PRIVACY POLICY

Information about cookies
The Mario Negri Institute for Pharmacological Research – hereinafter referred to as the Institute, or the Holder, is the data processing agent under Article 4 of the General Data Protection Regulation – GDPR. As you are the person concerned - the ‘user’ - information is provided here on the types and purposes of computer cookies employed by the Institute, and how to select and deselect single cookies. The Institute’s Privacy Policy – outlining its conduct regarding privacy – applies to the website www.marionegri.it (hereinafter referred to simply as the ‘Site’) and sets out how personal data are treated when someone visits the Site, and the users’ interactions with the Site services and function.  The Privacy Policy was drafted to comply with the measures established by the Privacy Shield, dated 8 May 2014 and gives information to those concerned under i) Art. 13 of the ItalianLegislative Decree (D.Lgs) of 30 June 2003, no. 196 (known as the "CodicePrivacy"  Privacy Code), (ii) EU Regulation 2016/679 regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data - GDPR,art. 13 and 14,  and (iii) D.Lgs. 10 August 2018, no. 101, specifying how national regulations should be adapted to comply with GDPR. The information given here only refers to the official website of the Mario Negri Research Institute, and does not apply to any other websites, which the user can consult using the appropriate link.

1. Data Controller and Data Protection Officer
The Data Controller is the person who determines the purposes for which and the manner in which personal data are to be processed (the ‘Data Controller’) and is identified in Institute, in person of legal representative Prof. Giuseppe Remuzzi, as a Director. The Data Controller may be contacted by e-mail at the following e-mail address: privacy@marionegri.it.The Data protection officer (DPO) may be contacted by e-mail: DPO@marionegri.it

2. Categories of personal data
The Site collects the user’s data in two ways.

Data given voluntarily:

The Site may collect data when the user employs its services voluntarily; these may include communication tools (e.g. contact forms, comment boxes) and will be used solely to provide the service requested, for which the Site gives details on the relative page.
Data collected automatically:

Navigation data

In the course of their normal operation, the informatic systems and software running the Site collect some personal data implicitly transmitted during the use of internet communication protocols. These details are not collected for any particular identified user but can, by their nature, through processes and associations with data held by third parties, enable the user to be identified. In addition, while the user is browsing the Site the following information may be collected:  these are only a few examples of details that will be hosted on the website server:
- internet protocol address(IP);
- type of browser;
- details of the means employed to connect with the site;
- name of the internet service provider(ISP);- date and time of the Site visit;
- web pages from which the visitor came (referral)and on which s/he left;
- sometimes also the number of clicks.  
This information is employed for statistical purposes and analysis, only in aggregate form.  The IP address is required solely for security purposes, and is not crossed with any other data.

Cookies

This internet site employs what are called ‘cookies’, in order to make it work as efficiently as possible, and simple to use. Cookies are small amounts of data for comparing new and old visitors and understand how they navigate the site.  The data collected in the cookies will offer you, the user, experience reflecting your interests and preferences, to facilitate your access to the site services. Cookies do not record any personal information about a user, and do not memorize any data that might identify you.  If you want to disallow the use of cookies, you must personalize your computer settings to disable all the cookies, or prompt you when cookies are memorized.  If you do not need to modify the cookies application, you have only to carry on browsing, or visitAboutCookies.org for more information and to see how cookies affect your experience on the site.The site uses the following categories of cookies.

‘Strictly necessary’ cookies
These are essential if you want to navigate all the sites and make full use of their features, for instance entering protected areas.  Without these cookies some basic operations –for example, completing a form for a competition – are not possible.

‘Operational’ cookies
These collect information on how you use a website – what pages you visit most, or whether you receive error messages from web pages. They do not collect any information permitting a user to be identified; all the information gathered is aggregated, so it becomes anonymous.   The data only serves to make the website function better. Users consulting our site consent to these cookies being installed on their own computer.

‘Functional’ cookies
These are cookies that enable the site to remember the users’ choices – like their name, what language they use, or where they come from. They provide advanced personalized functions.  They can be used, for instance, to remember changes made to the size of a text, the fonts used, and other parts of a webpage that can be personalized.They are also used to respond to your requests –to watch a video, or enter comments on a blog.  This type of cookie collects information that can be anonymized so your browsing on other websites cannot be monitored. If you use the Institute website, you consent to these cookies being installed on your computer.

Third party cookies
The Institute site acts as an intermediary for third party cookies, setup in websites different from this one, that offer visitors more services and functions and improve the use of the site.  Examples are keys to link you to social media, or to videos. The Institute site has no control over third party cookies, which are totally managed by their owners.  This means that the information on the purposes of these cookies and how to use them – and how to disable them – is provided directly by the third parties concerned.  The Mario Negri Institute website uses the third party cookies listed below.

Google Analytics
Google Analytics is an analytical web service run by GoogleInc. It uses cookies consisting of text files on your computer to allow the Google website to see what use users make of it. The information generated by these cookies (including your anonymous IP address) are transmitted and stored in the Google server in the USA.  Google can then examine how you use the website, reporting on the activity for its managers and providing other services relating to the site and internet use. Google may transfer this information to third parties – where this is legal – or to whoever processes the information for Google.  Google will never combine your IP address with any other information the company owns. You can refuse the use of cookies by selecting the appropriate setting on your browser, but – careful! – this may lock you out of some of the functions of the Institute site. By using this website you consent to Google processing your data for the purposes outlined above.  You can stop Google generating these cookies when you access this website (including your IP address) and processing the data by downloading and installing this plugin for the browser: http://tools.google.com/dlpage/gaoptout?hl=en

Web beacon and pixel tag
This website and all communications sent by email may contain known web images such as web beacons or pixel tags. These web beacons and pixel tags are used mainly by third-party web analytics services, such as Google Analytics, to monitor visitor activity on our website.

DoubleClick Floodlight
Our online service uses DoubleClick Floodlight, an online advertising program by Google Inc., 1600 amphitheatre Parkway, Mountain View, CA 94043, USA.Google Floodlight allows us to track and report the actions of all users who use our online service after viewing or clicking on one of our ads. For this purpose, our online service sets up so-called floodlight tags or pixels and visitor cookies (the so-called double-click cookies). We use Google Floodlight to determine the efficiency of our online campaigns in terms of user activity on our online service. These cookies and tags do not contain personal data and are therefore not used for personal identification. For example, we can determine the number of users who have visited our website to evaluate for statistical purposes, but we cannot personally identify them.

Profiling cookies (third party):
are used to create profiles related to the user. They are used to generate reports on conversions; that is, on users who visit the site after clicking on one of the ads. They are also used to create a list of users who have carried out specific actions on the site, to use, if necessary, for targeting in subsequent campaigns, using a third-party service.
Profiling Cookies:

Google Inc.: http://www.google.com/policies/technologies/cookieshttp://www.google.com/settings/ads (for disabling profiling based on Google ads)

Campaign Manager: https://support.google.com/dcm/answer/2893966?hl=it
YouTube:
https://policies.google.com/privacy?hl=it&gl=it

Managing preferences on cookies
Consent to the use of cookies is given by continuing surfing the site, moving to another part of it or selecting something from that page.

How to change the Cookies setting
Check whether the settings on your computer or smartphone accept cookies. You can set your browser so that it prompts you before accepting cookies, or you can set it to refuse them automatically.  However, if you do this you will not have access to all the site features.For more information on the settings, use the Help button on the browser.  If you use different computers in different places each browser must be set up to respect your preferences about cookies.
The list below shows how to manage cookies on the following browsers.
Internet Explorer:
https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge:
https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Chrome:
https://support.google.com/chrome/answer/95647?hl=it-IT&hlrm=fr&hlrm=en
Firefox:
http://support.mozilla.org/it-IT/kb/enable-and-disable-cookies-website-preferences
For more information on cookies and how to manage your preferences for third party cookies, you will find it useful to consult http://www.youronlinechoices.com

PURPOSES
The data collected on the site is processed for various purposes.
–Statistics (analysis)
Data are collected only aggregate form, so they remain anonymous, to check that the site is working properly. None of this information is related to the user as a person, who cannot be identified in any way. Consent is not needed.
– Security
Data are collected in order to ensure the security of the site - applying measures such as antispam filters, firewall, and virus detection – and of the user, to prevent or detect fraud or other abuse likely to damage the website.
All information is recorded automatically and may in some cases include personal data (IP address) that may be used – in compliance with current law sand regulations – to block any attempts to damage the site or harm other users, or any other harmful or criminal activities.The information is never used to identify or profile the user, and is deleted periodically. Consent is not needed.
– Other purposes
Data may have to be communicated to third parties who have to do technical, logistic or other work for the Institute. Suppliers of these services have access only to the personal data needed for their task, and undertake not to use the information for any other purposes.  They are obliged to treat personal data in compliance with current regulations.

LEGAL BASE
The site mainly processes data with the user’s consent.  Consent is given using the banner at the bottom of the page, or by simply using or consulting the site, and terminating the access. The use and consultation of the site implies the user’s acceptance of thePrivacy Policy and agreement to the processing of personal data in relation to the modalities and purposes outlined there, including transmission to third parties if necessary for the provision of a service. Forms for communication or requests for services serve to collect any further consent needed for each specific service.

WHERE YOUR DATA WILL BE PROCESSED
Processing connected to this website is done at the Mario Negri Institute, only by technical staff of the Processing Office, or by personnel responsible for occasional maintenance.

WHERE ARE PERSONAL DATA LIKELY TO BE COMMUNICATED?
The Institute communicates users’ personal data respecting the limits and employing the methods specified in the Privacy Policy and the information published when the data was provided. This will always be done in full respect of the consent you gave when the data was collected, when required by the Privacy Code.TheInstitute may call on third parties for certain specific services.   These third parties will only be given the information necessary for those services and they will process your personal data for the purposes for which it was collected.Your data will be accessible within the Institute only to the people who need it for their work, and those responsible for processing, for replying to any queries you have made, and for sending information when requested.Your personal data will never be transmitted to third parties for promotional purposes and/or profit, and will not be spread in any way.

DATA PROCESSING METHODS
Personal data will be processed automatically for the time strictly necessary to fulfil the purposes for which it was collected. Specific security measures are employed to prevent the loss of data, illicit or improper use or access by unauthorized persons.

DATA STORAGE
The data collected from the site are stored for the time strictly necessary for their use.  On expiry the data will be deleted or anonymized, unless there are further purposes to which it will be put to use.  The data (IP address) used for the security of the site (attempted blockade or other harm)is kept for 30 days.

TRANSFER OF DATA
Personal data is processed within the European Union and stored on servers located there. In any case, it is understood that the Data Controller, if necessary, will have the right to transmit such data to a third country or to an international organization and/or move the servers even outside the EU. In this case, the Data Controller ensures from now on that the transfer of non-EU data will take place in compliance with the applicable legal provisions, pursuant to art. 44 et seq. of the GDPR.

RIGHTS OF THE DATA SUBJECT

As the subject of the data being processed you may, in respect of the methods and limits of current legislation, exercise the following rights:
-       to request confirmation of the existence of your personal data (right of access);-       to request information on where it came from;
-       to receive a readable communication;
-       to receive information on the logic, modalities and aims of the processing;
-       to request updating, rectification, integration, erasure, anonymization, blockage of any data processed unlawfully, including any no longer needed for the purposes for which it was collected;
-       for data processed with consent, you may receive, at only the cost of the support it is provided on, a portable copy of the data collected by a processor, in a common format;the right to present a complaint to the national PrivacyShield ; and, in general, all the rights allowed under current law.

UPDATINGS
In view of the technical developments in this field and the tools available to ensure privacy on the web, the Institute will periodically update this document, which constitutes the site’s Privacy Policy.