Privacy Policy on the processing and protection of personal data pursuant to EU Regulation 2016/679
The EU Regulation 2016/679 “General Data Protection Regulation” (hereinafter “GDPR”), Legislative Decree No. 196/2003 “Code regarding the protection of personal data” and the related Annex A. 4 “Code of ethics and good conduct for the processing of personal data for statistical and scientific purposes” (Authority Provision No. 2 of June 16, 2004, Official Gazette August 14, 2004, No. 190) establishes the right of every person to the protection of personal data concerning them.
According to the above-mentioned regulations, the processing of your personal data by the researchers involved in the research activity will be based on the principles set out in Article 5 of the GDPR and, in particular, on those of lawfulness, fairness, transparency, relevance, data minimization, and in a manner that ensures adequate security of personal data.
The CNR, as the data controller, informs you that your personal data present in our database will be processed in compliance with applicable regulations and the principles of fairness, lawfulness, transparency, and the protection of your privacy and rights.
Type of data processed
Personal data will be processed (including, but not limited to, name, surname, company name, address, phone number, email, bank and payment details – hereinafter also referred to as “personal data” or “data”) provided by you and collected by the Intrusion Workshop 2025 organizers. If necessary, the following will also be processed: educational qualifications, registration in professional registers, orders or professional associations including the registration number, position, profession, work activity performed or role within the organization to which you belong, qualifications and/or professional specializations. This Notice may be accompanied, if necessary, by a specific form for the release of consent as provided for by Article 7 of the Regulation, structured according to the further type of use of Your Personal Data.
Cookie
Cookies consist of pieces of code installed within the browser that assist the Data Controller in providing the service based on the purposes described. This Site uses technical Cookies to save the User’s session and to carry out other activities strictly necessary for its operation; user profiling through third-party services is not provided. Their installation does not require prior consent from users, but it is sufficient to provide information, pursuant to Provision No. 231 of June 10, 2021, of the Data Protection Authority (Official Gazette General Series No. 163 of 09-07-2021). More on our Cookie Policy here.
Legal Basis and Purpose of Processing
The legal basis for processing is the consent expressed by the data subject for the processing of their personal data for one or more specific purposes (art. 6 paragraph 1, letter a) of the GDPR. The purposes and methods of processing your personal data are indicated in art. 6 of the Regulation, as well as in the specific information associated with the collection and acquisition forms. This processing is aimed at achieving the institutional objectives of the Territorial Research Area of Bari for the promotion of research and innovation activities, such as, by way of example: sending newsletters, transmitting invitations to conferences and informational events, promoting classroom and online training courses (webinar). The processing of data is also necessary for managing requests for information and assistance related to the institutional tasks of the Territorial Research Area of Bari.
Methods of Processing
The processing of your personal data is carried out through the operations indicated in art. 4 n. 2) GDPR and specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Personal data will be processed exclusively by authorized persons who are properly trained, as well as by data processors linked to the data controller by a specific contract. The processed personal data will not be subject to dissemination.
Data retention
Your personal data will be processed using both paper-based and electronic and/or automated tools. The Data Controller will process personal data in a form that allows for the identification of the data subjects for a period not exceeding the achievement of the purposes for which they are processed; personal data may be stored for longer periods for archiving purposes in the public interest, for scientific or historical research, or for statistical purposes, in accordance with the protection of the rights and freedoms of the data subject (“storage limitation”) and, in any case, for a maximum period of 10 (ten) years from their collection.
Access to data
Your data may be made accessible for the purposes mentioned above: to employees and collaborators of the Data Controller in Italy and within the European community, in their capacity as authorized subjects and/or internal data processors and/or system administrators; to other subjects (by way of example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as data processors.
Nature of data provision and Mandatory nature of provision
The provision of data for the purposes referred to in art. 2 letters a, b, and c, is mandatory.
In their absence, it will not be possible to execute any contracts that may have been concluded for the provision of services rendered by the Territorial Research Area of Bari. It is therefore your right to decide not to provide any data or to subsequently deny the possibility of processing data already provided, in which case you will not be able to receive newsletters, commercial communications, and advertising material related to the services offered by the Data Controller.
Exercise of rights by Users
Pursuant to Articles 15 et seq. of the Regulation, data subjects have the right at any time to obtain confirmation of the existence or non-existence of their Personal Data with the Data Controller, to know its content and origin, to verify its accuracy or request its integration, deletion, updating, correction, transformation into anonymous form, or blocking of Personal Data processed in violation of the law, as well as to object in any case, for legitimate reasons, to their processing. Requests should be addressed to the Data Controller at rpd@cnr.it. To stop receiving informational material and communications from the Territorial Research Area of Bari, send an email to the sender indicating “UNSUBSCRIBE” in the subject line. Where applicable, you also have the rights under Articles 16-21 of the GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority as the controlling authority.
Ways to exercise your rights
You may exercise the above rights at any time by sending a communication via certified email (PEC) or by registered mail: intrusion@ba.irsa.cnr.it.
The Data Controller is:
National Research Council
Piazzale A. Moro 7
00185 ROME
Data Protection Officer (DPO):
National Research Council
Piazzale A. Moro 7
00185 ROME
contact email: rpd@cnr.it
Data Processor:
Marco Berardi
Via F. De Blasio, 5 – 70132 BARI
Italy
contact email: intrusion@ba.irsa.cnr.it
This Notice is updated as of February 21, 2025