English version - versione in Italiano

PRIVACY POLICY PURSUAND TO ART. 13 AND ART. 14 OF REGULATION (EU) 697/2016 ON THE PROCESSING OF PERSONAL DATA (GDPR – General Data Protection Regulation)

This privacy policy is provided by ENEA - National Agency for New Technologies, Energy and Sustainable Economic Development pursuant to art. 13 of EU Regulation 2016/679 - General Data Protection Regulation, with respect to the processing of personal data provided through the website https://mirror.softwareheritage.enea.it/ (hereinafter also "Website”).

1. IDENTITY AND CONTACT INFO OF THE DATA CONTROLLER

The Data Controller is ENEA - National Agency for New Technologies, Energy and Sustainable Economic Development, based at Lungotevere Thaon di Revel 76, 00196, Rome. You can contact the Data Controller by writing to the address above, or by sending an email to the following certified email address: enea@cert.enea.it.

2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER (DPO)

The Data Protection Officer (DPO) for ENEA was appointed by Provision no. 34/2020/PRES of 6 February 2020.

For communications can be contacted at the following email address: dpo@enea.it

3. PURPOSES AND LEGAL BASES

The processing of personal data is carried out by the Data Controller solely for the purpose of establishing the Italian Mirror of the Software Heritage Archive, which collects, preserves, and makes easily accessible the source code of all publicly available software worldwide. This aims to make publicly accessible software programs that constitute an important component of humanity's cultural heritage, with the additional objective of enabling scientific and historical research on this heritage.

The legal basis for processing lies in ENEA's institutional duties aimed at research, technological innovation, and the provision of advanced services to businesses, public administration, and citizens in the fields of energy, the environment, and sustainable economic development. Specifically, this is implemented under the "Cooperation Agreement for Software Heritage’s Mirrors" between the Institut National de Recherche en Informatique (INRIA) and ENEA – Department of Energy Technologies (DTE), now TERIN.

4. NATURE OF DATA PROVISION

All personal information that may be contained in the source code or development history collected in the archive, of which the Mirror constitutes a complete copy.

5. TYPES OF DATA PROCESSED

The categories of personal data processed include, but are not limited to: name, email address, and developer pseudonym.

6. PROCESSING METHOD AND STORAGE PERIOD

Personal data are processed using electronic tools in compliance with the provisions of art. 32 of the GDPR 2016/679 and the other regulations and specific Provisions of the Personal Data Protection Authority regarding security measures.

ENEA adopts the necessary security measures required by GDPR to protect the collected data, in order to prevent risks of data loss or theft, unauthorized access, and unlawful or improper use.

7. CATEGORIES OF RECIPIENTS

For the purposes detailed in art. 3, Users' personal data may be disclosed or made accessible to:

ENEA team managing the Software Heritage infrastructure.

The communication of data remains subject to requests from judicial or public security authorities, in the manner and cases provided by law.

8. RIGHTS OF DATA SUBJECTS

Articles 15-22 of the Regulation grant the data subject the following rights:

• Request confirmation of the existence or otherwise of one’s personal data (art. 15 par. 1).
• Obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, and when possible the storage period (art. 15 par.1 lett a, c).
• Have the data corrected or deleted (art. 16 and 17).
• Obtain the restriction of processing (art. 18).
• Obtain information from the Data Controller on the recipients which the personal data have been disclosed to and any corrections or deletions or restrictions on processing (art. 19).
• Object to an automated decision-making process relating to natural persons, including profiling (art. 21 and 22).

Data Subjects have the right to lodge a complaint with the Supervisory Authority pursuant to art. 77 of the Regulation, or to take appropriate legal action.

9. HOW TO EXERCISE YOUR RIGHTS

The above rights are exercised by submitting a request to the Data Controller by sending an email to takedown.softwareheritage@enea.it.

The request can be made freely and without following any specific format by the Data Subject, who shall be entitled to receive an appropriate reply within a reasonable amount of time, depending on the circumstances of the case.

For the removal of personal data contained in the Archive, the following information must be provided:

1. Complete identification. For individuals: name, surname, activity, nationality, fiscal code; for legal entities: type of legal entity, name, address of headquarters, and legal representative;
2. Description of the information constituting the violation and precise location in the Archive;
3. Reasons why the content should be removed, with supporting legal references and justification of the alleged facts;
4. Copy of correspondence sent to the original author or publisher of the alleged infringing content, requesting its removal or modification; justification for why contact was not possible.

More information on the purposes and methods of personal data processing can be obtained by writing to dpo@enea.it with the subject "Software Heritage." For data removal, contact takedown.softwareheritage@enea.it.

To know your rights, lodge a complaint/report/appeal and to remain updated on the laws regarding the protection of individuals with regard to the processing of personal data, the Data Subject can contact the Personal Data Protection Authority, consulting the website at http://www.garanteprivacy.it/.

Last updated: 21/01/2025

ENEA
Direzione Transizione Digitale, Trattamento e Protezione Dati (DIGIT)
Sede Legale ENEA
Lungotevere Thaon di Revel, 76
00196 Rome
Italy