Latest review: 26th July 2019
IMEAS web Platform is compliant with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
1. Data Controller
Data Controller is:
- ENEA “Agenzia nazionale per le nuove tecnologie, l’energia e lo sviluppo economico sostenibile” (Italian National Agency for New Technologies, Energy and Sustainable Economic Development) with its headquarters in Roma (IT), Lungotevere Thaon di Revel, 76 – 00196.
2. Data Protection Officer
If you have any concerns about your information and your rights, please write an email to Data Protection Officer designed by the Joint Controller. Data Protection Officer contacts are listed below:
- ENEA Digital & Law Department; e-mail: email@example.com.
3. Purpose of data processing
The data are collected to ensure the proper functioning of the “IMEAS web Platform” (fruition and share of free contents such as tools, guidelines, documents, etc., share of news, events, etc.; opportunity for networking activities; participation in remote roundtables) and for scientific research purpose. Such activities are related to the achievement of IMEAS Project’s objectives (support territories in developing low-carbon energy strategies, create a network of actors and stakeholders involved in the development of energy strategies and foster integration among different sectors and governance levels).
The purposes of data processing refer to the following IMEAS Project activities concerning implementation, updating and management of information and services available on “IMEAS web Platform”: data processing pertinent to these activities are performed by ENEA and they include data of IMEAS web Platform registered users.
4. Data processing typologies
In order to implement and manage the IMEAS web Platform, the following data categories are processed:
a) Personal data: name and surname, username, contact details (e-mail), Country, information about professional expertise and interests, provided by users during registration at IMEAS web Platform.
b) Further data: contact details (social-media), Institution, professional information (data provided by short bio and/or CV), profile image, provided by the user in the personal Profile Page at IMEAS web Platform.
Data of point a) (mandatory) and of point b) (optional) shall be visible to every registered user on the Platform. Username and/or name and surname of a registered user shall be visible by all Internet users, if he/she uploads contents in the News Section or in the Events Section in the IMEAS web Platform. ENEA processes data referred to point a), b) and c) for all the purposes mentioned above and for institutional scientific research activities within the meaning of Art. 89 GDPR.
Aggregated data, statistics or analysis results could also be used anonymously for scientific dissemination in several forms and for the purposes of the IMEAS Project. In particular, results of this initiative could also be disseminated anonymously at conferences, scientific meetings and publications.
Your personal data will also be processed to perform all the necessary activities for the improvement of the IMEAS web Platform and for promotional and dissemination activities (at scientific events, conferences, media and social media) (including, by way of example, the distribution of questionnaires aimed at verifying the level of satisfaction on the offered services, the newsletters and email, etc.).
5. Personal Data Source and processing refusal consequences
Personal data provision is needed in order to register to IMEAS web Platform and to access its services. The missed data provision determines the inability to access to IMEAS web Platform and to take advantage of related services.
6. Personal Data Recipients
Data Controllers may send your Personal Data to personnel that is authorized to data processing activities, nominated Data Processors, whose contact is made available by Data Controllers upon request by Data Subjects.
Data processed for above-mentioned purposes will not be transferred to third parties, except to eventual communication obligations of Public Security Authority and Judicial Police, in modalities and cases provided for in the law. Authorized personnel process them in order to pursue their activities.
7. Transfers of personal data to third countries
A transfer of personal data to a third country or an international organisation may take place where the European Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection pursuant to Art.45 GDPR.
Personal Data will not be transferred to third parties for illicit purposes, and anyway without informing data subjects and obtaining their permission. It does not affect the eventual data communication due to obligations by Public Security Authority and Judicial Police.
In the absence of a decision pursuant to Art.45 GDPR, a controller or processor may transfer personal data to a third country or an international organisation only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. In the absence of an adequacy decision pursuant to Art.45 GDPR, or of appropriate safeguards pursuant to Art.46 GDPR, including binding corporate rules, a transfer or a set of transfers of personal data to a third country or an international organisation shall take place only on one of the conditions mentioned by Art.49 GDPR takes place.
8. Right of the Data Subject
The Personal Data of Data Subjects are processed through automated procedures and through manual means, provided however that in any event such Personal Data are processed adopting methods which are strictly related to the purposes for which such data have been collected and anyway to ensure their security, in accordance with the GDPR and the Data Protection Laws.
Data will be stored up to 12 months after the end of operation of IMEAS web Platform, for purposes of results analysis of the initiative, and then deleted or made anonymous.
9. Right of the Data Subject
EU Regulation (Art.15-22 GDPR) establishes the exercise of the right of Data Subject, including to request to the Data Controller:
- confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data (right of access);
- the rectification of inaccurate personal data concerning him or her, or to have incomplete personal data completed, including by means of providing a supplementary statement (right to rectification);
- the erasure of personal data concerning him or her where one of the conditions as provided for in Regulation applies (right to erasure);
- restriction of processing where one of the conditions as provided for in Regulation applies (right to restriction);
- to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (right to data portability);
- to object at any time to processing of personal data for the purpose of the legitimate interests pursued by the controller, where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (right to object).
- to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
The processed data will not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
In order to exercise him or her rights, the subject can send an e-mail to firstname.lastname@example.org or can send a written communication to Data Controller via Registered mail with return receipt or via Certified mail, to the following addresses:
- ENEA: with its headquarters in Roma, Lungotevere Thaon di Revel, 76 – 00196; Certified email: email@example.com.
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority pursuant to Art.77 GDPR, if the data subject considers that the processing of personal data relating to him or her infringes the EU Regulation.
 ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
 ‘processing for scientific purpose’ means every processing made for study purposes and for systematic examination aimed at developing scientific knowledge in a specific sector. In general, technological development, fundamental research, applied research and privately funded research.