limited to the transmission of session identifiers (consisting of server-generated random numbers) and software usage data necessary to allow secure, efficient navigation of the website: session variables (so-called cookies) can avoid the use of computer techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of identifying personal data. Session cookies are not stored permanently on the user's device (PC, Tablet etc.), but rather are recorded locally for periods of time established according to the session variables (whose values stored on the device's hard disk can still be deleted; you can also disable cookies by following the instructions provided by the main browsers). Session cookies remain stored on the device for a short period of time and are then deleted when the web browser is closed.
Persistent cookies
Persistent cookies save a file in the memory of your device (PC, Tablet etc.) for a long period of time. This type of cookie has an expiration date. Persistent cookies allow websites to remember information and settings at subsequent visits by users, thus making browsing more convenient and faster. When the cookie expires, it is automatically deleted the next time you log on to the website that created it.
The session cookies installed by ENEA are:
PHPSESSID
comply_cookie
_gid
_ga
Third-party cookies
Third-party cookies are set by a website other than the one you are visiting and reside on servers other than the one you are visiting. Therefore, the use of data collected by these external operators through cookies is subject to their respective privacy policies.
For more information about how Google cookies are used and managed in the user's browser, consult the Google cookie policy at the following link https://policies.google.com/technologies/cookies?hl=en-GB&gl=en.
3. Details of the cookies used
The explanation below provides more detail on the cookies used on our website and their purposes.
Necessary (1)
The necessary cookies help make a website usable by enabling basic functions such as browsing the page and accessing the secure areas of the website. The website cannot function properly without these cookies.
NAME |
SOURCE |
PURPOSE |
EXPIRATION |
PHPSESSID |
enea.it |
This cookie allows the website to store session status data. |
Session |
Preferences (2)
Preference cookies allow the website to store information that affects its behaviour or appearance, such as your preferred language or location.
NAME |
SOURCE |
PURPOSE |
EXPIRATION |
comply_cookie |
enea.it |
Remember reading of the cookie banner |
1 year |
Statistics (14)
Statistical cookies help website owners understand how visitors interact with websites by collecting and transmitting information in anonymous form.
NAME |
SOURCE |
PURPOSE |
EXPIRATION |
_ga, _gid |
Google Analytics 4 |
Used to generate statistical data on how the visitor uses the website. |
2 years |
SID, SAPISID, APISID, SSID, HSID, AID, NID, SEARCH_SAMESITE, __Secure-3PAPISID, __Secure-3PSID |
Google.com |
Cookies used to collect information on the use of the site by visitors each time web pages containing Google services are visited. |
2 years |
CONSENT |
Google.com |
Cookie associated with a Google Maps embedded in the site. |
Permanent |
Detailed information on third-party cookies used on the website is provided, as well as the links through which the user can receive more information and request deactivation of cookies.
- Google Analytics 4
Google Analytics 4
Google Analytics 4 is used on the website.
Google Analytics 4 is a web analysis service provided by Google, Inc. ("Google") which uses cookies that are stored on your device with which it collects user personal data. Google uses this information to allow statistical analysis in aggregate form for the purpose of tracking and examining your use of the website, compiling reports on website activities for website operators and providing other services related to website activities and internet use.
Data generated by Google Analytics 4 are stored by Google as detailed in the Policy available at the following link https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
To view the privacy policy of Google Inc., the independent data controller of the processing of data relating to the Google Analytics 4 service, please refer to the website https://policies.google.com/privacy?hl=en
The link https://tools.google.com/dlpage/gaoptout?hl=en is for a browser add-on that can deactivate Google Analytics 4.
4. How long do we keep your data?
The data are kept for the amount of time indicated in the table above. In order to complete statistical processing, the data for analytical purposes (statistics) are kept in aggregate form for a further two months (for a total of 26 months).
The browsing data collected by the website are kept for the time necessary to allow the browsing of the website itself and in any case for the time specified in the table above.
5. How can I disable cookies?
Most browsers are configured to accept, control or even disable cookies through their settings. Please note, however, that disabling technical cookies, even partially, could compromise the operation of the Website and/or limit its functionality.
In contrast, disabling third-party cookies does not affect navigability in any way.
Below are the links to the instructions provided by the main browsers for managing the settings on the installation of cookies:
Chrome: https://support.google.com/chrome/answer/95647?hl=en
Firefox: https://support.mozilla.org/en-US/kb/block-websites-storing-cookies-site-data-firefox
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09