Privacy Policy

This Application collects certain Personal Data from its Users.
This document can be printed using the print command available in the settings of any browser.

Summary of the policy

Logs and personal data are collected for the following purposes and using the following services:

• Statistics
  YouTube IFrame Player
  Personal Data: Data communicated while using the service; Data provided in order to use the Service; Usage Data; User ID; device information; password; Tracking Tool; username

Contact information

• Data Controller
  Regione Siciliana – Presidenza
  President of the Sicilian Region, pro tempore
  Piazza Indipendenza, 21 – 90128 Palermo
  Controller’s email address: segreteria.presidente@regione.sicilia.it
• Data Processor
  Regione Siciliana – Dipartimento Regionale della Programmazione
  Director-General, pro tempore
  Piazza L. Sturzo 36 – 90139 Palermo
  Processor’s email address: dipartimento.programmazione@regione.sicilia.it
• Data Protection Officer (DPO)
  Regione Siciliana – Data Protection Officer
  DPO email address: dpo@regione.sicilia.it
• Sub-processors for technical management, hosting and database management of the website
  GolemNet srl
  Via Artena, 48 – 00038 Valmontone (RM)
  Email address: segreteria@golemnet.it
• Data recipients
  Data will not be transmitted to any other party, except in cases provided for by applicable law.
  Controller’s email address: segreteria.presidente@regione.sicilia.it

Full policy

Data Controller

Regione Siciliana – Presidenza
President of the Sicilian Region, pro tempore
Piazza Indipendenza, 21 – 90128 Palermo
Controller’s email address: segreteria.presidente@regione.sicilia.it

Data Processor

Regione Siciliana – Dipartimento Regionale della Programmazione
Director-General, pro tempore
Piazza L. Sturzo 36 – 90139 Palermo
Processor’s email address: dipartimento.programmazione@regione.sicilia.it

Data Protection Officer

Regione Siciliana – Data Protection Officer
DPO email address: dpo@regione.sicilia.it

Sub-processors for technical management, hosting and database management of the website

GolemNet srl
Via Artena, 48 – 00038 Valmontone (RM)
Email address: segreteria@golemnet.it

Data recipients

Data will not be transmitted to any other party, except in cases provided for by applicable law.
Controller’s email address: segreteria.presidente@regione.sicilia.it

Types of Data collected

Among the Personal Data collected by this Application, either autonomously or through third parties, are: Tracking Tool; Usage Data; device information; username; User ID; password; data communicated while using the service; data provided in order to use the Service.

Full details on each type of data collected are provided in the dedicated sections of this privacy policy or by specific information notices displayed prior to data collection.

Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during use of this Application.

Unless otherwise specified, all Data requested by this Application are mandatory. If the User refuses to provide them, it may be impossible for this Application to provide the Service. Where this Application indicates that some Data are optional, Users are free not to communicate such Data without consequences for the availability or operation of the Service. Users who are unsure which Data are mandatory are encouraged to contact the Controller.

Any use of Cookies—or other tracking tools—by this Application or by the owners of third-party services used by this Application, unless otherwise stated, is for the purpose of providing the Service requested by the User, in addition to the other purposes described in this document and, where available, in the Cookie Policy.

The User assumes responsibility for Personal Data of third parties obtained, published or shared through this Application and warrants that they have the right to communicate or disseminate them, holding the Controller harmless from any liability towards third parties.

Methods and place of processing of the collected Data

Methods of processing
The Controller adopts appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data. Processing is carried out using IT and/or telematic tools, with organisational methods and logic strictly related to the purposes indicated. In addition to the Controller, in some cases the Data may be accessible to other parties involved in the operation of this Application (administrative staff, lawyers, system administrators) or to external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communications agencies) also appointed, if necessary, as Processors by the Controller. The updated list of Processors can always be requested from the Controller.

Legal basis of processing
For the informational sections of the site, the legal basis for processing is consent.
For sections whose purposes concern the application of a law or EU Regulation, the legal basis is the performance of a task carried out in the public interest and the associated institutional tasks.
The Controller processes Personal Data relating to the User where one of the following conditions applies:
• the User has given consent for one or more specific purposes; Note: in some jurisdictions the Controller may be authorised to process Personal Data without the User’s consent or another legal basis specified below, until the User objects (“opt-out”) to such processing. This does not apply where the processing of Personal Data is governed by European data protection legislation;
• processing is necessary for the performance of a contract with the User and/or for pre-contractual measures;
• processing is necessary for compliance with a legal obligation to which the Controller is subject;
• processing is necessary for the performance of a task in the public interest or in the exercise of official authority vested in the Controller;
• processing is necessary for the purposes of the legitimate interests pursued by the Controller or by third parties.
In any case, the Controller is available to clarify the specific legal basis that applies to each processing, and in particular to specify whether processing is based on law, required by a contract, or necessary to enter into a contract.

Place
Data are processed at the Controller’s operating offices and in any other place where the parties involved in the processing are located. For further information, contact the Controller. The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the place of processing, the User may refer to the section on the processing details of Personal Data.

The User has the right to obtain information regarding the legal basis for transfers of Data outside the European Union or to an international organisation governed by public international law or composed of two or more countries, such as the UN, as well as regarding the security measures adopted by the Controller to protect the Data. Users can verify whether any such transfer takes place by consulting the relevant sections of this document or by contacting the Controller.

Retention period
Data are processed and stored for the time required by the purposes for which they were collected. Accordingly:
• Personal Data collected for purposes related to the performance of a contract between the Controller and the User will be retained until such contract has been fully performed.
• Personal Data collected for purposes related to the Controller’s legitimate interest will be retained until such interest has been satisfied. Users may obtain further information regarding the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller.
Where processing is based on the User’s consent, the Controller may retain the Personal Data for a longer period until such consent is withdrawn. Furthermore, the Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
Upon expiry of the retention period, Personal Data will be deleted. Therefore, upon expiration of this period, the rights of access, erasure, rectification and the right to data portability can no longer be exercised.

Purposes of the processing of the collected Data

User Data are collected to enable the Controller to provide the Service, comply with legal obligations, respond to requests or enforcement actions, protect its rights and interests (or those of Users or third parties), detect any malicious or fraudulent activity, provide visitors with information on the activities within the remit of the Regional Department of Programming—in particular on EU funds—and for the following purposes: Statistics and Displaying content from external platforms.
For detailed information on the purposes of processing and on the Personal Data processed for each purpose, the User may refer to the section “Details on the processing of Personal Data”.

Details on the processing of Personal Data

Personal Data are collected for the following purposes and using the following services:

• Statistics
  The services in this section allow the Controller to monitor and analyse traffic data and are used to track User behaviour.
• Displaying content from external platforms
  These services allow content hosted on external platforms to be displayed directly from the pages of this Application and to interact with them. Such services may nonetheless collect web traffic data relating to the pages on which they are installed, even when Users do not use them.

User rights

Users may exercise certain rights regarding their Data processed by the Controller. In particular, the User has the right to:
• withdraw consent at any time;
• object to processing of their Data when it is carried out on a legal basis other than consent (details on the right to object are provided below);
• access their Data and receive a copy;
• verify and request rectification;
• obtain restriction of processing under certain conditions;
• obtain erasure of their Personal Data under certain conditions;
• receive their Data in a structured, commonly used and machine-readable format and, where technically feasible, have it transmitted to another controller (portability), when processed by automated means and based on consent, a contract with the User, or related contractual measures;
• lodge a complaint with the competent supervisory authority for personal data protection, the Autorità Garante della protezione dei dati personali (piazza Venezia n. 11, 00187 Rome; email: protocollo@gpdp.it; PEC: protocollo@pec.gpdt.it) or take legal action.

Details on the right to object
When Personal Data are processed in the public interest, in the exercise of official authority vested in the Controller, or for the purposes of the Controller’s legitimate interests, Users have the right to object to processing on grounds relating to their particular situation.

How to exercise rights
To exercise their rights, Users may address a request to the Controller’s contact details indicated in this document. Requests are free of charge and will be processed by the Controller as soon as possible and, in any case, within one month.

Cookie Policy

This Application uses Tracking Tools. For more information, Users may consult the Cookie Policy.

Additional information on processing

Legal defence
The User’s Personal Data may be used by the Controller in legal proceedings or in the preparatory stages for their possible initiation for the defence against abuse in the use of this Application or related Services by the User. The User acknowledges that the Controller may be required to disclose Data by order of public authorities.

Specific information notices
Upon the User’s request, in addition to the information contained in this privacy policy, this Application may provide Users with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.

System logs and maintenance
For operation and maintenance purposes, this Application and any third-party services it uses may collect system logs, i.e., files that record interactions and may also contain Personal Data such as the User’s IP address. Logs are retained for no more than 7 days by the provider Aruba Business srl.

Information not contained in this policy
Further information regarding the processing of Personal Data may be requested at any time from the Controller using the contact details provided.

Response to “Do Not Track” requests
This Application does not support “Do Not Track” requests. To find out whether any third-party services used support them, Users are invited to consult their respective privacy policies.

Changes to this privacy policy
The Controller reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page and, if possible, within this Application and—where technically and legally feasible—by sending a notice to Users via any contact details available to it. Please therefore check this page frequently, referring to the date of the last modification indicated at the bottom.
Where changes affect processing whose legal basis is consent, the Controller will collect the User’s consent again, if necessary.

Definitions and legal references

Personal Data (or Data)
Any information that directly or indirectly—also in connection with any other information, including a personal identification number—identifies or makes identifiable a natural person.

Usage Data
Information collected automatically through this Application (or third-party applications integrated into this Application), including: IP addresses or domain names of computers used by the User connecting to this Application; Uniform Resource Identifier (URI) addresses; the time of the request; the method used to submit the request to the server; the size of the file received in response; the numerical code indicating the status of the server’s response (successful outcome, error, etc.); the country of origin; the features of the browser and operating system used by the visitor; the various time details of the visit (e.g., time spent on each page); and details about the path followed within the Application, with particular reference to the sequence of pages consulted, and parameters relating to the User’s operating system and IT environment.

User
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.

Data Subject
The natural person to whom the Personal Data refer.

Processor (or Data Processor)
The natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller, as described in this privacy policy.

Controller (or Data Controller)
The natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data and the tools adopted, including security measures for the operation and use of this Application. Unless otherwise specified, the Controller is the owner of this Application.

This Application
The hardware or software tool by which Users’ Personal Data are collected and processed.

Service
The service provided by this Application as defined in the relevant terms (if available) on this site/application.

European Union (or EU)
Unless otherwise specified, any reference in this document to the European Union is deemed to include all current member states of the European Union and the European Economic Area.

Cookies
Cookies are Tracking Tools consisting of small pieces of data stored within the User’s browser.

Tracking Tool
Any technology—e.g., cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting—that allows Users to be tracked, for example by collecting or storing information on the User’s device.

Legal references
This privacy notice is drafted on the basis of multiple legal systems, including Articles 13 and 14 of Regulation (EU) 2016/679.
Unless otherwise specified, this privacy notice concerns this Application only.