pursuant to article no. 13 of the EU Regulation no. 679/2016
PERSONAL DATA THAT CAN BE PROCESSED
The following types of User data may be processed through the Site (hereinafter jointly also “personal data“).
A) Browsing data and cookies
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified subjects, but, by their very nature, could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes the IP addresses of the computers used by the Users who connect to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system used. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of any computer crimes against the Site.
B) Personal data voluntarily provided by the User
The Foundation processes some personal data that may be provided voluntarily by Users, also through specific forms:
- for the request for information by filling in the form on the Site “Describe your start up here”, “Keep in touch with us” in the “Contacts” section or by entering personal data in the presentation attached to the User’s applications (name, surname, company or start-up, telephone number, email address, profession and role in the team, reason for the request or presentation, message – mandatory fields); or personal data that can be sent to the Foundation via e-mail (eg. firstname.lastname@example.org , email@example.com ) or in any other way using the contact details shown on the Site.
If the User provides personal data on behalf of someone else (such as members of the start-up team), he must ensure, in advance, that the interested parties have read this Privacy Notice.
FOR WHAT PURPOSES THE PERSONAL DATA MAY BE USED
A) Response to requests for information from the User forwarded by filling in the forms on the Site
The Foundation may process the User’s personal data to respond to requests for information sent by completing the “Contact” form on the Site.
Prerequisite for processing: fulfillment of a contractual obligation or execution of pre-contractual measures. The provision of personal data is mandatory; failing that, the Foundation will not be able to respond to the User’s requests or execute the contract or contractual measures to be adopted at the User’s request.
B) Management and performance of the activities necessary for the execution of the VeniSIA acceleration program
The Foundation may process the User’s personal data to carry out the activities necessary to execute the acceleration program (hereinafter the “Program”), such as, for example, receiving and managing applications from Users as start uppers, students (eg. for the activation of internships), donors (e.g. for financial and / or technological support activities) as well as companies, in order to allow them to participate in various capacities in the Program, or allow the Foundation and its suppliers to process data personal for the purposes of the Program as well as to carry out any further preventive, connected or subsequent activities to the execution of the same.
Prerequisite for processing: fulfillment of a contractual obligation or execution of pre-contractual measures. The provision of personal data is mandatory; failing that, the Foundation will not be able to manage the User’s applications and related activities.
C) Purposes related to the obligations established by laws, regulations or community legislation, by provisions/requests of authorities legitimated by the law and/or by supervisory and control bodies.
The Foundation may process the User’s personal data to fulfill its obligations.
Prerequisite for processing: fulfillment of a legal obligation. The provision of personal data for this purpose is mandatory since in default the Foundation will be unable to fulfill specific legal obligations.
D) Defense of rights in the course of judicial, administrative or extrajudicial proceedings, and in the context of disputes arising in relation to the services/activities offered.
The Foundation may process personal data to defend its rights or act or even make claims against the User or third parties.
Prerequisite for processing: legitimate interest of the Foundation in protecting its rights. In this case, a new and specific contribution is not required, since the Foundation will pursue this further purpose, where necessary, by processing the data collected for the purposes mentioned above, deemed compatible with this (also due to the context in which the data have been collected, the nature of the data and the adequate guarantees for their treatment, as well as the link between the above purposes and this further purpose)
HOW WE KEEP YOUR PERSONAL DATA SECURE AND WHERE
The Foundation adopts adequate security measures in order to ensure the protection, security, integrity and accessibility of Users’ personal data. The appropriate security measures are aimed at preventing unauthorized access, disclosure, modification or destruction of personal data.
All personal data are stored on the Foundation’s protected IT devices (or paper copies suitably stored) or on those of our suppliers, and are accessible and usable according to our standards and security policies (or equivalent standards for our suppliers.).
TRANSFERS TO THIRD COUNTRIES
For the performance of some of the User’s personal data processing activities, the Foundation communicates the same to external parties located in countries that do not belong to the European Union (EU) or the European Economic Area (EEA) (hereinafter the “Third Countries “).
In particular, the Foundation communicates that personal data are transferred to the USA and the United Kingdom, Third Countries; the lawfulness of this transfer to the USA is, in any case, guaranteed through the instruments provided for by art. 46 of the GDPR, having signed the Standard Contractual Clauses approved by the European Commission (supplemented by additional technical / organizational / legal measures); while the lawfulness of the transfer to the United Kingdom is guaranteed due to the existence of an adequacy decision pursuant to art. 45 of the GDPR issued by the European Commission.
These external subjects will process personal data as independent data controllers or as data processors, duly appointed by the Foundation in accordance with the legislation on the protection of personal data (depending on the role they play in relation to the processing).
You can write to the Foundation at any time, using the contact details listed below, asking who are the subjects to whom the personal data are transmitted and to receive a copy of the guarantees adopted for the transfer.
HOW LONG WE KEEP PERSONAL DATA
We keep personal data only for the time necessary to achieve the purposes for which it was collected or for any other legitimate related purpose. Therefore, if personal data are processed for two different purposes, we will keep such data until the purpose with the longer term ceases. In any case, we will no longer process personal data for that purpose whose retention period has expired.
Personal data that are no longer necessary, or for which there is no longer a legal prerequisite for its conservation, are irreversibly anonymized (and thus can be stored) or destroyed in a secure manner.
The navigation data are not retained by the portal except for any need to ascertain crimes by the judicial authority.
The data processed in response to requests for information will be processed for the time necessary to process the request and for 6 months thereafter.
In the event that it is necessary to process the data for judicial purposes, these will be kept for the time in which any claims can be pursued by law.
WHO CAN ACCESS PERSONAL DATA
The personal data of the Users can be accessed by duly authorized employees of the Foundation, as well as possibly by external suppliers (including consultants), appointed, if necessary, as data processors who provide support for the provision of services and the execution of the acceleration program. of the VeniSIA project.
It is possible to contact the Foundation using the contact details indicated in the “Contacts” section if you wish to ask to be able to view the list of data processors and other subjects to whom the data is communicated.
RIGHTS REGARDING THE PROTECTION OF PERSONAL DATA
Each User has the right to obtain from the Foundation, subject to the existence of the legal condition underlying the request:
- access to personal data concerning him, as well as their correction;
- the cancellation of personal data;
- the correction of personal data held by the Foundation concerning Users;
- the withdrawal of consent in cases where the processing is based on consent
- the limitation of the processing of personal data concerning Users;
- the copy of the personal data provided by the Users to the Foundation, in a structured format, commonly used and readable by an automatic device (portability) and the transmission of such personal data to another data controller.
Right to object: Users have the right to object, in whole or in part, to the use of personal data processed by the Foundation, subject to the conditions envisaged by the legislation on the protection of personal data, for example in the event that the data personal data are processed for direct marketing purposes.
In the event that the User exercises any of the aforementioned rights, it will be the responsibility of the Foundation to verify that the same is entitled to exercise it and feedback will be given, as a rule, within one month.
In the event that the User considers that the processing of his personal data is in violation of the provisions of the applicable legislation on the protection of personal data, he has the right to lodge a complaint with the Guarantor for the protection of personal data, using the available references. on the website https://www.garanteprivacy.it/ , or to take the appropriate judicial offices.
The contact details of the Foundation, for questions and for the exercise of rights relating to the processing of personal data, and of the person responsible for the protection of personal data (DPO) are as follows: firstname.lastname@example.org and email@example.com
For further information on the VeniSIA project, please write to the following email address firstname.lastname@example.org
Last update: July 2021