Informativa_visitatori(EN)

REGULATION (EU) 2016/679
OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on the protection of natural persons with regard to the processing of personal data and
on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

INFORMATION NOTICE CONCERNING THE PROCESSING OF PERSONAL DATA

 

Principles relating to processing of personal data
Article 5 of the Regulation (EU) 2016/679 of the European Parliament and of the Council “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”, hereinafter (GDPR) sets out that any processing of personal data must be carried out according to the principles of lawfulness, fairness and transparency.
Your personal data shall be collected, used and processed following the principles above and therefore the processing shall have specific, explicit and lawful purposes.
The personal data shall be:
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and, where necessary, kept up to date;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
The information in this document, provided pursuant to articles 12, 13, from 15 to 22 and 34 of the GDPR, concerns the rights of the data subject, more specifically the “transparent information, communication and modalities for the exercise of the rights of the data subject.

Processing
According to the GDPR, ‘processing’ means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Purpose of data processing
The personal data submitted by visitors and anyone accessing (hereinafter collectively referred to as “Visitors”) the premises of Elettra - Sincrotrone Trieste S.C.p.A. shall be processed in order to allow for their identification, check the existence of an authorisation to access the premises and shall be recorded for purposes of safety of the premises and the persons present.

Recipients of personal data
Your personal data, subject to processing and submitted in compliance with legal provisions, European regulations or contractual clauses, shall be processed by the following subjects, appointed as data processors by the controller:
Contractor providing porter and security services in charge with the checks at the entrance of the premises, as per the list of data processors, available at this address: "http://www.elettra.trieste.it/public/privacy/organigramma.html"

Data processing
Data processing shall be carried out in compliance with the GDPR prescriptions, with special reference to Articles 32 “Security of processing”, 33 “Notification of a personal data breach to the supervisory authority” and 34 “Communication of a personal data breach to the data subject” by personal recognition and identification by means of a valid identification document, which shall be retained by the porter and security service operators and returned at the end of the visit.
Admission shall be permitted by means of a temporary numbered and non-transferable badge assigned to the visitor, which shall be returned at the end of the visit.
The porter and security service operators shall record the name of the visitors in a specific register, along with the time of entrance and exit and the number of their ID.
 
Processing operations shall be carried out by authorised subjects, constantly identified, suitably trained and informed on the obligations under the GDPR.
 
Processing may be carried out using computer, telematic and electronic systems, which may or may not be connected to the Internet, or using paper supports according to logics closely connected to the purposes declared.
In addition, processing may be carried out using video surveillance systems, installed for the purposes of workplace safety and protection of the corporate assets, according to the provisions of art. 4 of Law no. 300 of 20 May 1970 (Workers’ Statute) as amended by art. 23 of Legislative Decree no. 151 of 14 September 2015 (Jobs Act) and the Regulation on the subject of video surveillance dated 8 April 2010, issued by the Italian Data Protection Authority.
In any case, the processing operations shall be carried out in such a way as to guarantee the security, confidentiality and availability of the data, according to principles of correctness, lawfulness and transparency, aimed at protecting the fundamental rights and freedoms of natural persons.

Compulsory or optional nature of data processing
The submission of your personal data and the consent to the processing are optional but a failure to provide an ID by subjects accessing the premises, making it impossible to check their identity, shall imply the prohibition to access the Elettra premises.

Cookies
The Virtual Unified Office Elettra of Elettra-Sincrotrone Trieste S.C.p.A. uses session cookies, which are required for users to navigate our website appropriately and safely. Session cookies created by the VUO do not affect users' privacy during their browsing experience on our website, as they do not entail processing their personal identification data. Session cookies are not permanently stored and indeed are cancelled when the connection to the VUO is terminated.

Data Controller
The Data Controller is:

Elettra - Sincrotrone Trieste S.C.p.A. with headquarters in Strada Statale 14 km 163,5 in Area Science Park - 34149, Basovizza – Trieste, in the person of the President and CEO Prof. Alfonso Franciosi
Tel. +39 040 37581 - Fax+39 040 9380902

Contacts of the Data Protection Officer (DPO)
The Data Protection Officer (DPO) appointed by Elettra can be reached using the following contacts:
  • e-mail:
  • post: Elettra - Sincrotrone Trieste S.C.p.A.Strada Statale 14 km 163,5 in Area Science Park - 34149 Basovizza – Trieste, Italy - Responsabile della protezione dei dati (Data Protection Officer)
 
Further information available at the following address:
http://www.elettra.eu/privacy.html

Period of personal data retention

The personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

Rights of the data subject
In relation to his or her personal data, the data subject may exercise the following rights:
  • Right of access (art. 15 of the GDPR) - The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. If required, the controller shall provide a copy of the personal data undergoing processing, on condition that such copy does not prejudice the rights and freedoms of third parties.
  • Right to rectification (art. 16 of the GDPR) - The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to erasure (right to be forgotten) (art. 17 of the GDPR) - The data subject shall have the right to obtain from the controller without undue delay the erasure of personal data concerning him or her.
  • Right to restriction of processing (art. 18 of the GDPR) - The data subject shall have the right to obtain from the controller restriction of processing.
  • Right to data portability (art. 20 of the GDPR) - The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
  • Right to object (art. 21 of the GDPR) - The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  • Right to lodge a complaint with a supervisory authority (art. 77 of the GDPR) - Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.Rights of the data subjec
Last Updated on Tuesday, 17 November 2020 11:35