PRIVACY POLICY

WEBSITE STAPLES

PRIVACY POLICY PURSUANT TO ART 13 OF THE EU REGULATION NO. 679/2016

REGULATORY FRAMEWORK

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications).

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1. DATA CONTROLLER

When you visit and use our website, we may collect and process personal data, where personal data means any information relating to an identified or identifiable natural person (hereafter, referred to as “Data”). The Data Controller is Fondazione Politecnico di Milano, established in piazza leonardo da Vinci, 32 – 20123 Milano – Italy, with VAT number 4080270962 e-mail privacy@fondazione.polimi.it. The Data Controller appointed the italian company Avvera S.r.l. as Data Protection Officer – DPO), e-mail: fpm-dpo@fondazione.polimi.it

2. TYPE OF DATA PROCESSED

Browsing data

The computer systems and software procedures used to run this website acquire personal data as part of their standard operations. The transmission of such fata is an inherent feature of internet communication protocols.

This information is not collected in order to be associated with identified interested parties (data subjects) but might, because of the type of information it is, allow users to be identified through processes of elaboration and association with data held by third parties.

This category of data includes

• IP addresses and/or the domain names of computers used by users who connect to this website,
• the URI (Uniform Resource Identifier) notation of the requested resources,
• the time of request, the method used to submit the request to the server,
• the size of the file received in reply, the numerical code indicating the status of the response given by the server (successful, error, etc.)
• and other parameters relating to the user’s operating system and IT environment.

This data will not persist for more than 12 month These data are used for the sole purpose of computing anonymous statistics about the usage of the website and to check that it is working correctly. The data could be used to ascertain liability in the event of any computer crimes against this website. With the exception of this possibility, web contact data are deleted immediately after being elaborated.

Data provided by the user voluntarily.

The Data that users provide optionally, explicitly and voluntarily in messages or that users provide when compiling registration forms on this site will then be collected and stored by FPM, in order for FPM to provide the services requested such as register the user’s participation in events/conferences and or promote STAPLES related initiatives.

Specific privacy policies are displayed below

3.COOKIES

Cookies are small text files containing a certain amount of information exchanged between a website and the user’s device (usually the browser). They are mainly used for the purpose of making websites function and operate more efficiently, as well as for the purpose of providing information to the owners of the website. Cookies can be either session or persistent. Session cookies remain stored in the terminal for a short period of time and are deleted as soon as the user closes the browser. Their use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable secure and efficient exploration of the site. Persistent cookies, on the other hand, remain stored in the user’s terminal until a pre-determined expiration date. Since they are not erased immediately when the browser is closed, these cookies allow to remember the choices made by the user on the website as well as to collect information about the browsed pages, the frequency of the browsing of the website, and identifying the users’ browsing path, in order to improve the experience on the website. Cookies, whether session or persistent, can finally be first-party or third-party depending on whether the subject installing the cookies on the user’s device is the owner of the website (first-party cookies) or a different subject (third-party cookies).

Cookies management

Normally, web browsers allow the control of most cookies through the settings of the browser itself. Please note, however, that the total or partial disabling of so-called technical cookies may affect the website’s functionality. In any case, if you do not wish to receive any type of cookies on your device, either from this website or others, you can raise the level of privacy protection by changing the security settings of your browser:

Mozilla Firefox:  https://support.mozilla.org/en-US/products/firefox/protect-your-privacy/cookies  

Google Chrome: https://support.google.com/chrome/answer/95647?hl=en

Microsoft Edge: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Safari on Mac: https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac

Safari su iPhone, iPad, o iPod touch: https://support.apple.com/en-us/HT201265

Links to other websites

This Site contains links to and content from additional websites, such as the social platforms Facebook, Instagram, LinkedIn . The presence of these links/content may result in the collection of data from and to sites operated by third parties. The Data Controller may not have control over the cookies or other tracking technologies of such websites if they are operated by third parties. For this reason, this Policy does not apply, as the management of information collected by third parties is governed by their respective policies to which please refer.

4. DATA PROCESSING PURPOSES

We process Data through various means, including automated tools. Data are processed in a manner that ensures appropriate security of the Data, including protection against unauthorised or unlawful processing and against accidental loss. The Data Controller has adopted appropriate safety measures set out in law, and taking inspiration from the main international standards, has adopted further safety measures to minimise risks concerning confidentiality, availability and integrity of Data gathered and processed.

5. LEGAL BASIS FOR PROCESSING

For any personal data freely provided by the user through the services offered within the website, the Data Controller is legitimized to process the data as the processing is necessary to carry out pre-contractual measures requested by the user (art. 6, par. 1, lett. b) GDPR), or is legitimized as the user has given consent to a certain activity (art. 6, par. 1, lett. a) del GDPR). Additionally, the Data Controller may process the user’s data where required by a legal obligation to which the Data Controller is subject, such as a request for information about online activities from the competent authorities. More information on the legal basis of the processing activities will be provided within specific privacy policies.

6. OPTIONAL CONSENT TO PROVIDING PERSONAL DATA

Besides what is specified for browsing data, the user is free to provide their own personal data. However, not providing them may result in the impossibility of obtaining what has been requested.It is not mandatory to acquire the user’s consent to use only technical cookies or third-party or analytical cookies assimilated to technical cookies. Their deactivation and/or denial of their operativity will result in the impossibility of proper navigation on the website and/or the impossibility of using the services, pages, features or content available therein. For all other types of cookies (e.g. marketing and profiling), the Data Controller will require specific consent.
Special categories of personal data will not be processed.

7. METHODS OF PROCESSING

Personal data are also processed through automated tools. Specific security measures are implemented to prevent data loss, illicit or incorrect use and unauthorized access. The Data Controller has adopted all appropriate security measures required by law and is following the main international standards, in addition the Data Controller has adopted additional security measures to minimize risks related to confidentiality, availability and integrity of personal data collected and processed.

8. RETENTION PERIOD

Personal data are processed through automated tools for the period of time strictly necessary to achieve the purposes for which they were collected. Data collected for purposes of statistical analysis are anonymized. In all cases, the processing activities comply with the principles of data minimization and retention limitation, and data will be processed for the period of time strictly necessary. More information on the retention time of personal data will be given in the specific privacy policies.

9. SHARING OF USER’S DATA

Data collected through the website will not be divulged.

Your data will be disclosed, for the pursuit and within the limits of the foreseen purposes only, and within the European Union, to the STAPLES project partners, i.e. Politecnico di Milano (scientific-technological university) UNISG – University of Gastronomic Sciences, Collegio Carlo Alberto, Euro – Mediterranean Economists Association,  ERF – Economic research Forum, UIZ – Ibnou Zohr University of Agadir, ASCAME Association of the Mediterranean Chambers of Commerce and Industry, Bradano Soc. Coop. Agroalimentare e Agroindustriale del BRADANO SPA, CEEBA (https://www.staples-project.eu/partners/), for the implementation of institutional activities and the fulfilment of obligations associated with the STAPLES project only

10. TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION

By providing your personal information through the website, You understand that your Personal data will be mainly processed within the European Economic Area (EEA). Any eventual transfer of your personal data to countries outside the EEA shall only take place under an appropriate data protection agreement, pursuant to Chapter V of the GDPR (adequacy decision, standard contractual clauses, etc.) and after an appropriate evaluation of the risks pertaining this typology of processing/transfer, in application to the principles of the GDPR

11.RIGHTS OF THE DATA SUBJECT

In relation to the processing of the aforementioned data, you may exercise the rights referred to in Art. 13 GDPR 679/16 as better expressed in Articles. 15-16-17-18-20-21 and 22 GDPR 679/16 and more specifically, you shall have the right to:

• obtain confirmation as to whether or not personal data concerning you are being processed, even if not yet registered, and request a copy in an intelligible form;
• request access to personal data, in addition to the right to data portability;
• obtain the updating and rectification or, where applicable, to have incomplete data completed;
• object, wholly or partially: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of their collection; b) to the processing of personal data concerning you for the purpose of direct marketing.
• obtain the erasure and transformation into anonymous form or restriction of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed;
• revoke consent at any time without prejudice to the lawfulness of the processing based on consent given before the revocation, in the cases provided for by law;
• lodge a complaint with a supervisory authority;
• obtain certification that the operations referred to in numbers 4 and 6 above, and their content, have been communicated to the persons to whom the data have been disclosed or disseminated, except in the case in which this proves to be impossible or involves the use of means that are manifestly disproportionate to the protected right.

QUESTIONS, COMPLAINTS, SUGGESTIONS, AND EXERCISE OF RIGHTS

Anyone interested in more information, to contribute with their own suggestions, or to make complaints or objections regarding the privacy policies, how personal data are processed, as well as to assert their rights under the data protection regulations, may contact the Data Controller writing to privacy@fondazione.polimi.it or send an email to its Data Protection Officer, fpm-dpo@fondazione.polimi.it

CONTACT FORMS

Pursuant to art 13 of the EU Regulation no. 679/2016 Your personal data (personal data, corporate role, e.mail, address, phone number etc.) shall be processed both on paper and electronically, by Fondazione Politecnico di Milano, with registered office in Piazza Leonardo da Vinci 32 – 20133 Milano, (hereinafter, the Data Controller) as the linked third part of the European project called STAPLE (STable food Access and Prices and Lower Exposure to Shocks)

The legal basis under Article 6(1)(b) GDPR is that the processing is necessary for the performance of a contract at the request of the data subject. You can withdraw your consent at any time, and will no longer be subscribed to our Newsletter. You are free to give us your personal data. If you do not give us your email address, Fondazione Politecnico will be unable to give you the information you have requested.

Your personal data will be processed by persons authorised to process data under Article 29 of the GDPR, by which we mean Fondazione’s employees and/or collaborators. Your personal data can be communicated, and therefore known, to suppliers who act on our behalf to manage Fondazione’s computer system.. Personal data will be mainly processed within the European Economic Area (EEA). Any eventual transfer of your personal data to countries outside the EEA shall only take place under an appropriate data protection agreement, pursuant to Chapter V of the GDPR (adequacy decision, standard contractual clauses, etc.) and after an appropriate evaluation of the risks pertaining this typology of processing/transfer, in application to the principles of the GDPR.

Anyone interested in more information, to contribute with their own suggestions, or to make complaints or objections regarding the privacy policies, how personal data are processed, as well as to assert their rights under the data protection regulations, may contact the Data Controller writing to privacy@fondazione.polimi.it or send an email to its Data Protection Officer, fpm-dpo@fondazione.polimi.it

NEWSLETTER

Pursuant to art 13 of the EU Regulation no. 679/2016 Your personal data (personal data, corporate role, e.mail, address, phone number etc.) shall be processed, by Fondazione Politecnico di Milano, with registered office in Piazza Leonardo da Vinci 32 – 20133 Milano, (hereinafter, the Data Controller) in order for you to subscribe to our service of periodic emails containing material promoting and advertising  the European project called STAPLES (STable food Access and Prices and Lower Exposure to Shocks).

The legal basis under Article 6(1)(a) GDPR is that your free consent can be withdrawn at any moment. You are free to give us your personal data. If you do not give us your email address, Fondazione Politecnico will be unable to put you on the mailing list for STAPLES Newsletter.

Your personal data will be processed by persons authorised to process data under Article 29 of the GDPR, by which we mean Fondazione’s employees and/or collaborators. Your personal data can be communicated, and therefore known, to suppliers who act on our behalf to manage Fondazione’s computer system.

Personal data will be mainly processed within the European Economic Area (EEA). Any eventual transfer of your personal data to countries outside the EEA shall only take place under an appropriate data protection agreement, pursuant to Chapter V of the GDPR (adequacy decision, standard contractual clauses, etc.) and after an appropriate evaluation of the risks pertaining this typology of processing/transfer, in application to the principles of the GDPR

Anyone interested in more information, to contribute with their own suggestions, or to make complaints or objections regarding the privacy policies, how personal data are processed, as well as to assert their rights under the data protection regulations, may contact the Data Controller writing to privacy@fondazione.polimi.it or send an email to its Data Protection Officer, fpm-dpo@fondazione.polimi.it