Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF Gran Sasso Tech Foundation Users for the protection of personal data in accordance with Article 13 of Regulation (EU) 2016/679

1. PURPOSE OF DISCLOSURE

Pursuant to Regulation (EU) 2016/679 (hereinafter the “Regulation”), and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (hereinafter the “Privacy Code”) this page describes the methods of processing of personal data of Users who consult the online site https://spaceraise.academy and the pages directly linked to it as they belong to the same domain (hereinafter also the “Site”). Here will be summarized the purposes of data collection, legal bases, and the type of data processing when the User accesses the contents of the Site. This notice will also explain how the User can, at any time, exercise the rights that the law recognizes.

This information does not pertain to other sites, pages, or online services that can be reached through hypertext links that may be posted on the Site, but refer to third parties, outside the Gran Sasso Tech Foundation domain and for this reason subject to the processing policies of those third parties.

2. DATA CONTROLLER

The Data Controller is Gran Sasso Tech Foundation, based in L’Aquila, Viale Francesco Crispi, No. 7 (hereinafter also GST).

Any inquiries regarding the processing of personal data may be sent to the Controller by mail at the registered office, or by certified e-mail to the following pec address: amministrazione@pec.gransassotech.it.

3. TYPES OF DATA PROCESSED

3.1 Navigation data

Use is made of technical session (non-persistent) cookies, strictly limited to what is necessary for the safe and efficient navigation of the Site

The computer systems and software procedures responsible for the operation of this Site acquire, for proper functioning, some personal data whose transmission is implicit in the use of Internet communication protocols and necessary for navigation.

This category of data includes IP addresses or domain names of computers and terminals used by users, the URI/URL notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.

This data, which is necessary for the enjoyment of the content provided by the Site, is also processed for the purpose of:

  • Obtain statistical information on the use of services (when services are defined as: most visited pages, number of visitors by time slot or daily, geographical areas of origin, etc.);
  • Monitor the proper functioning of the aforementioned services offered.

3.2 Data disclosed by the user

The optional, voluntary and explicit transmission of personal data while browsing the Site entails the subsequent acquisition of such data for the sole purpose of responding to Users’ requests and managing any content provided (e.g.: participation in events). The treatments put in place for these purposes are carried out with the specific consent provided by the User collected through specific registration form and the data are kept only for the duration of the requested activity.

The optional, explicit and voluntary sending of personal data to the addresses indicated on this Site or through any special contact request forms involves the subsequent acquisition of the sender’s e-mail address, which is necessary to respond to requests, as well as any other personal data included in the message.

It excludes the processing of personal data of a special nature or judicial data, which, if possibly provided by Users, will be deleted.

The personal data provided by Users are used for the management of telematic services related to the TEM Site, within the institutional objectives of scientific research and administrative activities, and could be used to ascertain the liability of Users in case of any digital crimes to the detriment of the Site.

3.3 Information about the processing of personal data carried out through social media platforms

About the processing of personal data carried out by the operators of the Social Media platforms used by GST, please refer to the information rendered by them through their respective privacy policies. GST processes personal data conferred by users through the pages of the dedicated Social Media platforms, within the scope of its purposes as set out in this Policy, to manage interactions with users (comments, public posts, etc.) and in compliance with current regulations.

Social media features, such as the “Like” button and “Share” widget, may collect the User’s IP address and the page they are visiting on the Site and may set a Cookie to enable them to function properly.

3.4 Types of data that are not processed

GST does not intentionally collect specific categories of personal data (and in particular those revealing ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify, data relating to health or sexual life or sexual orientation), and data relating to criminal convictions and offenses, and invites Users not to provide such data and/or information from which they could be inferred.

4. PURPOSE OF PROCESSING

Users’ personal data are processed by TEM according to the following purposes:

(a) communication activities

  • send communications of participation in events and initiatives launched by the TSO and the performance of information activities in accordance with Article 130, paragraph 4, of Legislative Decree 196/2003. This is without prejudice to the possibility of objecting to the processing of data for this purpose at the time of collection and at any time thereafter by using the link present in each communication (so-called unsubscribe link at the bottom of the communications);

(b) statistical analysis

  • to monitor the effectiveness of the Site, for troubleshooting purposes, for maintenance, and to learn about Users’ behavior;

(c) security activities

  • Protect the rights and privacy of TEM and Users (including by filing and defending legal claims);
  • Apply the terms and conditions governing what is provided by the Site;
  • Any processing for additional purposes will be carried out after complying with the information requirements of Articles 13 and 14 of the GDPR.

5. LEGAL BASIS FOR PROCESSING

The legal basis for the processing of data for the purposes set forth in the letters of the preceding article is:

  • the legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) for e-mail and/or SMS communications related to surveys, participation in events and initiatives and for the performance of information activities;
  • the consent (art. 6, par.1, letter a, GDPR) free, specific, informed, optionally provided by the User, if he/she intends to receive communications offered by the Owner and/or be subject to profiling activities and/or allow statistical analysis activities.
  • the legitimate interest of the Controller (Art. 6(1)(f) GDPR).

The Controller relies on its legitimate interests only if the processing of personal data does not override the interests and fundamental rights and freedoms of the User. The User has the right to object to all processing based on legitimate interest of the Controller. For processing based on the User’s consent, the User may revoke the consent previously given from his/her personal area on the Site. This activity does not affect the lawfulness of the processing of personal data prior to revocation.

6. RECIPIENTS OF DATA

Personal data of Users are disclosed, always and only for the purposes described above, to business partners.

6.1 Security

In the event that the Data Controller becomes aware that the security of the Site has been compromised or that personal data has been unauthorizedly disclosed to third parties as a result of security attacks or fraud, the Data Controller will take reasonably appropriate technical and organizational measures, including, investigation and reporting, as well as notification and cooperation with the Data Protection Authorities.

6.2 Legal Disclosure

The Owner discloses the User’s personal data in the following cases:

  • if required by law, judicial authority in civil, administrative or criminal legal proceedings, rule and/or regulation;
  • At the request of public authorities;
  • to investigate, prevent or act on illegal activities by assisting law enforcement;
  • To prevent physical harm and/or property loss and/or for rights of defense;
  • in connection with an investigation of suspected illegal activities;
  • To defend against any third-party claims or allegations; or
  • In the event that the Holder was subject to extraordinary corporate transactions, such as mergers and/or acquisitions.

6.3 Extra-EU/EEA transfers.

Considering the entrepreneurial organizational structure of the Data Controller, a transfer of personal data to third parties is carried out, which may be located in other countries of the European Union (EU), the European Economic Area (EEA) or in countries outside the EU or EEA.

Disclosure of Users’ data outside the EU or EEA is done in accordance with what is required by the legislation on the processing of personal data. The Data Controller shall take the necessary measures to protect Users’ personal data during the transfer, in compliance with legal guarantees. In particular, the same is done in accordance with Articles 45 and 46 of the GDPR, which provide for the adoption of Standard Contractual Clauses approved by the European Commission, as a legal mechanism for the transfer of data.

7. RIGHTS OF INTERESTED PARTIES

Data subjects have the right to obtain from GST in the cases provided for by law, access to their personal data (art. 15 – Regulation); to rectification (art. 16 – Regulation); to object to processing (art. 21 – Regulation); to cancellation of the same (art. 17 – Regulation); to limitation of processing (art. 18 – Regulation); to data portability (Art. 20 – Regulation); not to be subjected to decisions based solely on automated processing (Art. 22 – Regulation); to object to a complaint to a Supervisory Authority (Art. 77 – Regulation) or to withdraw consent (Art. 7 – Regulation).

The request can be made through one of the following channels:

  • certified e-mail at the following address: administration@gransassotech.org;
  • electronic mail to the following address: amministrazione@pec.gransassotech.it.

The Controller will endeavor, in accordance with the terms, manner, and limits provided by applicable law, to promptly acknowledge the request or to inform the User in the event that additional information is required to fulfill such request. Please note, however, that some of the rights may be exercised only in specific circumstances. Where it is not possible to comply with the request under the Data Privacy Act, it will be the Owner’s responsibility to communicate in writing the reasons for the refusal.

8. COMMUNICATION WAIVER AND PROFILE UPDATE

8.1 Communications

The User may opt out of receiving communications at any time, and in particular:

  • communications related to surveys, participation in events and initiatives and the performance of information activities: use one of the channels indicated above, making use of the right to “object to processing” or click on the unsubscribe link at the bottom of the communications.

8.2 Updating the profile

The User may update or correct his/her personal information through the personal area of his/her account or by contacting TEM administration through one of the above channels.

9. SECURITY MEASURES FOR THE PROTECTION OF YOUR PERSONAL DATA AND RETENTION PERIODS

9.1 Security Measures

The Owner has implemented appropriate technical and organizational measures to protect personal data from loss, misuse, modification, or destruction, such as: monitoring and prevention of security breaches, detection of vulnerabilities and attacks, storage of electronic records in secure and limited access Servers, use of encryption and firewalls, and training of authorized personnel.

The Site uses “Secure Sockets Layer” (SSL) encryption technology to protect personal information during transit. SSL encrypts order information such as name, street address, and credit card number.

In carrying out processing activities, the Owner undertakes to:

  • ensure the accuracy and update of the data processed, and promptly receive any corrections and/or additions requested by you;
  • Take appropriate security measures to ensure adequate data protection in view of the potential impacts of the processing on your fundamental rights and freedoms;
  • Notify you, within the timeframe and cases stipulated in the mandatory regulations, of any violations of your personal data;
  • Ensure compliance of processing operations with applicable legal requirements.

Moreover, the Data Controller processes the acquired personal data in full compliance with the principle of fairness, lawfulness and transparency, as well as with the provisions of the privacy legislation. In compliance with the GDPR and the Privacy Code, the Controller configures the information systems and computer programs by minimizing the use of personal data, so as to exclude its processing if the purposes pursued can be achieved by means of, respectively, anonymous data or appropriate methods that allow it to be identified only when necessary.

9.2 Storage of personal data

The Data Controller retains your personal data acquired in the course of browsing the Site as necessary to: comply with legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, and prevent fraud and abuse.

The User’s personal data are deleted or anonymized when they are no longer needed for the purposes defined above.

10. RIGHT OF COMPLAINT

Data subjects who believe that the processing of personal data relating to them carried out through this site is in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor, as provided for in Article 77 of the Regulation itself, or to take appropriate legal action (Article 79 of the Regulation).

Cookie Policy

Purpose of disclosure

With this Policy, Gran Sasso Tech Foundation based in L’Aquila, Viale Francesco Crispi, n. 7 (hereinafter also TEM) explains the types of Cookies and other tracking technologies (e.g., Flash Cookies, HTML 5 Cookies, Pixels or SDKs; hereinafter Cookies and the aforementioned technologies are referred to as “Cookies”) present on the Site https://spaceraise.academy/ and in the respective domain where this Policy is made available. The purposes and methods of the use of Cookies will also be explained; guidance will be provided as to how the User can deny, even at a later time, consent and/or change, at any time and in an easy manner, the options regarding the Site’s use of Cookies.

What are Cookies?

Cookies are usually files containing text strings that websites (so-called publishers, or “first parties”) visited by the User or different websites or web servers (so-called “third parties”) place and store – directly, in the case of publishers, and indirectly, i.e. through them, in the case of “third parties” – within a terminal device (pc, smartphone or tablet) in the availability of the same User by means of the browser (e.g. Microsoft Edge, Firefox, Safari, etc.).

Cookies can remain in the User’s browser for the duration of a session (i.e., until you close the browser used for web browsing) or for longer periods of time.

Cookies enable the Site to recognize the User’s device and allow, for example, web pages to load faster, route information over a network – in line, therefore, with fulfillments strictly related to the very operation of websites.

Unless otherwise specified, please note that third-party Cookies fall under the direct and exclusive responsibility of that operator. Further information on privacy and their use can therefore be found directly on the sites of the respective operators.

Taking into account the indications of the Privacy Guarantor and the opinions issued in the European context by the Article 29 Working Party (an independent European working group, now replaced by the European Data Protection Board, known as the EDPB), Cookies can be traced to the following macro-categories:

1. Technical cookies

These are those used for the sole purpose of “carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the User to provide such a service” (see Article 122, paragraph 1, of Legislative Decree No. 196/2003, also Privacy Code). They include:

  • Browsing or session Cookies: these are the Cookies that are not stored persistently on the User’s terminal and are deleted when the browser is closed and are strictly limited to the transmission of session identifiers necessary to enable the safe and efficient use of the Site.
  • Functionality cookies: they allow remembering the Site settings chosen by Users, such as language or privacy preferences, in order to improve the delivery of the content offered and the browsing experience, by changing the behavior or appearance of the Site (preferred language, text and font size, indication of geographic area).

For the use of such Cookies and other technical identifiers, the prior consent of Users is not required, while the obligation to give the information pursuant to Article 13 of Regulation (EU) No. 2016/679, which the Site operator may provide in the manner it deems most appropriate, remains unaffected.

2. Analytical cookies

Analytical Cookies may be used to track and examine the User’s use of the Sites, for reporting activities and to provide other services related to the Sites’ activities, as well as to perform navigation, as well as to assess the effectiveness of a service offered or to help measure traffic on the Site (e.g.: number of visitors, possibly broken down by geographic area, time of connection, stay on the Site or other characteristics). They are assimilated in terms of their legal regulation to Technical Cookies where they are used directly by the Site owner to collect information, in aggregate form, on the number of Users and how they visit the Site

Analytical Cookies installed by third parties do not require the collection of prior consent from the User if they do not allow the direct identification of the data subject in order to prevent the use of direct and unique identifiers.

The User’s consent will be required for analytical Cookies installed by third parties without safeguards aimed at minimizing the processing of data collected through the same Cookies.

How do you delete cookies?

Each User can change the use of Cookies through the settings of the browser in use.

The User can change the default configuration and, by setting the highest level of protection, disable all Cookies permanently. It should be noted, however, that this setting may render the Site unusable if Cookies that are essential for the proper delivery of functionality are blocked.

This could happen even if Cookies are deleted from the browser.

The settings for blocking or deleting Cookies from your device vary depending on the type of terminal (PC, smartphone, etc.) and the type of browser used and are usually found under “options” or “preferences.”

Below are links to instructions for common browsers:

Microsoft Edge – guide

Google Chrome – guide

Mozilla Firefox – guide

Apple Safari – guide

Opera – guide

See the Site for disclosures and to disable third-party analytic cookies:

www.youronlinechoices.com/it. Once on the Site, by accessing the “Your Choices” area you will be able to view the list of third parties that install Cookies, check the activity status of the installed Cookie, and manage your consent in detail.

Types and categories of Cookies used by GST on the Site and purposes

The Site uses Technical Cookies limited to what is necessary to enable the safe and efficient exploration of the Site. Analytical Cookies are also used for the production of statistics that do not allow the identification of the IP addresses of those browsing the Site. The installation and use of such Cookies does not require the prior request of the User’s consent as they are equivalent to Technical Cookies.

To review the characteristics and purposes of the individual Cookies installed by the Site, with a list of any other recipients of personal data, retention times of the information you can click on the following link.

Changes to the Cookie Policy

GST reserves the right to change the Cookie Policy at any time, including to ensure compliance with any regulatory changes. The User is suggested to check, at the bottom of the page, the date of the last revision.

Any change in this policy will take effect on the date it is posted on the Site.