Why this notice
This informative note is in accordance with Art. 13 of Regulation (EU) 2016/679 (hereafter, “GDPR”) and addressed to visitors and users of the web services provided by the Fondazione Eni Enrico Mattei (FEEM), which are accessible electronically from the website www.feem.it (hereafter, “Website”), corresponding to the first page of the FEEM official website. This notification is made for the Website only, and it should not be extended to other websites which could be accessed by the Users via links.
a. The data controller
The data controller (hereafter, “Controller”) is the Fondazione Eni Enrico Mattei (FEEM), with headquarters in Milan, Corso Magenta 63. The Controller’s email address is: email@example.com.
b. Types of data processed, purposes and legal basis of data processing
b1) Navigation data
The computer systems and software procedures for the operation of the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. The following items fall into this data category: IP addresses or domain names of the computers or terminals used by the Users who connect to the Website; the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the requested resources; the time of the request; the method used to submit the request to the server; the size of the files obtained in reply; the numeric code indicating the server response status (OK, error, etc.); other parameters related to the operating system and the computer environment of the Users. The relevant processing operations are necessary to enable the User to optimally navigate the Site and are based on the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract, arising from the access to the Website.
b2) Data the Users provide directly
(i) First and last name, institution of affiliation and e-mail address, aimed at responding to User’s request to remain updated on the Controller’s activities. The processing is based on the execution of pre-contractual measures taken at the request of the User. In order to execute the request, the e-mail address is necessary. The provision of further data is optional: if provided, they may be used to manually select content deemed of greater interest to the User.
(ii) First name, last name, e-mail address, any other common data that the User will voluntarily provide in messages sent to the contact addresses of the Controller (such as firstname.lastname@example.org); the processing is aimed at responding to specific requests made from time to time by the User and is based on the execution of pre-contractual measures originating from the expression of interest and request for contact. In order to respond to the requests of the User, all the data requested are necessary. Concise and sector-specific information will be published on the pages of the Website set up for the provision of individual services.
c. Data processing methods
Processing is carried out both electronically and manually and contacts will be made by e-mail.
d. Period of retention of personal data
The navigation data referred to in point b1) will be stored for the duration of the navigation session. The data communicated by the User for the purpose b2) (i) will be kept until such time as the User requests to stop receiving information on the Controller’s activities. Failing that, they will be kept as long as the Data Controller continues its mission. The data communicated by the User for the purpose b2)(ii) will be kept for the time necessary to fulfil the requests of the User.
e. Recipients/categories of recipients of the personal data
For the aims described above, the personal data will be transmitted to:
- the Website managers, the staff members involved in: the provision of the specific services requested by the Users, the computer systems, data security and storage, persons who are authorised to process personal data by the Controller;
- external email sending service companies.
Furthermore, the data may be communicated:
- to Government Administrations, Authorities and Controller’s internal control bodies in the exercise of their functions, also during inspections and audits;
- to subjects who can access your data by virtue of legal provisions as well as regulations of a supplementary or European Union nature.
Recipients are listed only by category, as they are subject to frequent updates and revisions. You may request an updated list of the recipients by contacting the Controller of the processing at the e-mail address indicated above.
f. Transfers of personal data to non-EU countries
Your personal data may be temporarily transferred – in connection with the use of the MailChimp email sending platform – to the USA. This will occur in the absence of both an adequacy decision by the European Commission relating to the destination country and adequate safeguards, with the risk that your data may be made accessible to third parties in the destination country: for example, to respond to a subpoena or request from law enforcement, a court or a government agency (e.g., for national security purposes). Your consent is required for this transfer, without which your request cannot be fulfilled.
g. Data subject’s rights
The data subject has the right, by writing to email@example.com:
- request to unsubscribe from the Controller’s mailing list in order to no longer receive updates on the relevant activity at any time and without giving any reason;
- withdraw consent to the transfer of personal data to the USA, at any time and freely;
- to file a complaint, pursuant to Art. 77 of the GDPR, with the national oversight Authority of the member state of the European Union in which you have your habitual residence or place of work, or where the alleged violation of your rights took place. In the event that state is Italy, the entity to which to write is the Personal Data Protection Authority.
Moreover, the data subject may also exercise the following rights in regard to the Controller at any time, free of charge:
Right to access: allows you to obtain confirmation on whether processing of personal data regarding you is taking place, and if it is, to obtain access to your personal data;
Right to rectification: allows you to obtain the rectification/completion of inexact/incomplete personal data;
Right to erasure: allows you to obtain, in the cases allowed by law, the erasure of your personal data;
Right to restriction of processing: allows you to obtain, in the cases allowed by law, the restriction of the processing of your personal data (i.e. the marking of the personal data retained with the objective of restricting its processing in the future);
Right to data portability: allows you to receive the personal data regarding you in a structured, commonly used and machine-readable format, in the cases provided for by law and limited to the data you have provided to the Controller, and also the right to transmit that data to another data controller.
Updated on December 21st, 2021