Information Notice Concerning the Processing of Personal Data
Principles relating to processing of personal data
Article 5 of the Regulation (EU) 2016/679 of the European Parliament and of the Council “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”, hereinafter (GDPR) sets out that any processing of personal data must be carried out according to the principles of lawfulness, fairness and transparency.
Your personal data shall be collected, used and processed following the principles above and therefore the processing shall have specific, explicit and lawful purposes.
The personal data shall be:
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Users are responsible for any third-party personal data obtained, published or shared through this website and confirm that they have the third party’s consent to provide the data to the Owner.
The information in this document, provided pursuant to articles 12, 13, from 15 to 22 and 34 of the GDPR, concerns the rights of the data subject, more specifically the “transparent information, communication and modalities for the exercise of the rights of the data subject.”
According to the GDPR, ‘processing’ means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”
Purpose of personal data processing
Your data are collected to the following purposes:
- allow the Website Owner to provide its services;
- contacting the Users: – InCIMa4 Contact Form through “info@InCIMa4.eu“;
- manage the SME proposal forms;
- analytics (Google analytics)
- the management of your activity as a partner of InCIMa4 Interreg V-A Italia – Austria project;
- compliance with any legal, contractual and regulatory obligation in relation to:
- funding bodies, auditors and corporate statutory and auditing bodies, project coordinators and/or partners.
Data processing shall be carried out in compliance with the GDPR prescriptions, with special reference to Articles 32 “Security of processing”, 33 “Notification of a personal data breach to the supervisory authority” and 34 “Communication of a personal data breach to the data subject”.
Processing operations shall be carried out by authorised subjects, constantly identified, suitably trained and informed on the obligations under the GDPR.
Processing may be carried out using computer, telematic and electronic systems, which may or may not be connected to the Internet, or using paper supports according to logics closely connected to the purposes declared.
In any case, the processing operations shall be carried out in such a way as to guarantee the security, confidentiality and availability of the data, according to principles of correctness, lawfulness and transparency, aimed at protecting the fundamental rights and freedoms of natural persons.
Amendments and updates
Should the changes affect processing activities performed on the basis of the User’s consent, the Data Controller shall collect new consent from the User, where required.
Consequences of a failure to provide personal data
The provision of your personal data is required in order to:
- allow for the performance of the activities as a User at the Elettra facility, as described in the previous point (Purpose of personal data processing);
- allow for the fulfillment of the legal obligations set out in Legislative Decree no. 81/08 as subsequently amended and integrated when accessing the Elettra facility.
A denial to provide such information or a failure to consent to the processing phases shall prevent your registration in the Virtual Unified Office (VUO), as well as the performance of any activity relating to the role of Elettra User.
Recipients of personal data
Your personal data are processed at the Owner’s operating offices at Elettra – Sincrotrone Trieste S.C.p.A. premises.
Depending on the User’s location, data transfers may involve transferring the User’s data to a country other than their own.
The personal data subject to the processing, in compliance with legal and EU requirements, may be transferred to the following subjects:
- project partners;
- Interreg V-A Italia – Austria Managing Authorities.
Legal basis of processing
The Data Controller may process personal data relating to Users if one of the following applies:
- Users have given their consent for one or more specific purposes. Note: Under some legislations the Data Controller may be allowed to process personal data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of personal data is subject to European data protection law;
- provision of data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
- processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Data Controller;
- processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.
In any case, the Data Controller will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Website Owner (Owner):
Elettra – Sincrotrone Trieste S.C.p.A. with headquarters in Strada Statale 14 km 163,5 in AREA Science Park – 34149 Basovizza – Trieste, in the person of the President and CEO Prof. Alfonso Franciosi Tel. +39 040 37581 – Fax +39 040 9380902
The Data Controller is:
Elettra – Sincrotrone Trieste S.C.p.A. with headquarters in Strada Statale 14 km 163,5 in AREA Science Park – 34149, Basovizza – Trieste, in the person of the President and CEO Prof. Alfonso Franciosi
Tel. +39 040 37581 – Fax +39 040 9380902
Contacts of the Data Protection Officer (DPO)
The Data Protection Officer (DPO) appointed by Elettra can be reached using the following contacts:
- e-mail: firstname.lastname@example.org
- post: Elettra – Sincrotrone Trieste S.C.p.A. Strada Statale 14 km 163,5 in Area Science Park – 34149 Basovizza – Trieste, Italy – Responsabile della protezione dei dati (Data Protection Officer)
Further information available at the following address:
Period of personal data retention
Personal data shall be processed and stored for as long as required by the purpose they have been collected for.
- personal data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed;
- personal data collected for the purposes of the Data Controller’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Data Controller’s within the relevant sections of this document or by contacting the Data Controller.
The Data Controller may be allowed to retain personal data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Data Controller may be obliged to retain personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, personal data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
Rights of the data subject
In relation to his or her personal data, the data subject may exercise the following rights:
- Right of access (art. 15 of the GDPR) – The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
If required, the controller shall provide a copy of the personal data undergoing processing, on condition that such copy does not prejudice the rights and freedoms of third parties.
- Right to rectification (art. 16 of the GDPR) – The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure (right to be forgotten) (art. 17 of the GDPR) – The data subject shall have the right to obtain from the controller without undue delay the erasure of personal data concerning him or her.
- Right to restriction of processing (art. 18 of the GDPR) – The data subject shall have the right to obtain from the controller restriction of processing.
- Right to data portability (art. 20 of the GDPR) – The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
- Right to object (art. 21 of the GDPR) – The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
- Right to lodge a complaint with a supervisory authority (art. 77 of the GDPR) – Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
www.incima4.eu has been developed on an Open Source WordPress platform that uses some Cookies. These cookies haven’t impact on your browsing and don’t collect any personal information. These cookies are automatically added by WordPress and aren’t used by us. For more information: WordPress (cookies).
www.incima4.eu is authorized to make hypertext links to the home page and / or individual contents of other linked sites.
www.incima4.eu uses some cookies to monitor and measure web site performance and visitor experience through the analysis software provided by Google Analytics (IP Anonymization). For more information on the cookies used by Google Analytics read HERE.
www.incima4.eu uses one cookie to save the current language.
www.incima4.eu uses one cookie to save your cookie setup.