Controller’s identity and contacts
———————————-
Fondazione Umberto Veronesi ETS – via Solferino 19, 20121 Milano (MI – Italy), tax code 97298700150, tel. 02 76018187; privacy@fondazioneveronesi.it. (hereinafter: “Controller” or “Foundation”).
Source of data and purposes of processing
—————————————–
Personal data are provided directly by the data subject (applicant or researcher). They are processed for the following purposes:
1. to carry out activities connected to the FUV Grants for which the candidate applies, which consist of: a. Analysis of the application as regards the accuracy and completeness of the requirements needed to take part in the Grants, including information about scientific publications written in cooperation with other authors / researchers and by the candidate and other materials mandatory to comply with the rules of the Grants b. Evaluation of the application by a Scientific Committee c. Selection of the candidates who have the necessary qualifications to be entitled to the allocation of funding for the proposed research, by way of salary, to perform the activity inside the hosting structure d. Contacts with the chosen candidates in order to obtain their acceptance of the Grant regarding the topic in which they are interested e. Communication of the selected candidates’ personal data to the companies and structures which financially support the researcher, for their institutional purposes and the granting of the research fellowship
2. to carry out administrative and accounting activities connected to the selection and acceptance of the application
3. to comply with laws, regulations and EU legislation
4. to disseminate personal data, images and statements in video / photographic format of the chosen candidates for their publication in the “Book of Grants” and on the media – on-line and off-line, for the purpose of demonstrating the initiatives and research mission of the Foundation and of the results of the Grants
5. to carry out contacts on our institutional communications activities and to make known and document the scientific and medical research project in which the researcher has demonstrated interest by applying for the Grants, as well as for surveys and market researches. These purposes include fundraising activities and communications on events and initiatives organised by the Controller, updates through newsletter and so on 6. to carry out statistical analysis on the applicants 7. to establish, exercise, or defend legal claims, in court proceedings, for the Controller’s or third parties’ rights.
Means of processing
——————-
1. The Controller processes data with automatic means and without any criteria of elaboration and analysis, storing them in its filing systems. Preventative secure measures are applied to prevent data from loss, destruction, alteration (whether by accident or not), unlawful or unauthorised access.
2. To carry out processing referred to in point 1, “Source of data and purposes of processing”, Foundation will interconnect – without electronic means – information provided by the applicant in order to create a profile and evaluate whether the applicant has the requirements to be entitled to the funding of the proposed research financing funds. The evaluation of the requirements of candidates will result in a profiling activity which does not involve an automated decision-making process.
3. To carry out the processing referred to in point 5., “Source of data and purposes of processing”, the Controller uses the means of contact preferred by the data subject and provided directly by the data subject. Phone number will be used for the said purposes in compliance with law 05/1028: if entered in “Registro Pubblico delle Opposizioni”, the phone number will not be used for such purposes, provided that the data subject gives subsequently consent to Foundation. Such contacts may be carried out with traditional (e.g.: vocal calls) and electronic means.
4. Statistical analysis will be carried out elaborating data relating to the data subject and have as an outcome anonymous data which cannot be matched to the data subject any more.
5. If special categories of data (art. 9, par. 1, GDPR: “data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation”) are provided, they will be processed only for the purposes referred to in point 1., “Source of data and purpose of processing” and they will not be an element of discrimination for the evaluation of the application.
Legal basis of the processing
—————————–
Depending on the purpose of processing, the legal bases of the processing are:
1. for the purpose referred to in point 1., “Source of data and purposes of processing”, the legal basis is art. 6, par. 1, letter b), GDPR, since data processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. In this case, to carry out the evaluation of the application for the Grant. In case special categories of data have been provided the legal basis for the processing is data subject’s consent (art. 9, par. 2, letter a), GDPR)
2. for the purposes referred to in points 2. and 3., “Source of data and purposes of processing”, the legal basis is art. 6, par. 1, letter c), GDPR, since processing is carried out to comply with legal obligations to which the Controller is subject
3. for the purposes referred to in point 4., “Source of data and purposes of processing”, the legal basis is the “legitimate interest” (art. 6, par. 1, letter f, GDPR) pursued by Foundation to inform on its institutional activities, documenting them through on-line and off-line media so as to demonstrate the constant commitment to the realisation of the mission in scientific research. Anyway, data processing is also based on the data subject’s consent for the dissemination of personal data (art. 6, par. 1, letter a), GDPR)
4. for the purposes referred to in point 5., “Source of data and purposes of processing”, the legal basis is the “legitimate interest” (art. 6, par. 1, letter f, GDPR, Recital 47, GDPR and Opinion 6/2014 Working Party 29, par. III.3.1.)) pursued by Foundation to inform on projects for medical and scientific research for which the researcher, by sending an application, has demonstrated to be interested in and to share Foundation’s principles. If interested, the data subject can support these projects donating or taking part in our events or replying to surveys
5. for the purposes referred in point 6., “Source of data and purposes of processing”, the legal basis is the “legitimate interest” (art. 6, par. 1, letter f, GDPR, Recital 47, GDPR and Opinion 6/2014
Working Party 29, par. III.3.1.)) pursued by Foundation in studying the characteristics of the applicants so as to adjust its proposals of applications
6. for the purposes referred to in point 7., “Source of data and purposes of processing”, the legal basis is the “legitimate interest” (art. 6, par. 1, letter f, GDPR, Recital 47, GDPR and Opinion 6/2014 Working Party 29, par. III.3.1.)) pursued by Foundation or by a third party to establish, exercise, or defend legal claims in judiciary.
Processors, persons authorised for data processing, autonomous controllers
————————————————————————–
1. Data will be processed by the persons authorised for the processing and acting under the authority of the data controller and in charge of: Scientific Supervision, communication and institutional Department, fundraising Department, administration and information technology and data security.
2. Data will be processed also by the Scientific Committee to evaluate, select and determine the rank of applications.
3. Data will be processed also by processors in charge of the services connected to the management of the website where data are collected.
Communication and dissemination of personal data
————————————————
1. Data are not communicated to associations, companies or bodies, unless the data subject gives consent.
2. Personal data may be communicated to supervisory authorities and judiciary or public bodies for their institutional tasks on their request or to assert, exercise, defend a right in judiciary by Foundation or by a third party.
3. Data, images and statements in video / photographic format of the chosen candidates will be disseminated for their publication in the “Book of Grants” and on the media – on-line and off- line – for the purpose of demonstrating the initiatives and research mission of the Foundation and of the results of the Grants.
Period of data storage
———————-
Depending on the purposes of data processing, the criteria used to determine the period of storage of personal data are:
1. for the purpose referred to in point 1., “Source of data and purposes of processing”, data shall be stored as long as it is necessary to evaluate, analyse, select the researcher for the Grant. This period may be extended if the profile is not of immediate interest, but it is deemed useful for future similar selections. The period of two year is considered appropriate, since later the profile may have been changed or the person may have been employed in a different job.
2. for the purposes referred to in points 2. and 3., “Source of data and purposes of processing”, the period of data storage is determined by the single national and EU rules and laws governing legal obligations to which the Controller is subject.
3. for the purposes referred to in point 4., “Source of data and purposes of processing”, data storage is determined by the time necessary to create “Book of Grants” and for the period which Foundation believes appropriate to disseminate the project of research which involves the researcher, because it is considered meaningful for the dissemination of institutional activities and mission supporting medical and scientific research
4. for the purposes referred to in point 5., “Source of data and purposes of processing”, data will be stored in our filing system until Foundation considers that the data subject shares the Controller’s institutional principles. Foundation will not contact the person any more if the data subject object to processing for such promotional purposes
5. for the purposes referred to in point 6., “Source of data and purposes of processing”, there is no limit of storage, since the statistical purposes do not entail personal data processing, being only anonymous data
6. for the purposes referred to in point 7., “Source of data and purposes of processing”, the period of data storage depends on the duration of the legal proceedings and on from what it is imposed by supervisory authorities and institutional bodies. Afterwards, identification data will be anonymised for statistical reports and analysis and then deleted from our filing system.
Where data are processed and data transfer to third Countries
————————————————————-
Data processing and storage will be carried out on the Controller’s server and /or of companies in charge of processing and designated as processors, located in EU territory. No transfer to third Countries is intended so far.
Data subjects’ rights
———————
Pursuant to articles 15-22, GDPR, contact privacy@fondazioneveronesi.it for information about your data handling. You may request the list of data processors and exercise your right of access, rectification, right to be forgotten, restriction of processing, data portability, and you can object to the processing of your data on legitimate grounds or for the sending of institutional and informational communications.
How to lodge a complaint with the supervisory authority
——————————————————-
The data subject has the right to lodge a complaint with the supervisory authority (Garante per la Protezione dei Dati Personali – Piazza Venezia 11, 00187 Roma (RM – Italy) – https://www.garanteprivacy.it, e-mail protocollo@pec.gpdp.it, format https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb- display/docweb/4535524&zx=e0yn0riezmmw) to exercise and defend the right of data protection.
Data Protection
———————–
For information about data processing, write to privacy@fondazioneveronesi.it.