Privacy Policy Information - Consorzio Physis

Website Disclosure in accordance with Article 13 of EU Regulation 679/2016

Website

Dear User,

Consorzio Physis S.r.l. S.B. (“The Consortium”), having its registered office in Piazzale Donatello, 4 – 50132 Florence (FI). P.IVA and Fiscal Code 07268410482 (hereinafter also only “Consorzio” or “Owner”) as Data Controller pursuant EU Regulation no. 679/2016, provides below information regarding the processing of personal data related to the use of the following website: https://www.consorziophysis.eu/ (hereinafter also only the “Site”).

This information, therefore, does not concern other sites, pages, online services or Social Networks that can be reached through links contained within the Website but refer to external resources.

Definitions

Personal Data: means any information concerning an identified or identifiable natural person (“Data Subject”); an identifiable person is considered to be any natural person who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Processing activity: means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction.

Data controller: means the natural or legal person, public authority, department or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data.

Data processor: means the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.

1. Data controller

For any questions or requests related to the processing of your personal data, or the exercise of your rights under the EU Regulation no. 679/2016, you may contact the The Consortium at any time by sending a request to the following contacts:

Company Name: Consorzio Physis S.r.l. S.B

Registered office: Piazzale Donatello, 4 – 50132 Florence

Email: info@consorziophysis.eu

2. Purposes and legal basis of the processing

	Purposes of the processing	Legal basis of the processing
a)	Navigation of the Website, to obtain anonymous statistical information on its use as well as to monitor its proper functioning and to identify any malfunctions and/or abuses.	Legitimate interest of the Data Controller pursuant to Art. 6 par. 1 lett. f) of EU Regulation 679/2016.
b)	Handling of your contact request made by e-mail communication or through the contact form.	Execution of pre-contractual measures pursuant to Article 6 par. 1 lett. b) of EU Regulation 679/2016.
c)	Subscription to the newsletter service of the Physis Consortium aimed at promoting initiatives and events organized by the Consortium.	Consent of the processing pursuant to Article 6 par. 1 lett. a) of EU Regulation 679/2016.
d)	To ascertain, exercise or defend a right of the Data Controller.	Legitimate interest of the Data Controller pursuant to Art. 6 par. 1 lett. f) of EU Regulation 679/2016.

Cookies

In relation to cookies, please review the cookie policy available on this website.

3. Nature of conferment

The provision of personal data for the purposes referred to in letter a) is necessary to carry out the navigation of the Internet Site and failure to provide it will result in the inability to navigate the same.

The provision for the purposes referred to in point b) is necessary in order to contact the Data Controller and failure to provide it will result in the impossibility of sending the contact request.

The provision for the purposes of letter c) is optional and failure to provide it does not affect the other purposes of the processing.

In the event that personal data are provided for the purposes under (a), (b) and (c) above, they may also be processed for the purposes under (d).

Please be informed that, should you transmit personal data belonging to third parties, you undertake to inform such parties of the processing of personal data referred to in this Notice and request their consent to the processing of personal data, where necessary.

4. Personal data processed

The personal data processed in reference to browsing the Website are: parameters related to the operating system and computer environment you are using, including IP address, location (Country), computer domain names, URI (Uniform Resource Identifier) addresses of the resources requested on the Site, the time of the requests, the method used to send the requests to the server, the size of the file obtained in response to a request, the numerical code indicating the status of the response given by the server (successful, error, etc.), and so on. This is information is collected by the Site and enables its operativity.

The personal data processed in reference to the “contact” section are: first name, last name, e-mail, company you belong to and any other information you voluntarily send to the Data Controller.

The personal data processed in reference to the “newsletter” section are: first name, last name, e-mail, company to which you belong voluntarily sent to the Data Controller.

The same categories of personal data could be processed, if necessary, to ascertain, exercise or defend a right in or out of court.

5. Data Retention

Personal data related to browsing purposes are deleted immediately after processing, unless it is necessary to proceed with the identification of those responsible in case of hypothetical computer crimes against the Site or third parties.

Personal data related to contacts are processed for the time necessary to handle your request and, in any case, for a maximum period of one year from its receipt, after which they will be deleted.

Personal data processed for newsletter purposes will be processed for 24 months from your consent. At the end of this period, you will be asked to renew your consent. Failing this, your data will be deleted.

If necessary for the protection of a right of the data controller, your personal data will be retained for the duration of the extrajudicial procedure and/or judicial process and for the time necessary to execute any resulting order.

If consent is withdrawn, processing having such a legal basis will be discontinued but your personal data will continue to be retained for the next period imposed by the Regulations in order to demonstrate the lawfulness of the processing based on consent and, therefore, for the next ten years from the revocation.

6. Recipients of personal data

The following categories of subjects may have access to personal data:

Within the organizational structure of the Data Controller, within the limits and according to the modalities of their respective assignments and exclusively if necessary for the pursuit of the purposes indicated above, the subjects identified as Data Processors pursuant to art. 2 quaterdecies D. Lgs. 196/2003 or the persons Authorized to process data pursuant to art. 29 of EU Regulation 679/2016. These persons operate on the basis of specific instructions provided by the Data Controller in order to safely process your personal data;
Subjects identified as Data Processors pursuant to Article 28 of EU Regulation 679/2016 who process personal data on behalf of the Data Controller in relation to specific purposes (e.g. Website support, newsletter service providers). These entities operate on the basis of a specific contract aimed at securely processing your personal data.

You may request a full list of such entities by sending a request to the Data Controller at the contact details indicated in this policy.

If necessary to protect a right or interest of the Data Controller, or if required by a regulatory obligation, your personal data may be transmitted to administrative and judicial authorities, who act as autonomous data controllers.

7. Transfer of personal data to countries outside the EEA.

The Data Controller does not transfer your personal data to countries outside the EEA.

In the event that possibly some of the third parties based or using Clouds services located in states outside the European Union, we inform you that these states offer an adequate level of data protection, as established by specific decisions of the European Commission.

The transfer of personal data to third parties residing or located in States that do not belong to the European Union and that do not ensure adequate levels of protection will be carried out only with the consent of the data subject or after the conclusion between the Consortium and said parties of specific agreements, containing appropriate safeguard clauses and guarantees for the protection of personal data so-called “standard contractual clauses”, also approved by the European Commission, or if the transfer is necessary for the conclusion and execution of the contract between the Company and the data subject or for the management of his or her requests.

8. Rights of the data subject

We inform you that you are entitled to exercise the following rights in relation to the personal data covered by this notice, as provided for and guaranteed by the Regulations:

Right of access and rectification (Articles 15 and 16 of the Regulations): you have the right to access your personal data and to request that it be corrected, amended or supplemented. If you wish, we will provide a copy of your data in our possession.
Right to data deletion (Art. 17 of the Regulations): in the cases provided for in the current legislation, you can request the deletion of your personal data. Upon receiving and analyzing your request, we will cease processing and delete your personal data, where found to be legitimate.
Right to limitation of processing (Art. 18 of the Regulations): you have the right to request the limitation of the processing of your personal data in case of unlawful processing or contestation of the accuracy of your personal data by the data subject.
Right to data portability (Art. 20 of the Regulation): you have the right to request to obtain, from the Data Controller, your personal data in order to transmit them to another Data Controller, in the cases provided for in the above-mentioned article.
Right to object (Art. 21 of the Regulations): you have the right to object at any time to the processing of your personal data carried out on the basis of our legitimate interest, explaining to us the reasons justifying your request; before granting it, the Company will have to assess the reasons for your request.
Right to revoke consent (Art. 7 of the Regulations): you have the right to revoke your consent to the processing at any time, by contacting the Data Controller at the contact details indicated in this notice or by using the appropriate unsubscribe button from the newsletter service. Revocation of consent does not affect the lawfulness of the processing based on the consent before revocation.
Right to lodge a complaint (Art. 77 of the Regulations): you have the right to lodge a complaint before the competent Data Protection Authority if you believe that a violation of your rights has taken place, or is taking place, with regard to the processing of your personal data.

You may exercise your rights at any time by writing to the Data Controller at the contact details indicated in this notice.

9. Organizational and technical security measures pursuant to Article 32 of EU Regulation 679/2016.

The Company adopts appropriate and preventive security measures aimed at safeguarding the confidentiality, integrity, completeness, and availability of the personal data of the data subject. Technical, logistical and organizational arrangements are put in place with the aim of preventing damage, even accidental loss, alteration, improper and unauthorized use of processed data.

10. Changes to this privacy policy

This privacy policy may be subject to changes and additions over time, as necessary due to new regulatory interventions on the protection of personal data, or the evolution/modification of the operations of the Owner.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record user consent for cookies in the "Advertising/Profiling" category.
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record user consent for cookies in the "Analytics" category.
cookielawinfo-checkbox-functional	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record user consent for cookies in the "Functional" category.
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category.
CookieLawInfoConsent	1 year	The cookie is used to store the summary of the consent given for the use of the cookie. It does not store any personal data.
TS01*	session	Wix sets this cookie for security and anti-fraud purposes.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Set by Google Analytics to calculate visitor, session and campaign data and track site usage to prepare site analysis reports. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Set by Google Analytics to record and count page views.

Cookie	Duration	Description
__Secure-ROLLOUT_TOKEN	6 months	Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
wp-wpml_current_language	session	WordPress multilingual plugin sets this cookie to store the current language/language settings.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	Cookie set by Youtube and is used to track views of videos embedded in YouTube pages.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.