This policy describes how twas.org is managed with regard to the processing of personal data of visitors who use it and who interact with the web services offered by TWAS, established in Strada Costiera 11, 34151 Trieste, Italy.
This policy is a disclosure provided pursuant to Section 13 of the Italian Legislative Decree no. 196 of 30 June 2003, (Code for the protection of personal data; for brevity referred to hereafter as the "Code"). It only applies to this website and does not concern other websites that may be accessed by the user via links.
The information provided is also based on the guidelines in the Recommendation No. 2/2001, which was adopted on 17 May 2001 by the European data protection authorities within the Working group set up under Article 29 of European Directive 95/46/EC in order to establish minimum requirements for the collection of personal data online, and, in particular, the manner, timing and the nature of the information to be provided by data controllers to users when they visit the web pages regardless of the purpose.
What is meant by personal data?
Personal Data is every piece of information related to a natural or legal person, body or association, identified or identifiable, also indirectly, through reference to any other information (such as a number or an ID code.)
Particularly important are:
- “identification data”: personal data which allow direct identification of a person (e.g. the first and the last name, email address, Tax ID as well as an image, the recording of one’s voice or one’s fingerprint, or medical, accounting or financial information of that person);
- “sensitive data”: personal data requiring special precautions on account of its nature; sensitive data are any data which may reveal a person’s racial origin or ethnicity, religious or other beliefs, political opinions, membership of parties, trade unions and/or associations, state of health or sex life;
- “judicial data”: personal data which can reveal certain judicial measures which required inclusion in the person’s criminal record (for example, final criminal convictions; paroling; residency and/or movement restrictions; and alternatives to detention). The fact of being a defendant and/or the subject of criminal investigations falls within the scope of this definition as well.
With the evolution of the new technologies, other personal information have taken on a significant role, such as those relating to electronic communications (via the Internet or telephone) and those which enable the geo-location, by providing information about frequented and travelled to places.
For more information on personal data, users can visit: http://www.garanteprivacy.it.
What does “processing” mean and who are the subjects involved?
Processing (personal data) is an operation or set of operations concerning the personal data.
The code definition is wide-ranging as it includes collection, recording, organization, storage, modification, selection, extraction, usage, blockage, communication, dissemination, cancelation and destruction of data. Each of these operations is a form of data processing.
The individual, the company, the association or any other entity that is actually in control of the processing of personal data is the “data controller”. It is empowered to take the essential decisions on the purposes and mechanisms of such processing including the applicable security measures (Section 4, par 1, let. f), of the Code.
If the personal data is processed by a company or a public administrative body, it is the entity as a whole that acts as the data controller rather than the individual or department/unit that manages or represents such entity (e.g. Chairman, CEO, auditor, Minister, General Director, etc.). The cases where an individual is the data controller mostly concern processing operations performed by self-employed professionals or single-person corporations.
The data controller may entrust with specific data processing management and control tasks of an individual, company, association or organization, even outsider, designated as “data processor” on account of the relevant experience and/or skills. (Section 4, par. 1, let. g), of the Code.
An employee or a co-worker that processes or actually uses personal data on behalf of the Data Controller's organization in accordance with the instructions given by the Data Controller and/or the Data Processor (if the latter has been appointed) is a “persons in charge of the processing” (Section 4, par. 1, let. h), of the Code.
“Data subject” is the individual to which the personal data relates.
Who processes the personal data of the users of this website?
Visiting this site may result into the processing of data concerning identified or identifiable persons.
The data controller is TWAS, with registered office in Strada Costiera 11, 34151 Trieste, Italy.
The processing operations related to the web-based services that are made available through this website are carried out exclusively by TWAS personnel and by interfase srl, via Belpoggio 6/a, 34123 Trieste (website development and maintenance) as data processors.
Where are the personal data processed?
The processing operations related to the web-based services that are made available via this website are carried out at TWAS offices, Strada Costiera 11, 34151 Trieste, Italy.
When necessary from time to time, data can be processed by the staff of interfase srl, the company responsible for the website maintenance and development and designated as data processor in accordance with the Code, at the headquarters of this company in via Belpoggio 6/a, 34123 Trieste.
Which categories of personal data are processed?
The electronic systems and software, set to run this website, collect some personal data implicit with the use of internet communication protocols.
Although the collected information is not associated to identified users, by its own nature it may allow user’s identification if processed and associated with third-party data.
This category of data includes: IP addresses or domain names of computers that access the website, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method for submitting the request to the server, the answer’s file size, the numerical code showing the status of the response supplied by the server (ok, error, etc.) and other parameters relative to operative system and user’s computer environment.
These data are used only for anonymous statistical analyses about this website and to check the site’s correct functioning, and once processed they are immediately deleted. In case of crimes against the site, collected data could be used to investigate for responsibilities: in all other cases, data on web contacts are not stored permanently, unless users request so.
Data supplied by users on a voluntary basis
Specific and synthetic information will be progressively reported or displayed on the website sections dedicated to on-line services.
On the website the sensitive or judicial data will not be processed without the data subject’s consent. Where the data subject’s name indicates his nationality, this information will not be regarded as sensitive because it is not allowing the disclosure of racial or ethnic origin in the real sense.
The user acknowledges that any indication of personal data and contact details to any third party other than by the data subject is a processing of personal data in respect of which he acts as independent data controller, assuming all obligations and responsibilities under the Code. In this sense, the user warrants that the owner of any given third parties that will be so designated by the user (and which will consequently be processed as if the third party had provided in his informed consent to the processing) has been acquired by the user itself in full compliance with the Code. The user gives about the wider indemnification with respect to any dispute, claim or request for compensation from the processing that should be received by the data controller from any third party concerned because of the provision of data indicated by the user in violation of the rules on the protection applicable data.
Users can provide their data on the basis of a freely chosen, explicit and voluntary option for the following purposes:
To display TWAS fellows’ and affiliates’ personal data on their online profile pages
The website twas.org displays the personal data of TWAS members and young affiliates on their profile pages. In order to do so, it gathers the following personal data: name, surname, nationality, country of residence, address, current position, phone numbers, fax numbers, email addresses, biodata, image, CV, gender, scientific field, year of election into TWAS, country and place of birth, date of birth.
Only part of this information is publicly displayed online: name and surname, country of residence, current nationality, scientific field, image (with the user’s separate and explicit consent), CV (with the user’s separate and explicit consent), biodata (with the user’s separate and explicit consent).
To register or to authenticate
To access the website’s restricted back-office, users are prompted to register or log in using email and password, which allow their identification. Authenticated users are limited to TWAS personnel, TWAS fellows and TWAS young affiliates.
To send communications or to contact TWAS
Filling the contact form or sending e-mails to the addresses specified in the Contacts page requires the acquisition of senders’ address in order to give feedback on their requests, and implies also the acquisition of other personal data included in the message.
Similarly, phone calls made or faxes sent to the numbers on the site at twas.org/contacts involve the acquisition of the data reported by the caller or the sender.
Users are recommended not to provide sensitive data of theirs or of third parties, in particular those related to health, without having previously given their consent in the manner prescribed by law.
To register for TWAS Plus
The electronic bulletin of TWAS, called TWAS Plus, is sent via e-mail to the users who fill the appropriate form with email address, name and surname here and allow TWAS to process their personal data. To stop receiving the bulletin, users can unsubscribe via the unsubscribe button in the footer of the bulletin itself.
To send CVs
Users can send their curriculum vitae via email to volunteer as candidates.
The curriculum must indicate the data needed to evaluate the candidate's profile.
TWAS reserves the right to delete a curriculum containing illegal and inappropriate expressions, and if it contravenes the principles of honesty and good faith.
The data will be used for the selection of personnel and will not be revealed to third parties.
Users can, at any time, access their data to update, amend, complete, correct or delete their data by sending an email to the same email address used to send the CV.
The data will be not be archived or stored. Sensitive data will not be treated in the absence of consent.
To apply for TWAS Programmes
To share with social networks
Buttons / social widgets to Facebook
Facebook Like Button and its variants are services operated by Facebook Inc., a company that conforms to the Safe Harbor Framework between the USA and EU, ensuring that the data were in line with European safety standards. With its "click", the user can interact with the social network via this site, but in this mode Facebook will acquire data related to the visit to the site.
Please note that Facebook does not share any information in his possession with TWAS and whoever processed the data in the USA.
For more information: https://en-gb.facebook.com/privacy/explanation
Google +1 Button
For more information: https://developers.google.com/+/web/buttons-policy
Twitter social buttons / widgets (Twitter)
Twitter is a company that respects the "Safe Harbor" in force between the United States and the European Union, ensuring that the data were in line with European safety standards, it runs a service that allows the user to interact with the social network via this site, but thus it acquires data relating to the visit to the site. Twitter does not share any information in its possession with TWAS and processes data in the USA.
For more information: https://twitter.com/privacy?lang=en
For which purposes may the data be processed?
In addition to the specific purposes listed above and the detailed information that the user will find in the relevant sections of the website or will otherwise receive, the purpose of treatment pursued in general can be summarized as follows: analytics data and session data will be gathered for technical as well as statistical purposes.
Providing the requested data is obligatory or voluntary?
Subject to the specifications made with regard to navigation data and technical cookies, the users are always free to provide personal data when requested. However, if they refuse to provide certain data, in some cases, this will make it impossible to fulfill requests such as: receive the requested information from TWAS; receive TWAS’s bulletin; display fellows’ and affiliates’ personal profile page on twas.org; access restricted areas of the website.
How are personal data processed?
The collected personal data will be processed via computer only, and will be shared with individuals involved in the business organization of this website or external third parties (technical service suppliers, hosting providers, etc.). The data will be handled through instruments and with modalities that ensure data privacy and security, in accordance with the provisions of the Code. In fact, personal data are kept and controlled, also in consideration of technological innovations, of their nature and the specific features of the processing, in such a way as to minimize, by the means of suitable preventative security measures, the risk of their destruction or loss, whether by accident or not, of unauthorized access to the data or of processing operations that are either unlawful or inconsistent with the purposes for which the data have been collected.
How long is the period of retention of personal data?
The users’ personal data are kept for the time strictly necessary to achieve the purposes for which they were collected and, in any case, until the data subject objects the processing.
Is the data subject’s consent necessary?
Pursuant to Section 24 of the Code, consent shall not be required if the processing:
a) is necessary to comply with an obligation imposed by a law, regulations or Community legislation;
b) is necessary for the performance of obligations resulting from a contract to which the data subject is a party, or in order to comply with specific requests made by the data subject prior to entering into a contract;
c) regarding the data taken from public registers, lists, documents or records that are publicly available, without prejudice to the limitations and modalities laid down by laws, regulations and Community legislation with regard to their disclosure and publicity;
d) regarding the data related to economic activities that are processed in compliance with the legislation in force as applying to business and industrial secrecy;
e) is necessary to protect life or bodily integrity of a third party. If this purpose concerns the data subject and the latter cannot give his/her consent because (s)he is physically unable to do so, legally incapable or unable to distinguish right and wrong, the consent shall be given by the entity legally representing the data subject, or by a next of kin, a family member, a person cohabiting with the data subject or, failing these, the manager of the institution where the data subject is hosted. Section 82(2) shall apply;
f) with the exclusion of data disclosure, is necessary for carrying out the investigations by defense counsel referred to in Act no. 397 of 07.12.2000, or else to establish or defend a legal claim, provided that the data are processed exclusively for the said purposes and for no longer than it is necessary to be there, in complying with the legislation in force concerning business and industrial secrecy;
g) with the exclusion of data disclosure, is necessary to pursue a legitimate interest of either the data controller or a third party recipient in the cases specified by the Garante on the basis of the principles set out by the law, unless said interest is overridden by the data subject’s rights and fundamental freedoms, dignity or legitimate interests, [Amended by Section 6(2)a, item 3. of decree no. 70 dated 13 May 2011 as converted, with amendments, into Act no. 106 dated 12 July 2011]
h) with exclusion of external communication and dissemination, it is carried out by non-profit associations, bodies or organizations, recognized or not, with regard either to entities having regular contacts with them or to members in order to achieve specific, lawful purposes as set out in the relevant memorandums, articles of association or collective agreements, whereby the mechanisms of utilization are laid down expressly in a resolution that is notified to the data subjects with the information notice provided for by Section 13,
i) is necessary exclusively for scientific and statistical purposes in compliance with the respective codes of professional practice referred to in Annex A), or else exclusively for historical purposes in connection either with private archives that have been declared to be of considerable historical interest pursuant to Section 6(2) of legislative decree no. 499 of 29 October 1999, adopting the consolidated statute on cultural and environmental heritage, or with other private archives pursuant to the provisions made in the relevant codes;
i-bis) concerns information contained in the CVs as per Section 13(5-bis); [Added by Section 6(2)a, item 3. of decree no. 70 dated 13 May 2011 as converted, with amendments, into Act no. 106 dated 12 July 2011]
i-ter) exclusion of dissemination is subject to Section 130 hereof, concerns communication of data between companies, bodies and/or associations with parent, subsidiary and/or related companies pursuant to Section 2359 of the Civil Code, or between the former and jointly controlled companies, or between consortiums, corporate networks and/or corporate joint ventures and the respective members, for the administrative and accounting purposes specified in Section 34(1-ter) hereof, providing such purposes are expressly referred to in a decision that shall be disclosed to data subjects jointly with the information notice referred to in Section 13 hereof. [Added by Section 6(2)a, item 3. of decree no. 70 dated 13 May 2011 as converted, with amendments, into Act no. 106 dated 12 July 2011].
Apart from these cases, the consent to the processing of data is necessary and freely stated by flagging the box “I have read and agree to the processing of my personal data”. In its absence it will not be possible to respond to the request.
Are personal data subject to communication or dissemination?
Apart from communications made to comply with legal obligations or by order of authority, personal data are not subject to communication to third parties. Personal data are disseminated only via the website itself, and they will be brought to the attention of the processing officers appointed by the controller data and third parties (such as companies providing computer support and ensuring the proper functioning of the site), and committed to achieve the purposes described above. In any case, the processing by third parties shall be fairly done and in compliance with the laws in force.
What are the rights that the user has as a data subject?
Pursuant to Sections 7, 8, 9 and 10 of the Code, the visitor, as a data subject, shall have the right to obtain confirmation whether his personal data exist or not, regardless if they are already recorded, and to have communication about such data in an intelligible form. He shall have the right to be informed; a) of the source of the personal data; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification data concerning data controller, data processors and the representative designated as per Section 5; e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know the said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing. He will have also the right to obtain; a) updating, rectification or, where interested therein, integration of the data; b) deleting, anonymization or blocking of data that have been processed unlawfully, including data whose retention isn’t necessary for the purposes for which they have been collected or subsequently processed; c) confirmation that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected. A data subject shall have the right to object, in whole or in part, a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
The rights referred to in Section 7 may be exercised by making a request to the data controller or processor without formalities through e-mail: firstname.lastname@example.org.
Hopefully we have clarified things for the users. If more information is needed, users can contact the data controller through e-mail: email@example.com
LAST UPDATED: 18.09.15