Information pursuant to art. 13 of EU General Regulation 679/2016 on the protection of personal data
This Information has been drawn up on the basis of the principle of transparency and all the elements required by Article 13 of European Union Regulation no. 679/2016 ("GDPR") and is divided into individual sections, each of which deals with a specific topic in order to make reading faster, easier and easier to understand.
With this Information, the Interested Party is made aware of the appropriate information relating to the Processing activities that are carried out by the Data Controller and his rights as an interested party.
OWNERSHIP OF DATA PROCESSING
Titolare e Responsabile del Trattamento è l’Istituto per la Competitività (I-Com) P.IVA 08678131007, con sede legale in Piazza dei Santi Apostoli n° 66, Roma (00187), tel.: (+39) 06 4740746, e-mail: firstname.lastname@example.org, PEC: (email@example.com).
The Data Controller is flanked by the company I-Com Servizi S.r.l. (P.I. 13128851006) with registered office in Piazza dei Santi Apostoli n° 66, Rome (00187), tel.: (+39) 06 4740746, e-mail: (firstname.lastname@example.org), PEC: (email@example.com), which acts as Joint Data Controller pursuant to Article 26 of the GDPR (hereinafter separately the "Data Controller(s)" or jointly the "Joint Controllers").
The Joint Controllers have stipulated, pursuant to art. 26 of the GDPR, a Joint Ownership Agreement with which they are committed to regulating the relationship between them with reference to the Processing of Personal Data of data subjects ("Data Subjects").
The interested parties can exercise their rights towards each of the Joint Controllers by contacting them at the references indicated above.
The Joint Controllers, in order to facilitate relations between you and each Data Controller, have appointed a Privacy Referent in the person of Avv. Silvia Compagnucci, who can be contacted at the e-mail address firstname.lastname@example.org.
The Privacy Referent provides support in all activities related to the Processing of Personal Data and for all activities related to the correct management of Data protection and for any communication related to the application of the relevant legislation.
CATEGORIES OF DATA PROCESSED
The Joint Controllers process, as the case may be, the following Personal Data relating to you and/ or the reference personnel (employees or collaborators) and/or suppliers to whom they are required to communicate this Policy:
- identification and personal data (name, surname, place and date of birth, address, composition of the family, bank details, registered office);
- contact details (landline and mobile phone number, personal and company e-mail);
- data entered in the forms on the site and data sent by e-mail;
- images and audio-video recordings collected during events/conferences/seminars;
- data contained in the curriculum vitae and any other data connected with the execution of the professional assignment;
- any other data connected with the performance of events and initiatives that the Joint Controllers organize or participate in.
PURPOSE OF THE PROCESSING
Personal Data are used by the Joint Controllers:
A) Without the express consent of the interested party (Article 6 letter b), e) GDPR), for the following purposes:
- fulfill the pre-contractual and contractual obligations deriving from the conferral of a professional assignment, both in court and out of court;
- comply with the provisions of laws and regulations (national or EU, such as the requirements required by anti-money laundering and anti-terrorism legislation), or execute an order of a judicial authority and supervisory bodies to which the Joint Controllers are subject;
- exercise the rights of the Joint Controllers, in particular that of defense in court in the event of any litigation;
- fulfill the obligations provided for in the tax and accounting field;
- ensure compliance with covid-19 anti-contagion measures.
B) Only with the specific and distinct consent of the interested party (art. 7 GDPR), for the following purposes:
- manage the organization of events / conferences / seminars;
- manage registration for events/conferences/seminars;
- disseminate the contents of events/conferences/seminars through social networks and/or in the press;
- do internal reporting or for client company;
- send the newsletter;
- send, by e-mail, the material relating to events and initiatives;
- involve internal and external subjects in the planning of events and initiatives;
- expand the base of customers and / or associates;
- manage applications and possible selection of personnel.
The Processing will take place on the basis of the Data communicated by you and in our possession with a commitment on your part to promptly communicate any corrections, additions and / or updates.
Personal Data are processed in the manner strictly necessary to meet the purposes indicated above.
LEGAL BASIS OF THE PROCESSING
The Joint Controllers process Personal Data lawfully where the processing:
- is necessary for the execution of the professional assignment, of a contract of which you are a party or for the execution of pre-contractual measures adopted upon request, is necessary to fulfill a legal obligation incumbent on the Joint Controllers or to pursue the legitimate interest of the Joint Controllers or third parties or for the other purposes referred to in the previous A.1, A.2, A.3, A.4, A.5, A.6;
- is based on the consent expressed for the purposes referred to in letter B.
- the provision of Personal Data for the purposes referred to in points A.1, A.2, A.3, A.4, A.5, A.6 above is mandatory. The lack of data and / or any express refusal to the Processing will make it impossible for the Joint Controllers to carry out the task conferred or the possible violation of requests from the competent Authorities;
- the provision of Personal Data for the purposes referred to in letter B is optional, with the consequence that you may decide not to provide consent or to revoke it at any time.
METHODS OF DATA PROCESSING
The processing is carried out in a lawful, correct and transparent manner, in compliance with the principle of "minimization".
The Processing of Personal Data is carried out by means of the operations indicated in art. 4, n. 2) of the GDPR – carried out with or without the aid of computer systems – and precisely: collection, registration, organization, structuring, updating, storage, adaptation or modification, extraction and analysis, consultation, use, communication by transmission, dissemination or any other form of making available, comparison, interconnection, limitation, cancellation or destruction.
The security of personal data and, in general, the confidentiality of the personal data processed is guaranteed, putting in place all the necessary technical and organizational measures appropriate to guarantee their security.
Personal Data are used exclusively for the purposes indicated above and, pursuant to art. 5 of the GDPR, are kept for a limited period of time, different depending on the purpose of processing. After this period, the Data will be permanently deleted.
Specifically, Personal Data will be stored in compliance with the terms and criteria indicated below:
- for the management of your requests, the Data are kept for a maximum period of 6 (six) months;
- for the fulfillment of legal obligations, the Data are kept for a maximum period of 10 (ten) years starting from the end of the calendar year in which the Data Controller has fulfilled the legal obligation, in order to document and be able to demonstrate that it has correctly provided for the fulfillment of the law;
- for a period of time not exceeding the achievement of the purpose for which they were collected and processed, for the execution and fulfillment of the contractual purposes and in any case for no more than 10 (ten) years from the termination of the collaboration relationship;
- for the selection of Personnel, the Data are kept in the time necessary for the evaluation of the curriculum and the provision of the service and in any case no later than 5 (five) years from the acquisition;
- navigation data are kept for the technical time necessary to process the functions for which they were collected;
- for a period of time not exceeding 5 (five) years from the collection of data for marketing purposes;
Personal Data are in any case kept for the time strictly necessary to carry out the activities as described and in compliance with the mandatory times provided for by law.
This is without prejudice to cases in which storage for a period other than that described is required for any disputes, requests from the competent authorities or pursuant to applicable legislation.
The management and storage of Personal Data takes place on servers located within the offices of I-Com or in third-party data-centers located in the European Union.
COMMUNICATION AND DISSEMINATION OF DATA
Personal Data may be communicated and, therefore, known and used by:
- collaborators, employees and interns of I-Com, in their capacity as authorized data processors (so-called Data Processors) or appointed as Data Processors. With reference to these persons, there is a legal obligation of confidentiality;
- companies or professionals of which I-Com uses to fulfill its obligations for the performance of professional services or in order to protect its rights;
- third parties who provide services to I-Com and also act as Data Processors or: persons, companies or professional firms that provide assistance or advice to I-Com in administrative, financial, tax, labor law matters, subjects delegated to carry out management and technical maintenance activities (including the maintenance of network equipment and electronic communications networks);
- subjects with whom it is necessary to interact for the organization or participation in events / conferences / seminars;
- Judicial or supervisory authorities, administrations, public bodies and bodies (national and foreign), for the fulfillment of legal obligations or for the prevention of abuse or fraud or by order of such subjects.
The updated list of Data Processors is kept at the registered office of the Joint Data Controllers.
Personal Data will not be disseminated or fully automated decision-making, unless this is necessary to fulfill obligations under the law or regulations.
Personal Data will not be transferred to third countries or international organizations unless this is necessary for obligations under law or regulations.
If, for these reasons, it is necessary to transfer Personal Data to third countries or international organizations, the provisions of Chapter V of the GDPR will be observed.
RIGHTS OF THE INTERESTED PARTY
In relation to the purposes of the Processing, the interested party is recognized for the exercise of the rights provided for by Articles. 15 and following of the GDPR, in particular the right to:
- access, or to obtain confirmation of the existence or not of Personal Data concerning him, to know its origin, as well as the logic and purposes on which the Processing is based, the recipients or categories of recipients to whom the data may be communicated, the determination of the retention period if it is possible to define it;
- rectification inaccurate data;
- cancellation (so-called right to be forgotten), in the event that the data are no longer necessary with respect to the purposes of the collection and subsequent Processing, or in the event that the interested party has revoked the consent to the Processing (where such consent is provided as optional or there is no other legal basis for the Processing);
- limitation, when one of the following hypotheses referred to in art. 18 GDPR: a) the interested party has contested the accuracy of his Personal Data (the limitation will last for the period necessary for the Joint Data Controllers to verify the accuracy of such Personal Data); b) the Processing is unlawful but the interested party has opposed the cancellation of his Personal Data asking, instead, that its use be limited; c) although the Joint Data Controllers no longer need it for the purposes of the Processing, the Personal Data of the Data Subject are used for the assessment, exercise or defense of a right in court; d) the interested party has opposed the Processing pursuant to Article 21, paragraph 1 GDPR and is awaiting verification of the possible prevalence of the legitimate reasons of the Joint Data Controllers with respect to yours.
In case of limitation of the Processing, the Personal Data will be processed, except for storage, only with the consent of the interested party or for the assessment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of important public interest. We will inform the interested party, in any case, before this limitation is revoked;
- portability, i.e. the right to receive in a structured and commonly used format and readable by automatic device the Personal Data concerning the Interested Party, with the possibility of transmitting them to another Data Controller. This right does not apply to non-automated processing (for example, archives or paper registers); moreover, only the Data processed with the consent of the Interested Party and only if the Data have been provided by the Data Subject are subject to portability;
- opposition, or the right to object to the Processing for reasons related to the particular situation of the user;
- complaint pursuant to art. 77 et seq. of the GDPR, to be sent to the Guarantor for the Protection of Personal Data, piazza Venezia n. 11 – 00187 Rome (email@example.com; phone + 39 06 69677.1; fax + 39 06 69677.3785).
Pursuant to art. 7, paragraph 3 of the GDPR, the right to withdraw consent at any time by sending an e-mail to the Data Controller at the address firstname.lastname@example.org and/or the Privacy Contact at email@example.com. The withdrawal of consent does not affect the lawfulness of the Processing based on consent before the revocation.
The rights indicated above may be exercised in the forms and terms referred to in art. 12 of the GDPR, by communication sent by e-mail to the Data Controller at the address firstname.lastname@example.org and/or the Privacy Contact at email@example.com. The request will be provided, without delay, suitable feedback.
CHANGES TO THIS POLICY
The Joint Controllers reserve the right to make changes to this information by explicitly indicating updates on the same.
The Information is updated to 26/07/2022