Cookie Policy

Last update: 03/11/2022

1. Why this information

This information is provided in application of EU Regulation 2016/679, General Data Protection Regulation and of D.Lgs. Decree 196/2003, as modified by D.Lgs 101/2018. This information describes the methods of processing the personal data of users who consult the web pages and use any services at the address

It is addressed to those who interact with the sites listed above and not with others, reached through links present there, but referring to external resources.  

2. Data Controller

Istituto Nazionale di Fisica Nucleare (INFN) 

Via E. Fermi n. 40, Frascati (Roma)  



3. Data protection officer   

The Data Protection Officer can be contacted at the email address:  

4. Nature of the Processed data and purposes of the processing 

The personal data indicated on this page are processed by INFN for the achievement of its institutional purposes, which include the promotion and provision of scientific training and the dissemination of culture in institutional sectors, always in any case in the performance of their public interest tasks or related to the exercise of public powers.

Data processing includes all operations or set of operations concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, block communication, cancellation and destruction of data.

Data collected by INFN web pages are of the types specified below. 

5. Types of processed data  

5.1 Navigation data 

Computer systems and software procedures used to operate this website collect some personal data through Internet communication protocols. Data included in this category may be: IP addresses, the type of browser used, the addresses of the sites from which access was made, the pages visited within the site, the time of access, the numeric code returned by the server and other parameters related to the operating system and the user’s environment. 

These data, necessary for the use of web services, are used to obtain anonymous statistical information on the use of the site and to check its correct functionality. The same data could be used to ascertain responsibility in the event of computer crimes or acts of damage to the site. Apart from these cases, they are not stored for more than 7 days the time necessary for carrying out the checks to ensure the security of the system.  

5.2. Data provided by the user on a voluntary basis 

These are all personal data provided by the user while browsing the site, for example by registering, accessing a reserved area or a service. The processing of the above-mentioned personal data is carried out with the specific consent provided by the user and the data are kept only for the duration of the requested activity. Specific information may be published for the provision of certain activities. The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. The processing of sensitive or judicial data is excluded which, if provided by the user, will be deleted. 

5.3 Cookies and widgets used

This site only uses session cookies, which are necessary for its proper functioning and to manage authentication to online services, the intranet and restricted areas. The use of these cookies, which are not stored permanently on the user’s computer and are deleted when the browser is closed, is strictly limited to the transmission of session identifiers. Their deactivation could affect the use of part of the online services.

5.4 How to disable cookies

6.4.1 All cookies

You can deny consent to the use of cookies by properly configuring your browser. These are the instructions for the most popular browsers: 

6. Communication and disclosure  

The data may be communicated by the Data Controller in carrying out its activities and to provide its services, to:  

  • Public administrations;  
  • Technical service providers, hosting provider and cloud service provider.  
  • Judicial authority.  

The data collected will not be disclosed or communicated to third parties, except in the cases provided for by the information and by law and, in any case, under the terms required by law.  

The data may be disclosed to the INFN staff, within the scope of their respective functions and in accordance with the instructions received, only for the achievement of the purposes indicated in this policy. 

The recipients are appointed, if necessary, as Data Processors by the Owner, who may be asked for the updated list of Managers. The latter, based on the stipulated contract, are required to use personal data exclusively for the purposes indicated by the Data Controller, not to store them beyond the indicated duration or to transmit them to third parties without his explicit authorization. 

The data are not transferred to non-EU countries.  

No data deriving from the web service is disclosed.  

7. Processing of personal data

The processing of personal data is carried out mainly using electronic procedures and media and in a lawful, correct, relevant way, limited to what is necessary to achieve the purposes of the processing, only for the time necessary to achieve the purposes for which they were collected and in any case in compliance with the principles indicated in art. 5 of the Regulation. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

Interested parties have the right to ask the data controller for access to personal data and the correction or cancellation of the same or the limitation of the processing that concerns them or to oppose the processing in accordance with the provisions of Articles 15 and following of the Regulations. The appropriate application must be submitted by contacting the Data Protection Officer at the address indicated above.

The interested parties also have the right to lodge a complaint with the Italian Data Protection Authority as supervisory authority or to take appropriate judicial offices (articles 77 and 79 of the Regulation).

9. Place of data processing 

The processing of personal data related to the web services of this site takes place at the INFN facilities and is handled only by technical staff of the office in charge of the processing, or by the managers designated by the owner who operate within the EU. 

10. Right of data subject

Website users (data subject) can exercise the rights referred to in EU Regulation 2016/679: the right to access to personal data and the right to request form the controller rectification or erasure of registration personal data or restriction of processing; in accordance with the provisions of Article 15 and subsequent of Regulation. The appropriate application must be submitted by contacting  the Data Protection Officer at the address indicated above.  

The data subject also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) ( 

11. Data retention period 

The personal data acquired to guarantee the use of the services provided by INFN-Cloud are kept for a period not exceeding one year and can be used by delegated and competent personnel only for control purposes and for the optimization of systems. 

User data will be deleted within six months from the termination of the relationship. Should proxy servers or other session control systems capable of storing log files containing information relating to web pages, internal or external, accessed by local nodes, be installed, such information, kept for a period not exceeding seven days at care of the delegated personnel, they may be examined or processed if the need to guarantee the safety or proper functioning of the system is identified. 

12. Update 

This information is subject to updates in compliance with national and EU legislation on the subject, therefore we invite you to consult it periodically. 

In case of non-acceptance of the changes made to this information, the user can request the Data Controller to delete his/her personal data. Unless otherwise specified, the privacy policy published on the site continues to apply to the processing of personal data collected until the time of its replacement.