Informativa registrazione VUO(EN)

REGULATION (EU) 2016/679
OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on the protection of natural persons with regard to the processing of personal data and
on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

 

INFORMATION NOTICE CONCERNING THE PROCESSING OF PERSONAL DATA

(Elettra VUO Registration)

Principles relating to processing of personal data
Article 5 of the Regulation (EU) 2016/679 of the European Parliament and of the Council “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”, hereinafter (GDPR) sets out that any processing of personal data must be carried out according to the principles of lawfulness, fairness and transparency.
Your personal data shall be collected, used and processed following the principles above and therefore the processing shall have specific, explicit and lawful purposes.
The personal data shall be:
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and, where necessary, kept up to date;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
The information in this document, provided pursuant to articles 12, 13, from 15 to 22 and 34 of the GDPR, concerns the rights of the data subject, more specifically the “transparent information, communication and modalities for the exercise of the rights of the data subject.
 
Processing
According to the GDPR, ‘processing’ means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Purpose of personal data processing
Your personal data are required for:
  • Your registration in the Virtual Unified Office (VUO), so as to allow for:
    • the management of your activity as a user at the Elettra facility;
    • the submission of communications which may be interesting to Users, concerning Elettra and/or “Calls for Proposals”;
    • the creation of user records to favour the knowledge and the exchange of information among Elettra users;
  • identification and verification of the access authorisation at the premises of Elettra - Sincrotrone Trieste S.C.p.A. (hereinafter “Elettra” or the “Company”) in compliance with applicable safety rules and in order to fulfill the obligations set out in Legislative Decree no. 81/08;
  • the performance of the activities of Elettra’s Users Office and of the “Proposal Review Panel” during the “proposal review process”;
  • the arrangements of the travels for the reimbursed “beam time”, meetings, periodical meetings of the review panel and any related reimbursement procedures.
  • compliance with any legal, contractual and regulatory obligation in relation to:
    • funding bodies, auditors and corporate statutory and auditing bodies, project coordinators and/or partners.
Amendments and updates
This notice may be subject to amendments or integrations, of wich you shall be informed.

Consequences of a failure to provide personal data
The provision of your personal data is required in order to:
  • allow for the performance of the activities as a User at the Elettra facility, as described in the previous point (Purpose of personal data processing);
  • allow for the fulfillment of the legal obligations set out in Legislative Decree no. 81/08 as subsequently amended and integrated when accessing the Elettra facility.
A denial to provide such information or a failure to consent to the processing phases shall prevent your registration in the Virtual Unified Office (VUO), as well as the performance of any activity relating to the role of Elettra User.

Recipients of personal data
Your personal data, subject to processing for the purposes above, shall be transferred to the following subjects, appointed as data processors by the data controller:
  • security company in charge of the checks at the entry points of the site;
  • Review panel members;
  • managers/operators of beam lines belonging to other institutes;
  • certifying bodies, auditors, statutory bodies;
  • project coordinators and/or partners.
Data processing
Data processing shall be carried out in compliance with the GDPR prescriptions, with special reference to Articles 32 “Security of processing”, 33 “Notification of a personal data breach to the supervisory authority” and 34 “Communication of a personal data breach to the data subject”.
 
When subjects access the Elettra facilities in relation to the purposes above, their personal data will be processed also by personal recognition and identification by means of a valid identification document by the porter and security service operators.
Admission to Elettra shall be permitted by means of a temporary numbered and non-transferable badge assigned to the visitors as above who need to operate inside the Elettra facility, which shall be returned at the end of the service.
 
Processing operations shall be carried out by authorised subjects, constantly identified, suitably trained and informed on the obligations under the GDPR.
 
Processing shall be carried out using computer, telematic and electronic systems, which may or may not be connected to the Internet, or using paper supports according to logics closely connected to the purposes declared.
In addition, processing may be carried out using video surveillance systems, installed for the purposes of workplace safety and protection of the corporate assets, according to the provisions of art. 4 of Law no. 300 of 20 May 1970 (Workers’ Statute) as amended by art. 23 of Legislative Decree no. 151 of 14 September 2015 (Jobs Act) and the Regulation on the subject of video surveillance dated 8 April 2010, issued by the Italian Data Protection Authority.
 
In any case, the processing operations shall be carried out in such a way as to guarantee the security, confidentiality and availability of the data, according to principles of correctness, lawfulness and transparency, aimed at protecting the fundamental rights and freedoms of natural persons.

Cookies
The Virtual Unified Office Elettra of Elettra - Sincrotrone Trieste S.C.p.A. uses session cookies, which are required for users to navigate our website appropriately and safely. Session cookies created by the VUO do not affect users' privacy during their browsing experience on our website, as they do not entail processing their personal identification data. Session cookies are not permanently stored and indeed are cancelled when the connection to the VUO is terminated.

Data controller
The data controller is:

Elettra - Sincrotrone Trieste S.C.p.A.
con sede legale in Strada Statale 14 km 163,5 in AREA Science Park 34149 Basovizza - Trieste,
nella persona del Presidente e Amministratore Delegato Prof. Alfonso Franciosi
Tel. +39 040 37581 - Fax: +39 040 9380902

Data Protection Officer
Contact details:

E-mail:
Mail: Elettra - Sincrotrone Trieste S.C.p.A. Strada Statale 14 km 163,5 in AREA Science Park
        34149 Basovizza - Trieste - Responsabile della protezione dei dati

Further information available at the following address:
http://www.elettra.eu/privacy.html

Period of personal data retention
The personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

Rights of the data subject
In relation to his or her personal data, the data subject may exercise the following rights:

  • Right of access(art. 15 of the GDPR) - The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. If required, the controller shall provide a copy of the personal data undergoing processing, on condition that such copy does not prejudice the rights and freedoms of third parties.
  • Right to rectification(art. 16 of the GDPR) - The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to erasure (right to be forgotten)(art. 17 of the GDPR) - The data subject shall have the right to obtain from the controller without undue delay the erasure of personal data concerning him or her.
  • Right to restriction of processing(art. 18 of the GDPR) - The data subject shall have the right to obtain from the controller restriction of processing.
  • Right to data portability(art. 20 of the GDPR) - The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
  • Right to object(art. 21 of the GDPR) - The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  • Right to lodge a complaint with a supervisory authority(art. 77 of the GDPR) - Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.


 
Last Updated on Tuesday, 17 November 2020 12:04