DATA CONTROLLER
The Data Controller is the National Institute of Oceanography and Applied Geophysics - OGS (hereinafter also "OGS" or "Data Controller"), located in Borgo Grotta Gigante 42/c - 34010 Sgonico (TS).
In order to exercise the rights recognized by the REGULATION (EU) 2016/679 (hereinafter "GDPR" or "Regulation") or to ask for any clarification regarding the processing of personal data, the Data Controller can be contacted at the following address: privacy@ogs.it.
The Data Controller has appointed a Data Protection Officer, who can be reached at the following address: dpo@ogs.it.
PURPOSES OF THE PROCESSING
The Data Controller will process the personal data, given by the data subject on a voluntary basis, for a number of purposes:
-
Allow participation in the training course, including all related or instrumental activities, functionally linked to the operations of the Data Controller or to the protection of its rights. We consider connected and instrumental to such activities, for example: the selection of participants; the organization and delivery of activities (conferences, presentations, exercises, tutorials, etc.), also using e-learning platforms; the management of logistical aspects (travel arrangements, including the procedure for applying for a visa for Italy; food and accommodation; etc.); the recording of courses and other activities (also for later viewing); the activity of reporting; the elaboration of statistics or other analysis; the sharing of contents with possible partners of the project;
-
Fulfill tax and accounting obligations;
-
Send information and promotional communications on services or initiatives of OGS and/or its partners by means of:
-
traditional methods of contact, such as paper mail and telephone calls;
-
automated methods of contact: e-mail, SMS (Short Message Service), instant messaging systems.
-
Enable participation in the Community “Blue Skills Network - OGS Sustainable Blue Economy” and/or in other networks (the interested party will receive an email with an invitation link to join the Community's Facebook group, and will continue to receive informational newsletters on events, news and opportunities).
LEGAL BASIS FOR THE PROCESSING
-
Performance of a contract and/or implementation of pre-contractual measures: purpose N.1;
-
Performance of a task carried out in the public interest for which the Data Controller is responsible: purpose N.1;
-
Performance of a legal obligation to which the Controller is subject: purpose N.2;
-
The consent of the data subject: purposes N.3 and N.4.
PROVISION OF DATA AND CONSEQUENCES IN CASE OF REFUSAL TO PROVIDE DATA
Failure to provide data or consent will make it impossible to participate in the training course, attend the lessons that are recorded, receive information on promotional and institutional events of OGS (purpose N.3), become a member of the Community "Blue Skills Network - OGS Sustainable Blue Economy" (purpose N.4).
CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA
As far as the OGS is concerned, only persons who have been authorized to process personal data and persons who, processing data on behalf of the Data Controller, have been identified as Data Processors may access personal data. These subjects are bound to secrecy and confidentiality also on the basis of specific internal rules.
The data may be communicated:
a) to other public or private entities, in the cases provided for by law and regulations;
b) hotels and other accommodation facilities, for the management of the stay;
c) agencies, tour operators, etc., for the management of the trip and travel;
d) other public or private entities for the organization of field trips;
e) any Partners involved in the organization of the Summer School.
Depending on the choice of the person concerned, the data may be shared with other Master's students and/or disclosed (purpose N.4).
This is without prejudice, in any case, to the communication or dissemination of data required, in accordance with the law, by the Public Safety Authority, the Judicial Authority or other public entities for purposes of defense, state security and crime detection, as well as the communication to the Judicial Authority in compliance with legal obligations, in the event of a crime.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Finally, the personal data of the interested parties may be transferred to third countries with the publication of the event recordings on the communication channels of the Data Controller, on the basis of the provisions of Article 49(1)(d) of the GDPR.
DATA STORAGE CRITERIA
Personal data are processed for the period of time that is necessary to achieve the purposes for which they were collected or for any other legitimate related purposes. Therefore, if personal data are processed for different purposes, they will be kept until the purpose with the longest retention period has expired; however, data collected for purposes for which the retention period has expired will no longer be processed.
In particular, personal data will be kept for a period identified according to criteria of strict necessity in view of the different aims pursued and, in any case, in compliance with the current legislation on the protection of personal data and following the rationale to protect the rights of the Data Controller.
In particular, the images and audio-video recordings of the event/initiative may be kept for the purpose of archiving and documenting the activities carried out by the Data Controller.
In the event that any information is the subject of a dispute and/or is necessary for the exercise of legal claims, it may be kept even beyond the above limits.
RIGHTS OF THE DATA SUBJECT
The Data Controller informs you that the Data Subject has the right to request:
-
access to personal data and information (Art. 15 of the GDPR);
-
rectification or erasure of the same (Articles 16 and 17 of the GDPR);
-
restriction of the processing of personal data (art. 18 of the GDPR).
Finally, the Data Subject has the right to:
-
object to the processing of personal data under the conditions and within the limits set out in Article 21 of the GDPR;
-
exercise the right to data portability (Art. 20 GDPR).
With regard to processing operations based on consent (within the meaning of Articles 6(1)(a) and 9(2)(a) of the GDPR), we inform you that the Data Subject has the right to withdraw such consent at any time (without undermining the lawfulness of the processing based on the consent given before the withdrawal).
Finally, please note that if the Data Subject considers that the processing of his or her data is in breach of the Regulation, he or she has the right to lodge a complaint with a supervisory authority (Data Protection Authority or any other competent authority) pursuant to Article 77 et seq. of the GDPR.