Privacy Statement

PRIVACY POLICY
(Art. 13 European Regulation 679/16 (GDPR)

The following information is provided by CISM in accordance with Regulation 679/2016 (GDPR) on the protection of personal data in order to provide you with some information regarding the collection and use of your personal data within the scope of the activities carried out by CISM.

Name of the data controller:
The data controller is: CISM - International Centre for Mechanical Sciences (hereinafter also referred to as the "OWNER"
with registered office at: Palazzo del Torso | Piazza Garibaldi, 18 | 33100 Udine | Italy
Italian Tax Code/VAT No: 00401650304
Contacts: Ph: +39 0432 248511 | Fax: +39 0432 248550

Data Protection Officer (DPO):
The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the following email:
dpo@studiolegalevicenzotto.it

COPYRIGHT AND TRADEMARKS
Every text, image, and any other form of multimedia content present on the following website is the exclusive property of the OWNER or is used by them under a specific license. All other trademarks used within the website belong to their respective owners or licensors. According to the copyright law (L. 633/1941 as subsequently amended), no part of this website, including texts, images, and any other multimedia content, may be reproduced or transmitted without the explicit written permission of the Owner, except where otherwise permitted by law. Unauthorized use constitutes a violation of copyright and is subject to penalties under the current law.

Below we provide specific information on the processing of personal data carried out within the scope of the Services and activities organized by CISM:

1. WEBSITE BROWSING INFORMATION AND COOKIE POLICY
During navigation on this website, log files are used to store information collected automatically during user visits. These are details not gathered to be associated with identified individuals, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data may include:

IP addresses or domain names of the computers used by users connecting to the site,
URI (Uniform Resource Identifier) addresses of requested resources,
the time of access to the site,
the method used to submit the request to the server, the size of the file obtained in response
the numerical code indicating the status of the response given by the server (successful, error, etc.)
and other parameters related to the user's operating system and computer environment.

This data is used solely to obtain anonymous statistical information about the use of the site and to monitor its correct functioning; in any case, it will be stored for the time necessary to carry out these activities and for a period not exceeding 12 months.

COOKIE POLICY
This website, for optimal functioning and to ensure services provided by third parties, uses cookies issued by the OWNER or third parties for statistical or technical purposes

For the installation of such cookies, the prior consent of users is not required, while the obligation to provide this information remains in force.

What are cookies?
Cookies are small text files that websites visited by users send to the devices used for browsing (computers, smartphones, tablets, smart TVs, etc.) to be stored and then retransmitted to the same sites during subsequent visits. Cookies simplify and speed up access to websites by users, as they store certain information about them that does not need to be retrieved and processed by the devices after the first access. Cookies also simplify the use of some web services: in fact, they can, for example, be used to track items in an online shopping cart or information used for filling out a computer form.

Cookies issued by the Owner
The cookies issued by the OWNER while browsing this website are "technical" and are those used solely for "the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide that service" (cf. Art. 122, paragraph 1, of the Code). They are not used for further purposes and are installed during normal browsing on our pages. They can be divided into navigation or session cookies, which ensure the normal navigation and use of the website (allowing you to make a purchase or authenticate to access reserved areas); functionality cookies, which allow the user to browse based on a series of selected criteria (for example, language, products selected for purchase, etc.) in order to improve the service provided to them.

Third-party cookies for statistical or technical purposes
During navigation on the website, the user may also receive cookies from different providers (so-called "third-party cookies"); this happens because elements residing on servers different from the one on which the requested page is located may be present on the visited website. The Owner uses third-party cookies only for technical purposes, such as cookies issued to statistically analyze access/visits to the website (so-called "analytics cookies") or to allow the use of code parts released by third parties, ensuring a better use of the service (authentications, administration pages, etc.).

At any time, the user can check, through the appropriate banner, the own and third-party cookies currently present on the website and eventually modify the choices made.

Social Buttons
Within the website, there are special "buttons" depicting icons of social networks (for example, Facebook and Twitter) that allow users to interact with a "click" directly with the social networks while browsing. Specifically, these links redirect to the Owner's accounts on the depicted social networks.
Social buttons allow the social network associated with the icon to collect data related to the visit. Through the use of these buttons, third-party cookies may be installed, potentially including profiling cookies. However, this website does not share any browsing information or user data acquired through browsing with the aforementioned social networks.
Below are the links where the user can review the privacy policy related to data management by the social networks to which the buttons redirect:

Facebook: full disclosure and opt-out options are available on the following website
https://it-it.facebook.com/help/cookies/
X: full disclosure and opt-out options are available on the following website
https://help.twitter.com/it/rules-and-policies/x-cookies
YouTube: full disclosure and opt-out options are available on the following website
https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=it&visit_id=1-636627534857459920-3846949566&rd=1

To disable these cookies, you can also use suitable features and tools on your Browser, or take advantage of the services provided by the website www.youronlinechoices.com/ managed by the European Interactive Digital Advertising Alliance (EDAA), which serves as a guide on behavioral advertising and online privacy. Here, you will find information on how behavioral advertising works and many details on how to manage and disable cookies, as well as steps to follow to protect privacy online

2. SPECIFIC INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA pursuant to Article 13 of Regulation 679/2016 (GDPR) - Personal Account Creation and Enrollment in Educational Activities
Dear User,
The data required for creating a personal account and enrolling in educational activities on the CISM website will be processed as follows:

Purposes for which processing does not require your consent

Creation of the personal account to enroll and participate in the training courses organized by CISM (Data Controller)
To receive organizational and/or technical communications regarding the courses you will attend, to your personal account and to the website (for example: information about the website status, password recovery emails, changes to class schedules, classroom closures, logistical information, etc.)
Creation of "study groups" composed of participants from individual courses with the aim of increasing scientific collaboration, discussing specific topics, etc. In this case, the personal data of students (generally identifying and contact information) will be shared with other participants in the group. The study group is made for the benefit of the students and participation is entirely voluntary. If you do not wish to be part of such study groups, it will be sufficient to inform the Owner by writing to the email: cism@cism.it.
Non-participation will have no consequences, for example, on course registration, materials provided, etc.

Legal basis for processing listed above (ref. provisions of EU Regulation 679/2016 - GDPR): "Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract" (Art. 6(1)(b));

Purpose for which processing does not require your consent

To fulfill administrative and accounting purposes (issuance and recording of invoices, etc.)

Legal basis for processing listed above (ref. provisions of EU Regulation 679/2016 - GDPR): "Processing is necessary for compliance with a legal obligation to which the controller is subject" (Art. 6 (1)(c));

Purpose for which processing does not require your consent

Unless you expressly object by contacting us at the email address: cism@cism.it, in the future we may use your email contact to send you informational material and communications regarding courses and services similar to those you have used. At any time, you may decide not to receive such communications by contacting the Owner or by following the unsubscribe procedure indicated at the bottom of each communication received (OPT - OUT).

Legal basis for processing listed above (ref. provisions of EU Regulation 679/2016 - GDPR): "Without prejudice to what is provided in paragraph 1, if the data controller uses, for the purpose of direct marketing of its own products or services, the electronic contact details provided by the data subject in the context of the sale of a product or service, it may not require the data subject's consent, provided that it concerns services similar to those subject to the sale and the data subject, adequately informed, does not refuse such use, initially or on subsequent occasions. At the time of collection and upon sending each communication carried out for the purposes referred to in this paragraph, the data subject is informed of the possibility of objecting at any time to the processing, easily and free of charge.." (Article 130, paragraph 4, Legislative Decree no. 196/2003);

Optional purposes, for which separate consent is required

It is possible that during the educational activities, for the purpose of promoting the services and activities carried out by CISM, audio-video recordings may be made, which may also be shared on the Owner's institutional website or social media profiles. At the time of creating an account, you may freely decide whether to consent to such activity.

Legal basis for processing listed above (ref. provisions of EU Regulation 679/2016 - GDPR): "The data subject has given consent to the processing of his or her personal data for one or more specific purposes" (Art. 6 (1)(a));

Retention period of personal data

The data processed for the above-mentioned purposes will be retained for the entire duration of the educational activities and, subsequently, to fulfill the legal obligations prescribed (maximum of 10 years from the termination of the relationship).
With regard to the audiovisual material possibly recorded during the educational activities, once the purposes are fulfilled, it will be deleted and removed (maximum of 2 years from the end of the course).

Courses conducted "remotely"
In addition to the above, the Owner informs that, if specific regulatory provisions prevent the conduct of classroom-based training activities, they will be conducted "remotely" through the use of specific web platforms (e.g., Microsoft Teams, Zoom, Blackboard...). These platforms are not owned by the Owner and, therefore, may have different policies regarding the processing of personal data. Users are encouraged to review the respective privacy policies and contact the platforms directly in case of doubts or needs. It is possible that the lessons of the courses will be recorded and subsequently used for different purposes but falling within the legitimate interests of the Data Controller (e.g., publication, promotion, sale, etc.). Course participants will be given specific notice informing them of the start of the recording; they may freely choose to deactivate their camera and microphone to avoid being identified. Non-identifiability may be lost if the participant asks specific questions or engages in discussion with the instructor.
For these courses as well, the creation of "study groups" composed of participants from individual courses is envisaged with the aim of increasing scientific collaboration, discussing specific topics, etc. In this case, the personal data of students (generally identifying and contact information) will be shared with other participants in the group. The study group is made for the benefit of the students and participation is entirely voluntary. If you do not wish to be part of such study groups, it will be sufficient to inform the Data Controller by writing to the email: cism@cism.it. Non-participation will have no consequences, for example, on course registration, materials provided, etc.

3. SPECIFIC INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA pursuant to Article 13 of Regulation 679/2016 (GDPR) - Newsletter Subscription Service
Dear User,
the data requested for the subscription to the CISM newsletter service will be processed as follows:

Purpose of the processing

Subscribe to the newsletter and receive informational communications about the initiatives, courses, events, and activities organized by CISM.

Retention period of personal data
The data will be kept for the entire duration of the subscription to the Service; deletion will occur following the completion of the procedure contained in each communication received.

4. SPECIFIC INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA pursuant to Article 13 of Regulation 679/2016 (GDPR) – Contact and Information Request Form
Dear User,
The following information aims to inform you about the processing of personal data you provide within the dedicated Contact form of CISM. Not all data are necessary to submit the request; however, providing more information will allow us to offer better assistance. In any case, those marked with an asterisk (*) are required

Purpose of the processing

Take care of your request and provide assistance by contacting you through the indicated channels, to provide you with answers and clarifications or to ask for further information.

We kindly ask you not to transmit any "special" data (e.g., related to your health status, sexual orientation, religious beliefs, etc.); otherwise, by sending the request, you provide consent for the processing of such data in accordance with letter A of paragraph 2 of Article 9 of the GDPR, or "the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject".

Retention period of personal data
The data sent may be stored for the time necessary to fulfill your request.
For the activities and treatments described in the preceding points 2-3-4, it is specified that the provided data will not be disclosed to third parties but may be processed, solely for the operation of the services and activities carried out by CISM, by IT companies, platforms, and web services, xxx. In any case, the Data Controller will never transfer the data provided and/or acquired by users using the CISM website to countries outside the EU.

EXERCISE OF RIGHTS REGARDING PERSONAL DATA PROTECTION
We inform you about the existence of certain rights regarding the protection of personal data, listed below, and how to exercise them against the Owner:

Right to withdraw consent (Article 13 paragraph II letter C and Article 9 paragraph II letter A)
Description: You have the right to withdraw consent for the processing for which it is required.
Right to access data (Article 15)
Description: You may request: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling referred to in Article 22, paragraphs 1 and 4, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. You have the right to request a copy of the personal data undergoing processing.
Right to rectification (Article 16)
Description: You have the right to request the rectification of inaccurate personal data concerning you and to obtain the completion of incomplete personal data)
Right to be forgotten (Article 17)
Description: You have the right to obtain from the data controller the erasure of personal data concerning you if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if you withdraw consent, if there is no overriding legitimate reason for the processing of personal data for profiling purposes, if the data have been unlawfully processed, if there is a legal obligation to erase them.
Right to restriction of processing (Article 18)
Description: You have the right to obtain from the data controller restriction of processing where you have contested the accuracy of the personal data (for the period necessary for the data controller to verify the accuracy of such personal data) or if the processing is unlawful, but you oppose the erasure of the personal data and instead request restriction of their use or if they are needed for the establishment, exercise, or defense of legal claims, while the Owner no longer needs them.
Right to data portability (Article 20)
Description: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller where the processing is based on consent or on a contract and is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, and provided that such transmission does not adversely affect the rights and freedoms of others.
Right to lodge a complaint with the supervisory authority for data protection (Article 77)
Without prejudice to any other administrative or judicial remedy, if you believe that the processing of your personal data violates the regulations on data protection, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you habitually reside, work, or where the alleged violation occurred.

The exercise of the aforementioned rights is subject to the limits, rules, and procedures provided for by Regulation 679/2016, which the user must be aware of and implement. In accordance with Article 12(3) of this Regulation, furthermore, the Owner will provide the data subject with information about the action taken without undue delay and, in any case, no later than one month after receiving the request. This period may be extended by two months if necessary, taking into account the complexity and number of requests. The Owner informs the data subject of such extension and the reasons for the delay within one month of receiving the request.

To exercise the rights mentioned above, you may use the form provided on this page, to be sent to the Owner or the DPO, duly completed and signed.

DOWNLOAD FORM

In italiano