Cookies & Privacy Policy

Dear User,

in compliance with the provisions of the European Regulation 2016/679 (“GDPR”) and with the Provision of the Italian Protection Authority for Personal Data Processing n. 229 of 8 May 2014, Fondazione Istituto Italiano di Tecnologia (“IIT”), acting as Data Controller, provides you the following information about the data processing carried out browsing the Website https://naned.eu/ (“Website”).

Would you kindly note that this information applies only to the above-mentioned Website and not to other Websites eventually accessible by links to other domains.

The Data Controller is Fondazione Istituto Italiano di Tecnologia (hereinafter “IIT”), based in Genoa, Via Morego n. 30 - Italy – Phone +39 010 28961.

The Data Protection Officer is available at the following email address: This email address is being protected from spambots. You need JavaScript enabled to view it.

The processing of your personal data is based on the following purposes and legal basis.

Without your prior consent for the purpose to:

1. Perform the contract and/or pre-contractual commitments:
   • use the Website
   • provide appropriate technical assistance

2. Pursuit a legitimate interest of the Data Controller:
   • manage and maintain the Website
   • prevent or detect fraudulent activity or harmful abuse to the Website
   • exercise the rights of the Data controller, for example the right of defence in court
   • carry out statistics - carried out by means of analytical cookies described in the Cookie Policy of the Website to which reference is made - aimed at optimising and improving navigation on the Website

3. Comply with legal obligations:
   • comply with the obligations provided for by laws, regulations, EU regulations, orders and prescriptions of the competent authorities

With your prior consent for the purpose to:

• handle requests of information in the Contact section of the Website

You can withdraw at any time your consent for the processing of your personal data carried out to handle requests of information in the Contact section of the Website.

The IT systems and software procedures for the operation of the Website acquire, during normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols.

This category of cookie process the following information:

• IP addresses or domain name systems of computers used by Users to connect to the Website
• URI (Uniform Resource Identifier) addresses the resources requested
• time of the request
• the method used to submit the request to the server
• size of the file obtained in response
• numerical code indicating the status of the response from the server (successful, error, etc.)
• other parameters regarding the operating system and the user’s IT environment.

We also process data to obtain anonymous, statistical information regarding Website use and to verify its correct operation, to improve functions (for example, in order to identify which is the first connection of the user) and to allow the availability of features (e.g. videos on YouTube).

The data could be used to ascertain liability in case of hypothetical computer crimes against the website.

The optional, explicit and voluntary sending of e-mail to the addresses indicated on the Website involves the subsequent acquisition of the sender’s address required to reply to information requests, and any other personal data included in the message. Personal data can also be acquired through the compilation of contact request forms.

The use of so-called browsing/session cookies (which are not stored permanently on the user’s computer and are deleted once the browser is closed) is strictly limited to the transmission of session identifiers (formed by random numbers generated by the server) which are necessary to enable a safe and efficient exploration of the website.

In particular, the IT systems and software procedures for operation of the website acquire, during normal operation, some data transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified parties concerned, but that by its very nature could, through processing and association with data held by third parties, allow identifying users.

The use of the so-called cookies analytics is done for the sole purpose of obtaining anonymous statistical information on the use of the website (e.g. the number of website visitors, their origin or the operating system used) and to check its proper functioning.

This category of data includes IP addresses or domain name systems of computers used by users that connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and the user’s IT environment.

The functionality cookies on the website improve the service by allowing users to navigate as a function of certain pre-determined criteria. The functionality cookies are used, for example, in order to identify which is the first connection of the user, in order not to ask the user to connect again, as well as for the user search.

The Website uses cookies from the following third party:

• google.com
• youtube.com

In particular, cookies from youtube.com are used to allow the availability of videos from the aforementioned website, while cookies from google.com are used for navigation statistics (Google Analytics).

The provision of data for the above-mentioned purposes is mandatory. Refusal to provide such data makes it impossible to follow up on the processing.
For what concerns browsing data, the user can state his/her choice regarding the use of cookies by the Website, also through the browser settings or through the site Youronlinechoices.
Furthermore, the user can prevent their data from being processed by Google Analytics using the tool Google Analytics opt-out browser.
Below, the links that show the procedures to follow in order to configure the settings of the most used browsers:

Any data provided by users will be disclosed only to IIT’s Staff who manage the Website.

However, the obligation of IIT to communicate the data to the Judicial Authority remains unaffected, whenever a specific request is made in this regard, even without your consent, for the above-mentioned purposes to control bodies, law enforcement agencies or the judiciary that will process them, at their express request, as independent Data controllers for institutional purposes and/or by law during investigations and controls. The data may also be disclosed to third parties (for example, partners, professionals, agents, etc.), as independent Data controllers, for the performance of instrumental activities to the above-mentioned purposes.

The subjects to which the personal data refer have the right to obtain at any time confirmation of the existence of such data and to know the content and origin verify its accuracy or request its integration or updating, or correction (Article 12 of GDPR).

In particular, the interested subject has the right to obtain indication on (Article 15 of GDPR):

• the origin of personal data,
• purposes and methods of treatment;
• the procedure applied in case of treatment made with electronic means;
• the identification data of the manager, of responsible and representative persons appointed under Article 5, paragraph 2 of GDPR;
• the subjects or categories of subjects to whom the data may be communicated or that may become aware of them, as appointed representative in the State territory, or as managers or appointees.

The interested subject has the right to obtain:

1. update, rectification or, when interested, integration of data (Article 16 of GDPR);
2. the cancellation, anonymization or blocking of data processed unlawfully, including data whose storage is not required in relation to the purposes for which the data were collected or subsequently processed (Article 17 of GDPR);
3. certification that the operations under letters a) and b) have been notified, also regarding their content, to those to whom the data were communicated or made known, except where such compliance is impossible or involves a manifestly disproportionate use of means with respect to the protection of this right.