INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to Article 13 of the EU Regulation 2016/679


We hereby inform you that, through the web platform called AFM – Application Form Manager, INFORMEST (also defined as “Organization”) collects – as data controller – the personal data of users, acquired and processed pursuant to EU Regulation 2016/679 "General Data Protection Regulation" (GDPR) and Italian Legislative Decree 30 June 2003, n. 196 as amended by Legislative Decree 10 August 2018, n. 101. The aforementioned legislation provides that, those who process personal data are required to inform the data subject about what data are processed and the qualifying elements of the specific processing, which, in any case, must take place according to the principles of lawfulness, correctness and transparency, in the protection of your rights and confidentiality. Therefore, we provide the following information.

DATA CONTROLLER AND DATA PROTECTION OFFICER

The data controller is INFORMEST, C.F. 00482060316, located in Via Cadorna 36 – 34170 Gorizia. The controller can be contacted at the following addresses: phone number (+39) 0481 597411; Fax (+39) 0481 537204; E-mail: informest@informest.it; CEM: informest@pec.informest.it. Any further information related to the controller, may be submitted to the same subject to explicit and reasoned request. The data protection officer, appointed by the data controller pursuant to Article 37 of the GDPR, can be contacted by writing to his attention to the addresses above, and also at the e-mail address: rpd@informest.it.

PURPOSES OF THE PROCESSING AND LEGAL BASIS

The processing of your personal data is aimed at the management of activities related to the web platform called AFM – Application Form Manager owned by the data controller, such as, for example: management of the registrations to the platform and login procedures, coordination of the application processes and management of the uploaded documentation, completion of the obligations and practices provided for by current legislation as well as other legal and contractual obligations related to strategic projects, management of other administrative, managerial, organizational obligations, which are functional to the correct functioning of the platform. Therefore, the processing of your personal data for these purposes, is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6, par. 1, letter (b) of the GDPR). The data may also be processed by the data controller in order to comply with any obligations provided for by laws and regulations, as well as by Community legislation or by provisions dictated by public authorities. The lawfulness of the processing for these purposes, will be the need to fulfill a legal obligation to which the controller is subject (Art. 6, par. 1, letter (c) of the GDPR). In accordance with Article 22, par. 1, of the GDPR, in none of the cases described above your personal data will be subjected to decision-making processes based solely on automated processing, including profiling, as defined by Article 4, par. 4, of the aforementioned EU Regulation 2016/679.

CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Without prejudice to the communications carried out by the data controller in compliance with legal obligations, all the data collected and processed may be processed, exclusively for the purposes specified above, by the following categories of subjects:

The complete and up-to-date list of recipients can be consulted upon explicit and reasoned request to the data controller. Without prejudice to any cases provided for by the legislation, for the sole purposes described above, your personal data will not be made public in any way.

MODE AND PLACE OF DATA PROCESSING

Your personal data may be processed and stored on corporate or third-party servers located within the European Union. The processing is carried out in such a way as to minimize the risk of destruction or loss, unauthorized access and any other processing that is exceeding or not in accordance with the above purposes, implementing appropriate technical and organizational measures to ensure a level of security appropriate to the risk (Article 32 of the GDPR). The data controller does not transfer personal data to third countries or international organizations, reserving the possibility of using cloud services, without prejudice to the compliance with Article 44 of the GDPR “General principle for transfer”, and in general of the provisions referred to in Chapter V of the GDPR.

PERSONAL DATA RETENTION PERIOD

The data will be stored, according to the modalities described above, for the time strictly necessary to achieve the purposes for which they have been collected, without prejudice to any specific obligations that by their nature are intended to remain according to current legislation, and also for as described within the record of processing activities maintained by the data controller. In particular, the documents uploaded within the platform are archived by the data controller for a maximum period of 10 years, and for the requirements of current legislation. Further requests for information relating to the data retention period, may be submitted to the data controller upon explicit and reasoned request.

DATA SUBJECTS’ RIGHTS

As data subjects, you have the possibility to exercise, following an assessment of the applicability, the following rights as described by Articles 15 to 22 of the EU Regulation 2016/679. In particular, under these articles, the data subject may exercise:

Please contact the data controller and his data protection officer, at the contact details listed in this document, to lodge all requests to exercise the rights described above. The data controller undertakes to communicate to the data subject any changes that may be necessary, in the processing of personal data carried out for the purposes above. In accordance with Article 77 of GDPR and without prejudice to any other administrative or judicial proceeding, if you consider that the processing of your personal data infringes the Regulation, you have the right to lodge a complaint with the Italian supervisory authority “Autorità Garante per la protezione dei dati personali” (https://www.gpdp.it/), or else to bring a judicial proceeding against the controller (Article 79 of GDPR).