Download DaPIS v.3.0
Redesigned by Chiara Cavazzuti in May 2021.
Processing purposes
Security purposes
Some data are necessary to resist harmful events that compromise the data or the security of the systems
Research purposes
Some data can be used for scientific research
Statistical purposes
In some cases, the data can be used to make statistical studies
Marketing purposes
Some data are used to directly communicate with people to acquire new customers, retain them and possibly recover them
Purpose of service provision
Some data is necessary to provide a service
Purpose of service enhancement
Some data can be analyzed to improve the service
Legal bases
Consent
The authorization of the data subject to the processing of his data
Contract
An agreement that establishes a legal relationship between two parties
Legal obligation
This is an obligation dictated by law
Public interest
This is the interest of a community of individuals
Vital interest
This is a matter of life or death
Legitimate interest
The reason that justifies the processing by the data controller and that prevails over the rights of the data subject
Types of personal data
Personal data
Information relating to an identifiable person
Anonymized data
From the data, one can not identify the data subject anymore
Pseudonymized data
From the data, one can only identify the data subject by integrating additional information
Encrypted data
Data are secured by transforming them into incomprehensible code. They can be accessed only with the “key”
Rights of the data subject
Right to be informed
The data subject has the right to know who does what with his data and how
Right of access
The data subject has the right to know which of his data are in the hands of an organization
Right to rectification
The data subject has the right to request that his data are corrected or updated if inaccurate and that they are integrated if incomplete.
Right of erasure
The data subject has the right to request that his data be deleted, but only in some cases
Right to restrict the processing
In some cases, the data subject has the right to request his data to be used only for certain reasons
Right to data portability
The data subject has the right to request the transfer of his data from an organization to another
Right to object to processing
The data subject has the right to request that his data be deleted, but only in some cases
Right to lodge a complaint to a supervisory authority
The data subject has the right to complain to the national data protection authority if he believes that his data has been processed in a manner that does not comply with the law
Right to withdraw consent
The data subject has the right to withdraw the consent that he previously gave for the processing of his dat
Types of processing
Copying
Data are duplicated
Profiling
An automated process that evaluates or predicts certain aspects of a person based on his data
Transfer outside of the EU
Data are transferred to countries outside the European Union
Processing inside of the EU
Data are processed within the borders of the European Union
Automated decision-making
A decision is taken by an algorithm without human intervention
Direct data collection
Data are collected directly from the data subject
Data collection from third parties
Data are collected indirectly from third parties
Automated data collection
Date are collected in an automated way
Sharing with third parties
Data are transmitted to other subjects who are neither the data controller nor the data processors
Roles
Data subject
The person to whom the personal data refer
Data controller
The organization that collects the data and decides their use
Supervisory authority
The national authority that controls if personal data are processed lawfully
Child
People younger than 16