Information on the processing of personal data
Pursuant to Article 13 and 14 of EU Regulation 2016/679 (hereinafter referred to as “GDPR“), Engineering Ingegneria Informatica S.p.A., a public company under Italian law, with registered office in Piazzale dell’Agricoltura, 24 – 00144 Rome, Italy, provides the following information on the processing of visitors’ (hereinafter, “User” and “Users”) personal data collected in the course of their use and navigation the internet site https://knowledgehub.eucip.eu (hereinafter referred to as the “Site“).
In this information sheet, we will explain the purposes and methods by which the Controller collects and processes your personal data, what data is processed, what rights the data subjects have and how these rights can be exercised.
The information is provided exclusively for this Site, and does not extend to other websites, even if reachable through links on the Site itself.
Users are invited to read this information before using the Site in any way.
1.Data controller and Data Protection Officer (DPO)
Pursuant to Article 4 of the GDPR, the data controller of the processing of personal data through the Site is Engineering Ingegneria Informatica S.p.A. (hereinafter, the “Controller”).
The Controller has appointed a Data Protection Officer (“DPO”), who can be reached at dpo.privacy@eng.it.
2.Categories of data processed
The Controller will collect and process the data and information necessary to ensure the full functionality of the Site and the fruition by Users of the services rendered on it, as follows.
a) Navigation data
During its normal operation, the Site acquires data which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified subjects, but, by its very nature, it could allow the identification of users through processing and association with information held by third parties.
This category of information includes the IP addresses or domain names of the devices used by users who connect to the Site, the Uniform Resource Identifier notation addresses of the resources requested, the time of request, the method used to submit the request to the server, the numerical code indicating the status of the response given by the server (“successful”, “error”, etc.) and other parameters relating to the user’s operating system and computer environment.
This data is used for the sole purpose of obtaining anonymous information on the use of the Site and to check its correct functioning and is deleted immediately after processing. By way of exception, the data in question could also be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Site.
For further details on how the Site processes this information through cookie technology and other similar tools, please see the Cookie Policy below.
b) Data required for the creation and use of personal profiles on the Site
Through the appropriate form, Users can create their own personal profile on the Site. For this purpose, the following information is required to properly identify and authenticate the User: email address, first name, surname, and country of origin of the User. The User’s login to the reserved area will then only be possible by entering the login credentials, i.e. username/email and password. This data is necessary to enable the User’s registration and the creation of their profile, as per their request. In the event of failure to provide it, therefore, the Controller will be unable to fulfil the User’s request in whole or in part.
At their absolute discretion, Users may also populate their personal profile with additional, absolutely optional elements and information: profile picture, documents and texts (e.g. personal noticeboard posts, or reference of authors in published documents) and other media that may contain information that, alone or combined with others, may qualify as personal data – or special categories of personal data – within the meaning of the GDPR (including the User’s network of friends and his participation in specific thematic groups on the Site). The provision of such further data is completely optional and at the discretion of the individual User, who remains free to delete or change such information at any time without any hindrance.
c) Data required for filling in specific forms on the Site
The Site features a general contact form, which Users may fill in to submit specific requests to the Controller. The data required by this form are name and surname, telephone number and email address. In the appropriate text field, moreover, Users are free to enter any kind of information concerning the request. Depending on the specific request, it may be necessary to provide some additional information, such as the sector of interest, geographical location or information about the company the User belongs to.
In order to provide support for innovators, the site also offers a special ‘innovation form‘. The data required to complete the form are company name, email address, website, name and surname of the User, phone number and relevant industry sector.
Please note that any personal data communicated by Users through the forms or other messages that is not necessary for the purposes of the relevant request is to be considered freely and independently disclosed by the Users themselves and, in accordance with the general principle of data minimisation, will be immediately deleted and not retained by the Controller.
3.Purpose of processing and legal basis
Your data are collected and processed by the Controller, in compliance with the current regulatory framework, to use the functions and services offered through the Site.
Accordingly, the processing of your personal data is carried out on the legal basis of the performance of a contract to which the data subject is party, pursuant to art. 6(1)(b) of the GDPR.
Your personal data will be also processed for complying with legal obligations to which the Controller is subject (art. 6(1)(c) of the GDPR), also following orders from the competent authorities.
Moreover, your personal data may be processed for the prevention of potential unlawful activities through the Site and for the protection of the Controller’s rights in case of disputes. Where it occurs, such processing will be based on the pursuit of the legitimate interest of the Controller, only to the extent that this interest overrides the fundamental rights and freedoms of the data subject, pursuant to art. 6(1)(f) of the GDPR.
4.Recipients of personal data
Your personal data may be shared with natural or legal persons expressly authorized to process such data pursuant to Articles 28 and 29 of the GDPR, or with public authorities if it is mandatory to communicate such data by virtue of specific legal provisions or orders of the authorities.
5.Data transfers outside the European Economic Area
For the purposes described above, the Controller generally will not transfer your personal data outside the European Union / European Economic Area.
With regard to personal data collected through cookie technology, as further described in the dedicated policy below, the Controller utilizes Google Analytics. Google operates data centres worldwide, and to maximize the speed and reliability of its services, its infrastructure is typically configured to handle traffic from the data centre closest to where the traffic originates. Nevertheless, whenever the transfer – even if only temporary – of personal data of Users becomes necessary, it is always carried out with the adoption of every appropriate safeguard and in compliance with the GDPR. In particular, where necessary, Google relies on adequacy decisions adopted by the European Commission and/or the conclusion of appropriate Standard Contractual Clauses according to the model introduced by the Commission itself. For more information on this matter, you can consult the following page: https://business.safety.google/adsdatatransfers/?sjid=6181147971555837262-EU.
6.Period of data retention
Your personal data will be kept for the time strictly necessary to pursue the purposes for which it was collected and for a maximum period of _____________[ALE1] years after its collection.
This is without prejudice, in any case, to the Controller’s right to further retain your personal data in accordance with the provisions of the applicable legislation and/or for defense needs in case of litigation, according to the maximum term provided for by the laws governing said litigation. More information on data retention periods and criteria is available from the Controller.
7.Rights of the data subject
Under the GDPR, you have the right to access the data concerning you at any time. In addition, by accessing such data you can request that they be corrected and/or updated and, under certain circumstances, that their processing be erased or restricted. You can also request the portability of data concerning you to another data controller.
If you would like to exercise your rights, please write to dpo.privacy@eng.it.
You also have the right to submit reports or lodge complaints to the relevant independent supervisory authority. The Italian Data Protection Authority is the Garante per la Protezione dei Dati Personali, (protocollo@gpdp.it – +39 06.696771 – https://garanteprivacy.it/web/guest/home).