Service Name |
Identity Provider |
Service Description |
Federated Authentication Service offered by the User's Home Organization. |
Data Processor |
ISS - Istituto Superiore di Sanità is the owner of Personal Data processing provided by the service, following art.26 of GDPR. |
Responsible for Data Protection(GDPR Section 4) (if applicabile) | responsabile.protezionedati@iss.it https://protezionedati.iss.it/category/dpo/ |
Jurisdiction and |
IT-IT Personal Data Protection Authority |
Processed Personal Data and Legal basis for the processing |
Collected personal data are gathered and stored in Italy according to GDPR regulation. Their processment is necessary to provide the service. |
Goal of the personal data processing |
Provide Identity Management as a Service and Identity Provider as a Service and Identity Provider as a Service with the goal of authenticating interested user in order to enable access to network services requested by the interested user Personal data (attributes) are transferred to third parties (Resources) upon request of the interested user with the goal of accessing the required service Logging data contain user personal data that are being collected with the goal to verify the operation of the service and to ensure its safety. |
Third parties to which data are transferred |
The ISS - National Health Institute decides which third parties to release personal data of interested users respecting the principle of minimization. Personal data are transferred only when interested users request access to third party's resource and with the goal of getting the service by the third party itself. |
How to access to, correct, delete personal data and oppose to their processing . |
Contact the above mentioned Data Processors |
How to revoke user consent |
The only collected data with user consent are preferences about the transmission of attributes to third parties. Data are gathered online at the time of first access to resources, and can be deleted, with the outcome of eliminating consent to their transmission, starting over the login procedure and checking the "Clean the consent to release information to this service, previously provided" box. |
Data portability |
The interested user can request data portability related to digital identities, including credentials and consent information. These will be provided in an open format and accordin to Art. 20 of GDPR. Portability service is free of charge at cessation of service. |
Duration of Data Custodial |
All personal data of the interested user (attributes) are kept for the whole duration of the request of the service to the user. After 3 months from deactivation, all data of the interested user will be deleted. |
Here you can find the ISS - National Health Institute Information Page: Information Page