Dear User, we would like to inform you how and why the Partners of the MEDEWSA project (hereinafter referred to simply as “We” or “Us”) processes your personal data acquired through the website https://www.medewsa.eu/ (the “Site” or “Website“).
This document is divided into five sections:
- Section I, containing information generally valid for all processing carried out through the Site;
- Section II, containing information on the processing of personal data collected through contact forms;
- Section III, on the processing of personal data collected through event registration forms, including webinars;
- Section IV, on sending newsletters and other informative communications on initiatives and activities related to the project
; - Section V, on the use of cookies.
This information does not concern other sites, pages or online services that can be reached via hypertext links that may be published on the Site but that refer to resources outside the project’s domain, such as other entities involved in projects, newspapers and magazines that talk about the project, Facebook, Instagram, Linkedin, YouTube. Regarding the processing of personal data carried out by the social media platforms, please refer to the information provided by them in their respective privacy notices. We process personal data provided by users through the pages of the social media platforms dedicated to the project, as part of its purpose to interact with users (comments, posts, etc.).
***
SECTION I – GENERAL INFORMATION AND BROWSING DATA
Contact details of the data controllers
The data controllers are the Project Partners, listed www.medewsa.eu/consortium
The content manager of the website is the CMCC Foundation.
For any privacy-related issues and inquiries regarding the processing of personal data, as well as to exercise the rights provided for by the GDPR (see next paragraph), Data Subjects can contact the Partners at the address of the common contact point:
Recipients of personal data and data transfer
Personal data collected through the Site may be disclosed to:
- authorized Partner’s internal staff;
- other stakeholders involved in the project activities;
- the service providers relating to the website itself.
Personal data will not be transferred abroad to countries or international organizations outside the European Union that do not guarantee an adequate level of protection recognized under Article 45 of the GDPR, based on an adequacy decision of the EU Commission. In case it becomes necessary for the provision of Website services, the transfer of personal data to countries or international organizations outside the EU, for which the Commission has not adopted any adequacy decision under Article 45 of the GDPR, will only take place if adequate safeguards are provided by the recipient country or organization, in accordance with Article 46 of the GDPR, and provided that data subjects have enforceable rights and effective remedies. In the absence of an adequacy decision of the Commission under Article 45 of the GDPR, or adequate safeguards under Article 46 of the GDPR, including binding corporate rules, cross-border transfers will only take place if one of the conditions indicated in Article 49 of the GDPR is met.
Browsing data
The computer systems and software procedures used to operate the Website automatically acquire certain personal data. The transmission of this data is inherent in the use of Internet communication protocols.
These data are processed for purposes related to the provision of services offered through the Website, ensuring the proper functioning of the services themselves.
This category of data includes:
- Visitor’s IP address;
- Date and time of access;
- Page viewed;
- Referring page, if any;
- Browser and operating system used.
These data are not collected to be associated with identified individuals, but they could allow the identification of users through processing and association with data held by the Data Controller or by third parties.
Browsing and usage data are processed for the following purposes:
- Ensuring the proper functioning of the Website and the usability of its services, including the display of content on external platforms and interaction with social networks and external platforms;
- Obtaining aggregate and anonymized statistical information about the use of the Website (e.g., most visited pages, number of visitors per hour or day, geographical areas of origin, etc.);
- Protecting our systems from possible cyber-attacks.
In relation to such data, the legal basis for processing can be found, depending on the cases, in the performance of a contract of which the data subject is a party (pursuant to Article 6, paragraph 1, letter b) of the GDPR) or in the pursuit of a legitimate interest of the Controller (pursuant to Article 6, paragraph 1, letter f) of the GDPR).
Rights of Data Subject
What rights do you have in relation to your personal data?
As a Data Subject within the meaning of Regulation (EU) 2016/679, you have the right to request Us the access to and the rectification or erasure of your personal data or the restriction of the processing of personal data concerning you or (where the processing is based on the need to pursue the legitimate interest of the data controller or a third party) to object to its processing, in addition to the right to data portability, subject to certain conditions being met.
Right to withdraw consent
You also have the right to withdraw your consent, limited to cases where you have given Us consent to process your personal data. Any consent may be revoked at any time.
How to exercise these rights
For any questions related to privacy and the processing of personal data, as well as to exercise your rights under the GDPR, you can contact the Project Contact Point Mr. via e-mail medewsa@wmo.int.
Communication on the same matter can also be submitted through the contact channels of each partner listed above.
Right to lodge a complaint with the relevant Authority
In addition, you have the right to lodge a complaint with the Data Protection Authority, at the addresses and in the manner indicated on the Authority’s institutional website, should you consider that the processing of your personal data violates the provisions of the law.
SECTION II – PROCESSING OF DATA COLLECTED THROUGH CONTACT FORMS
We process the data acquired through the contact forms on the Site in order to comply with your request to be contacted to receive information, as well as to respond to any further requests you may have. In such case, the lawfulness of the processing activities resides in Article 6(1)(b) of the GDPR.
You are not obliged to send us your data via the contact form, but if you wish to receive information via this communication channel, you must enter the correct data indicated as mandatory. Without them, we will not be able to follow up on your request to be contacted.
Data will be retained for 1 year after acquisition, unless our relationship continues (for example, through our newsletter service).
SECTION III – PROCESSING OF DATA COLLECTED THROUGH EVENT REGISTRATION FORMS
We process the data acquired through the event registration forms, including webinars, on the Site in order to register you for the chosen event and provide you with information relevant to it. In such case, the lawfulness of the processing activities resides in Article 6(1)(b) of the GDPR.
Specifically, for in person events, we may ask your specific consent (Article 9(2)(a) of the GDPR) for processing information concerning your health status and/or religious and/or philosophical orientation will be used to provide a safe and suitable service based on your condition.
Furthermore, during the events, we will record, stream, and capture images that will later be shared on relevant social channels for the purpose of disseminating scientific knowledge and documenting the event itself, pursuing our legitimate interest (Article 6(1)(f) of the GDPR)
You are not obliged to send us your data via the registration form, but this is necessary to complete your registration and thus to participate in the event, unless you have other ways and/or channels to proceed with your registration.
In the case of webinars and other events that can be attended via the Internet, the data may be disclosed to the operators of the platforms through which the events are made available to users (e.g. Zoom).
In addition, by adding the event to your calendar, via the appropriate function on the Site, if any, you will share some of your personal data with the company managing the chosen application (e.g. Google Calendar, Outlook 365, etc.).
The data will be retained for 5 years after acquisition, unless our relationship continues (for example, through our newsletter service as per the Section IV).
However, this information may be specifically integrated by the partner responsible for organizing the event (both remotely and in person). In this case, please refer to the specific notice prepared.
SECTION IV – NEWSLETTERS AND OTHER INFORMATIVE COMMUNICATIONS
Entering and submitting your e-mail address via interactive forms may result in using your e-mail address to subscribe you to our newsletter and/or to send you our newsletter and other informative communications about Project’s initiatives and activities. In such case, the lawfulness of the processing activities resides in Article 6(1)(b) of the GDPR.
We give you the opportunity to object, from the outset, to receiving such communications by clicking on a special virtual button within the same interactive form.
In any case, you may exercise this right to opt out at any time later by clicking on a specific link included in the footer of the message or writing us an e-mail at the aforementioned contacts: it is not necessary to tell us why you no longer wish to receive newsletters and/or other similar communications, it is sufficient to write, even if only in the subject line of the e-mail, a sentence such as “I no longer wish to receive newsletters and other communications of this type”. In this case, we will take care of your request and remove your e-mail from the list of recipients of newsletters and/or other informative communications.
You will, however, always be free to request to receive such communications again.
SECTION V – COOKIES
What are cookies?
Generally speaking, cookies are strings of text that websites (so-called ‘first party’) visited by the user or different websites or web servers (so-called ‘third parties’) place and store in a terminal device available to the user. Depending on the function performed, it is generally possible to distinguish the following types of cookies:
- technical cookies, which are necessary for the operation of the Site and do not require the user’s consent;
- analytics cookies, which are comparable to technical cookies if certain conditions are met;
- non-technical cookies, for which the user’s consent is required, usually used to trace specific actions or behavioural patterns back to specific, identifiable or identified subjects in order to group them into different profiles within homogeneous clusters, so that it is also possible to modulate the provision of the service in a personalised manner, or to send advertising messages in line with the preferences expressed by the user when surfing the web.
Which cookies we or third parties use, and when we need your consent
Through the navigation of the Site, technical cookies, analytical cookies and non-technical cookies may be installed on your device. For the use of technical cookies, as well as analytical cookies where they are comparable to technical cookies, We do not collect user consent. For the use of non-technical cookies, on the other hand, We collect the user’s consent, which is expressed through the Site’s cookie banner, and which can be revoked by the user at any time through the Site’s widget through which the user can express his/her preferences at any time. Consent to the use of cookies may also be revoked in the ways indicated at the end of this document.
Non-technical cookies include: preference cookies, which allow the Site to store information that affects its behaviour or appearance, such as your preferred language or location; marketing cookies, which are used to track visitors to websites. The following fall into the category of non-technical cookies:
Further useful information for the user
The removal of previously installed cookies is also possible thanks to special functions of the browser or device used.
Cookies in the local browser memory can be removed by completely deleting the browsing history.
With regard to third-party cookies, users can manage their preferences and revoke their consent by visiting the relevant opt-out link (if available), using the tools described in the third party’s privacy policy or by contacting the third party directly.
Further information on how to manage cookies in some of the most popular browsers can be found at the following addresses:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=it
Mozilla Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Apple Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT
Microsoft Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge: https://support.microsoft.com/it-it/microsoft-edge/eliminare-i-cookie-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
Brave: https://support.brave.com/hc/en-us/articles/360022806212-How-do-I-use-Shields-while-browsing
Opera: http://help.opera.com/Windows/10.00/it/cookies.html
It is also possible for tracking tools on mobile applications to be deactivated via the appropriate device settings, such as mobile advertising settings or tracking settings in general (you can consult your device settings to find the relevant one).
More information regarding the deactivation of interest-based advertising can be retrieved from YourOnlineChoices (EU): https://www.youronlinechoices.com/it/ or other similar services. With these services it is possible to manage the tracking preferences of most advertising tools.