RICERCA E INNOVAZIONE
MEDIA CENTER
Innoviamo in:
Vuoi ricevere aggiornamenti sui temi che ti interessano? Contattaci
Se hai bisogno di supporto, consulta le FAQ
With this privacy notice, the Controller, as defined below, wishes to inform you about the purposes and methods of processing your personal data in the context of the European REFINEE project co-financed by the European Union (“REFINEE Project”) and about your rights under Regulation (EU) 2016/679 (“GDPR”) (hereinafter,“Privacy Notice”).
The Controller is ABI Lab, Centro di Ricerca e Innovazione per la Banca, Piazza del Gesù, 49 – 00186 Rome, e-mail address info@abilab.it (“Controller”, “Company” or “ABI Lab”). You may contact the Controller to exercise your rights under the GDPR, as well as to receiveany information regarding the processing of your personal data and/or this Privacy Notice, by writing toinfo@abilab.it
The Controller has appointed a Data Protection Officer (“DPO”), that can be contacted by email at
dpo@abilab.it
For the purposes indicated in this Privacy Notice and in the context of the activities (e.g.surveys, interviews, meetings, sessions, workshops, events, etc.) relating to the REFINEE Project (hereinafter, “Activities”), the Controller will process the following personal data relating to you: (i) identification data (i.e. first and last name); (ii) company you belong to; (iii) business e-mail address and telephone number; (iv) job position; (v) other contact details (i.e. address of the company you belong to) (hereinafter, the “Data”).
4.1 - Management of your participation in the Activities related to the REFINEE Project and the connected administrative and/or organisational formalities
If you take part in Activities connected to the REFINEE Project (e.g. surveys,interviews, meetings, briefings, workshops, events, etc.), your Data will be processed for the purpose of managing the organisational and/or administrative formalities necessary to ensure your participation in such Activities and their proper conduct. For this purpose, your Data may be shared by ABI Lab with the other partners of the REFINEE Project (available for consultation at the following link) that support the Controller in managing it and in organising and carrying out the related Activities and initiatives.The legal basis for this processing consists in the need for the Controller to manage and follow up on your request to participate pursuant to Art. 6 (1) (b) GDPR.The provision of the Data is optional; however, any refusal to provide all or some of the Data may result in the Controller being unable to grant your participation in the REFINEE Project or related Activities.
4.2 - Compliance with legal obligations (including the fulfilment of any reporting obligations)
The Controller may process your Data, where necessary, to comply with legal and regulatory obligations to which ABI Lab is subject, or to comply with instructions/requests from public authorities.The processing is necessary to comply with a legal obligation pursuant to Art. 6(1)(c) GDPR. The provision of the Data for this purpose is mandatory. In the event of failure to provide it, the Controller will not be able to guarantee your participation in the REFINEE Project and the related Activities.
4.3 - Sending of communications and newsletters relating to the REFINEE Project and other events and/or informational and/or editorial material on Controller’s products and/or services
The Controller may send you, by post or by e-mail, communications, newsletters and/or other materials relating to the REFINEE Project or on topics related to it, as well as information, invitations or recurring newsletters relating to other eventsor initiatives organized and/or managed by the Controller and, in general, informational and editorial content on the Controller’s activities, products and/or services relating to topics similar to those addressed during the REFINEE Project. The legal basis for this processing is Controller’s legitimate interest in keeping you informed about the initiatives of the REFINEE Project, as well as about events, activities, products and/or services of the Controller related to them, pursuant to Art. 6(1)(f) GDPR. The provision of Data for this purpose is optional. If you do not provide them, the Controller will not be able to send you the material described above. In any case, with reference to this purpose, you may exercise your right to object to the processing at any time by writing to the contact details indicated in paragraphs 1 and 2 of this Privacy Notice or, where applicable, by clicking onthe link included at the bottom of the communications you will receive from the Controller.
4.4 - Carrying out statistical analyses
The Controller may process the information and Data collected to carry out statistical analyses or studies relating to its activities and the REFINEE Project.In this context, information is generally stored anonymously and processed in aggregate form. Therefore, these activities usually do not involve the processing of Data. Where, on the other hand, Data are processed, the Controller will implement appropriate security measures (such as pseudonymization). In this case, the processing will be carried out on the basis of the Controller’s legitimate interest, pursuant to Art. 6(1)(f) GDPR, to analyze and improve its services and activities.
For the purposes indicated in paragraphs 4.1 and 4.2 above, the Data will be processed for the entire duration of the REFINEE Project and related Activities and, subsequently, will be stored for 10 years, in line with the period provided for by applicable laws. However, should you raise an objection, the Data will be retained at least until the resolution of that objection or until the expiry of the applicable limitation period. In any case, this does not affect any further retention that may be necessary to comply with the reporting obligations incumbent on the Controller or, where applicable, to protect the rights and interests of the Controller. For the purpose referred to in paragraph 4.3, the Data will be retained for 5 years starting from the end of the last Activity relating to the REFINEE Project in which you took part or for which you expressed interest, without prejudice to your rightto object to the processing at any time.For the purpose referred to in paragraph 4.4, without prejudice to the fact that analysis and research activities will generally be carried out on anonymised and/oraggregated data, your Data - where processed - will be stored for the time necessary to carry out the analysis activities, up to a maximum of 5 years, unless you exercise your right to object to the processing.
The Data will be processed, in compliance with the provisions of the GDPR, using paper, IT and telematic tools, in ways strictly related to the purposes indicated in this Privacy Notice and, in any case, in ways suitable to ensure their security and confidentiality in accordance with the provisions of Article 32 of the GDPR.
For the pursuitof the purposes described in paragraph 4 above, the Data will be known to theController’s employees, equivalent staff and collaborators, who will act aspersons in charge of processing activities, specifically appointed andadequately instructed on the processing.
In addition, the Data will be processed by third parties belonging to thefollowing categories of recipients:
The entities belonging to the categories of recipients listed above, in some cases, operatein full autonomy as separate autonomous controllers, in other cases, asprocessors specifically appointed by the Controller in accordance with Article28 of the GDPR.The complete andupdated list of the entities to whom the Data may be disclosed can be requestedby contacting the Controller or the DPO at the contact details indicated inparagraphs 1 and 2 of this Privacy Notice.Due to the natureof the activities and the specific characteristics of the initiatives relatedto the REFINEE Project, some of your Data (such as first name, last name, theentity/organization you belong to, role and e-mail address) may be visible to, orotherwise known by, the other participants in the aforementioned initiatives,such as events or preparatory activities, in which you may decide to participate.
The Data processed by the Controller are stored on servers located in Italy or in the European Union. That said, to achieve the purposes described above, the Data may be transferred to entities established in countries outside the European Economic Area (“EEA”), that provide the Controller with services related to the purposes described in this Privacy Notice. Such transfer, where applicable, will only take place in compliance with the conditions set out in the GDPR and will be governed, depending on the recipients, on the basis of an adequacy decision of the European Commission or, alternatively, using standard contractual clauses adopted by the European Commission and/or another safeguard permitted by the applicable law. Further information on where the Data have been transferred, where applicable, can be obtained by writing to the Controller and the DPO at the contact details indicated in paragraphs 1 and 2 of this Privacy Notice.
You, as the data subject, have the right to:
- access the Data and request a copy thereof;
- request the rectification or updating of the Data, where inaccurate or incomplete;
- request, under certain circumstances, the erasure of the Data or the restriction of the processing;
- request the portability of the Data;
- object to the processing (where applicable).
Finally, you may at any time lodge a complaint with the Supervisory Authority (in Italy, Garante per la Protezione dei Dati Personali) if you consider that the processing of your Data is carried out in breach of the applicable data protection legislation.
To obtain further information regarding your rights, you may contact the Controller or the DPO at the contact details provided in paragraphs 1 and 2 of this Privacy Notice.
