Cyber4Health is committed to making privacy easy to understand for everyone. We believe that providing transparent information is a fundamental component of peace in cyberspace. By providing information about data processing in plain and accessible language, we hope to encourage people to take the time to read this notice and to understand how they can exercise their rights.
Due to the global reach of Cyber4Health, we process personal data that falls under the scope of application of the General Data Protection Regulation (Reg. (EU) 206/679 or “GDPR”), when we offer goods or services to people located in the EU.
Why we collect personal data
Below are the main reasons why we collect personal data, as well as detailed information about the type of data collected, the purpose of processing and the data retention period.
Browsing the website
- IP Addresses (including Location Data)
- Type of Browser
- Operation System
- Visiting Time (Local and Server)
- Actions per visit
- Pageviews per visit
- Returning Visitors
- Referring Site Information
When you browse the website, we use digital tools to deliver the website user experience, including cookies and other identifiers. In accordance with the Italian Data Protection Authority (order issued by the DPA on June 9, 2022, Register of orders no. 224 of 09/06/2022 – web doc no. 9782890) Cyber4Health does not run google analytics services to collect user data, but the on-premise version of Matomo. This ensures that data is not processed by third-party websites, but only by Cyber4Health, always anonymously. The table below shows a description of cookies used by Matomo.
Matamo set this cookie to store a unique user ID.
1 year 27 days
Matomo set this cookie to store a unique session ID for gathering information on how the users use the website.
Submitting a request on the Contact Us page
- First name, last name, email address
On our Contact page, you can send us a question, suggestion, request or another message, in order for us to contact you back. We need your first name, last name and email address to process your request, on the basis of our legitimate interest to contact you and respond to your query.
We strongly encourage you to refrain from sending any personal or sensitive information in the “Your Message” box, whether it is your own information or someone else’s. Should we need to receive any particular information from you, we will get in touch to let you know a secure way to share it.
How to exercise your rights
You have several rights that you can exercise concerning to your personal data. These rights are not absolute, and limitations may depend on how the data was collected and the purposes of that data collection. Each data subject rights request (DSR) is carefully evaluated on a case by case basis by our Data Protection Officer, who replies to each DSR within 30 days from the date of receipt of all the information needed to process the request.
Below is a list of rights that you may ask to exercise in connection with your personal data:
- Right of access to the personal data
- Right to rectification of incorrect data
- Right to erasure (right to be forgotten)
- Right to restriction of processing
- Right to data portability
- Right to object to data processing
- Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you
If you wish to exercise any of these rights, kindly contact us at (email istituzionale). To be sure that the request is coming from you (and not from somebody pretending to be you), we may ask you to provide us with additional information to confirm your identity. If you provide any such information to us, then we will only use it to respond to your request.
You may also send us postal mail with your requests to: University of Rome “Tor Vergata”, Via del Politecnico 1, 00133, Rome, Italy. Please specify on the envelope “For the attention of the Data Protection Officer”. Please note that we are not responsible for delays or failures of the postal service, so we do encourage you to send your requests by registered mail or by email, whenever possible.
Should you be unsatisfied with the response received, or should you wish to lodge a complaint, you may do so by contacting a data protection supervisory authority. A list of contact details of supervisory authorities is available here.
Data security measures & data retention
We take reasonable technical, administrative and physical measures to protect the security of personal data under our control from unauthorised use, disclosure, alteration and breach. We apply procedural safeguards to all personal data that we process, regardless of the technology used. In the unlikely event of a data breach, we will comply with applicable data protection legislation and we will inform you as soon as feasible, in order to allow you to take measures to limit the effects of the breach.
Unless explicitly stated otherwise, when you provide personal data to Cyber4Health, you are sharing that data only with us and, in limited cases, with our service providers and contractors working under obligations of confidentiality – and appropriate contractual safeguards, such as Data Processing Agreements – solely to provide services to our organisation.
We may share anonymised information (non-personal data) about digital trends or modus operandi with trusted partners, or as a part of public reporting, in order to fulfil our mission. Such data does not identify any individual and does not fall within the remit of “personal data”.
We store personal data for a limited time, and only for the proper delivery of Cyber4Health’s products and services for which the personal data was collected in the first place. Depending on the purposes of data collection, data retention periods may vary.
To ensure that strong data protection principles are enforced, Cyber4Health organises regular personal data reviews, to assess the relevance of maintaining data processing as well as the accuracy of the personal data. Such reviews happen no later than 3 years after the time of the personal data collection, or 10 years in the event that the is publicly available at the time of collection.
If you would like to find out the retention periods applicable to your personal data, you may contact us at email istituzionale.
Opt-out of website tracking
You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.