• Home
  • Information notice on personal data processing through the “contact us” service of the website www.humantechnopole.it

Information notice on personal data processing through the “contact us” service of the website www.humantechnopole.it

 

Dear User,

to use the “Contact Us” service contained in the website www.humantechnopole.it, we invite you to read this information notice which describes the rules we apply for the processing of your personal data, pursuant to articles 12 and 13 of EU Regulation 2016/679 and subsequent amendments, also known as “General Data Protection Regulation” or more briefly as “GDPR”, relating to the protection of individuals with regard to the processing of personal data, as well as to the free circulation of such data.

 

  1. Identity and contact details of the Data Controller

The Data Controller for the personal data you provide is Fondazione Human Technopole (hereinafter also referred to as “HT”), based in Milan, Viale Rita Levi-Montalcini 1, 20157, Milan (MI), Italy, Tel. +39/02 30247001, e-mail: gdpr@fht.org.

 

  1. Data Protection Officer (DPO)

The HT Data Protection Officer can be contacted at the following e-mail address: dpo@fht.org.

 

  1. Purposes of the processing

Your personal data will be processed for the purpose of managing the information requests sent by you filling the online form in the “Contact Us” website area.

More in detail, the processing of personal data will take place for the following purposes and according to the legal basis set in point 4 of the present information notice:

  1. a) management of requests for information sent through the “Contact Us” online form in the “Contact Us” area of the website.

The voluntary, free and explicit sending of messages to the institutional contact addresses of HT (including private messages sent by users to institutional profiles/pages on social media, where this possibility is provided for) entails the acquisition of the sender’s contact data, necessary for replying, as well as all personal data included in the communications. Considering the above, the processing of personal data relating to such messages will be carried out in compliance with the provisions of the present information notice, as far as compatible.

Once your information request has been managed, the data you sent will be stored exclusively for precautionary purposes for the management of any related dispute/litigation and the protection of HT’s rights.

 

  1. Legal basis of the processing

For the purpose of point 3, letter a) of this information notice, the legal basis of the processing consists of article 6, paragraph 1, let. a) of the GDPR: “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”.

 

  1. Processing Methods. Nature of the data processed

Your data will be processed by computer and paper support, following the rules on protection of personal data, including those related to data security, thanks to the adoption of the adequate security measures pursuant to article 32 of the GDPR.

Within the purposes of the present information notice, the Data Controller intends to process solely data relating to you other than those encompassed in the special categories pursuant to article 9 of the GDPR and the data relating criminal convictions and offences pursuant to article 10 of the GDPR (collectively, “common personal data”) and, more in detail, the following: name, email address and other data included – under your responsibility – in your information request. The subsequent processing of personal data will be carried out by the Data Controller exclusively if permitted by and in compliance with the applicable regulations.

 

  1. Categories of recipients of personal data

For the purposes of the present information notice, your personal data shall be processed by the subjects appointed by HT as Data Processors for purposes strictly related to the to the purposes mentioned above.

Furthermore, upon a specific request, HT is deemed to communicate data to the Judicial Authority. The communication of personal data will be carried out on the basis of the obligations provided by law.

 

  1. Data Storage

Your personal data will be stored for the time strictly necessary to achieve the purposes set in point 3 of the present information notice.

In the event of current or potential dispute/litigation with a data subject or of a specific request by the competent authorities, personal data may be kept for as long as necessary for the protection of the same the interests of the Data Controller or compliance with the Authority’s request.

If your data will be processed in a country outside the European Economic Area (EEA), HT shall ensure the adoption of appropriate precautionary measures to grant that your personal data will be protected adequately and in compliance with the protection levels foreseen by the EU legislation, applying the appropriate safeguards pursuant to articles 44-50 of the GDPR.

 

  1. Rights of Data Subjects

You may exercise the rights pursuant to articles 13, paragraph 2 and articles 15, 16, 17, 18 and 20 of the GDPR at any time by contacting the Data Controller, at the contact address given in point 1 of this information notice.

In particular, as data subject, you can request:

– access to your personal data, pursuant to article 15 of the GDPR;

– correction (rectification) of your personal data, pursuant to article 16 of the GDPR;

– cancellation (erasure) of your personal data (“right to be forgotten”), pursuant to article 17 of the GDPR;

– restriction of personal data processing, pursuant to article 18 of the GDPR;

– the portability of your personal data, pursuant to the provisions of article 20 of the GDPR.

 

Furthermore, we inform you that you may oppose to the processing of data at any time, pursuant to article 21 of the GDPR, for legitimate reasons related to your specific situation. In this case, you may contact the Data Controller, at the contact address given in point 1 of this information.

In the aforementioned cases, when necessary, the Data Controller will inform the third parties to whom your personal data are communicated of any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 of the GDPR, except in specific cases (e.g., when this requirement proves impossible or involves a manifestly disproportionate effort if compared the protected right).

All requests received will be processed and answered according to what is currently required by the applicable regulations, also according to the effective existence of the requirements for their acceptance.

To manage the requests, it may be necessary to ascertain the identity of the applicant, as a security measure to prevent your personal data from being communicated to subjects not entitled to know them. For the same reasons, it is possible that, following a request, you may also be contacted to provide clarifications regarding the request itself.

In case of requests deemed to be manifestly unfounded or excessive, especially with regard to their repetitive character, the Data Controller (pursuant to Article 12, paragraph 5, letter a) of the GDPR) shall have the right to ask for a reasonable reimbursement of expenses, given the costs incurred for the requests’ management. Alternatively, in such cases the Data Controller may refuse to act on the request (pursuant to Article 12, paragraph 5, letter b) of the Regulation).

The Data Controller shall make every effort to answer the legitimate and well-founded requests within one month of their reception. Considering the complexity and number of requests, other than what stated hereinabove, the aforementioned term may be extended by two months.

In the cases in which the processing of your personal data is based on the explicit consent you gave, you have the right to revoke such consent at any time, without prejudice to the lawfulness of any processing previously performed.

 

  1. Complaint to the Supervisory Authority

We remind you that you have the right to submit a complaint to the Supervisory Authority (Garante per la protezione dei dati personali) pursuant to Article 77 of the GDPR, if you believe that your data processing infringes the provisions of the GDPR.

 

  1. Nature of the processing and obligation of providing data

Your personal data are necessary to manage and reply to requests of information sent by you. In light of the above, refusal to provide such data or to give your consent to the processing will make it impossible for HT to receive, manage and reply to your information request.

 

  1. Existence of automated decision-making processes in the data processing

It shall be specified that for the processing of the abovementioned data there is NO automated decision-making process, pursuant to article 22 of the GDPR.

 

Last update: December 2020