–

WEBSITE NAVIGATION

Dear User,

this information is provided by ERPAC (Ente Regionale Patrimonio Culturale Friuli Venezia Giulia) in accordance with the provisions of Regulation 679/2016 (GDPR) on the protection of personal data in order to describe how the personal data of users consulting this website is processed.

Data controller

ERPAC FVG, in the person of the General Manager, Dr Lydia Alessio-Vernì

with registered office in: Palazzo Alvarez – Via Diaz, 5 – 34170 Gorizia,

and can be contacted through the following addresses

email: erpac@regione.fvg.it, PEC: erpac@certregione.fvg.it
0481.385300; fax 0481.386336

Data Protection Officer (DPO)
The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the following e-mail address: dpo@studiolegalevicenzotto.it.

The personal data collected on this site and any other information associated with you, directly or indirectly, are processed and used in accordance with EU Regulation No. 679/2016 (GDPR) on the protection of personal data.

In particular, the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected in order to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation.

Furthermore, the Data Controller informs you that the data you provide are processed using IT tools and procedures, for the following purposes

Managing and improving site navigation;
Technical management of navigation (please refer to the ‘Cookies’ section available in the site footer);

The data you provide will only be made known to personnel and collaborators of the Data Controller and possibly to companies that process data on behalf of the Data Controller on an outsourcing basis (e.g. the IT company that manages the website), in any case for the sole purpose of carrying out the activities you have requested. In any case, the data will never be disseminated.

EXERCISE OF PERSONAL DATA PROTECTION RIGHTS

We inform you of the existence of certain rights regarding the protection of personal data, listed below, and how to exercise them with regard to the Data Controller:

Right to withdraw consent (Art. 13): You have the right to revoke your consent at any time for all those processing operations whose prerequisite for lawfulness is a manifestation of your consent. Withdrawal of consent shall not affect the lawfulness of the previous processing.

Right of access to data (Art. 15): You may request (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients from third countries or international organisations; (d) where possible, the period for which the personal data are to be stored or, if this is not possible, the criteria used to determine that period; (e) the existence of the data subject’s right to request from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the data are not collected from the data subject, all available information as to their source; (h) the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4), and, at least in such cases, meaningful information on the logic used, as well as the importance and the envisaged consequences of such processing for the data subject.

You have the right to request a copy of the personal data being processed.

Right of rectification (Art. 16): You have the right to request the rectification of inaccurate personal data concerning you and to obtain the integration of incomplete personal data.

Right to be forgotten (Art. 17): You have the right to obtain from the data controller the erasure of personal data concerning you if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if you withdraw your consent, if there is no overriding legitimate reason to proceed with the profiling processing, if the data have been processed unlawfully, if there is a legal obligation to erase the data; if the data relate to web services to minors without consent. Deletion may take place unless the right to freedom of expression and information prevails, the data are retained for the fulfilment of a legal obligation or the performance of a task carried out in the public interest or in the exercise of official authority, for reasons of public interest in the health sector, for archiving in the public interest, for scientific or historical research or statistical purposes or for the establishment, exercise or defence of a legal claim.

Right to restriction of processing (Art. 18): You have the right to obtain from the controller the restriction of processing when you have contested the accuracy of personal data (for the period necessary for the controller to verify the accuracy of such personal data) or if the processing is unlawful, if it is necessary for the establishment, exercise or defence of legal claims.

Right to portability (Art. 20): You have the right to receive in a structured, commonly used and machine-readable format the personal data concerning you provided to us and you have the right to transmit them to another if the processing was based on consent, on contract and if the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority and such transmission does not harm the right of a third party.

Right to refer to the Data Protection Authority (Art. 77): Without prejudice to any other administrative or jurisdictional recourse, if you consider that the processing concerning you is in breach of the Data Protection Regulation, you have the right to lodge a complaint with a supervisory authority, namely in the Member State in which you habitually reside or work or in the place where the alleged breach occurred.

The exercise of the aforementioned rights is subject to the limits, rules and procedures laid down in Regulation 679/2016 and which the User must be aware of and put in place.

In accordance with the provisions of Article 12(3) of the said Regulation, the Data Controller shall also provide the data subject with information on the action taken without undue delay and, in any event, no later than one month after receipt of the request. This period may be extended by two months if necessary, taking into account the complexity and number of the requests. The Data Controller shall inform the Data Subject of such extension, and of the reasons for the delay, within one month of receipt of the request.

To exercise the above rights, you may use the form on this page to be sent to the Data Controller or the DPO, duly completed and signed.