info@fondazioneanthem.it

ANTHEM

PRIVACY POLICY

This document describes the management methods of the website https://fondazioneanthem.it/ (“Website”), with reference to the processing of personal data of users (“User/Users”) who visit it.
This notice is provided pursuant to Articles 13 et seq. of Regulation EU 679/2016 (“GDPR”) to all those who visit the Website and/or communicate with ANTHEM – AdvaNced Technology for Human centEred Medicine (“ANTHEM”).
The policy applies exclusively to the Website and not to other websites that the User may access via links available on the Website.

1. Data Controller

The Data Controller of personal data is ANTHEM – AdvaNced Technology for Human centEred Medicine, with registered office at Piazza dell’Ateneo Nuovo n. 1 – 20126 Milan, email: info@fondazioneanthem.it, and PEC: fondazioneanthem@legalmail.it (“Controller”).

2. Types of Data Processed

2.1 Browsing Data

The IT systems and software procedures used for the functioning of the Website acquire, during normal operations, some personal data whose transmission is implicit in the use of internet communication protocols.
These data are not collected to be associated with identified subjects but, by their nature, could allow the identification of Users. Such data include:
(i) IP addresses or domain names of computers used by Users accessing the Website;
(ii) URI (Uniform Resource Identifier) addresses of requested resources;
(iii) the time of the request;
(iv) the method used to submit the request to the server;
(v) the size of the file obtained in response;
(vi) the numerical code indicating the server’s response status (success, error); and
(vii) other parameters related to the User’s operating system and computing environment.
These data are used solely to obtain anonymous statistical information on Website usage and to ensure its proper functioning. They are deleted immediately after processing.

2.2 Cookie

For information on the processing of data via cookies, please refer to the dedicated policy available at the following link.

2.3 Data Voluntarily Provided by the User

The optional, explicit, and voluntary sending of emails to the addresses indicated on the Website entails the acquisition and processing by the Controller of such data, as well as any other information contained in these communications, for the purposes described in section 3.2 below.

3. Purposes and Legal Basis of Processing

The Controller processes Users’ personal data for the following purposes:

  1. To pursue a legitimate interest pursuant to Article 6.1, letter (f) of the GDPR, consisting of ensuring the Website’s security and the information exchanged on it, i.e., the Website’s ability to withstand, at a given security level, unforeseen events or illegal or malicious acts that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal data and the security of the services offered or made accessible.
  2. To fulfill requests made by Users by sending emails to the Controller’s addresses provided on the Website, pursuant to Article 6.1, letter (b) of the GDPR.

4. Consequences of Refusal to Provide Data

Providing data for the purposes outlined above is optional. However, refusal to provide data may make it impossible for the User to communicate with the Controller and for the Controller to fulfill the User’s requests, as well as to ensure the security of the Website and the information exchanged on it.

5. Data Processing Methods

Personal data are processed using manual, IT, and automated systems. To ensure accurate data processing, Users must promptly notify any updates or changes to their personal data.
Specifically, Users’ personal data are processed by authorized personnel who are identified and/or appointed as necessary, adequately trained, and informed of the legal obligations involved. Security measures are in place to safeguard confidentiality and prevent risks such as data loss, destruction, unauthorized access, or processing that does not comply with the specified purposes. Security measures are continually improved in line with technological advancements.

6. Data Communication and Dissemination

The personal data collected on the Website will not be communicated, sold, or transferred to third parties, except as required by law.
Nonetheless, data may be disclosed to companies expressly appointed to perform specific tasks within the scope of the Controller’s activities and/or in its favor. These entities will act as independent data controllers and/or processors. Data may also be disclosed to law enforcement, judicial authorities, or other public entities for purposes of state defense, security, or crime prevention, detection, or prosecution, as required by law.

7. Data Transfer Outside the EU

Users’ data may be transferred to non-EU countries in accordance with Articles 44 et seq. of the GDPR. Transfers may occur based on:
1. An adequacy decision adopted by the European Commission (Article 45 GDPR); or
2. Adequate safeguards, such as standard contractual clauses or other appropriate mechanisms under Article 46 GDPR, including any additional security measures.

8. Data Subject Rights

Under Articles 15 et seq. of the GDPR, Users have the right to:

  1. Confirm whether their personal data are being processed and receive intelligible information about it.
  2. Obtain a copy of their personal data.
  3. Rectify inaccurate personal data.
  4. Request the erasure of their personal data.
  5. Restrict the processing of their personal data.
  6. Receive their data in a structured, commonly used, and machine-readable format and transmit it to another controller (data portability).
  7. Obtain details about:
    1. The origin of the data;
    2. Categories of processed data;
    3. Purposes and methods of processing;
    4. The logic applied to electronic processing;
    5. Identification of the Controller and processors;
    6. Retention periods or criteria for determining them;
    7. Third parties to whom data may be communicated.

Users may also oppose data processing, in whole or in part, for legitimate reasons.
Requests to exercise these rights should be sent to info@fondazioneanthem.it with the subject “Privacy – Exercise of Privacy Rights.”
Users may file a complaint with the Data Protection Authority or other competent authority under the GDPR if they believe their rights have been violated.

9. Data Retention Duration

Personal data will be processed by the Controller only for the time necessary to achieve the purposes outlined in Section 3, after which they will be retained solely to comply with legal obligations, for administrative purposes, or to assert or defend a legal claim.
For the purposes described in Section 3.1, data will be processed strictly as needed to respond to the User, and in any case, no longer than 12 months.

*** *** ***

This Privacy Policy was last updated on December 28, 2023. Any updates will be published on this page.

Ministero dell'Università e della Ricerca Italia Domani Piano Nazionale per gli investimenti complementari al PNRR ANTHEM