Privacy Policy

Data controller

Name

Partito Democratico Federazione Provinciale di Crotone

Registered office

Piazza Pitagora 19, 88900 Crotone (KR)

Italian tax code

91066240796

Email

[email protected]

IBAN

IT86I0306909606100000187452

Categories of data processed

The website does not require registration and does not offer contact forms, newsletters or restricted areas. Personal data processing is therefore strictly limited to what is necessary for the operation and security of the service.

In particular, browsing data is collected automatically by the IT systems and software procedures involved in operating the website (for example: IP address, browser type, operating system, pages visited, date and time of requests, HTTP status codes). Such data is used solely to ensure the proper delivery of the service, prevent abuse and analyse the use of the website in aggregated and anonymous form.

Technical data relating to application errors (stack traces, request context, technical session identifiers) may also be collected for diagnostic and troubleshooting purposes.

Purposes of processing

The data is processed for the following purposes: (a) delivery of the web service and technical operation of the website; (b) IT security, prevention of abuse, automated attacks and intrusion attempts; (c) diagnosis and resolution of application errors (error tracking); (d) anonymous and aggregated statistical analysis of website usage.

Browsing data is not used to profile users or for marketing or political propaganda purposes.

Legal basis

Processing is based on the legitimate interest of the controller pursuant to article 6(1)(f) GDPR, consisting in delivering a secure and functional web service and preventing abuse and IT attacks.

The legitimate interest has been assessed as prevailing over the rights and freedoms of data subjects, given that the data is limited to what is strictly necessary, retained for short periods and not used for further purposes.

Retention periods

Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected:

• Browsing logs and technical security data: retained for a maximum of 12 months, subject to extension for investigative or litigation needs.
• Error tracking data: retained for a maximum of 90 days from the event date.
• Anonymous aggregated statistical data: retained without time limits, as it cannot be linked to identified or identifiable individuals.

Recipients of the data

Personal data may be communicated to the following parties acting as data processors pursuant to article 28 GDPR:

External data processors

• Contabo GmbH (Germany) — infrastructure hosting provider.
• Cloudflare Inc. (USA) — CDN, anti-DDoS and WAF services, processing browsing data for security purposes.
• CrowdSec (France) — collaborative threat detection and mitigation platform.
• Sentry GmbH (Germany, EU data residency) — application error tracking platform.
• Umami (self-hosted analytics) — anonymous and aggregated website usage analytics, without the use of cookies.

Transfers outside the EU

Cloudflare Inc. is a US entity and the processing may therefore involve a transfer of personal data to a third country. The transfer is covered by the Standard Contractual Clauses adopted by the European Commission (Implementing Decision 2021/914/EU) and by Cloudflare's membership of the EU-US Data Privacy Framework, which provides an adequate level of protection pursuant to article 45 GDPR.

The other processors listed above operate within the European Economic Area and do not involve extra-EU transfers.

Rights of data subjects

As a data subject, pursuant to articles 15 to 22 GDPR, you have the right to:

• obtain confirmation of whether or not personal data concerning you is being processed and, if so, access to such data (art. 15);
• obtain the rectification of inaccurate data or the integration of incomplete data (art. 16);
• obtain the erasure of data ("right to be forgotten") in the cases provided for by law (art. 17);
• obtain the restriction of processing in the cases provided for by law (art. 18);
• obtain the portability of data concerning you in a structured and readable format (art. 20);
• object to processing based on legitimate interest, unless the controller demonstrates compelling legitimate grounds to proceed with the processing (art. 21).
• Rights may be exercised by writing to the email address of the controller indicated above. You also have the right to lodge a complaint with the Italian Data Protection Authority pursuant to article 77 GDPR (www.garanteprivacy.it).

Political propaganda

The website does not collect personal data for electoral or political propaganda purposes and does not carry out political profiling of users. Published content is informational in nature and is publicly accessible without registration.

Should features involving the processing of personal data for political communication, electoral propaganda or membership purposes be activated in the future, a specific supplementary notice will be provided and the explicit consent of the data subject will be requested pursuant to article 9 GDPR and the decision of the Italian Data Protection Authority of 18 April 2019 on electoral and political propaganda.

Contacts for the exercise of rights

For any request concerning the processing of personal data and the exercise of GDPR rights, you can write to the email address of the controller indicated above.

The controller will respond to requests without undue delay and in any case within one month of receipt, subject to a justified extension in the cases provided for by article 12 GDPR.