Privacy Policy

Information on the processing of personal data 

Pursuant to Regulation (EU) 2016/679 (hereinafter the "Regulation"), this page describes the methods for processing the personal data of users consulting the websites of AReSS Puglia (hereinafter "AReSS" or "Agency" or "Owner") accessible by electronic means at the following addresses: 

www.aress.regione.puglia.it
www.aress.puglia.it

This information does not concern other sites, pages or online services that can be reached through hypertext links that may be published on the sites but refer to resources outside the domain of AReSS. 

Following consultation of the sites listed above, data relating to identified or identifiable individuals may be processed.  

The data controller is the Strategic Regional Agency for Health and Social Affairs (AReSS Puglia), VAT No.: 08238890720 - Tax Code: 93496810727, with head office in Bari (70121), at L.mare N. Sauro n.33 (email: direzionegenerale@aress.regione.puglia.it, PEC: direzione.aress@pec.regione.puglia.it, tel. +39 0805404242).

The Agency has appointed its own Data Protection Officer (DPO) who can be reached at the following email address:dpo@pec.rupar.puglia.it.

The personal data indicated on this page are processed by the Agency in the performance of its public interest tasks or in any case connected to the exercise of its public powers, in accordance with Apulia Regional Law no. 29/2017.  

Navigation data  

The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.  

This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment.   

These data, necessary for the use of web services, are also processed in order to:

  • obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
  • checking the correct functioning of the services offered.  

Browsing data are kept for the time strictly necessary for the above purposes (except for any need to ascertain criminal offences by the judicial authorities or to ascertain liability in the event of hypothetical computer crimes to the detriment of the site or third parties).   

The configuration adopted, so as to exclude the processing of identification data, collects the following information:  

  • The IP address, which is masked by resetting the last 2 bytes to zero (xxx.xxx.0.0)  
  • The operating system used  
  • The type of browser   

Data provided by the User  

The optional, explicit and voluntary sending of messages to the Agency's contact addresses, private messages sent by users to institutional profiles/pages on social media (where this option is available), as well as the completion and submission of forms on the Agency's websites, entail the acquisition of the sender's contact details, necessary for replying, as well as all personal data included in the communications. We therefore invite you to keep the personal data contained in such communications to a minimum.  

Specific information will be published on the pages of the Agency's websites set up for the provision of certain services or for participation in specific initiatives.  


Cookies and other tracking systems  

Cookies are not used for user profiling. The only processing carried out relates to the production of statistics, with pseudonymised data, on navigation on the sites www.aress.regione.puglia.itwww.aress.puglia.it.

Use is made of session technical cookies (non-persistent), strictly limited to what is necessary for the safe and efficient navigation of the sites.  

Persistent technical cookies (one year) are used exclusively to make the choice of language persistent while browsing the portal, retaining only the language selected by the user.  


Information on the processing of personal data carried out through the Social Media platforms used by the Agency  

Regarding the processing of personal data carried out by the managers of the Social Media platforms used by the Agency, please refer to the information provided by them through their respective privacy policies. The AReSS processes personal data provided by users through the pages of the Social Media platforms dedicated to this Agency, within its institutional purposes, exclusively to manage interactions with users (comments, public posts, etc.) and in compliance with the regulations in force.   

The integration takes place through an icon linked to the respective social network.   

Through the use of such linked icons, it is prevented that, when a website containing social media promotion activities is opened, a connection is automatically made to the respective social network server in order to represent the icon itself. Only after clicking on the corresponding icon is the user forwarded to the service of the respective social network. Once the user has been redirected, the respective social network collects information about the user. In this regard, it cannot be excluded that the processing of the data thus collected does not take place in the United States.  

The Agency's website includes links to the following social networks:  

Facebook
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Meta Platforms Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.  

Privacy Policy: https://www.facebook.com/policy.php   

Twitter
Twitter International Unlimited Company based in Dublin, Ireland, a subsidiary of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA  

Privacy Policy: https://twitter.com/privacy   

YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA  

Privacy Policy: https://policies.google.com/privacy  

Instagram
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Meta Platforms Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.  

Privacy Policy: https://help.instagram.com/519522125107875  

LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of Linkedin Corp., 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA  

Privacy Policy: https://www.linkedin.com/legal/privacy-policy  

Video di Youtube
On our website we incorporate videos from YouTube in the "enhanced privacy mode". According to information provided by YouTube, the "enhanced privacy mode" of the embedded YouTube player prevents views of embedded YouTube content from affecting the viewer's browsing experience on YouTube itself. This means that viewing a video displayed in the embedded player's "enhanced privacy mode" will not be used to personalise the viewer's browsing experience on YouTube, either within the embedded player's "enhanced privacy mode" or in the viewer's subsequent viewing experience on YouTube.   

If you are already logged into YouTube while the video is being viewed, YouTube will assign your login information to the logged-in user's YouTube account. To avoid this, you should log out of YouTube before visiting our site or configure the appropriate settings in your YouTube account.  

For the purpose of functionality and analysis of usage behaviour, YouTube permanently stores cookies via your Internet browser on your end device.   

If you do not accept this processing, you have the option of preventing the installation of cookies by changing your browser settings.  

We have no influence on the scope and content of the data that is transmitted to YouTube and possibly other YouTube partners by activating the plugin.  

You can find further information at this page.

Apart from what has been specified above for navigation data, the user is free to provide the personal data indicated in the request forms or in any case indicated in contacts with the offices to request the sending of informative material or other communications.  

The user is free to provide the personal data indicated in the request forms for the various services offered on the site, and failure to provide the data requested will result in the impossibility of obtaining the service or the interruption of the procedure.  

Personal data are processed by computer for the time strictly necessary to achieve the purposes for which they were collected. All necessary security measures are taken to prevent loss of data, illicit or incorrect use and unauthorised access.  

The recipients of the data collected following consultation of some of the services listed above are the following subjects designated by the Agency, pursuant to Article 28 of the Regulation, as data controllers  

Innova Puglia, as provider of the services for the development, delivery and operational management of the technological platforms of the sites accessible by electronic means at the following addresses: www.aress.regione.puglia.itwww.aress.puglia.it.

The data collected as a result of the consultation of the institutional website or the sending of data to the Agency are also processed by the following entities designated, pursuant to Article 28 of the Regulation, as data controllers:

  • provider of IT management and maintenance of the platform/application used;  
  • supplier of the IT management and maintenance service of the IT system/application used;
  • suppliers to whom the management of certain services has been outsourced.   

The personal data collected are also processed by the Agency's staff, who act on the basis of specific instructions given regarding the purposes and methods of processing.  

Users' personal data are used solely for the purpose of performing the service or provision requested and are communicated to third parties only in those cases in which:

  • this is necessary for the fulfilment of requests;
  • communication is required by law or regulation;
  • during legal proceedings.  

In order to fulfil specific legal obligations, some of the Users' data may be disclosed in the "Transparency" or "Albo Pretorio" section of the institutional website.  

Data shall be kept for a period not exceeding that provided for by the regulatory basis legitimising the processing and in compliance with the rules on the retention of administrative documents to this end, also by means of periodic checks, it shall be verified that the data processed are adequate, relevant and limited.    

Data subjects have the right to obtain from the Agency, in the cases provided for, access to their personal data and the rectification or cancellation thereof or the restriction of processing concerning them or to object to processing (Art. 15 et seq. of the Regulation). The appropriate request is submitted by contacting the Data Protection Officer at the Agency at the following email address: dpo@pec.rupar.puglia.it.

Data subjects who consider that the processing of personal data relating to them carried out through this site is in breach of the provisions of the Regulation have the right to lodge a complaint with the Garante, as provided for by Art. 77 of the Regulation itself, or to take legal action (Art. 79 of the Regulation).  

This Policy is subject to updates in compliance with legislative or regulatory provisions. Please visit the relevant page regularly for any updates.  

Last updated March 2023.