The following rules about privacy – in accordance with Article 13 of EU Regulation 2016/679 General Data Protection Regulation – are aimed at describing the procedures of collection and use of personal data through this website and are addressed to users and beneficiaries of the web services, accessible online from the address www.esc-tension.eu being the official homepage of the ESC-tension project.
The Data Controller is Fondazione ENDISU, with registered office in Milan, Via Melchiorre Gioia n.8, in the person of its General Manager (hereinafter the “Data Controller” or the “Institution”).
Mr Cosimo Calabrese has been appointed as Data Protection Officer.
For all the questions related to the processing of personal data and the exercise of the rights provided for by GDPR, the Data Controller may be contacted at the following e-mail address: firstname.lastname@example.org .
Purposes of the processing
The Data Controller processes the personal data communicated by the interested party through the website.
The data collection and use are made in order to:
a. collect the requests of the data subject and provide the requested services.
In accordance with Article 6 of GDPR, the legal basis for the data processing is the performance of the services required by the user (point b).
b. comply with a legal obligation the Data Controller is subject to; fulfil obligations deriving from law, from regulations, from national and European Union legislation or from an order of the Authority.
In accordance with Article 6 of GDPR, the legal basis for the data processing is the compliance with a legal obligation (point c).
c. Inform the interested party about future initiatives and events in the context of the ESC-tension project.
In accordance with Article 6 of GDPR, the legal basis for the data processing is the legitimate interest of the Data controller (point f).
Apart from this data, freely provided by the user on the website, the browsing data – collected as a result of using the website services – may also be processed. In particular:
– information concerning the device used to connect to the Internet
– specific information concerning the device (for example, the kind of device, the information related to the mobile network, etc.);
– log info. When using our services or viewing the content provided by the Owner, some information in the server’s logs may be automatically collected and recorded. This information might include: the data related to the way in which our service is used, such as search queries; the info related to Internet connection data, like IP address and all the other connected data; the info on the events generated by the device, such as system activities, hardware settings, browser type and language, time and date of the queries and of the referring URL; the cookies that might uniquely identify the browser and the user’s account.
We and our partners could use different technologies to collect and record information when the website is visited and/or an Institution service is used, which might require the delivery of one or more cookies or anonymous identifiers to the user’s device.
Object and type of data processing
The Data Controller processes exclusively non-sensitive personal data, such as: first and last name, email address, institution, position in the institution.
The processing of the personal data for the mentioned purposes is done by means of automated or computer-based procedures, in respect of the rules of confidentiality and security provided by law, by the ensuing regulations and by specially issued internal procedures.
The Controller undertakes not to disclose the submitted data to unauthorized people or use it for purposes other than those specified above. This data can be produced only at the request of authorities entitled by law.
The data is processed and stored at Fondazione ENDISU, operational office in Milan (Italy), Via Necchi n.9.
Nature of data provision and consequences of consent to treatment
All the data communicated by the interested party or sent during participation in the Call is indispensable for the provision of the requested benefits. They must, therefore, be understood as mandatory.
It follows that consent to the processing of personal data is also compulsory, and any refusal would put the Data Controller in the position of not being able to execute the request to participate in the Call.
Furthermore, the processing is necessary for compliance with a legal obligation to which the Controller is subject, as specified in point b.
Data communication and transfer
The data can be communicated to the partners of the ESC-tension project, to public and private individuals, physical or legal persons (legal, administrative and fiscal offices, any IT companies, and others) that must be necessarily informed for the pursuit of the purposes of the Call, of contractual, administrative, accounting purposes, as well as to ensure the use and enjoyment of the web service.
The data may also be communicated to other subjects, when disclosure is required or mandated by law.
The personal data is processed inside the territory of the European Union.
Duration of the processing
Personal data will be processed for no longer than it is necessary for the purposes for which the data was collected. In particular, the browsing data will be deleted within 2 years from their processing.
However, a longer period will be possible if it is necessary to retain the data by law or by regulation.
Data Subjects’ Rights
Data Subjects’ Rights
In accordance with GDPR (Articles 13, 15-22), data subjects have the following rights, in particular:
– to obtain confirmation as to whether or not their personal data is being processed.
– to access their data and the following information: purposes for the processing, categories of personal data, recipients and/or categories of recipients, conservation period;
– to obtain correcting or integrating their personal data if it is incorrect;
– to obtain cancellation of the data concerning them, in the circumstances laid down in Article 17 GDPR;
– to withdraw their consent for the information to be processed, without affecting the lawfulness of the processing based on consent before their withdrawal;
– to obtain that the personal data relating to them is only stored and not used in any other way, in the circumstances laid down in Article 18 GDPR;
– to obtain a copy of the data concerning them in commonly used electronic format, easily legible and interoperable, where their personal data is processed by electronic means, pursuant to a contract or with their consent.
If the subjects have any queries or comments, or if they want to exercise their rights, they can contact the Data Controller sending an email to: email@example.com