Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679.

This information is provided pursuant to Article 13 of Regulation (EU) 2016/679 (European Regulation for the Protection of Personal Data, hereinafter the “GDPR”), in order to inform all data subjects in relation to the processing of personal data implemented by the Giulio Deangeli ETS Foundation (registered office: Via G. Garibaldi n. 104/A, 35043 – Monselice (PD); tax code: 91033170282) (hereinafter “the Owner”)

2. DATA SUBJECT TO PROCESSING
The Data Controller will process personal identifying data (e.g., first name, last name, date of birth, e-mail), disclosed by the data subject upon participation in the scientific aptitude tournament, mindset measurement test, and mock entrance test.

3. PURPOSE AND LICENESS OF THE PROCESSING
Data of a personal nature provided will be processed in compliance with the conditions of lawfulness ex art. 6 lett. b of the GDPR, in particular for:
– information about other initiatives proposed by the Giulio Deangeli ETS Foundation, the Giulio Deangeli team and this guidance platform;
– fulfilling the obligations provided for by law, a regulation, EU legislation or an order of the Authority;
– exercising the rights of the Owner, for example the right to defense in court.

4. DESTINATORS OR CATEGORIES OF DATA RECIPIENTS
The personal data provided may be processed by any suppliers, appointed as data processors pursuant to Article 28 of the GDPR, as well as by natural persons acting under the authority of the Data Controller and Data Processor, pursuant to Article 29 of the GDPR.

Specifically, data may be disclosed to the following recipient categories:

– subjects that provide services for the management of the Data Controller’s computer system and communication networks;
– firms or companies within the framework of assistance and consulting relationships;
– competent authorities for fulfillment of legal obligations and/or provisions of public bodies, upon request.

Individuals in the above categories act as Data Processors, or operate completely independently as separate Data Controllers.

5. DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION
Data of a personal nature provided by the data subject will not be transferred outside the European Economic Area without the data subject’s express prior consent.

6. METHODS OF PROCESSING
Processing of the data subject’s personal data may take place only by automated means (digital registers, digital forms, applications, and databases, including in the cloud).

7. PERIOD OF DATA STORAGE
The processing will be carried out in automated form, with methods and tools designed to ensure maximum security and confidentiality, by persons specifically appointed for this purpose.
In compliance with the provisions of Article 5 paragraph 1 letter e) of the GDPR, the personal data collected will be stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed.

8. NATURE OF PROVISION AND REFUSAL
The provision of personal data for the purposes set out in Section 3 of this information document is necessary to take part in the above-mentioned activities.

9. RIGHTS OF DATA SUBJECT
Data Subjects may assert their rights recognized by the GDPR by contacting the Data Controller through the address info@gathere.org
Specifically, at any time, the data subject may request:
a) to access their personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable retention period, and the existence of automated decision-making processes;
b) to obtain without delay the rectification of inaccurate personal data concerning him/her;
c) to obtain, in the cases provided for, the deletion of his/her data;
d) to obtain the restriction of processing, when possible
e) to request the portability of the data provided to the Data Controller, i.e. to receive them in a structured, commonly used and machine-readable format, including for the purpose of transmitting such data to another data controller, without any hindrance from the Data Controller, in all cases where this is required by law;
f) to lodge a complaint with the Data Protection Authority.
To exercise these rights, simply send a written request to the Data Controller at the addresses listed in this policy.