European Regulation No. 679 of 27 April 2016 (hereinafter the “Regulation”) provides for the protection of individuals with regard to the processing of personal data. Pursuant to Article 13 of the Regulation, the following information is provided to all Users of IT tools provided by ALISEI (owned or provided by third parties on behalf of ALISEI):
1. Identification details of the data controller
The data controller is Associazione Cluster Alisei (ALISEI), based in Piazza Città di Lombardia 1, Milano – e-mail: firstname.lastname@example.org, PEC: SB51202-EURO, switchboard +39 02 82950723.
2. Purpose and basis of processing
The processing of personal data provided at the time of identification/registration for the use of IT tools necessary for the participation in telematic mode in the meeting, event, course, seminar or meeting (hereinafter only “meeting”) is used, within the framework of ALISEI’s institutional activities, solely for the pursuit of the following purposes
- • for the use of the services requested for any reason by means of IT tools (by way of example only: for registration for the meeting, for participation in the meeting, for access to any supporting IT material);
- • the management of activities carried out in any capacity through IT tools (by way of example only: work activities, teaching and learning assessment activities, organisation of events, meetings carried out in any capacity);
- • to manage and monitor the proper functioning of applications in order to ensure the proper delivery of IT services;
- • for the possible recording and publication of the meeting on ALISEI intranet or Internet page for training or institutional purposes.
3. Legal Bases
The legal bases justifying the processing of the data are the fulfilment of contractual and pre-contractual obligations relating to the services requested by the user, the legitimate interest of ALISEI, which consists in providing information on future events that might be of interest to the data subject in the processing (subject, however, to the data subject’s right to object).
4. Types of data processed
ALISEI, as data controller, collects the following data:
- Name, surname, affiliation, contact information (if any), e-mail, access credentials, meetings attended, outcome of test or questionnaire (if any), access to supporting material (if any), date/time of access, duration of connection, IP address of connection.
The provision of personal data is compulsory in order to register/access/participate in the activities.
Any refusal will make it impossible for the person concerned to use the service.
5. Modalities of processing
In relation to the purposes set out above, the data, including any portraits contained in films/voice recordings/images, are processed by computer, in compliance with the legal provisions on the processing of personal data, taking appropriate security measures.
The Data Controller points out that the processing of the data provided by you for the participation in online events will take place using the specific IT tool envisaged for the provision of the service itself (by way of example, Microsoft Teams, Avaya Equinox or other tools that ALISEI may deem necessary for the correct provision of the event).
All data processing operations are implemented in such a way as to guarantee the integrity, confidentiality, and availability of personal data.
6. Period of data retention
The data will be kept for a period of time not exceeding the achievement of the purposes for which they are processed, in full compliance with the retention limitation principle laid down in the Regulation and/or for as long as necessary for legal obligations.
7. Categories of data recipients
The data processed for the above-mentioned purposes will be communicated or will in any case be accessible to the Controller’s employees and collaborators assigned to the management of the information systems, who, in their capacity as system administrators and/or authorised to process the data, will be adequately instructed by the Controller for this purpose.
Access to the data collected for the above-mentioned purposes may be allowed by the Data Controller, in order to carry out management and monitoring activities of the correct functioning of the IT services or for the management of additional functionalities, also to external parties who, for the sole purpose of the requested service, may become aware of the personal data of the data subjects and who will be duly appointed as Data Processors pursuant to Article 28 of the GDPR.
Apart from the above-mentioned cases of communication, the data will not be communicated to third parties except to comply with legal obligations or to respond to justified legal requests and requests by judicial authorities and will not be disseminated.
The data collected will not be transferred to countries outside the EU.
8. Third-party websites and services
The applications may contain links to other websites or third-party services that have their own privacy policies (e.g. Cloud services such as Microsoft Teams).
The Controller is not liable for the processing of data carried out by such applications or sites.
9. Rights of the Data Subject under Articles 15, 16, 17 18, 20 and 21 of the Regulation
We would like to inform you that the European Regulation 2016/679 provides for the possibility of exercising the rights set out in Articles 15 to 23, and in particular the right of access and information, the right to rectification, updating and integration, as well as the possibility of requesting the deletion, transformation into anonymous form and blocking of data. It is also always possible to oppose the sending of information notices sent after registration for events of the same nature.
10. Methods of exercising rights
The data subject may exercise all the above rights by sending an e-mail to the Data Protection Officer at the contact indicated in point 2.
Data subjects who consider that the processing of personal data relating to them is carried out in breach of the provisions of European Regulation 2016/679 have the right to lodge a complaint with the Garante per la protezione dei dati personali, as provided for in Article 77 of the Regulation itself, or to take legal action (Article 79 of the Regulation).