The Data Controller
Pursuant to art. 13 of the 2016/679 EU Regulation (GDPR), CEIPES – Centro Internazionale per la Promozione dell’Educazione e lo Sviluppo , based in Via G. La Farina 21, 90141 Palermo, tax number 97222420826, is the Data Controller of your personal data .
The data you provide in relation to the existing legal relationship (user / interested party) will be processed in compliance with the aforementioned legislation. Such processing will be carried out in accordance with the principles set forth in art. 5 of the 2016/679 EU Regulation.
- This section contains informationon themodalities of personal data processing as carried out by CEIPES.
- This information is also valid for the purposes of art. 13 of Legislative Decree no. 196/2003, with regard to the protection of personal data, and for the purposes of Article 13of the 2016/679 EU Regulation, concerning the protection of natural persons with regards to the processing of personal data as well as the free circulation of such data, for individuals who interact with CEIPES and can be consulted at thefollowing website: www.ceipes.org
- The information is intended for CEIPES only and does not concern other online websites, pages or services that can be accessed via hyper link.
- The purpose of this document is to provide information on the methods, timing and nature of the information that the datacontrollersmust provide to users when connecting to the CEIPES web pages, regardless of the purposes for visiting the website, according to the Italian and European legislation.
- The information may vary due to the introduction of new regulations on the subject, therefore, we invite theuserto periodically check on this page.
- Pursuant to article 8 (1) of the 2016/679 EU Regulationifthe user is below the age of 16 years, such processing shall be lawful only and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
II – DATA PROCESSING
1 – Data Controller
- The data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means ofpersonal data processing.It also deals with safety profiles.
- The data controller of this website is: CEIPES. For any clarification or exercise ofright please contact the following email address: email@example.com.
2 – Processor
- Theprocessor is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Pursuant to Article 28 of EU Regulation no. 2016/679, the data processor of the CEIPES website, as appointed by the controller,is: MusaKirkar.
- The Data Protection Officer (DPO) named by the Controller (article 37 and following of GDPR) is Mister GabrieleTaviano. Contact:firstname.lastname@example.org
3 – Location
- The processing of data generated by the use of CEIPES takes place at Via G. La Farina, 21 90141 Palermo.
- Dataconnected to the newsletter service can be processed by the processor or other designated subjects at the associated location, where needed.
III – COOKIES
1 – Type of Cookies
- A cookie consists of a limited set of data transferred to the user’s browser from a web server and can only be read by the serveritself.It is not an executable code and does not transmit viruses.
- Cookies do notstoreany personal information and no identifiable data will be kept. Websites allow to prevent the saving of some or all the cookies. This might nonetheless compromise the effectiveness of the navigation and the services offered therein. If you don’t want to change cookies settings, simply continue browsing.
In the list below the different type of cookies used by the CEIPES website:
2 – Technical cookies
- There are many technologiesavailablefor the storage of information on the user’s computer, which are then collected by the websites. Among those, HTML cookies are the most widespread. They are employed to facilitate navigation and website usage to the user. They are necessary for carrying out the transmission of certain information on an electronic communication network, that is, for the provider to provide services requested explicitly by the subscriber.
- Depending on the Internet browser employed, settingsto manage or disable cookies may vary. In any case, the user can manage or disable cookies by changing the browser settings. This might nevertheless slow down the web page or prevent the user from accessing certain sections of the website.
- Technicalcookies allowa safe and effective use of the website.
- Cookies included in the browser and transmitted by Google Analytics or other statistics services are to be considered technical only if used forsearch engine optimization directlyby the owner of the website, which will collect information in aggregate form on the number of users and the modality of their usage of the website. For what may concern the regulation of information and consent of analytics cookies, the same rules provided for technical cookies apply.
- Cookies can be divided, according to the duration,into temporary session cookies and permanent cookies. Session cookies are automatically deleted at the end of the browsing session and they are used to identify the user so to avoid multiple logging every time a page is visited. Permanent cookies remain active on the user’s PC until their expiration or cancellation.
- Session cookies may be installedto allow the user to have access to the private area of the website and navigate as anauthenticated user.
- They are not stored permanently butforthe duration of the navigation only and disappear automatically when the browser is closed. Their use is strictly limited to the transmission of identifiers data consisting of random numbers generated by the server necessary to allow a safe and efficient exploration of the website.
3 – Third-party cookies
- Cookies can also be identified according to their source. Namely, the ones sent to the browser directly by the website being visited and the thirdpartiesones sent to the computer by outer websites.
- Persistent cookies are often third-party cookies.
- The majority of third-party cookies consists of tracking cookiesand are used to identify the user’s behaviouron line, understand personal interests and customize advertising.
- Third-party analytical cookies may be installed. They are sent by the domains of the aforementioned third parties.
- Third-party analytical cookies are used to detect information on the behaviour of the users ontheCEIPES website. The survey takes place anonymously, in order to monitor performance and improve the usability of the website. Third-party profiling cookies are used to create profiles related to the users, in order to provide advertising messages consistent with the choices as expressed by the users themselves.
- The use of these cookies is regulatedas envisaged by the third parties themselves, therefore, users are invited toread the privacy policies and indications on how to manage or disable cookies published on the related web pages.
4 – Profiling cookies
- Profiling cookiescreate profiles related to the user and are used to send advertising messages consistent with the preferences as expressed by the user concerning the navigation.
- When these types of cookies are used,the user must give explicit consent.
- Article 22 of the 2016/679 EU Regulationand Article 122 of the Code on data protection will apply.
IV – PROCESSED DATA
1 – Modality of data processing
- Like all websites, thiswebsite makes use of log files through which information are collected and stored automatically duringnavigation.The information collected could be the following:
- internet protocol (IP) address;
- type of browser andcharacteristics of the device employed;
- name of the Internet service provider (ISP);
- navigation date and time;
- source web page (referral) and exit web page;
- quantity of clicks.
- The aforementioned information is processed inautomated form and collected in aggregated form only,in order to verify the correct functioning of the website, and for security reasons. This information will be processed according to the legitimate interests of the controller.
- For security purposes (anti–spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in compliance with applicable laws, to block any attemptto damage the website itself or other users, orto prevent any harmful activity constituting a crime. Such data are never used for the identification or the profiling of the user, but in order to guarantee the protection of the website and its users, such information will be treated according to the legitimate interests of the owner.
- The content that the user agrees to make public through the services and tools available, are intentionally and deliberately provided by the user, thus relieving this websitefromany responsibility related to any possible violations. It is the user’s duty to ascertain whether he/she is allowed to enter third parties personal data or contents protected by national and international regulations.
2 – Purposes for data processing
- Thedata collected during the website operation are used for the purposes indicated above and listed below:
- management of existing and / or future legal relationships;
- the fulfilment of the corresponding obligations deriving from the aforementioned legalrelationships;
- organizational management of any legal relationshipalready existing or in the process of being finalised;
- absolution of regulatory, accounting and / or tax obligations;
- protection of contractual rights;
- purposes functional to the carrying out of statistical analyses;
- activities of social marketing, fund raising and institutional correspondence via email and paper concerning the services provided.
- The duration of data retentionwill be limited to the achievement of the aforementioned purpose and will not in any case be longer than 10 years.
- Data used for security purposes (prevent the website form hacker’s attacks) are storedfor a period of time coincident withthe achievement of the purpose indicated before.
- Personal data used for project purposes are stored for the duration of the projects itself, including reporttime. Data will be kept in store five years following the date ofdelivery of the final report, in order to get a hold of participants if difficulties emerge after the implementation of the project or if verifications and evaluation by the designated European bodies are necessary.
3 – Data provided by the user
- Asindicated above, the optional, explicit and voluntary correspondence via e-mail with the email addresses indicated on this website entails a subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
- Specific information summary will be progressively reported or displayed in specific sections of the website.
4 – Further information on the type of personal data collected
- Information about the contact persons of the partner organization (Name, Surname, Gender, Department, Position held, Telephone numbers, Email, Legal address, Zip code, City, Country, Region and Fax number)
- Information about any association, group, network or consortium that intends to partner with or become a member of CEIPES (Name of the association, Contact person information, Field of operation, Telephone numbers, Email, Legal address, Zip Code, City, Country, Region and Fax number)
- Information regarding the people involved in the activities envisaged by the projects, such as workshops, training courses, drafting of questionnaires, interviews and any other initiative arranged and managed by the partner organizations and CEIPES. This is done in order to achieve project goals of which the partner organization and CEIPES are part and / or coordinate (Name, Surname, Date of Birth, Gender, Tax Code, Telephone number, Email Address, Address, Number, Zip Code, City, Region and Country, Nationality).
- Information concerning any special needs (yes / no) of the applicant is collected when such information is strictly necessary and mandatory, on pain of the applicant’s own participation to any initiative or project activity.
5 – Users who are allowed the access and the disclosure of data
- Personnel employed within the organizations: dataconcerningparticipants involved in project activities and user data used by administrative departments.
- Staff employed in partner country organizations: data ofin- houseparticipants or incoming participants assigned to their organization.
- Staff working in the National Agencies: data of participants coming from the country ofthe Agency, and data of participants from other countries.
- Staff appointed by the European Commission: all data of the participants.
4 – Support in browser setting.
- Cookies can be also managed through the browser’s settings. Nevertheless, deleting cookies from the browser might change preferences settings.
- For further information and support you can also check the help section of the browser you are using:
- Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
- Firefox: https://support.mozilla.org/en-us/kb/enable-and-disable-cookies-website-preferences
- Safari: http://www.apple.com/legal/privacy/it/
- Chrome: https://support.google.com/accounts/answer/61416?hl=en
- Opera: http://www.opera.com/help/tutorials/security/cookies/
5 – Social Network Plug in
- The collection and use of the information obtained through the Plug in are regulated by the privacy policiespertaining thedifferent social networks, to which reference is made:
- Facebook: https://www.facebook.com/help/cookies
- Twitter: https://support.twitter.com/articles/20170519-uso-dei-cookie-e-di-altre-tecnologie-simili-da-parte-di-twitter
- Google: http: //www.google.com/policies/technologies/cookies
- Pinterest: https://about.pinterest.com/it/privacy-policy
- AddThis: http://www.addthis.com/privacy/privacy-policy
- Linkedin: https://www.linkedin.com/legal/cookie-policy
- Article. 13,par. 2of the 2016/679 EU Regulation lists the user’s rights.
- Therefore the CEIPES websiteintends to inform the user about the existence of:
– the data subject’s right to get access to his/her personal data from the controller(art. 15 EU Regulation), their updating (Article 7, paragraph 3, letter a) of the Legislative Decree 196/2003), the amendment (art. 16 EU regulation ), integration (article 7, paragraph 3, letter a) of the Legislative Decree 196/2003) or the limitation of the processing concerning him/her (art.18 EU Regulation) or to oppose, for legitimate reasons, to their processing (art. 21 EU Regulation), in addition to the right of data portability (art.20 EU Regulation);
– the right to erasure (art. 17 EU Regulation), the transformation into anonymous form or the blocking of personal data unlawfully processed, including those whose retention is not necessary for the purposes for which the data were collected or subsequently processed (Article 7, paragraph 3, letter b) of Legislative Decree 196/2003);
– the right to receive notification that the operations of updating, rectification, integration of data, erasure, blocking of data, transformation have been brought to the attention, also with regard to their content, of each recipient to whom the data were disclosed, save where such fulfilment proves to be impossible or involves a use of resources visibly disproportionate compared to the safeguarded right itself (Article 7, paragraph 3, letter c) of Legislative Decree no. 196/2003);
- Requestscan be sent to the data controller, without formality or, alternatively, using the template envisaged by the Data Protection Officer, or by sending a communication to CEIPES – CentroInternazionale per la Promozione dell’Educazione e lo Sviluppo, based in Via G. La Farina 21, 90141 Palermo, by calling +390917848236 or by sending an email to: email@example.com
- If the data processing is based on art. 6, paragraph 1,lett. a) – consent given to the processing – or on the art. 9, paragraph 2,lett. a) – explicit consent given to the use of genetic data, biometric data, data concerning health, data revealing religious or philosophical beliefs, or trade union membership, or revealing racial or ethnic origin, political opinions, – the user has the right to withdraw consent at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the withdrawal.
- Likewise, in case of violation of the law, the userhas the right to lodge a complaint with theGarante per la Protezione dei Dati Personali, as the authority appointed to the monitoring of the data processing within the Italian State.
- For a more in-depth examination of the rights recognised, see articles 15and ff.of the 2016/679 EU Regulation and art. 7 of Legislative Decree no. 196/2003.
VI – DATA TRANSFER TO NON- EU COUNTRIES
- This website may share some of the data collected with services located outside the European Union area.Specificallywith Google, Facebook and Microsoft (LinkedIn) through social plug ins and the Google Analytics service. The transfer is authorized and strictly regulated by Article 45, paragraph 1 of the 2016/679 EU Regulation, for which no further consent is required. The companies mentioned above guarantee on their membership to the Privacy Shield.
- Data will never be transferred to third countries that do not comply with the conditions set out in Article 45 and ff. of the EU Regulation.
VII. SECURITY OF PROVIDED DATA
- In this website the processing of data is carried out in a lawful and correct manner, through the adoption of the appropriate security measures in order to prevent unauthorized access, disclosure,modification or unauthorized erasure ofdata.The processing is carried out either through IT and / or computerized tools, with organizational methods and logic strictly related to the purposes indicated.
- In some cases, in addition to the controller, other categories of persons involved in theorganization of website (administrative, commercial, marketing, legal, system administrators) or outer subjects (such as suppliers of third party technical services, postal couriers, hosting providers, IT companies, communications agencies) might have access to the data.
VIII. ADJUSTMENTS TO THE PRESENT DOCUMENT
- This document, published at:
- It might be subject to adjustments or updates. In case ofsignificant changes and updates, these will be made available to the users through appropriate notifications.
- Previous versions of the document will still be available on this page.
- The document was updated on 05/24/2018to comply with the current legislation, and specifically in compliance with the 2016/679 EU Regulation.
Data privacy notice for online meetings, conference calls and webinars
Art 13 of GDPR
We use the “Microsoft Teams”, “Google Meet” which is provided via the systems of TIM S.P.A, to conduct conference calls, online meetings, video conferences and/or webinars. „Google Meet“ is a service provided by Google LLC based in the USA. “ Microsoft teams Meeting ” is a service provided by Microsoft Corporation based in the USA.
A processing of personal data also takes place in a non-European third country. We have concluded an order processing contract with the provider that meets the requirements of Art. 28 GDPR.
An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses (Commission Decision 2010/87). The CEIPES “International Center for the Promotion of Education and Development” is thus responsible for data processing directly related to the conduct of online meetings.
Note: If you access the service providers website, the provider is responsible for data processing. However, you only need to access the website in order to download the software.
Which data are processed?
Various types of data are processed when using the service providers. The extent of the data also depends on what data you provide before or during participation in an “online meeting”.
The following personal data are subject to processing:
Information about the user: first name, last name, telephone (optional), email address, password (if “Single-Sign-On” is not used), profile picture (optional), department (optional)
Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialing in by telephone: Information about the incoming and outgoing phone number, country name, start and end time are registered. If necessary, further connection data such as the IP address of the device can be saved.
Text, audio and video data: You may be able to use the chat, question or survey functions in an “online meeting”. To this extent, the text entries you make are processed in order to display and, if necessary, log them in the “online meeting”. In order to enable the display of video and the playback of audio, the data from the microphone of your device and from any video camera of the device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using applications.
In order to participate in an “online meeting”, you must at least provide information about your name in order to enter the “meeting room”.
Scope of processing
We use the service providers to conduct online meetings. If we want to record online meetings, we will inform you transparently in advance and – if necessary – will ask for your consent. The fact of the recording is also displayed in the app.
The records will be used as dissemination materials through the institutional social channel of CEIPES and the consortium which is the beneficiary of the project (Facebook, Twitter, Istagram, Youtube, ecc…). Moreover, the records will be used as evidence for the implementation of the project in the final report phases. In general, what mentioned above will be used for the purpose of institutional activities.
If it is necessary for the purposes of recording the results of an “online meeting”, we will log the chat content. However, this will usually not be the case.
In the case of webinars, we may also process the questions asked by webinar participants for the purpose of recording and follow-up of webinars.
If you are registered as a user at the service providers, reports of online meetings (meeting metadata, data on telephone dial-in, questions and answers in webinars, survey function in webinars) can be stored for up to one month by the service providers.
The possibility of software-based “attention tracking” in “online meeting” tools is deactivated.
The images and pictures recorder during the online meeting, webinars, multiplier events, conference will be not illegally use or damage the image of the interested party.
Legal basis for data processing
For employees of CEIPES, GDPR is the legal basis for data processing. If data should not to be necessary for data processing, but are nevertheless elementary requested in connection by using the service providers, Art. 6 Para. 1 lit. e) GDPR, is the legal basis for data processing, since we need an effective implementation of “online meetings” to fulfill our statutory tasks.
If there is no contractual relationship, the legal basis is Art. 6 Para. 1 lit. e) GDPR. Here, we also need the effective implementation of “online meetings” in order to fulfill our statutory tasks.
Personal data that are processed in the context of attending “online meetings” are generally not passed on to third parties, unless they are not intended to be passed on.
- The provider necessarily receives knowledge of the above mentioned data, as far as this is provided in the context of our order processing contract with the service providers.
- The National Agencies because they need this video recording as evidence of the implementation of the projects.
The data will be kept for a period not longer than necessary for the purpose, in accordance with legal obligations.
Right of Data Subject: Link to the GDPR.
- Art. 15. Right of Access
- Art. 16. Right to Rectification
- Art. 17. Right to erasure (“Right to be forgotten”)
- Art. 18. Right to restriction of processing
- Art. 21. Right to object: You have the right to lodge a complaint to Garante della Privacy.
How to exercise the rights:
You can exercise the overmentioned right sending an email to firstname.lastname@example.org
DPO: Dott. Gabriele Taviano email: email@example.com