Elettra - Sincrotrone Trieste S.C.p.A.

Principles relating to processing of personal data Article 5 of the Regulation (EU) 2016/679 of the European Parliament and of the Council “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”, hereinafter (GDPR) sets out that any processing of personal data must be carried out according to the principles of lawfulness, fairness and transparency. Your personal data shall be collected, used and processed following the principles above and therefore the processing shall have specific, explicit and lawful purposes. The personal data shall be:

• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• accurate and, where necessary, kept up to date;
• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

The information in this document, provided pursuant to articles 12, 13, from 15 to 22 and 34 of the GDPR, concerns the rights of the data subject, more specifically the “transparent information, communication and modalities for the exercise of the rights of the data subject.”

Processing According to the GDPR, ‘processing’ means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”

Purpose of personal data processing Your personal data (name, surname, email address) are required for:

• proceed with your registration in the PhotonMEADOW23 Indico event, so as to allow for:
  • the magement of your activity as a participant in the PhotonMEADOW23 conference;
  • identification and verification of the access authorisation at the PhotonMEADOW23 conference venue during the days of the conference;
• the correct reference to you as submitter, author, co-author or presenter of one or more scientific contributions;
• the pubblication of the PhotonMEADOW23 conference proceedings, included list of authors and participants;

Videos and photos taken during PhotonMEADOW23 might be published in the proceedings and for promotional activities, subsequent to the conference, regarding the scientific research of Elettra.

Amendments and updates This notice may be subject to amendments or integrations, of which you shall be informed.

Recipients of personal data Your personal data, subject to processing for the purposes above, shall be transmitted to the following also involved in PhotonMEADOW23 conference organisation and management activities:

• Scientific Programme Committee;

Data processing Data processing shall be carried out in compliance with the GDPR prescriptions, with special reference to Articles 32 “Security of processing”, 33 “Notification of a personal data breach to the supervisory authority” and 34 “Communication of a personal data breach to the data subject”.

Admission to the conference venue shall be permitted by means of a temporary non-transferable badge assigned to the attendee.

Processing operations shall be carried out by authorised subjects, constantly identified, suitably trained and informed on the obligations under the GDPR.

Processing shall be carried out using computer, telematic and electronic systems, which may or may not be connected to the Internet, or using paper supports according to logics closely connected to the purposes declared. In addition, processing may be carried out using video surveillance systems, installed for the purposes of workplace safety and protection of the corporate assets, according to the provisions of art. 4 of Law no. 300 of 20 May 1970 (Workers’ Statute) as amended by art. 23 of Legislative Decree no. 151 of 14 September 2015 (Jobs Act) and the Regulation on the subject of video surveillance dated 8 April 2010, issued by the Italian Data Protection Authority.

In any case, the processing operations shall be carried out in such a way as to guarantee the security, confidentiality and availability of the data, according to principles of correctness, lawfulness and transparency, aimed at protecting the fundamental rights and freedoms of natural persons.

If data subjects would access the Elettra facilities in relation to the purposes above, their personal data will be processed also by personal recognition and identification by means of a valid identification document by the porter and security service operators.

Cookies The website of the PhotonMEADOW23 conference uses session cookies, which are required for users to navigate our website appropriately and safely. Session cookies created do not affect users' privacy during their browsing experience on our website, as they do not entail processing their personal identification data. Session cookies are not permanently stored and indeed cancelled when the connection is terminated.

Data Controller The Data Controller is: Elettra - Sincrotrone Trieste S.C.p.A. with headquarters in Strada Statale 14 km 163,5 in Area Science Park - 34149, Basovizza – Trieste, in the person of the President and CEO Prof. Alfonso Franciosi Tel. +39 040 37581 - Fax +39 040 9380902

Contacts of the Data Protection Officer (DPO) The Data Protection Officer (DPO) appointed by Elettra can be reached using the following contacts:

• e-mail: dpo@elettra.eu
• post: Elettra - Sincrotrone Trieste S.C.p.A. Strada Statale 14 km 163,5 in Area Science Park - 34149 Basovizza – Trieste, Italy - Responsabile della protezione dei dati (Data Protection Officer)

Further information available at the following address: http://www.elettra.eu/privacy.html

Period of personal data retention The personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

Rights of the data subject In relation to his or her personal data, the data subject may exercise the following rights:

• Right of access (art. 15 of the GDPR) - The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.

If required, the controller shall provide a copy of the personal data undergoing processing, on condition that such copy does not prejudice the rights and freedoms of third parties.

• Right to rectification (art. 16 of the GDPR) - The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
• Right to erasure (right to be forgotten) (art. 17 of the GDPR) - The data subject shall have the right to obtain from the controller without undue delay the erasure of personal data concerning him or her.
• Right to restriction of processing (art. 18 of the GDPR) - The data subject shall have the right to obtain from the controller restriction of processing.
• Right to data portability (art. 20 of the GDPR) - The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
• Right to object (art. 21 of the GDPR) - The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
• Right to lodge a complaint with a supervisory authority (art. 77 of the GDPR) - Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
  Elettra - Sincrotrone Trieste S.C.p.A. President and CEO Prof. Alfonso Franciosi