INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA OF CUSTOMERS
Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 on the "Protection of Individuals with regard to the Processing of Personal Data" (hereinafter also "GDPR"), we provide you with the requested information on the processing of personal data concerning you ("Data") carried out by Università Cattolica del Sacro Cuore (hereinafter also the"Università").
2. Identity and contact details of the Data Controller
The data controller is Università Cattolica del Sacro Cuore, with registered office at Largo Agostino Gemelli 1, 20123 Milan, tel. (+39) 027234.1.
3. Categories of Personal Data
The Data that University processes include, for example, Biographical Data, your image in digital format, Contact Data referring to you as a legal representative/Director/Reference Person in dealing withUniversità and its facilities (such as research centers) as well as, possibly, Data of its employees, collaborators and colleagues.
4. Purpose of processing and legal basis
Data may be processed for the following purposes:
The legal basis for the processing is:
5. Modalities of processing
The processing of personal data is carried out by means of manual, computerized and telematic tools with logic strictly related to the purposes and, in any case, in such a way as to ensure the security and confidentiality of the data in accordance with current regulations.
Personnel duly appointed as System Administrators may conduct navigational checks aimed solely at ensuring the operation and security of the system.
6. Data Retention Period
The University will process the Data for as long as necessary to pursue the above purposes, subject to any retention periods prescribed by law or regulation.
7. Categories of parties to whom the Data may be disclosed
Your Data may be communicated to:
- Public and private entities or competent Authorities;
- Banking Institutions.
The subjects belonging to the categories to which the Data may be communicated will carry out the processing of the Data themselves and use them, as the case may be, in their capacity as Data Processors expressly appointed by the Data Controller in accordance with the law, or rather as autonomous Data Controllers.
The list of designated data processors is constantly updated and available at the headquarters ofUniversità.
8. Transfer of personal data outside - EU
Personal data may be transferred to countries outside - EU, particularly in the case of services that are located outside the territory of the European Union (e.g. cloud storage). In this case, the Data Controller assures as of now that the non-EU data transfer will take place in accordance with the applicable legal provisions, e.g. after stipulating the standard contractual clauses adopted by the European Union.
9. Data Protection Officer (D.P.O.).
The University has appointed a Data Protection Officer (Data Protection Officer, D.P.O.), e - mail firstname.lastname@example.org, whose name can be easily found on the website at http://www.unicatt.it/privacy.
10. Rights of the data subject
In your capacity as a data subject, you have the right to:
These rights may be exercised, by registered mail, addressed to Università Cattolica del Sacro Cuore , Administrative Direction - Privacy, Largo Agostino Gemelli 1, 20123, Milan, or by e-mail at email@example.com, specifying in the subject line "Exercise of the rights of the interested part" and indicating the reference structure through which relations with the University have taken place (e.g., research center CeTIF).
Information regarding the processing of personal data pursuant to Article 13 of "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC" ("GDPR").
Cetif Advisory S.r.l. would like to inform you about the purposes and methods of processing of personal data of natural persons under the GDPR that may be processed by Cetif Advisory S.r.l. as well as the related rights regarding such processing.
Purpose of processing and nature of main data processed.
Cetif Advisory S.r.l. processes personal data of individuals exclusively for the following purposes:Contractual purposes, inherent in the establishment and management of the contractual relationship;
1. Administrative purposes, inherent in the management of administrative relations related to the existing contractual relationship;
2. Commercial communication and marketing purposes;
3. Commercial and promotional communication purposes, social media publication of images and video-photographic footage;
4. Purpose of security and protection of corporate assets.
Personal data(Last Name and First Name; telephone contact details, e-mail, tax and bank details) are collected for the purpose of organizing and managing the contractual relationship and only with your express consent for commercial communication and marketing purposes.
Main data processing methods
Cetif Advisory S.r.l. minimizes the collection and processing of personal data to the strict minimum necessary in relation to the purposes pursued.
The data may be processed in hard copy and in computer mode.
Cetif Advisory S.r.l., after assessing the risks and where applicable the impact on the protection of personal data related to the loss of objectives of confidentiality, availability and integrity of the information processed, plans and takes the necessary technical and organizational measures to minimize these risks. This is also in order to ensure the resilience of the processing carried out as part of the more general need to ensure the continuity of the services provided.
Legal basis for processing
The processing of personal data for contractual and administrative purposes is necessary in order to establish and manage the contractual relationship and to fulfill related legal obligations.
The denial of consent to processing implies the impossibility of establishing and maintaining the contractual relationship and thus the provision of the service.
The processing of personal data for the purposes of commercial communication and marketing is optional and your consent is required. Denial of consent does not affect the provision of the service.
The processing of personal data for the purposes of publication on social media of images and video footage that may see you depicted during events is optional and your consent is required. The denial of consent does not affect the provision of the service except in the case of events the participation in the events themselves if it was not possible not to film her image directly or make it blurred and/or not recognizable, in case it results in group images.
Communication or dissemination of processed data
Cetif Advisory S.r.l. does not disseminate or disclose your personal information to third parties for purposes outside those highlighted above.
Treatment by third parties
Cetif Advisory S.r.l. may use for the processing of your data within the scope of the purposes listed above the help of third parties such as:
1. Administrative service providers, such as accountants;
2. Providers of technical support services on IT systems;
3. Cetif -Università Cattolica del Sacro Cuore;
4. Banking institutions.
In this case Cetif Advisory S.r.l. arranges for such parties to process your personal data exclusively for the purpose of carrying out their activities strictly related to the previously defined purposes and in compliance with appropriate technical and organizational data protection measures.
Disclosure and exercise of data subject's rights to processing
Cetif Advisory S.r.l., the data controller, wishes to inform you of your rights as a data subject under the GDRP. These rights are stated in Art. 13 of the GDPR and concern:
1. the right of the data subject to request access to personal data from the data controller;
2. the data subject's right to ask the data controller to rectify or erase them or to restrict processing;
3. the data subject's right to object to their processing;
4. the data subject's right to data portability;
5. the data subject's right to lodge a complaint with a supervisory authority.
Personal data retention period and benchmarks
Cetif Advisory S.r.l. stores processed personal data with reference to the following criteria:
1. compliance with the requirements applicable to the duration of the existing contractual relationship;
2. compliance with administrative and fiscal requirements as per applicable regulations.
The Data Controller of your personal data is Cetif Advisory S.r.l., P.IVA/C.F. 11086920961, with registered office in Milan, Via Olona, 2, Milan.
For any inquiries regarding the processing performed on your personal data as well as for the exercise of your rights under Article 13 of the GDPR, you may refer to the Data Protection Officer at the following e-mail address: firstname.lastname@example.org