INFORMATION ON THE PROCESSING OF PERSONAL DATA EX ART. 13 OF REGULATION (EU) 679/2016 (General Data Protection Regulation – GDPR)
The personal data of users who access and use the website www.charisma-academy.eu (hereinafter, also the “Site”) are processed in compliance with the legislation on the protection of personal data.
Furthermore, in compliance with the principles recognized by the European Regulation 679/2016 (hereinafter “GDPR”), this information provides the user (interested in the treatment) with any further information necessary to ensure correct and transparent treatment, in relation to the specific context where personal data is collected and subsequently processed.
This information is provided only for the Site indicated above, not also for third-party websites accessible via hyperlinks (links) contained on the Site and having different domains, for which the Owner is in no way responsible.
1. Data controller
The Data Controller is Mazzini Lab S.r.l. Benefit (hereinafter, also “Owner”), with headquarters in Viale Giuseppe Mazzini, 9 – 00195 Rome; VAT number: 15588921005; REA: RM – 1600673; e-mail address: email@example.com; certified email address: firstname.lastname@example.org
2. Data Protection Officer
The Data Protection Officer (RDP) can be reached by e-mail at email@example.com.
3. Nature of data provision
To use the services offered through the Site, the user may be required to provide the personal data necessary to ensure their use: in particular, for the purpose of completing the forms on the Site, the provision of data marked with an asterisk is necessary for the management and response to communications forwarded by the user. In any case, it should be noted that the user is free to provide the requested data, in the sense that he is not legally obliged to provide them: failure to provide the data indicated as necessary, however, makes it impossible for the Data Controller to return the requested service.
4. Types of data processed, purposes and legal basis of the processing
The types of data being processed include, in particular:
4.1 navigation data
During the user’s navigation on the Site, the computer systems used to operate it automatically acquire some information whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
These data are processed for purposes related to the provision of services offered through the Site, including the guarantee of their correct functioning. The legal basis of the processing is, therefore, constituted by the execution of a contract of which the interested party is a part, pursuant to art. 6, par. 1, lit. b) of Regulation (EU) 679/2016 (GDPR).
In particular, navigation data is processed for the purpose of:
– ensure the correct functionality of the Site and the usability of its services;
– obtain aggregated and anonymous statistical information relating to the use of the Site (such as, for example, the most visited pages, number of visitors by hour or day, geographical areas of origin, etc.).
4.2 data provided by the interested party
Mazzini Lab S.r.l. Benefit processes the data provided voluntarily by the user, by filling in the forms present in some sections of the Site or by sending e-mail messages to the e-mail addresses indicated or accessible via links on the Site, for purposes connected to the provision of the services offered through the Site. In this case, the legal basis of the processing is constituted by the execution of a contract of which the interested party is a part, pursuant to art. 6, par. 1, lit. b) of Regulation (EU) 679/2016 (GDPR). Some types of treatment may also be based on the pursuit of the legitimate interest of the Data Controller and of third parties, pursuant to art. 6, par. 1, lit. f) of Regulation (EU) 679/2016 (GDPR), as better specified in lett. d) of this paragraph and in the following paragraph 6, lett. c).
In particular, the personal data provided by the data subject may be processed for the following purposes:
a) in relation to the data provided by sending, optional and voluntary, e-mail messages to the e-mail addresses indicated on the Site (which include, in particular, the sender’s e-mail address
and any other personal data present in the message) in order to carry out the processing activities necessary to respond to user requests;
b) in relation to the data provided by completing the contact form (name, e-mail address and any other personal data present in the message), in order to evaluate and respond to user requests;
c) in relation to the data provided by completing the newsletter subscription form (email address) in order to send periodic information communications on the activities and initiatives carried out within the Charisma project;
d) in relation to the data provided by completing the application form to become a Stakeholder of the Charisma project (name, surname, company, e-mail address, role of the organization/institution to which they belong), in order to evaluate the application and verify the application request. Furthermore, the user has the possibility to express his interest in being involved in project activities such as surveys, video interviews and live streaming events, as well as to request subscription to the newsletter. It should be noted that the personal data relating to the Stakeholders will be communicated to the partners of the Charisma project (Arte Generali Gmbh, Ustav Teoreticke a Aplikovane Mechaniky AVCR, Universität für Weiterbildung Krems, University for foreigners of Perugia, hereinafter also “Partner”) for the pursuit of the legitimate interest of the Owner and the Partners in the realization of the project purposes. Further processing of personal data relating to Stakeholders for purposes related to the development of the Charisma project will be carried out by Mazzini Lab S.r.l. Benefit and by the Partners as Joint Data Controllers.
5. Modality and duration of the treatment
The processing will be carried out using paper and/or IT tools, also by means of persons authorized to do so, who operate under the direct authority and according to the instructions given by the Data Controller, with logic strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the data processed.
The processing operations are carried out in such a way as to guarantee the security of the data and of the systems. Specific security measures are adopted in order to minimize the risk of destruction or loss, even accidental, of the data, unauthorized access, unauthorized or non-compliant processing with respect to the purposes indicated in this statement.
The security measures adopted, however, do not completely exclude the risk of interception or compromise of personal data transmitted with telematic tools. It is therefore recommended to verify that the device in use by the user is equipped with software systems suitable for the protection of both incoming and outgoing data transmission (such as, for example, updated antivirus systems, firewalls and spam filters ).
The data being processed will be kept for a period of time not exceeding that necessary to achieve the purposes for which they were collected and subsequently processed. In particular:
a) the data under a) and b) of paragraph 4.2 will be kept for the time necessary to provide feedback to the interested party;
b) the data processed for sending informative newsletters will be kept until the interested party exercises the right to object;
c) the data processed in order to evaluate the candidacy of potential stakeholders (paragraph 4.2, letter d) will be kept for the entire duration of the Charisma project and for the additional period necessary for the execution of the obligations related to the project;
After the conservation terms have elapsed according to the indicated criteria, the Data Controller will take measures aimed at canceling or anonymizing data that does not need to be kept for specific regulatory obligations.
6. Categories of recipients
The personal data of the interested party may be communicated to:
a) specifically authorized collaborators and employees of the Data Controller, within the scope of their duties;
b) external consultants of the Data Controller;
c) Partners of the Charisma project, who will be able to process them:
– as independent Data Controllers, for commercial communication purposes, as well as for information and promotion of initiatives, activities and services related to the Charisma project, in relation to the data referred to in par. 4.2, lett. a), b) and c);
– as joint data controllers, together with Mazzini Lab S.r.l. Benefit, for the realization of the project purposes, in relation to the data referred to in par. 4.2, lett. d).
d) suppliers of the services offered through the Site or connected to its functioning, including Automattic Inc. for the newsletter service; Aruba S.p.A. for the web hosting service; Google Inc. for the web analysis service, the tag management service and the advertising service.
In no case will personal data be communicated, disseminated, assigned or in any case transferred to third parties for illicit purposes and, in any case, without providing suitable information to the interested parties and acquiring their consent, where required by law. The possible communication of data at the request of the judicial or public security authorities remains unaffected, in the ways and in the cases provided for by law. Personal data will not be transferred abroad, to countries or international organizations not belonging to the European Union that do not guarantee an adequate level of protection, recognized, pursuant to art. 45 GDPR, based on an adequacy decision by the EU Commission. In the event that it is necessary for the provision of the services of the Site, the transfer of personal data to countries or international organizations outside the EU, for which the Commission has not adopted any adequacy decision pursuant to art. 45 GDPR, will take place only in the presence of adequate guarantees provided by the recipient country or organisation, pursuant to art. 46 GDPR and provided that data subjects have enforceable rights and effective remedies. In the absence of an adequacy decision by the Commission, pursuant to art. 45 GDPR, or adequate guarantees, pursuant to art. 46 GDPR, including binding corporate rules, the cross-border transfer will take place only if one of the conditions indicated in art. 49 GDPR. In particular, it appears necessary to point out that, according to recent interpretations provided by some European Supervisory Authorities, the use of Google Analytics could involve the transfer of the user’s personal data to the United States, whose legal regime does not guarantee a level of protection equivalent to the one in force within the European Union in compliance with the GDPR. By accepting the placement of Google Analytics cookies, therefore, the user is aware of the possible risks of such a transfer, in any case not requested or authorized by the Data Controller, due to the lack of an adequacy decision pursuant to article 45, par. 3 of the GDPR, or adequate guarantees pursuant to article 46 of the GDPR.
7. Rights of the interested party
The interested party has the right to access their personal data, to request their rectification, updating and cancellation or limitation, if incomplete, erroneous or collected in violation of the law, as well as to oppose the treatment for legitimate reasons or achieve portability.
The interested party, in particular, has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in an intelligible form.
The interested party also has the right to obtain the indication:
a) the purposes and methods of processing;
b) of the logic applied in case of treatment carried out with the aid of electronic instruments;
c) of the identification details of the Data Controller, of the managers and of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as authorized to process them.
The interested party has the right to obtain:
a) updating, rectification or integration of personal data;
b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary in relation to the purposes of the processing;
c) limitation of processing, when one of the hypotheses referred to in article 18 of the GDPR occurs;
d) the attestation that the operations referred to in letters a), b) and c) have been brought to the attention of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right;
e) the transmission of data concerning him, provided to the Data Controller and processed on the basis of the consent expressed by the interested party for one or more specific purposes, in a structured format, commonly used and readable by automatic device. Pursuant to art. 20 GDPR, the interested party also has the right to transmit such data to another data controller without impediments and, if technically feasible, to obtain the direct transmission of personal data from one data controller to another.
f) if the processing is based on consent, revoke your consent at any time (pursuant to article 7 paragraph 3 GDPR).
The interested party has the right to object, in whole or in part:
a) for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
b) to the processing of personal data concerning him for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication;
c) to the communication of personal data to the co-organizers of the training courses (see what is indicated in the previous point 4.2, letter e), in the event that this communication is based on the need to pursue a legitimate interest of the Data Controller or of the co-organizers;
d) to automated decision-making processes that significantly affect your person.
Without prejudice to any other administrative or judicial appeal, the interested party has the right to lodge a complaint with a supervisory authority, especially in the Member State in which he habitually resides, works or of the place where the alleged violation occurred.
8. Exercise of rights
The above rights are exercised with a request addressed to the Data Controller, by sending an e-mail message to the address firstname.lastname@example.org. The request is formulated freely and without formalities by the interested party, who has the right to receive a suitable response within a reasonable time, depending on the circumstances of the case.
The interested party can avail himself, for the exercise of his rights, of non-profit bodies, organizations or associations, whose statutory objectives are of public interest and which are active in the sector of the protection of the rights and freedoms of the interested parties with regard to the protection of personal data, conferring, for this purpose, a suitable mandate. The interested party may also be assisted by a trusted person.
It is possible to receive more information on the purposes and methods of processing personal data by writing to the e-mail address email@example.com and indicating “Privacy” in the subject.
To find out your rights, lodge a complaint and always be updated on the legislation on the protection of individuals with regard to the processing of personal data, the interested party can contact the Guarantor Authority for the protection of personal data, by consulting the website at address http://www.garanteprivacy.it/.