1. DATA CONTROLLER
The Data Controller is the Consortium of the nIoVe Project hereinafter, "Data Controller", reachable at the e-mail address email@example.com
2. PERSONAL DATA PROCESSED
As you use the Websites, we inform you that the Data Controller may collect and process information related to you as an individual, which may consist of an identifier such as your name, an online ID or one or more elements that are characteristic of your physical, physiological, psychological, economic, cultural or social identity and which can identify you or make you identifiable, depending on the type of services requested by you (hereinafter only "Personal Data").
Personal Data which may be processed by the Data Controller through the Websites are as follows:
a. Browsing Data
The Website’s operation involves the use of computer systems and software procedures, which collect information about the Website’s users as part of their routine operation. While the Data Controller does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information is also considered Personal Data.
This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.
This data is used exclusively to compile anonymous, statistical information on the use of the Website, as well as to ensure its correct operation and identify any faults and/or abuse of the Website – the data is deleted immediately after processing, unless it must be used to identify responsible parties in the event of cybercrime committed which harms the Website or third parties.
b. Data provided by the user
3. PURPOSES OF PROCESSING
Your personal data and the information you provide will be processed, with your consent where necessary, for the following purposes, where applicable:
- to enable browsing of the Website and the provision of the services made available therein by the Data Controller, including the management of Website security, as well as contractual and administrative-accounting relationships;
- to respond to specific requests addressed to the Data Controller, forwarded through the specific forms available on the Website.
- to fulfil any obligations under applicable laws, regulations or legislation, or satisfy requests from the authorities;n the event that it is necessary to ascertain, exercise or defend a right in court;
- for purposes of evaluation and statistical monitoring; this purpose involves the analysis of aggregate information that does not relate to identified or identifiable individuals and which, therefore, does not represent personal data and does not allow the Data Controller to determine your identity in any way.
4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF PROCESSING
The legal basis for the processing of personal data for the purposes referred to in sections a) and b) is art. 6, par. 1, lett. b) of the Regulation ([...]processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;), as the processing is necessary for the provision of services. The conferment of personal data for these purposes is optional, but failure to provide them would make it impossible to access the services requested.
The purpose referred to in section c) represents a legitimate processing of personal data under art. 6, par. 1, lett. c) of the Regulation ([...]the processing is necessary for compliance with a legal obligation to which the controller is subject). Once the personal data have been conferred, in fact, the processing is indeed necessary to fulfil legal obligations to which the Data Controller is subject.
The processing carried out for the purposes referred to in section d) is based on the legitimate interest of the Data Controller pursuant to art. 6, paragraph 1, letter f) of the Regulation.
In conclusion, it should be noted that the processing referred to in section e), not being related to personal data, does not fall under the scope of the data protection legislation and can therefore be freely carried out by the Data Controller.
5. RECIPIENTS OF PERSONAL DATA
Your personal data may be shared, for the purposes set out in section 3 of this Policy, with:
- Subjects who typically act as Data Processors pursuant to art. 28 of the Regulation on behalf of The Data Controller, in particular:
- Entities engaged in order to provide the Services (e.g., hosting providers or e-mail platform providers);
- Persons authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks).
- Persons authorized by the Data Controller, pursuant to art. 29 of the Regulation, to process personal data necessary to carry out activities which are strictly related to the provision of services - who are committed to confidentiality or have an adequate legal obligation of confidentiality;
- Subjects, entities or authorities to whom it is mandatory to communicate your personal data by virtue of legal provisions or orders issued by the authorities.
6. TRANSFERS OF PERSONAL DATA
Some of your personal data could be shared with Recipients who may be located outside the European Economic Area. The Data Controller ensures that your personal data are processed by these recipients in compliance with articles 44 - 49 of the Regulation. Indeed, transfers may be based on an adequacy decision or on Standard Contractual Clauses approved by the European Commission or under other appropriate legal basis.
7. DATA RETENTION
The personal data processed for the purposes referred to in sections a) and b) will be stored for the time strictly necessary to achieve those purposes. Personal data, processed for the purposes described in section c), will be retained for as long as required by the specific applicable obligation or legal provisions. In general, the Data Controller reserves the right, in any case, to store your data for the time necessary to comply with any regulatory obligation to which the same is subject or to meet any defensive needs.
8. DATA SUBJECT'S RIGHTS
You have the right to access your Personal Data at any time, pursuant to articles 15-22 of the Regulation. In particular, you may ask for the rectification (pursuant to art. 16), erasure (pursuant to art. 17), limitation (pursuant to art. 18) and portability of data (pursuant to art. 20), not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or which affects your person in a similar significant way (pursuant to art. 22), as well as the withdrawal of any consent given (pursuant to art. 7, par. 3), or the objection to the processing of your Personal Data pursuant to art. 21 of the Regulation.
In any case, you always have the right to lodge a complaint with the competent supervisory, pursuant to art. 77 of the Regulation, if you believe that the processing of your data is contrary to the legislation in force, or to take legal action pursuant to art. 79 of the Regulation.
In order to exercise the aforementioned rights or for any other request, you may write to the Data Controller at the e-mail address firstname.lastname@example.org