INFORMATION NOTICE PURSUANT TO ART.7 OF ITALIAN LEGISLATIVE DECREE 70/2003 AND EUROPEAN REGULATION 679/16 (GDPR)

Pursuant to art. 7 of Italian Legislative Decree 70/03 “Implementation of Directive 2000/31/EC, relevant to certain legal aspects of information society services in particular electronic commerce, in the Internal Market”, the following information is provided:

Name of service provider: CISM - International Centre for Mechanical Sciences (hereinafter, the “DATA CONTROLLER”)
Registered office: Palazzo del Torso | Piazza Garibaldi, 18 | 33100 Udine | Italy
Italian Tax Code/VAT No: 00401650304
Contacts: Ph: +39 0432 248511 | Fax: +39 0432 248550
Data Protection Officer (DPO): Law Firm lawyer Paolo Vicenzotto, Corso G. Garibaldi, 4-G - 33170 Pordenone (Italy), phone +39 0434 1856002 | e-mail: dpo@studiolegalevicenzotto.it

COPYRIGHT AND BRANDS
Texts, images and all other multimedia content on the website is the property of the DATA CONTROLLER or granted in use to the same. All other distinguishing marks used on the website belong to the respective owners or licensees.
No part of the website (including texts, images and all other multimedia content) can be reproduced or relayed without specific authorisation from the DATA CONTROLLER, unless it is for personal and non-transferable use. Any unauthorised use is expressly prohibited by the law.

INFORMATION NOTICE ON PROCESSING OF PERSONAL DATA - ART. 13 REG. 679/16
In compliance with the provisions of EU General Data Protection Regulation no. 679 of 2016, we intend to provide you with some information on how we gather and use your personal data on the basis of the activity carried out through this website:

Personal account creation - Course Registration and Participation - Website navigation
The personal data you entered in the user registration form, or the data collected automatically when you browse the site, are processed and managed using electronic, or in any case automated, tools for the following purposes:

  1. To create a personal account and to manage other aspects of navigation (see also the “Cookies Policy” section);
  2. To archive and backup your requests;
  3. To fulfill requests for registration and participation in courses provided by the Data Controller;
  4. To send you course materials (e.g. slides, articles, study materials, notes, etc.) Course materials may also be sent by course teachers/assistants;
  5. To contact you (by email or telephone) to provide information on the organization of courses you enroll on (timetable changes, classroom closures, logistical information, etc.);
  6. To send you information and communications, including after your course has ended, unless you expressly request otherwise. Materials are sent exclusively by email and relate to the topics covered on your course;
  7. To fulfill administrative and accounting requirements (issuing and recording invoices, etc.).

The legal basis of the above processing is art. 6 paragraph 1 (B) and (C) of the GDPR (performance of a contract or to take steps at the request of the data subject prior to entering into a contract).

The legal basis for the fulfillment of the purposes in point 6 above is art. 130 paragraph 4 of Italian Legislative Decree 196/03 which provides that, unless expressly requested otherwise by the data subject, the Data Controller may send, using both automated and non-automated tools, communications concerning "similar services" to those already accessed (by email). You may decide not to receive these communications by contacting the data controller or by carrying out the cancellation procedure specified at the bottom of each communication you receive (OPT - OUT).

The data will be kept for the entire period you are a registered user of the website/courses and, subsequently, to fulfill all legal obligations (max 10 years).

Distance learning
In addition to the above, the Data Controller wishes to inform you that if specific regulatory provisions prevent the carrying out of classroom and face-to-face training activities, they will be carried out remotely with the aid of specific web platforms (e.g. Microsoft Teams, Zoom, Blackboard ...). These platforms are not owned by the Data Controller and may, therefore, have different personal data processing policies. We encourage users to review the respective privacy policies and contact the platforms directly with any queries or requirements.
It is possible that lessons may be recorded and later used for different purposes falling within the legitimate interest of the Data Controller (e.g. publications, promotions, sales, etc.) Course participants will be informed when recording is about to start and are free to decide whether to disable their video camera and microphone to maintain anonymity. This anonymity may be lost if the participant asks specific questions or interacts with the teacher.

Regardless of how the courses are conducted, it is possible that “study groups” of individual course participants may be created, enabling increased scientific collaboration, an exchange of views on specific topics, etc. In this case, personal data of students (generally identity and contact data) is shared with the other participants in the group.
Study groups are created for the benefit of students and participation is entirely voluntary. Failure to participate has no consequences on, for example, enrollment on courses, materials made available, etc.

Subscribing to the Newsletter Service
Providing your email address when registering for the newsletter is optional; however, if you refuse to provide it, you will not be able to use the Service.
The personal data you entered are gathered and managed using electronic, or in any case automated, tools for the following purposes:

  1. to subscribe to the information newsletter and to receive information notices on the initiatives, courses, events and activities organized by CISM.

The legal basis of this processing is art. 6 paragraph 1 (A) of the GDPR (consent of the data subject).
The data will be kept for the entire period you are a registered user of the Service; cancellation will take place following completion of the procedure contained in each communication you receive or if you submit a specific request to the Data Controller.

Sending requests via the Contact form
The personal data you entered in the user registration form and the data collected automatically when you browse the site, are processed and managed using electronic, or in any case automated, tools to manage your request and to assist you.
To this end, we may contact you, via the specified channels, to provide you with answers and clarifications or to request further information.
Not all data are necessary to send the request, however a greater amount of information will help us assist you better.
In any case, those marked with an asterisk are required.
The legal basis of the processing is art. 6 paragraph 1 (B) - GDPR. The data sent will be kept, for statistical or backup purposes, for 12 months from the moment you send your request. Please do not send any “specific" data (e.g. relating to your health, sexual orientation, religious beliefs, etc.); otherwise, by sending the request, you consent to the processing of such data (art.9 paragraph 2 (A).

Regardless of the Services you use, we inform you that all the data collected will not be transferred to non-EU countries, except where an adequacy decision of the EU Commission exists such as to guarantee the respect and protection of personal data for the relevant countries, as required by Regulation 679/16.
Your data may be known by persons who are specifically appointed to the processing by the Data Controller, by technological partners of the Data Controller or by Insurance companies and/or consulting Firms in case of need.

THE DATA CONTROLLER IS CISM - International Centre for Mechanical Sciences
Palazzo del Torso | Piazza Garibaldi, 18 | 33100 Udine | Italy
Italian Tax Code/VAT No.: 00401650304
duly represented by the legal representative. The Data Controller has appointed a DPO. The DPO data are indicated in the section “Information pursuant art. 7 of D.LGS 70/2003 and of the European Regulation 679/16 (GDPR)”. You can contact the Data Controller or the DPO to assert the rights provided in articles 13, 15, 16, 17, 18, 20, 21, 77 of Reg. 679/16 which are reported below for your convenience.

1) Right to withdraw consent (art. 13): You have the right to withdraw your consent at any time for the data processing that has as its basis your consent. In particular, the withdrawal of consent is valid for processing carried out for the purpose of sending advertising, direct sales material or for carrying out market research or promotional communications, even if carried out pursuant to art. 130 subsection 4 of Italian Legislative Decree 196/03. Withdrawal of consent does not, however, prejudice the lawfulness of previous processing.
2) Right to access your data (art. 15): You can request the following information a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. You have the right to request a copy of your personal data processed.
3) Right to rectification (art. 16): You have the right to request the rectification of inaccurate personal data that concerns you and to obtain the completion of incomplete personal data.
4) Right to be forgotten (art. 17): You shall have the right to obtain from the data controller the erasure of personal data concerning you where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if you withdraw consent, where no legitimate grounds exist to carry out data profiling, if your personal data have been unlawfully processed, if a legal obligation exists to erase them; where the data are relevant to web services aimed at minors without consent. The erasure can take place unless the right to freedom of expression and information prevails, whether they are kept for the fulfilment of a legal obligation or for the performance of a task carried out in the public interest or in the exercise of public powers, for reasons of public interest in the health sector, for the purposes of archiving in the public interest, scientific or historical research or for statistical purposes or for the establishment, exercise or defence of a right in court.
5) Right to restriction of processing (art. 18): You have the right to obtain from the data controller restriction of processing when you have contested the accuracy of the personal data (for a period enabling the controller to verify the accuracy of the personal data) or if the processing is unlawful, they are required for the establishment, exercise or defence of legal claims.
6) Right to data portability (art. 20): You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller where the processing is based on consent, on a contract and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority and that such transmission does not adversely affect the rights and freedoms of others.
7) Right to contact the Supervisory Authority for the protection of your personal data.

We remind you that the exercise of the rights is subject to the limits, rules and procedures set forth in the aforementioned Regulation and that the data subject must know and implement. In compliance with the provisions of article 12 subsection 3, moreover, the Data Controller will provide the data subject with information concerning the action taken without undue delay and, in any case, no later than one month after receiving the request. This deadline may be extended by two months if necessary, taking into account the complexity and the number of requests. The Data Controller informs the data subject of such extension, and of the reasons for the delay, within one month from receipt of the request.

COOKIES POLICY
Our website, for a better functioning and to guarantee services provided by third parties, uses technical cookies.

Cookies issued by the Data Controller
Technical cookies are used for the sole purpose of transmitting a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service. They are not used for further purposes, and are installed during normal browsing on our web pages. They can be divided into browsing or session cookies, which guarantee normal browsing and use of the website (allowing to make a purchase or authenticate to access restricted areas); functional cookies, which allow the user to browse according to a series of selected criteria (i.e., language, products selected for purchase, etc.) in order to improve the service provided. For the installation of these cookies, the prior consent of users is not required, without prejudice, however, to provide the information notice herein pursuant to art. 13 of EU Regulation 679/16, on the subject of protection of personal data.

Third-party cookies for statistics or technical purposes
While browsing the website, the user may receive cookies on their terminal from other suppliers (so-called “third-party” cookies); this happens because there may be elements on the website visited that reside on servers other than the one on which the requested page is located.
The Data Controller uses third-party cookies only for technical purposes, i.e. cookies issued to statistically analyse access/visits to the website (so-called “analytics” cookies) or to allow the use of parts of codes issued by third-parties, which guarantee a better use of the service (authentication, administration pages, etc.)

Social media buttons
This website contains “social media buttons” displaying the relevant social network icons (e.g., Facebook and Twitter); by clicking on the them, users browsing the website can directly interact with the relevant social networks. Specifically, these are links to the Data Controller’s accounts on those social networks. The social media buttons allow the social network to which the icon refers to acquire data concerning your visit.
Thus, through the use of these buttons third-party cookies are installed, including possibly profiling cookies.
However, this website does not share any browsing information or user data, acquired while you browse the website, with the aforementioned social networks.
Below are the links where you can view the privacy policy governing the management of data by the Social networks referred to by the buttons:

To disable these cookies you can also use appropriate features and tools on your browser, or make use of the services rendered by the site http://www.youronlinechoices.com, managed by the European Interactive Digital Advertising Alliance (EDAA) which is a guide on behavioural advertising and online privacy and where you will find information on how behavioural advertising works and a lot of information on how to manage and disable cookies in addition to the steps to be followed to protect privacy on the internet.


The above information will not be transferred to non-EU countries and will be processed, for the purposes set out above, by internal representatives authorized by the Data Controller (adequately trained and made responsible for the content of the information processed).

The Data Controller is CISM, in the person of its legal representative.
The Data Controller has appointed a Data Protection Officer (DPO) who will be able to provide any further information on the processing: the name and contact details of the DPO and the forms for exercising the rights pursuant to articles 15 et seq. of the GDPR, are available at the web pages https://www.cism.it/en/about/privacy_statement/ (in English) and https://www.cism.it/informativa-sulla-privacy/ (in Italian)