NOTICE ON PERSONAL DATA PROCESSING PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679
The Istituto Affari Internazionali, with registered office at Via dei Montecatini, 17, Rome, in the person of the legal representative pro tempore, in the capacity as Controller of the personal data processing (hereinafter the “Controller”), pursuant to Regulation EU 2016/679 (hereinafter the “Regulation”) – considers the privacy and protection of Personal Data a principal goal of its activities.
We therefore invite you, before transmitting any personal data to the Controller, to carefully read this Notice; it contains important information on the processing of your Personal Data.
“Personal Data” is understood as any information regarding an identified or identifiable natural person (“data subject”). A natural person is considered to be identifiable if he/she can be identified, directly or indirectly, with particular reference to an identifier such as a name, identification number, data relating to location, an online identifier or one or more characteristic elements of his/her physical, physiological, genetic, mental, economic, cultural or social identity.
- refers to the processing of data carried out in performing the Institute’s official activities
- is provided pursuant to Art. 13 of the Regulation, to those who interact with the Controller’s activity;
- is considered provided also for the sites https://www.iai.it/it/note-legali; https://www.affarinternazionali.it/privacy/; https://www.new-med.net/privacy/ and constitutes an integral part of those sites;
The Controller can be contacted at the address of the Data Protection Officer pursuant to Art. 37 of Regulation EU 2016/679: firstname.lastname@example.org, as the Institute has made the appropriate designation.
The information and data provided by you or otherwise acquired in the context of the use of the IAI’s services – such as for the participation in events or training courses, hereinafter the “Services” – shall be processed in compliance with the provisions of the Regulation and the privacy obligations that inspire the IAI’s activities.
According to the provisions of the Regulation, the processing operations carried out shall be based on principles of legitimacy, fairness, transparency, limitation of aims and storage, minimization of data, accuracy, integrity and confidentiality.
- Controller of the processing
The controller of the personal data processing is the Istituto Affari Internazionali, with registered office at Via dei Montecatini, 17, Rome, in the person of the legal representative pro tempore.
- The Personal Data subject to processing
The Institute will process the personal data needed for the performance of its official activities, i.e. the promotion of knowledge of international politics and the advancement of European integration and multilateral cooperation, through training and research activities, in collaboration with the government, public agencies, European and international institutions, universities, leading national economic actors, the media and the most qualified international think tanks.
We also inform you that, following navigation within the sites listed above, the IAI will process your personal data used for navigation provided by you. That data may be constituted by an identifier such as a name, identification number, online identifier or one or more characteristic elements of your physical, economic, cultural or social identity that could identify or make the data subject identifiable.
Other Personal Data could be processed that is freely provided by you in the forms requesting information (for example, to obtain information on courses or requests for registration in training courses).
Any special categories of data, pursuant to Art. 9, Reg. 2016/679/EU, will only be processed after obtaining express consent from the data subject.
a. Navigation data
During the course of their normal operation, the IT systems and software procedures used for the functioning of the Site acquire some Personal Data the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but that by its own nature could, through processing and associations with data held by third parties, allow for identifying the users. This category of data includes IP addresses or the domain names of the computers of the users who connect to the Site, the addresses in URI notation (Uniform Resource Identifier) of the resources requested, the time of the request, the method used in submitting the request to the server, the dimensions of the file obtained in response, the numerical code indicating the state of the response given by the server (success, error, etc.) and other parameters relating to the user’s operating system and IT environment. These data are used only in order to derive anonymous statistical information on the use of the Site and to monitor its proper functioning, to identify anomalies and/or abuses, and are deleted immediately after being processed. The data could be used to determine liability in the case of hypothetical IT crimes to the detriment of the site or third parties. Except for in such situations, currently the data on web contacts are not kept for more than six months.
b. Data provided voluntarily by the data subject
The IAI may process personal and/or contact data such as first name, last name, e-mail and telephone number; data relating to degrees of training and education contained in CVs; data and meta-data relating to training courses and services, including the results of tests and exams and related information on the date, time and method of use of training services and/or the execution of tests; data relating to payments and other bank information, such as data contained in receipts for payment of fees for participating in training courses.
Should you communicate any Personal Data of third parties to the IAI, you must warrant – assuming all responsibility – that there is a suitable legal basis for that particular case of processing pursuant to Art. 6 of the Regulation, that justifies the communication to IAI and the related processing of the information in question.
- Purpose of the processing
The data processing operations we intend to carry out can have the following purposes:
- allow for IAI to perform its official activities (research, training, etc.);
- allow for the provision of the Services offered by the IAI and requested by you;
- in relation to the services offered by the IAI through the web site, allow for:
- registration on the site;
- subscription to the e-mail newsletter;
- enrolment in training courses;
- sharing of content present on the site;
- generic requests for information;
- registration for events and initiatives organized by the IAI;
- he collection and analysis of CVs for the purpose of collaboration or hiring at the Institute.
- Legitimate grounds and obligatory or optional nature of the processing
The legal basis for the processing of Personal Data, based on the purposes of the processing itself, may be:
- the execution of a contract;
- the fulfillment of legal obligations;
In regard to the personal data entered into the site, the processing operations are necessary to provide the Services or to respond to requests from the data subject. The provision of the Personal Data for these purposes is optional but failure to provide it will make it impossible to enable the Services provided by the Site.
For the processing operations coming under the statutory purposes of the IAI, except in the cases in which the data collected is anonymized, the legal basis may be the execution of a contract or of precontractual relationships (e.g. hiring or collaboration) or consent (e.g. in relation to special categories of data). In those cases, the consent is necessary and failure to provide it will make it impossible to continue with the contractual relationship or the use of the service.
For processing operations linked to the performance of legal obligations, provision of the data is necessary and failure to provide the data will preclude the use of the service
- Recipients of the Personal Data
Your Personal Data may be shared, for the purposes indicated in section 3 above, with:
- a. entities that typically act as data processors pursuant to Art. 28 of the Regulation, i.e.: i) persons, enterprises or professional firms that provide activities of assistance and consulting to the IAI; ii) entities with which it is necessary to interact to perform the IAI’s official activities; or iii) entities appointed to perform technical maintenance activities (including the maintenance of the network devices and of electronic communication networks); (collectively the “Recipients”); the list of data processors that process the data can be requested from the Controller.
- b. persons, entities or authorities, and autonomous data controllers, to which it is mandatory to communicate your Personal Data by virtue of provisions of law or orders from the authorities;
- c. persons authorized by the IAI (e.g. employees and associates).
- Data storage
The Personal Data processed for the purposes indicated in section 3 shall be kept for the time strictly necessary to reach those same purposes in respect for the principles of minimization and limitation of storage pursuant to Art. 5.1.e) of the Regulation.
In any event, the Controller shall process the personal Data for the time necessary to perform its contractual and legal obligations.
Additional information on the period for keeping data and the criteria utilized to determine that period may be requested by writing to the designated DPO.
- Transfer of data abroad in the case of use of platforms for live streaming or for the provision of contents and training materials in training courses
In the event that, to make use of the training services, platforms such as Facebook Workplace or Zoom are used for live streaming of lessons and/or for the sharing of informational materials, we note that this use of services could entail the exportation outside of the territory of the European Union of the data of the data subject who requests that service (identification data, contact information, data and meta-data relating to days, hours and contents of the training sessions). This transfer takes place based on the derogation in Article 49(1)(b) of the Regulation, inasmuch as the transfer becomes occasionally necessary for the execution of the training service.
- Data subject’s rights
Pursuant to Article 15 et seq. of the Regulation, you have the right to request, at any time: access to your Personal Data, the rectification or erasure of the same, and the restriction of processing in the cases indicated by Art. 18 of the Regulation; and to obtain the data concerning you in a structured, commonly used and machine-readable format, in the cases provided for by Art. 20 of the Regulation. At any time, pursuant to Art. 7 of the Regulation, you may withdraw your consent, or lodge a complaint with the supervisory authority pursuant to Article 77 of the Regulation (Personal Data Protection Authority WWW.GARANTEPRIVACY.IT), if you believe that the processing of your data infringes the laws in force.
You may object to the processing of your data pursuant to Article 21 of the Regulation indicating the grounds for your opposition. The Controller shall consider the request, that will not be accepted in the case of existence of legitimate legal grounds for continuing with the processing that take precedence over your interests, rights and freedoms.
Such requests shall be sent in writing to the DPO designated by the IAI.
The IAI reserves the right to amend or simply update the contents of this notice, in full or in part, including due to changes in applicable laws.
- Cookies and online tracking
a. Definitions, characteristics and application of laws
Various types of cookies exist, depending on their characteristics and functions, which can remain in the user’s computer or mobile device for different periods of time: for example, “session cookies,” that are automatically deleted upon closing the browser, or “persistent cookies,” that remain in the user’s device until a preset expiration date.
According to the Italian Personal Data Protection Authority (in the Order Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies of 8 May 2014, hereinafter simply the “Order”) technical cookies, that do not require express consent for their use, also include:
- “analytics cookies” insofar as they are used directly by the website manager to collect aggregate information on the number of visitors and the pattern of visits to the website,
- browsing or session cookies, which allow users to navigate and use a website (e.g. to purchase items online or authenticate themselves to access certain sections);
- functional cookies, which allow users to navigate as a function of certain pre-determined criteria such as language or products to be purchased so as to improve the quality of service.
For “profiling cookies,” on the other hand, i.e. cookies aimed at creating user profiles and used in order to send advertising messages in line with the preferences indicated by the same during navigation online, prior consent of the user is required.
b. Types of cookies used by the Site
The Site uses the following types of cookies, and offers the possibility to de-select them, except for third-party cookies, for which the user must refer directly to the relevant procedures for selection and de-selection of the respective cookies, indicated by links:
- Technical cookies – browsing or session – strictly necessary for the functioning of the Site or to allow the user to make use of the contents and or services requested.
- Functional cookies, used to activate specific Site functions and a series of selected criteria (for example, the language or the products selected for purchase) in order to improve the service rendered.
ATTENTION: by disabling technical and/or functional cookies, it may not be possible to consult the Site, or some services or functions of the site may not be available or function properly, and the user could be forced to modify or manually enter certain information or preferences each time they visit the Site.
The IAI uses third-party cookies, i.e. cookies of web sites or servers other than that of the Controller, used for the purposes of those third parties, including analytics and profiling cookies. It is specified that those third parties, listed below with the respective hypertextual connections to their privacy policies, act in the capacity as autonomous controllers of processing of the data collected through the cookies sent by them, and therefore, the user must refer to their Personal Data processing policies, notices, and any forms for obtaining consent (selection and de-selection of the respective cookies).
c. How to view and modify the cookies through your browser
d. Cookie settings
The user may make a choice and specifically indicate which cookies to authorize below.
The user is informed that not authorizing technical cookies could make it impossible to use the Site, view its contents and use the relative services. Blocking functional cookies could mean that some services or functions of the Site are not available or will not function properly, and the user could be forced to modify or manually insert certain information or preferences each time they visit the Site.
Lack of authorization of other cookies indicated as third-party cookies will not affect the functioning of the Site. However, since those cookies are sent exclusively by third parties, and since the Site manager is unable to exercise control over the transmission of those cookies to the user’s terminal, the user may object only by accessing the consent forms prepared by the cited third parties, if present, or through their browser settings. The links to the privacy policies and any forms for obtaining consent to receipt of cookies prepared by third parties that send cookies through the Site are provided in the section Types of cookies used by the Site.
As concerns the cookies sent directly by the manager of the Site, and through the procedure made available on this page, the user may block or delete the cookies (in full or in part) also through the specific functions of their browser (on this point, see what is specified above).
The choices made by the user in reference to the cookies on the Site shall in turn be registered in a specific technical cookie, having the characteristics indicated in the cookie table. In some circumstances, however, that cookie may not function properly; in those cases, it is recommended that the user delete the unwanted cookies and prevent their use through the functions of their own browser.
The user’s preferences in relation to cookies are to be reset in the case of use of different devices or browsers to access the Site.