PRIVACY POLICY (v. 01/2020)

In accordance with article 13 of the EU Regulation N. 2016/679 (hereinafter “GDPR”), the European Association of Environmental and Resource Economists – EAERE (hereinafter, “Controller”), as data controller, informs that all personal and sensitive data will be processed – in electronic and/or in paper format – as described below.

PURPOSE OF THE DATA PROCESSING, LEGAL BASIS AND STORAGE PERIOD

All personal data – including data allowing to elicit the state of health, allergological characteristics and others – will be processed for the following purposes:

  1. Fulfilment of administrative, accounting, tax and legal processes;
  2. Management of employees and collaborators;
  3. Association management and related obligations;
  4. Management of events and conferences – for members and non-members, management of winter and summer schools;
  5. Management of refunds, awards and scholarships;
  6. Management of newsletters, magazines and journals;
  7. Management of photos and/or videos in the social media and other media;
  8. Management of website and email communications.

The data processing is completely managed by the Joint Controller Fondazione Centro Euro-Mediterraneo sui Cambiamenti Climatici (CMCC)in its offices located in Venice (Porta dell’Innovazione Building, Via della Libertà 12). CMCC provides the secretarial and management services for the above listed purposes. The data processing is based on the principles of correctness, lawfulness, and transparency, on the protection of confidentiality, and on the right to personal identity and to data protection. The Joint Controller, Data Processors and authorized personnel are entrusted with the data processing. It takes place using electronic and paper tools, and according to the law in place. Moreover, all the security measures needed to guarantee the data confidentiality are implemented, also in order to avoid undue accesses.

The following table lists the categories of personal data, the data retention period, and the legal basis for each of the purposes above identified:

Processing purpose Legal basis Categories of personal data Data retention
Purpose 1 Legal obligation ·       Identification data

·       Personal data

·       Tax and bank data

Until the end of the membership relationship and, subsequently, for the purpose of historical archive.
Purpose2 Contract, Legal obligation ·       Identification data

·       Personal data

·       Tax and bank data

·       Work data

·       School data

Until the end of the membership relationship and, subsequently, for the purpose of historical archive.
Purpose3 Contract ·       Identification data

·       Personal data

 

Until the end of the membership relationship and, subsequently, for the purpose of historical archive.
Purpose4 Contract ·       Identification data

·       Personal data

·       Tax and bank data

·       Health data

·       Work data

·       School data

Until the end of the membership relationship and, subsequently, for the purpose of historical archive. Health data will be used exclusively for the organization of events.
Purpose5 Contract ·       Identification data

·       Personal data

·       Tax and bank data

Until the end of the membership relationship and, subsequently, for the purpose of historical archive.
Purpose6 Consent ·       Identification data

·       Personal data

Until the end of the membership relationship and / or until the request for cancellation by the user.
Purpose7 Legitimate interest (for photos and/or videos of speakers and the audience), Consent (for photos and/or videos of individual participants) ·       Photo

·       Video

Until the end of the membership relationship and, subsequently, for the purpose of historical archive.
Purpose8 Consent ·       Identification data

·       Personal data

·       Work data

·       School data

As a historical archive. Any attachments will be deleted after 10 years.

The Controller, in its capacity as an international scientific association, doesn’t use the requested data for commercial purposes: data are used exclusively to provide membership services and to manage related events and, subsequently, as a historical and statistical archive.

All health data collected within Purpose 4 are requested exclusively to provide a secure service during events – for example, for events providing a catering service. These data will not be used for any other purposes and will be kept only for historical archives.

Regarding Purpose 7, the Data Controller informs that the legal basis of the Legitimate Interest is used when photos and/or videos of speakers or the audience are taken, in compliance with article 2 of the Association’s Statutes. In case of photos and/or videos of individual participants, the consent of the interested party is required before publishing them.

RECIPIENTS’ CATEGORIES

In relation to the abovementioned Purposes, data may be communicated to the following entities and/or categories of entities indicated below, or to companies and/or persons – in EU countries and in Extra-EU countries- providing services on behalf of the Data Controller. These include:

  • Fondazione Centro Euro-Mediterraneo sui Cambiamenti Climatici – CMCC (Joint Controller);
  • Companies and entities that manage Events, Conferences and Congresses;
  • Accounting management consultants;
  • Labour consultancy firms;
  • Hardware and software companies;
  • Publishing houses for the distribution of journals – both electronically and/or on paper.

TRANSFER OF DATA TO AN EXTRA-EU THIRD COUNTRY

Sensitive personal data may be transferred to extra-EU countries in case of events organized in countries outside the European Union. The Association uses cloud systems provided by third parties (Google GSuite) for managing its activities. In this case the Data Controller, if necessary, will have the right to move the location of the servers to Italy and/or to European Union countries and/or to extra-EU countries. In the latter case, the Data Controller ensures that the extra-EU data transfer will take place in accordance with the applicable legal provisions, stipulating whereas needed agreements that guarantee an adequate level of protection and adopting the contractual standard clauses provided by the European Commission.

RIGHTS OF THE DATA SUBJECT

The interested party can exercise the rights with reference to the personal data provided according to the EU Regulation as indicated below:

  • right of access [article 15 of the EU Regulation] (the right of being informed on how his/her personal data are processed and, in case, receiving a copy of each process);
  • right of rectification of the personal data [article 16 of the EU Regulation] (the right to rectify inaccurate personal data);
  • right of erasure of personal data without undue delay (“right to be forgotten”) [article 17 of the EU Regulation] (the interested party has the right that his/her personal data be deleted);
  • right of restriction of personal data processing, including the case of illegal processing or contestation of the accuracy of personal data by the interested party [article 18 of the EU Regulation];
  • right to data portability [article 20 of the EU Regulation] (the interested party may request his/her personal data in a given format in order to transmit it to another Controller, in the cases provided for by the same article)
  • right to object [article 21 of the EU Regulation] (the interested party has the right to object against the processing of his/her personal data);
  • right of not to be subjected to automated decision-making processes [article 22 of the EU Regulation] (the interested party has the right of not to be subjected to a decision based on automated processes).

Further information about the interested party’s rights can be obtained by asking the Controller a full extract of the abovementioned articles. The rights listed above can be exercised according to the provisions of the Regulations by sending an e-mail to: eaere@eaere.org. The Data Controller, in accordance with article 19 of the EU Regulation and whereas possible, will inform the interested party about whom the personal data have been communicated to, and about any requested corrections, erasures or limitations .If the data processing has the explicit consent as its legal basis, the interested party has the right to proceed with the revocation of the consent at any time by sending an e-mail to eaere@eaere.org. Pursuant to article 7 of the EU Regulation, the revocation of the consent does not affect the lawfulness of the processing based on the consent made before the revocation has taken place. If the interested party considers that his/her rights have been harmed, he/she has the right to send a complaint to the Personal Data Protection Authority as indicated at www.garanteprivacy.it.

MANDATORY SUBMISSION OF PERSONAL DATA

If the data processing purposes have a legal or contractual (or even pre-contractual) obligation as legal basis, the interested party must necessarily provide the requested data. Otherwise it will be impossible for the Data Controller to fulfil the processing specific purposes.

PROCESSING METHODS

Personal data will be processed in paper, computerized and telematic format, and will be entered in our databases (members, users, etc.). Databases can be accessed by the employees or Data Processor expressly designated by the Data Controller for the purpose of personal data processing. They may consult, use, process, compare and any make other operation – including automated operations – in compliance with the provisions of the law that are necessary to guarantee the confidentiality and security of the data as well as the accuracy, the updating and the relevance of the data in accordance to the stated purposes.

BROWSING DATA OF THE WEBSITE

The computer systems and software procedures used to operate this website collect several personal data during normal use, which are implicitly transmitted through Internet communication protocols. Due to its very nature, this information may allow to identify users through the processing of and association with data held by third parties. This category of data includes: IP addresses or domain names of computers utilized by users who are connected to the site, URI – Uniform Resource Identifier – addresses ​​of the resources requested, time of request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters related to the operating system and the computer or device of the user.

This information is only required for obtaining anonymous statistics regarding use of the website and for verifying if the website is functioning properly. The information could be used to ascertain responsibility in the event that any IT crimes are committed against the website.

COOKIES POLICY

Following are the types and categories of cookies used by the website, how and why they will be used by the Data Controller, as well as instructions for refusing, deleting or changing the cookies settings in the eaere.org website and all sub-domains associated with it. You express your  consent towards  the use of cookies by continuing to browse through this website, by clicking on any of the internal links on the pages, or by closing the cookies banner, which contains information on cookies, as required by the so-called Cookie Law, namely the Provision of the Data Protection Authority (n. 229 dated  May 8th, 2014).

What are Cookies?

In computer technology, cookies are lines of text used to perform automatic authentications, track sessions, and store specific information about users who access the server, for example favourite websites or, in the event of purchases through internet, the content of their “shopping carts.” [from Wikipedia] Cookies allow for preferences you provide when browsing a website to be saved, prevent you from having to always enter the same information multiple times, and analyse the use of services and content provided by the website, in order to optimize your browsing experience  and the services offered.

How to erase cookies

Cookies are managed directly through the browser of the device you are using for your browsing activity. Following are links to pages that are useful for managing cookies in browsers that are the most popular, both in mobile devices, as well as computers: Chrome, Firefox, Internet ExplorerOperaSafariAndroidBlackberrySafari (mobile), Windows Phone.

Types of cookies used on this website.

Technical Cookies

These cookies are used to carry out the browsing process or provide a service requested by the user. They are not used for any other purpose and are normally installed directly by the data controller of the website. Without the use of these cookies, some procedures may not be able to be completed or would be more complex and/or less secure, such as home banking activities (viewing your bank account, performing money transfers, paying bills, etc.), for which cookies are essential, since they allow to identify the user and maintain the user’s identification within the session. (Source: Data Protection Authority)

Profiling Cookies

These are cookies used to track the user’s browsing activity on the web and create profiles regarding personal tastes, habits, choices, etc. Through these cookies, advertising messages can be sent to the user’s terminal, which are in line with the preferences already expressed by the same user through online browsing. (Source: Data Protection Authority).

The Controller website does not use its own profiling cookies. The user information collected through cookies are handled and processed anonymously by the Controller, which collects aggregate information on the number of users and how they visit the site for the sole purpose of optimizing the content proposed.

Third Party Cookies

When a user visits the website, cookies might be saved that are not controlled by the Data Controller but that refer to third parties. This information is completely handled and controlled by these third parties as described in their own cookies policy. As for this website, there are two types of cookies that refer to third parties and, therefore, fall under the direct and exclusive responsibility of the third party controller. Analytical cookies are cookies used to collect and analyse statistical information on access/visits to the website. Instead, Widgets are all those graphical components of the user interface of a program, which have the purpose of facilitating user interaction with the program itself (such as Facebook and Twitter cookies). Users who do not wish to receive third party cookies on their devices must proceed through the informational documents and the consent forms set forth by said third parties.

The following are links that involve the website:

Facebookhttps://www.facebook.com/help/cookies/?ref=sitefooter
Google (Analytics): https://tools.google.com/dlpage/gaoptout?hl=it
Twitterhttps://twitter.com/settings/security
LinkedIn: https://www.linkedin.com/legal/cookie-policy
Instagram: https://help.instagram.com/1896641480634370?ref=ig
YouTube: https://policies.google.com/technologies/types?hl=it

CHANGES AND UPDATES

European Association of Environmental and Resource Economists may also make changes and / or additions to the above information as a consequence of any subsequent and regulatory changes and / or additions.

THE ASSOCIATION DOESN’T USE ANY AUTOMATED DECISION-MAKING PROCESS.