PRIVACY POLICY
TO WHOM THIS POLICY APPLIES?
This policy is addressed to individuals who will use the services provided by the knowledge-share.eu website, namely:
WHO PROCESSES THE DATA?
The data controller for all processing activities resulting from the use of the knowledge-share.eu website and any subdomains is the Netval Association (Tax Code 92053760135 - VAT IT03092240138). Regarding the processing activities covered by this policy, the data controller can be contacted using the following contact details: Netval Association – Lecco (LC), Via Gaetano Previati No. 1/C Email: segreteria@netval.it PEC (Certified Email): netval@pec.it Phone: +39.0382.984895 The data controller has appointed a Data Protection Officer (DPO), to whom any requests regarding data processing can be addressed. The Data Protection Officer can be contacted using the following contact details: Netval c/o Scuola IUSS – Pavia (PV), Piazza della Vittoria No. 15 Email: privacy@netval.it Phone: +39.0382.984895
FOR WHAT PURPOSES ARE THE DATA PROCESSED?
The data collected by the data controller is used for the following purposes:
• Improve website usage and record statistics on its usage;
• Ensure access to the features of the reserved area;
• Respond to requests from Data Subjects;
• Send institutional communications to Data Subjects;
• Send commercial communications to Data Subjects.
The data of Third-party Data Subjects is used exclusively to list them as inventors within the knowledge-share.eu website.
WHAT DATA IS PROCESSED?
For the management of services provided through the knowledge-share.eu website, the following data is processed:
• For website navigation: UserAgent (mandatory), IP address, location, website activities (optional);
• To contact Netval: Name, Surname, Email (mandatory);
• For website registration: Name, Surname, Email, Username, Company/Entity Data (mandatory);
• For newsletter subscription: Email (mandatory), Name, Surname (optional).
ON WHAT LEGAL BASIS ARE THE DATA PROCESSED?
The data controller will process the personal data of Data Subjects only if at least one of the following conditions exists:
• The processing is necessary for the performance of a contract and/or for the execution of pre-contractual measures (access to the reserved area; contact requests);
• The processing is based on the explicit consent of the Data Subject (navigation; sending commercial communications);
• The processing is based on the legitimate interest of the data controller (sending institutional communications).
In any case, it will always be possible to request clarification from the data controller regarding the specific legal basis of each processing activity, specifying whether the processing is required by contract, necessary to conclude a contract, based on consent, or grounded in the legitimate interest of the data controller.
If the Data Subject revokes their consent to the processing, the data controller may continue processing for legal obligations and/or based on the legal basis of its legitimate interest. The processing of data of Third-party Data Subjects is based on the consent expressed by the individual who first uploaded or requested the upload of the personal data of the Third-party Data Subjects.
WHERE ARE THE DATA PROCESSED?
The data collected through the knowledge-share.eu website will be processed by the data controller in Italy. The data will be processed by the data processor at its offices and branches located in the European Union.
IS IT MANDATORY TO PROVIDE THE DATA?
The provision of data by the Data Subject is mandatory to fulfill the requests of the Data Subject, such as contact requests, website registration and access to the reserved area, or receipt of communications. Refusal to provide the data will make it impossible to provide the requested service, preventing the Data Subject from contacting the data controller, registering on the website, or receiving commercial communications. The provision of data collected through technical cookies is mandatory to proceed with website navigation, while it is optional for analytical and profiling cookies.
TO WHOM ARE THE DATA COMMUNICATED?
The data collected and processed by the data controller may be communicated to public and private entities, strictly as provided by law, in compliance with applicable regulations. Some data will be subject to disclosure through the website, in line with the institutional purposes of the knowledge-share.eu website and in accordance with the Terms of Use of the platform.
HOW LONG ARE THE DATA PROCESSED?
The data collected through the knowledge-share.eu website is stored and processed only for the duration of the purposes for which it was collected, namely:
• In the case of navigation, the data is processed for the duration specified for each cookie;
• In the case of contact requests, the data will be processed until the request is fully processed, and in any case for a period not exceeding 12 months;
• In the case of newsletter subscription, until the Data Subject revokes consent to the processing or requests to be removed from the service;
• In the case of institutional communications, as long as the Data Subject remains registered on the knowledge-share.eu portal;
• In the case of website registration, until the Data Subject requests the deletion of their account from the knowledge-share.eu portal.
At the end of the specified period for each activity, the data will be destroyed or, if necessary, anonymized for statistical purposes.
HOW ARE DATA SUBJECTS PROTECTED?
Data Subjects can protect themselves and their personal data by exercising the rights provided by current European legislation, by sending a request in a free form to the data controller. The data controller will respond as soon as possible, in any case within one month of receiving the request, or, if additional time is needed to process the request, within a maximum of two months. In the latter case, the data controller will inform the Data Subject of the reasons for the delay. If the data controller does not consider it necessary to comply with the request, it will communicate the refusal directly to the Data Subject within one month of receiving the request. In this case, the Data Subject can file a complaint with the Supervisory Authority of their country or resort to the Judicial Authority of their country. The exercise of Data Subject rights is free, unless the requests are manifestly unfounded or repetitive. In such cases, the data controller may charge a fee or refuse the request.
The Data Subject can exercise their Right of Access, according to Article 15 of EU Regulation 2016/679, by sending a request to the data controller to confirm whether there is (or is not) ongoing processing of data concerning them. Using the same methods, the Data Subject can request to know: what data is processed and for what purposes; how long the data is stored; if the data has been or will be communicated to other parties, and the identity of these parties and the country where they are located, as well as the existence of adequate guarantees for the transfer; the right to request rectification, limitation, or deletion of their data; the right to object to processing; the right to lodge a complaint with a Supervisory Authority; the existence of automated decision-making, including profiling, and the consequences of such processing.
The Data Subject also has the right to receive a free copy of their personal data undergoing processing, provided that this does not adversely affect the rights and freedoms of others; any additional copies requested may be subject to a fee.
The Data Subject can exercise their Right to Rectification, according to Article 16 of EU Regulation 2016/679, by sending a request to the data controller to correct inaccurate data concerning them. Using the same methods, the Data Subject can request that the processed data be supplemented with other information, providing their own declaration to that effect.
The Data Subject can exercise their Right to Erasure, according to Article 17 of EU Regulation 2016/679, by sending a request to the data controller to delete the personal data collected and processed by the data controller in one of the following cases: if the personal data is no longer necessary for the purposes for which it was collected; if the Data Subject has withdrawn their consent to the processing; if the Data Subject objects to the processing; if the personal data has been processed unlawfully by the data controller; if the data must be deleted to fulfill a legal obligation to which the data controller is subject; if the Data Subject is under 16 years of age and the individuals with parental responsibility have not given their consent. If the data controller has made the Data Subject's personal data public and is obliged to delete it, they will inform any other parties processing the Data Subject's data of the request for deletion, to the extent of the actual technical and economic feasibility of this procedure.
The Data Subject can exercise their Right to Restriction, according to Article 18 of EU Regulation 2016/679, by sending a request to the data controller for the processing of data to be limited solely to the storage of the data, without the data controller being able to perform other operations, in one of the following cases: if the Data Subject disputes the accuracy of the data, for the time necessary for the data controller to verify it; if the processing is unlawful, and the Data Subject opposes erasure; if the data controller no longer needs to process the data but must keep it for judicial reasons; if the Data Subject has objected to the processing, for the time necessary to verify the balance between the Data Subject's rights and the legitimate interests of the data controller.
The Data Subject can exercise their Right to Object, according to Article 21 of EU Regulation 2016/679, at any time and for reasons related to their particular situation. This right can be exercised by sending a communication to the data controller in cases where the processing is based on the legitimate interest of the data controller or where the data is processed for scientific research or statistical purposes.
The Data Subject can exercise their Right to Data Portability, according to Article 20 of EU Regulation 2016/679, by sending a request to the data controller to receive their personal data in a structured, commonly used, and machine-readable format. Using the same methods, the Data Subject can request that their data be transmitted to another data controller. However, the exercise of this right must not infringe on the rights and freedoms of others. The data will be communicated in a commonly recognized format characterized by interoperability.
If the Data Subject believes that the processing of their personal data is in violation of European Regulation 2016/679, they have the right to file a complaint with the Supervisory Authority, according to Article 77 of EU Regulation 2016/679, choosing from the Supervisory Authorities of the Member State in which they reside, work, or where the alleged violation occurred. In any case, the Data Subject can take action to protect their rights by appealing to the Administrative and/or Judicial Authority of their country.
The Data Subject can revoke consent to the processing of their data at any time, using the same methods by which they provided consent or by sending a communication to the data controller. The revocation of consent will not affect processing already carried out but will result in the interruption of ongoing processing and the destruction of the Data Subject's data.