Privacy

For users of the Informest website, all information regarding the methods of processing personal data is available and can be consulted on the Personal Data page, in accordance with Regulation (EU) 2016/679.

Through the website, Informest (hereinafter referred to as the “Organization”) collects – as the data controller – the personal data of users, acquired and processed in accordance with Regulation (EU) 2016/679 General Data Protection Regulation (hereinafter also “GDPR”) and Legislative Decree 30 June 2003, No. 196 “Code regarding the protection of personal data” as amended by Legislative Decree 10 August 2018, No. 101. The aforementioned legislation first of all requires that those who process personal data must inform the data subject about which data is being processed and the qualifying elements of the specific processing, which, in any case, must take place according to the principles of lawfulness, fairness, and transparency, in the protection of your rights and your privacy. Therefore, we provide the following information.

Data Controller and Data Protection Officer

The data controller is Informest, C.F. 00482060316, with headquarters at Via Cadorna 36 – 34170 Gorizia. The contact details of the controller are as follows: Tel. (+39) 0481 597411; E-mail: informest@informest.it; PEC: informest@pec.informest.it. As of today, any further information regarding the controller can be requested from the same upon explicit and motivated request. The Data Protection Officer, appointed by the controller pursuant to Art. 37 of the GDPR, can be contacted by writing to his attention at the controller’s contact details, or at the email address rpd@informest.it.

Purpose of Processing and Legal Basis

The processing of your personal data is aimed at managing activities related to the web platform called AFM – Application Form Manager owned by the controller, such as, by way of example but not limited to: managing registrations to the platform and login procedures, coordinating the processes of acquiring and managing uploaded documentation, fulfilling the obligations and practices provided for by current legislation as well as other legal and contractual obligations related to strategic projects, managing other administrative, managerial, organizational obligations that are functional to the proper functioning of the platform. The processing activities of your personal data for these purposes, therefore, are necessary for the execution of a contract to which the data subject is a party, or for the execution of pre-contractual measures adopted at the request of the same, pursuant to Art. 6, para. 1, letter b) of the GDPR.

The data may also be processed by the controller to comply with any obligations provided for by laws and regulations, as well as by community legislation or provisions dictated by public authorities. The legal basis for processing for these purposes will be the necessity to comply with a legal obligation to which the controller is subject, pursuant to Art. 6, para. 1, letter c) of the GDPR.

Pursuant to Art. 22, para. 1, of the GDPR, in none of the above cases will your personal data be subjected to decision-making processes based solely on automated processing, including profiling, as defined in Art. 4, para. 4, of the aforementioned GDPR.

Categories of Recipients of Personal Data

Without prejudice to communications made by the controller in compliance with legal obligations, all data collected and processed may be handled, exclusively for the purposes specified above, by the following categories of subjects:

  • employees and collaborators of the Organization, including technical staff to whom the data may be communicated in order to ensure the regular achievement of the above purposes; these subjects are expressly authorized pursuant to Art. 2-quaterdecies of Legislative Decree 196/03 as amended by Legislative Decree 101/18, and will also receive explicit instructions from the controller pursuant to Art. 29 of the GDPR regarding the methods of processing your data and the confidentiality obligations incumbent upon them;
  • third parties, identified as processors pursuant to Art. 28 of the GDPR, with whom the controller has entered into specific agreements governing the processing activities of your data and confidentiality obligations, also providing specific written instructions regarding the methods of processing the data. By way of example but not limited to, this category includes members of the commission tasked with evaluating the received documentation, as well as suppliers and collaborators used by the controller for managing the obligations provided for by current legislation, as well as for the technical and administrative support necessary for the activities connected and instrumental to achieving the above purposes.

The complete and updated list of recipient subjects can be consulted upon explicit and motivated request to the controller. Except for any cases provided for by legal provisions, within the scope of the above purposes, your personal data will not be disseminated in any way.

Methods and Place of Data Processing

Your personal data may be processed and stored on company or third-party servers located within the European Union. The processing is carried out in such a way as to minimize the risk of destruction or loss, unauthorized access, and any other processing that exceeds or does not comply with the above purposes, by implementing appropriate technical and organizational measures to ensure a level of security appropriate to the risk (Art. 32 of Regulation (EU) 2016/679). The controller does not transfer personal data to third countries or international organizations, reserving the right to use cloud services, subject to compliance with Art. 44 of the GDPR “General principle for transfer,” and in general with the provisions of Chapter V of the same Regulation.

Data Retention Period

The data will be stored and archived, as described above, for the time strictly necessary to achieve the above purposes, without prejudice to any specific obligations that by their nature are intended to remain according to current legislation and as described in the controller’s Records of Processing Activities. In particular, the documents uploaded to the platform are kept by the data controller for a maximum period of 10 years, and as provided for by current legislation. Further requests for information regarding the data retention period can be submitted to the data controller upon explicit and motivated request.

Rights of the Data Subject

As data subjects, you may exercise, subject to preliminary evaluation and verification of their applicability, the rights provided for in Articles 15 to 22 of Regulation (EU) 2016/679. In particular, pursuant to these articles, the data subject may exercise:

  • right of access (Art. 15): the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed and, if so, access to the personal data;
  • right to rectification or integration (Art. 16): the right to obtain from the data controller the rectification and/or integration of inaccurate or incomplete personal data concerning them without undue delay;
  • right to erasure (“right to be forgotten”, Art. 17): the right to obtain from the data controller the erasure of personal data concerning them without undue delay;
  • right to restriction of processing (Art. 18): the right to obtain from the data controller the restriction of processing;
  • right to notification in case of rectification or erasure of data or restriction of processing (Art. 19);
  • right to data portability (Art. 20): the right of the data subject to receive in a structured, commonly used, and machine-readable format the personal data concerning them provided to the data controller, as well as the right to transmit such data to another data controller without hindrance from the data controller to whom they have provided it;
  • right to object (Art. 21): the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them pursuant to Art. 6, para. 1, letters e) or f), including profiling based on those provisions; in such cases, the data controller shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims;
  • right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them (Art. 22).

You may exercise the above rights at any time by contacting the data controller and their data protection officer at the contact details provided in this notice. The data controller undertakes to inform the data subject of any changes that may be necessary in the processing of personal data carried out for the purposes described above.

Pursuant to Art. 77 of Regulation (EU) 2016/679 and without prejudice to any other administrative or judicial remedy, if you believe that the processing concerning you violates the Regulation, you also have the right to lodge a complaint with the Data Protection Authority according to the procedures described on the institutional website https://www.gpdp.it.

Information on Data Processing

Models for Exercising Rights

Data Breach Reporting

Translation generated by AI from the original text in Italian.

Search the site