Information on the processing of personal data of the users visiting the websites of the Italian data protection authority Pursuant to Article 13 of the EU Regulation 2016/679.

WHAT IS THIS INFORMATION?

The information provided below describes, as required by the EU Regulation 2016/679, the processing operations performed on the personal data of the users visiting the Italian data protection authority’s (hereinafter, the “Authority”) websites. Those websites include the following:

• http://www.autorita-trasporti.it (institutional website)
• https://secure.autorita-trasporti.it (on-line services website)

The information provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above websites but relate to resources outside the Authority’s domain.

DATA CONTROLLER

Visiting the websites listed above may result into processing data relating to identified or identified natural persons.

The data controller is the Autorità di regolazione dei trasporti, with headquarters in Via Nizza 230 – 10126 Torino, Italy (PEC-certified email: pec@pec.autorita-trasporti.it, phone (switchboard): +39 011 19212500).

DATA PROTECTION OFFICER

The Authority Data Protection Officer (DPO) can be contacted here: Autorità di regolazione dei trasporti – Responsabile della Protezione dei dati personali, Via Nizza 230 – 10126 Torino, Italy | Email: privacy@autorita-trasporti.it.

LEGAL BASIS FOR THE PROCESSING

The personal data mentioned on this page are processed by the Authority in discharging its tasks that serve the public interest or are related to the exercise of its official authority.

CATEGORIES OF PERSONAL DATA AND PURPOSES OF THE PROCESSING

Browsing data

The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols.
This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user’s operating system and computer environment.

These data are necessary to use web-based services and are processed in order to:

• extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.);
• check functioning of the services.

Browsing data are kept for no longer than seven days and are erased immediately after being aggregated (except where judicial authorities need such data for establishing the commission of criminal offences).

Data communicated by users

Sending messages, on the basis of the user’s free, voluntary, explicit choice, to the Authority’s contact addresses and filling in and sending the forms made available on the Authority’s websites entail the acquisition of the sender’s contact information as necessary to provide a reply as well as of any and all the personal data communicated in that manner.

Specific information notices will be displayed on the pages of the Authority’s websites that are used for providing on-line services.

Cookies and other tracking devices

No cookies are used to profile users nor are other user tracking systems implemented.

So-called session (non-persistent) cookies are used exclusively to the extent this is necessary to enable secure, efficient browsing. Storage of session cookies in terminal equipment or browsers is under the user’s control, whilst cookie-related information is stored server-side after HTTP sessions in the service logs for no longer than seven days like all other browsing data.

DATA RECIPIENT

The personal data collected as above are processed by the staff from the Authority, acting on specific instructions concerning purposes and arrangements of such processing.

DATA SUBJECTS’ RIGHTS

Data subjects have the right to obtain from the Authority, where appropriate, access to their personal data as well as rectification or erasure of such data or the restriction of the processing concerning them, and to object to the processing (pursuant to Articles 15 to 22 of the Regulation). Please contact the Authority ‘s DPO (Autorità di regolazione dei trasporti – Responsabile della Protezione dei dati personali, Via Nizza 230 – 10126 Torino, Italy | Email: privacy@autorita-trasporti.it) to lodge all requests to exercise these rights.

RIGHT TO LODGE A COMPLAINT

If a data subject considers that the processing of personal data relating to him or her as performed via this website infringes the Regulation, he or she has the right to lodge a complaint with the Authority pursuant to Article 77 of the Regulation, or else to bring a judicial proceeding against the Authority pursuant to Article 79 of the Regulation.