1.    Website Privacy Policy

1.1.           Introduction

This Privacy Policy is aimed at illustrating the means and purposes of the processing of personal data carried out by ASM Terni S.p.A. having its registered office in Terni (IT) Via Bruno Capponi 100, in its quality of data controller (hereinafter “ASM” or the “Controller”), through the website https://www.brightproject.eu/ (hereinafter the “Website”).

Please note that this Privacy Policy is applicable to anyone who accesses and visits the Website or otherwise interacts with the web services offered on the Website (the “User”).

Pursuant to article 5 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Processing of the Personal Data carried out by ASM for the development and management of the Website will be based on the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and accountability.

Any term indicated in capital letters shall have the meaning attributed to it within the GDPR, or otherwise provided hereto.

1.2.           Data Controller

The data Controller will be ASM.

1.3.           Which kind of Personal Data are collected

1.3.1.      Traffic and Internet data

The computer systems and software procedures used to operate the Website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes, among others, IP addresses, browser type, operating system, the domain name and website addresses from which the User logs in or out, the information on pages visited by User within the Website, the time of access, time period of User’s staying on a single page, the internal path analysis and other parameters regarding the User’s OS and computer environment.

These technical / IT data are collected and used only in an aggregated and not immediately identifiable manner. They could be used to ascertain responsibilities in case of crimes against the Website, or upon public authorities’ request.

In order to consent the collection of this category of data, the Website uses cookies. Please, read the Cookies Policyof this Website for any further information about them.

1.3.2.      Personal data provided by the User

We may ask you to provide us with Personal Data of your ssuch as first name, last name, address, and  e-mail address, to the extent to use the contact form published on the Website.

1.4.           Why Personal Data are processed and Lawful basis

User’s Personal Data will be processed exclusively for the following purposes, and exclusively in the framework of the research Project’s):

  • fulfill any request made by the User through the contact form available on the Website. This processing is needed to provide the Users with the information they have directly requested, by granting their freely and informed consent, according to Art. 6.1, a) of GDPR;
  • complying with the obligations set forth by applicable laws and regulations and to ascertain responsibilities in case of any computer crimes against the Website. As this processing is mandatory by law, User’s consent is not required according to Art. 6.1, c);
  • additional lawful basis for the processing may be the Regulation (EU) No 1291/2013 of the European Parliament and of the Council of 11 December 2013 establishing Horizon 2020 – the Framework Programme for Research and Innovation (2014-2020) and its annex, according to Art. 6.1, c).

In any case, please be aware that User’s Personal Data will not be used for any automated decision-making including profiling, nor will they be further processed without the previous consent of the User.

1.5.           Cookies

The Website has implemented the use of cookies. For how long Personal Data are kept

The Data Controller only keeps your Personal Data for the time necessary to fulfil the purposes for which the data have been originally collected and/or the purpose of the Project. Therefore the Personal Data collected will be immediately destroyed or made anonymous when no longer needed for that purpose.

1.6.           How Personal Data are secured

Personal Data may be processed through information technology tools either manually or electronically, but always under technical and organizational measures that enable ensuring their security and confidentiality, especially for the purposes of preventing any risk arising from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data. All the processing operations as well as the security measures implemented took into consideration the risk of the processing and of the nature of the Personal Data.

Organisational measures include restricting access to the Personal Data solely to authorised persons or third parties where duly authorized and instructed by the Controller for the purposes of processing operation, and according to the ‘need to know’ principle. Such staff abide by statutory, and when required additional, confidentiality agreements.

1.7.           Who may access Personal Data

The personal data collected by the Controller might be shared with:

  • members of the BRIGHT Consortium only to fulfil User’s requests regarding Project’s activities and objectives;
  • Data Controller’service provider, which is EUROMEDIA S.r.l. using servers hosted in the headquarters of Systematica S.p.A located in via Bramante 43, Terni (IT), and is located within the European Economic Area, exclusively for IT organizational, administrative, or support needs.

The Controller might be required to disclose Users’ information in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process or where it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or as evidence in litigation in which we are involved.

Without prejudice to the above, unless upon specific consent of the data subject or as otherwise required by applicable laws, User’s Personal Data shall not be shared with any other organizations.

In particular, the Controller will not share User’s Personal Data with other countries outside the European Economic Area (hereinafter, the ‘EEA’). In any case, should a transfer of the data outside the EEA become necessary in the future, it will be carried out in accordance with the provisions of the GDPR and the User will be timely informed about this processing.

1.8.           Redirection to other websites

The Website incorporates links which allow the User to connect to other websites run by third parties. The Controller assumes no responsibility regarding the processing of personal data which may take place through and/or in connection with third-parties’ websites.

Therefore, each User who accesses such web pages and/or social media platforms through the Website must carefully read the relevant privacy policies in order to better understand how their personal data will be processed by the third parties which, as autonomous controllers, will provide and manage such websites.

1.9.           Users’ rights and how to exercise them

Pursuant to the GDPR, Users have a number of rights concerning the Personal Data that the Controller hold about them. If Users wish to exercise any of these rights, please use the contact details set out above.

  • The right to be informed. Users have the right to be provided with clear, transparent and easily understandable information about how the Controller use their information and about their rights. This is why the Controller is providing with the information in this Privacy Policy.
  • The right of access. Users have the right to obtain access to their Personal Data subject matter of the data Processing. This will enable Users, for example, to check that the Controller is using Users’ Personal Data in accordance with the relevant data protection law. If Users wish to access the information the Controller holds about them in this way, please get in touch (please see section Contact information here below).
  • The right to rectification. Users are entitled to have their Personal Data corrected if it is inaccurate or incomplete. Users can request that the Controller rectifies any errors in information that the Controller hold by contacting it (please see section Contact information here below).
  • The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables Users to request the deletion or removal of certain of the Personal Data that the Controller hold about Users by contacting the Controller (please see section Contact information here below). Please remember that it is possible that pursuant any applicable law the Controller may not have all Users’ Personal Data erased.
  • The right to restrict processing. Users have rights to ‘block’ or ‘suppress’ certain further use of their Personal Data. When processing is restricted, the Controller can still store Users’ Personal Data, but will not use it further.
  • The right to data portability. Users have the right to obtain their personal information in an accessible and transferrable format so that they can re-use it for their own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch (please see section Contact information here below).
  • The right to lodge a complaint. Users have the right to lodge a complaint about the way the Controller handles or processes User’s Personal Data with the relevant national Data Protection Authority (please find here the list of European Data Protection Authorities https://edpb.europa.eu/about-edpb/board/members_en).
  • The right to withdraw consent. If Users have given their consent to anything the Controller do with their Personal Data (i.e. the Controoler relies on consent as a legal basis for processing your information), Users have the right to withdraw that consent at any time. Users can do this by contacting the Controller (please see section Contact information here below). Withdrawing consent will not however make unlawful our use of User’s information while consent had been apparent.
  • The right to object to processing. Users have the right to object to certain types of processing. Users can for example object to the publication of pictures taken of you within the context of a conference.

Where Users wish to exercise their rights in the context of one or several specific processing operations, please provide their description in the requests.

Users requests will be handled within a maximum of 30 (thirty) working days.

1.10.      Contact information

If Users would like to exercise their rights under GDPR, or if they have comments, questions or concerns, or if they would like to submit a complaint regarding the collection and use of their Personal Data, they might contact the following email address: asm.bright@asmterni.it

1.11.      Changes

Where appropriate, we will notify you of any changes to this privacy policy, for example by email or push notification.

1.12.      Entry into force

The present Privacy Policy entered into force the 29/01/2021, version 1.0

  

2.   Website Cookies Policy

The present cookies policy (hereinafter the “Cookies Policy”) has been provided by ASM Terni S.p.A., having its registered office in Terni (IT), Via Bruno Capponi 100 (hereinafter the “ Controller” or “ASM”) to inform users’ website (hereinafter, the “Website”) on how cookies on the Website are used.

Any term indicated in capital letters shall have the meaning attributed to it within the EU General Data Protection Regulation no. 2016/679 (hereinafter, “GDPR”) or otherwise provided hereto.

For any further information and/or clarifications, it is possible to contact the Controller at the following address: asm.bright@asmterni.it

To this extent, this document shall be considered as an integral part of the privacy policy on the processing of personal data.

2.1.  Definition of cookies

Cookies are short strings of text that the websites on which a user navigates con send to his or her terminal equipment in order to be memorized and subsequently transmitted back to the website upon the user’s subsequent visit to the same website. Cookies facilitate and expedite the loading of a given web page.

Cookies can be “session” or “persistent” cookies. A session cookie is a cookie that is automatically deleted when the user closes the browser, whereas a persistent cookie is a cookie that remains stored in the user’s terminal device until it reaches a pre-determined expiration date.

Furthermore, additional classification of cookies includes:

 

Typology of cookie

Explanation

Depending on the source

 

First party cookies: cookies that a visitor receives from the same website that he/she is visiting.

Third party cookies: cookies that a visitor receives from websites or web servers provided by a third party.

Depending on the purposes

Necessary or technical cookies: these cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Marketing or profiling cookies: these cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

2.2.  Cookies implemented on the Website and how to disable them

The User may, at any time, prevent the setting of cookies through the Website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies.

Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all of the most commonly used Internet browsers. If the Data Subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

Please visit the following link if you need further clarification on how to disable cookies: https://www.aboutcookies.org.