In compliance with article 13 of Legislative Decree 196/2003 and following the entry into force of the EU Regulation 679/2016 pursuant to provisions set forth in art. 13 of the foregoing European Regulation, this privacy statement aims at describing the methods adopted for processing personal data of the users in order to enable the online registration and/or entry to institutional and/or congress events organised and managed by CNIT (National Inter-University Consortium for Telecommunications).
Purpose of the processing:
Your personal data that are freely given and that we acquired because of the activity carried out by CNIT, will be processed lawfully and fairly for the following purpose: collection of entries and/or registrations in order to enable CNIT to implement all the necessary steps to formalize the registration or the participation in the event organised by the CNIT itself.
Types of data processed:
At the time of the online registration, the user is asked to enter some personal data (personal details and contact details). Personal data provided by the users during the online registration are used by CNIT only in order to provide the service that has been requested.
In order to perform the activity, it may be appropriate and/or necessary, for the user making the online registration, to specify also sensitive data (e.g. specific dietary requirements, such as intolerances or allergies, or any physical disability or limitation). In the event the user does not provide such data or his consent to their processing, CNIT shall not be able to guarantee the quality of the service offered to the user.
Procedures for processing:
Data will be processed in a manner that ensures appropriate security and confidentiality by adopting the following procedures: data collection from the data subject, gathered and recorded for purposes that are specific, express and legitimate and used in subsequent processing operations in terms that are consistent with such purposes, processing carried out using electronic and automated means (data collection via the Internet, through the online registration on the event website, directly from the data subject).
Specific security measures are adopted in order to prevent data loss, unlawful or incorrect uses as well as unauthorized accesses. Processed data will be constantly updated and complete and, to this end, we invite users to send notification in order to carry out updates and correction where necessary. Access to personal data is limited to employees and contract workers who need such information to carry out their activity, as well to manage, develop and improve our services.
Legal basis of the processing:
The legal basis of the processing of your personal data relies on your choice of registration for the event, that is necessary in order to participate in it.
Mandatory or optional nature of the data and consequences in the event of refusal to reply:
The nature of the provision of your personal data is mandatory, in order for the Data Controller to proceed with the processing of your request to participate in the event. In case of refusal, it will not be possible to complete the registration procedure and the Controller cannot perform the activity.
Disclosure of data to third parties:
Your personal data will be processed by the Data Controller, by Data Processors appointed by the Controller and by people in charge of the processing who have been strictly authorised. Data can be disclosed to CNIT members commissioning the event in order to perform all obligations. Following inspections or controls your data may be disclosed to all the inspection bodies in charge of inspections and controls related to the legitimacy of legal obligations.
Your data will not be circulated.
Data retention periods:
Your personal data shall be kept for the amount of time that is strictly necessary in order to organise and manage the event and then filed in the database of CNIT.
Existence of an automated decision-making process (profiling):
No automated decision-making process is used.
Transfer of data to third countries or international organisations:
The Data Controller does not intend to transfer the data collected to third Countries or international organisations.
The Controller of the processing of data that are obtained, processed and used is CNIT (National Inter-University Consortium for Telecommunications), with premises in Viale G.P. Usberti, 181/A Pal.3 – 43124 Parma (PR), in the person of its legal representative Prof. Nicola Blefari Melazzi.
Contact details of the Data Controller: phone: 06 72597437, e-mail: direzione[at]cnit.it
Processing operations related to data collection are carried out at the premises of CNIT and are made by the staff of the consortium in charge of the processing, as well as by any person in charge of occasional servicing operations of the consortium web platform.
Rights of the data subjects:
The data subject is entitled at any time to receive confirmation of the existence or otherwise of personal data that concern him, including where those data have not yet been recorded, and to have those data communicated in an intelligible form. The data subject is entitled to be informed of the source of the personal data; the purposes and methods of processing; the logic applied in the event that processing is carried out electronically; details identifying the Data Controller, the Data Processor and the representative appointed pursuant to article 5, paragraph 2 of Legislative Decree 196/2003 and to article 15 of the EU Regulation 679/2016; the entities or categories of entities whom or which the personal data may be communicated to or who or which may get to know such data. The data subject is entitled to have the data updated, rectified or, where he so wishes, supplemented; where data are processed in breach of the law, including data which, in light of the purposes for which they were collected or subsequently processed, do not necessarily need to be stored, to have those data deleted, made anonymous or blocked; to a statement confirming that the steps specified herein, and the contents of those steps, have been brought to the attention of parties to whom the data have been communicated or disseminated, save where this proves to be impossible or would require the use of resources that is manifestly disproportionate to the right being protected. The data subject is entitled to object – in whole or in part – on lawful grounds to the processing of personal data that concerns him, including where the processing is relevant to the purposes for which they were collected; to the processing of personal data that concern him in order to send advertising material or for the purposes of direct sales or to carry out market research or for the purposes of commercial communications. In particular, the data subject is entitled to ask at any time to the Data Controller the access to personal data and the rectification, erasure or limitation of the processing of data concerning him or to object to their processing, in addition to the right of data portability. Moreover, the data subject is entitled to withdraw his consent at any time without affecting the lawfulness of the processing based on the consent given before withdrawing it. The data subject is entitled to lodge a complaint with the supervisory Authority. Rights can be exercised by sending a notice to the e-mail address dpo[at]cnit.it, specifying name, surname and order number received by e-mail at registration.