The InfoMapNode geoportal is managed by Regional Activities Centre for Information and Communication (INFO/RAC) that is hosted by the Italian National Institute for Environmental Protection and Research (ISPRA), whose office is at Via Vitaliano Brancati 48 Roma. INFO/RAC is in charge of the communication and dissemination activities within the UN Environment Programme /Mediterranean Action Plan and related projects and it will be the controller of any personal data processed as described in this Policy.

The INFO/RAC data privacy policy complies with the General Data Protection Regulation (GDPR) that will take effect on May 25, 2018. Below you will find information on how the INFO/RAC uses information. Privacy policy and use of personal data pursuant to the italian legislative decree n.196/2003 (privacy code) and regulation (EU) 2016/679 of the european parliament and of the council of 27 april 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (General Data Protection Regulation-GDPR). More information is available in the Official Journal of the European Union.

The protection of your personal data is an important matter for the INFO/RAC. Therefore, we have taken technical and organizational measures to ensure that data protection regulations are observed both by us and by external service providers.

In the InfoMapNode, personal data is collected and stored only to the extent that it is technically necessary in order to regulate access and right to view, upload or edit spatial data and metadata. Your personal data will only be publicly available/visible if you have previously agreed to this.

Please note: at any time, you may revoke your consent to the use of your personal data. To this end, please send an e-mail to info@info-rac.org, with the title: "Unsubscribe to InfoMapNode".

The following privacy policy provides you with a complete overview of how the INFO/RAC guarantees the protection of your data, what kind of data are collected and how it will be used.

What Information do we gather from you?

We fully respect your right to privacy in relation to your interactions with the INFO/RAC platforms and endeavor to guarantee to be transparent in our dealings with you as to what information we will collect and how we will use your information. Also, we only collect and use personal information where we are legally entitled to do so.

You may be asked to provide the following categories of data when you ask to registered in the single-sing-on authentication system, to manage access and right in the different data collection and visualization platforms:

• Names
• Gender
• Role
• Qualifications
• Organization
• Department
• Email address
• Phone number
• Physical address
• Technical information

We may also ask for additional information including the nature of any enquiries or complaints you may make. We endeavor to only collect relevant data.

Data processing by the InfoMAPNode geoportal

Data are collected and exchanged during each visit to the InfoMAPNode geoportal. The INFO/RAC geoportal automatically collects and stores data transmitted from your browser to our server. This includes:

• the page visited
• time of the server inquiry
• client IP address

The INFO/RAC analyses data solely for statistical purposes in order to measure the demand for web content. It is not possible to trace this data back to a specific individual. This data is not merged with other data sources. Data collected from visits to the INFO/RAC website is transmitted to third parties only when required by law or court order or in cases when attacks on the infrastructure of the INFO/RAC make it necessary to forward such data for the purposes of legal action or criminal prosecution. Data will not be transferred for any other reason.

Duration of the storage of personal data

The INFO/RAC will store the personal data for the shortest time possible for each specific use.

Cookies

Session cookies are small information units stored by the provider in the main memory of the user's computer. A session cookie contains a randomly generated unique identification number, a so-called session ID. A cookie also contains data on its origin and the storage period. These cookies cannot store any other data.

Other providers use permanent cookies to recognise visitors returning after a longer period of time. This information is stored as a text file on the hard drive of the user's computer. In contrast, the session cookies used by the INFO/RAC are deleted when the session is terminated.

Cookies can be controlled by all internet browsers. Most browsers are configured to accept all cookies without prompting the user.

You may choose to refuse cookies but, if you do so, some of the functionalities may not longer be available to you.

How we store your personal data

All information you provide us with is stored on our secure servers located in the European Union. Where we have given you (or where you have chosen) a password which allows you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

What rights do you have?

As a data subject, you have the following rights:

• the right of access to personal data relating to you;
• the right to update your personal data or correct any mistakes in your personal data;
• the right to ask us to stop contacting you;
• rights in relation to automated decision taking;
• the right to restrict or prevent your personal data being processed;
• the right to have your personal data ported to another data controller;
• the right to erasure; and
• the right to complain to the Data Protection Controller if you believe we have not handled your personal data in accordance with the Legislation.

The INFO/RAC analyses data solely for statistical purposes in order to measure the demand for web content. It is not possible to trace this data back to a specific individual. This data is not merged with other data sources. Data collected from visits to the INFO/RAC website is transmitted to third parties only when required by law or court order or in cases when attacks on the infrastructure of the INFO/RAC make it necessary to forward such data for the purposes of legal action or criminal prosecution. Data will not be transferred for any other reason.

Right to information

At any time, you have the right to obtain information on the data stored about you, its origin and recipients and the purpose of the storage. Information on the data stored can be obtained from the central data protection team (email to info@info-rac.org).

Requests for your personal data must be made to us specifying what personal data you need access to, and a copy will be retained on our files. To help us locate the information, please give us as much information as possible about the type of information you would like to see.

If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person, if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person, if possible.

Right to correct your personal data or correct any mistakes in your personal data.

If you would like to do so, please:

• email us (to info@info-rac.org);
• Include enough information to identify you (e.g. name, registration details); and
• Specify which information is incorrect and what it should be replaced with.

If we are required to update your personal data, we will inform recipients to whom that personal data have been disclosed (if any), unless this proves impossible or has a disproportionate effort.

It is your responsibility that all of the personal data provided to us is accurate and complete. If any information you have given us changes, please let us know as soon as possible (Contact us).

Right to erasure

In accordance with the Data Protection Legislation, you can ask us to erase your personal data where:

• you do not believe that we need your personal data in order to process it for the purposes set out in thisPolicy;
• if you had given us consent to process your personal data, you withdraw that consent and we cannot otherwise legally process your personal data;
• you object to our processing and we do not have any legal basis for continuing to process your personal data;
• your data has been processed unlawfully or have not been erased when it should have been; or
• the personal data have to be erased to comply with law.

We may continue to process your personal data in certain circumstances in accordance with Data Protection Legislation.

Where you have requested the erasure of your personal data, we will inform recipients to whom that personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will also inform you about those recipients if you request it.

Changes to the policy

This Policy may be updated or changed from time to time at the INFO/RAC's sole discretion. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to use this InfoMAPNode to submit personal information. If material changes are made to the Policy, we will notify you by placing a prominent notice on the Website or sending you a notification in relation to this. We will not process your personal data in a manner not contemplated by this Policy without your consent.

Updated to May 2019.