Information on the processing of personal data pursuant to Article 13 of Regulation (EU) 2016/679
Data subjects: users who visit the website www.autoritadibacino.va.it of the Lake Basin Authority of Lakes Maggiore, Comabbio, Monate, and Varese
Why this information?
Pursuant to Regulation (EU) 2016/679 (hereinafter “Regulation” or “GDPR”), this page describes the methods of processing personal data of users who consult the website of the Lake Basin Authority of Lakes Maggiore, Comabbio, Monate, and Varese, accessible online at the following address: www.autoritadibacino.va.it
This information does not concern other websites, pages, or online services that may be reached via hyperlinks published on this site but refer to external resources outside the domain www.autoritadibacino.va.it
Data Controller
Following consultation of the site, data relating to identified or identifiable natural persons may be processed.
The Data Controller is the Lake Basin Authority of Lakes Maggiore, Comabbio, Monate, and Varese, with legal and operational headquarters at Via Martiri della Libertà, 11 – 21014 – Laveno-Mombello (VA), VAT No.: 02902910120.
Data Protection Officer
The Data Protection Officer (DPO) is the company Studio Paci & C. Srl (Contact Person: Luca Di Leo), reachable at the following address: dpo@studiopaciecsrl.it and phone: +39 0541 1795431.
Types of Data Processed, Purpose of Processing, and Legal Basis
1) Browsing Data
Legal Basis: “Data processing necessary for website navigation” – contractual obligation – Art. 6 § 1 letter b) GDPR
The computer systems and software procedures used to operate this site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment.
These data, necessary for navigating the site and utilizing the information contained within it, are also processed by the Data Controller for the purpose of:
Obtaining aggregated and anonymous statistical information regarding the use of the site (most visited pages, number of visitors by time slot or daily, geographical areas of origin of visitors, etc.)
Checking the correct usability of the content offered by the site
Preventing or countering any possible cyber offenses or fraudulent use of the site’s functionalities, also for reconstructing security incidents and their traceability
Retention Period:
Browsing data, in compliance with the principles of lawfulness, purpose limitation, and data minimization pursuant to Article 5 of the GDPR, will be retained for a period not exceeding the achievement of the technical purposes described above for which they are collected and processed, except for any need to ascertain crimes by the judicial authorities.
2) Data Provided by the User
Legal Basis: “Data processing necessary to respond to users’ requests” – contractual obligation – Art. 6 para. 1 letter b) GDPR
The optional, explicit, and voluntary sending of messages to the contact addresses of the Lake Basin Authority of Lakes Maggiore, Comabbio, Monate, and Varese, private messages sent by users to the institutional profiles/pages on social media (where this possibility is provided), as well as the compilation and submission of forms on the sites of the Lake Basin Authority of Lakes Maggiore, Comabbio, Monate, and Varese, entail the acquisition of the sender’s contact data necessary to respond, as well as all personal data included in such communications.
Specific information notices are published on the pages of the site prepared for the provision of certain services; where necessary, the user’s consent is collected, informing them each time about the purposes and the optional nature of providing data.
Retention Period:
The data provided by the user are retained for the time necessary to handle individual requests; any subsequent retention for statistical purposes involves the anonymization of such data (except for any need to ascertain crimes by the judicial authorities).
3) Cookies and Other Tracking Systems
We use:
Technical/anonymous static cookies necessary for user navigation; they facilitate correct site navigation and the usability of content by the user.
Legal Basis: “Contractual necessity as they are functional and necessary.”
Information on data processing, purpose, duration, and complete management of cookies—including their consent and revocation—is available in the “Cookie Management” document also found in the footer.
Recipients of the Data
Recipients of the data collected following consultation of some of the services listed above are certain entities designated by the Data Controller pursuant to Article 28 of the Regulation, as data processors, and other additional service providers in the fields of web agencies, digital communication, system assistance, and any other digital service providers. You can request the complete list by writing to protocollo@autoritadibacino.va.it
Some data and information may be transmitted to or acquired by entities identified as independent data controllers; such data relate to cookies that are usually anonymized before being sent, for statistical purposes. If a transfer to non-EU countries is provided, the guarantee measures undertaken will be indicated, described in paragraph 6 of this document.
The personal data collected are also processed by the staff of the Lake Basin Authority of Lakes Maggiore, Comabbio, Monate, and Varese, who act based on specific instructions provided regarding purposes and methods of the processing.
Security of Processing
The personal data transmitted and stored for the time necessary for the declared purposes are protected by specific technical and organizational security measures in reference to Article 32 of the Regulation, capable of ensuring on a permanent basis the confidentiality, integrity, availability, and the ability to promptly restore the availability and access to personal data in the event of a physical or technical incident. This also addresses risks of destruction, loss, alteration, unauthorized disclosure, or access—whether accidental or unlawful—to personal data transmitted, stored, or otherwise processed.
Transfer of Personal Data to Non-EU Countries
The Data Controller does NOT transfer personal data to non-EU countries.
Should the need arise, data subjects will be informed in advance, and guarantee measures for the transfer to recipients will be adopted, which, depending on the cases, may include: verification of the existence of adequacy decisions for the recipient country by the Commission, subscription of standard contractual clauses, verification of the adoption of any supplementary measures in compliance with EDPB Recommendation 01/2020. By way of derogation from such guarantees, for data processing (with reference to Article 49 of the GDPR), where applicable, the existence of a contract or pre-contractual measures in favor of the data subject or consent to the transfer will be verified.
Rights of Data Subjects
Data subjects have the right to obtain from the Lake Basin Authority of Lakes Maggiore, Comabbio, Monate, and Varese, where applicable, access to their personal data, rectification, erasure, restriction of processing, data portability, or to object to the processing and to withdraw consent (where used as a legal basis), in reference to Articles 15 to 22 of the Regulation.
Requests can be made through the contact details of the Lake Basin Authority of Lakes Maggiore, Comabbio, Monate, and Varese, with legal and operational headquarters at Via Martiri della Libertà, 11 – 21014 – Laveno-Mombello (VA), or by contacting the Data Protection Officer: Studio Paci & C. Srl (Contact Person: Luca Di Leo), reachable at the following address: dpo@studiopaciecsrl.it and phone: +39 0541 1795431.
To exercise these rights, you may also use the form prepared and available on the website of the Data Protection Authority at this link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9038275
Right to Lodge a Complaint
Data subjects who believe that the processing of personal data relating to them carried out through this site violates the provisions of the Regulation have the right to lodge a complaint with the Data Protection Authority, as provided by Article 77 of the Regulation, or to take appropriate legal action (Article 79 of the Regulation).
The form for lodging a complaint is available on the website of the Data Protection Authority at this link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524