In accordance with Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR), in this privacy notice APRE explains how the personal data collected by APRE are processed, in compliance with the GDPR and other relevant data protection legislation.
1. Data controller
The Data Controller is APRE which can be traceable to this contact details: phone number: +39 06 48939993; address: Via Cavour 71, 00184 (ROME) Italy; or through the APRE’s Privacy Officer e-mail address: privacy@apre.
2. What data do we collect?
APRE collects the following kind of data: personal data, i.e. First and Last Name, Email Address, Organisation, Function, Country.
3. Purpose of the processing:
The Data Controller processes the personal data provided by you:
a)
Your explicit consent is mandatory, for the following purposes:
Consortium Agreement activities (i.e. reporting about the results of the workshop to the European Commission);
to fulfil the obligations imposed by law or by an order of the competent Authority;
to exercise the Controller’s rights, such as the right of defense in a lawsuit.
b)
Only with your prior consent, for the following p purposes:
Registration to the workshop,
Preparation of the workshop’s participant list,
Preparation of the promotional materials related to the workshop and its results, to be disseminated on the SecureGas website and social media, as well as through communication channels of the members to the SecureGas consortium.
4. How do we process your data?
APRE processes the data according to the principles of lawfulness, fairness and transparency. Your personal data are processed by means of the following operations: collection, recording, organization, structuring, storage, consultation, adaptation or alteration, use, dissemination, disclosure by transmission, retrieval, alignment or combination, restriction, erasure or destruction of the data. Your personal details are subjected to both hard-copy and electronic processing.
APRE processes the data for the time necessary to carry out the purposes indicated above and, in any case, for not more than 5 years from the end of the SecureGas project.
Should the Controller have a documented need to store the data for a period longer than 5 years (e.g. if erasure could compromise its legitimate right to defense or in general, to safeguard its company assets), such further storage shall take place, limiting access to said data to the head of the legal department only, in order to guarantee the legitimate exercising of the right of defense of the Controller.
5. Who has access to the data?
The data may be processed by internal personnel, or data processor (GDPR art. 28), or the person duly authorized to process (GDPR art. 29).
The data may be processed also by the affiliate companies or subsidiaries of APRE within the Consortium Agreement, in Italy or abroad. To the extent to which this is necessary for processing and in conformity to the Controller to Controller agreement.
6. Who are the recipients to the data?
Your data may be made accessible for the purposes indicated above to the following recipients:
-
companies or other third entities (credit institutions, professional firms, consultants, insurance companies for providing insurance services, auditing companies, supervisory institutions, etc.) who carry out activities on an outsourcing basis, on the Controller’s behalf;
-
public entities, for fulfilling legal obligations,
-
SecureGas consortium members.
Without requiring your explicit consent, the Controller may communicate your data for the purposes indicated in part 2.a of this Notice to supervisory bodies, judicial authorities, insurance companies for providing insurance services, as well as to entities to which communication is mandatory in terms of the law, for carrying out said purposes.
7. How are the data transfered?
Personal data are stored on servers located within the European Union. In any case, it is understood that, should this be necessary, the Controller will have the right to move the servers even outside the EU. In such a case, the Controller hereby guarantees that transfers of data outside the EU will be done in accordance with the applicable laws, also by means of including standard contractual clauses provided for by the European Commission.
8. What are your data protection rights?
In accordance with GDPR, as the data subject, you have the right to:
I.
obtain confirmation of whether or not your personal data is processed or not, as well as to obtain a copy of said data;
II.
obtain an indication of: a) the source of the personal data; b) the purposes and means of processing; c) the logic involved in the case of processing done with the help of electronic instruments; d) the identity and the contact details of the controller, controller’s representatives, processors and the privacy officer; e) the recipients or categories of recipients to which the personal data can be communicated, or who can come to know the same as the designated representative within the territory of the State, processors, or employees who carry out processing;
III.
obtain: a) updating, rectification, or completion of the data; b) erasure, transformation into an anonymous form or blocking of data processed in violation of laws; c) certification that the operations referred to in letters a) and b) have been made known, also in relation to their content, to those to whom the data have been communicated or disclosed by transmission, unless this is impossible or involves a disproportionate effort; d) a structured format, from the Controller, commonly used and provided in an intelligible and easily accessible form with the personal data related to you, and, where technically feasible, to obtain transmission of said data directly from one controller to another;
IV.
object to: a) processing of your personal data, even if pertinent to the purpose for which they were collected. b) processing of your personal data for the purposes of sending advertising or direct sales materials, or for carrying out market research or commercial communication, using automated telephone calling systems without an operator, by e-mail and or by means of traditional telephone and/or hard copy postal marketing methods. Such right of object may also be exercised only in part, thereby allowing the data subjects to choose whether to receive only communications using traditional means or only automated communications, or neither of the two types of communication.
V.
Therefore, in your capacity as Data Subject, you have the rights pursuant to Arts. 15 – 21 of GDPR, as well as the right to lodge a complaint with the competent Authority pursuant to art 77 of GDPR.
9. How can you exercise your rights?
If you wish to exercise any of the rights above, contact: Renato Fa (APRE’s Privacy Officer) at privacy@apre.
For further information, please contact: Karolina Jurkiewicz at
jurkiewicz@apre.it.
You have the right to lodge a complaint to the Autorità Garante Privacy if you decide that the processing of your personal data violates the regulations of the General Regulation.