INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA

FOR THE PARTECIPANTS IN THE TRAINING ACTIVITIES OF THE INSTITUTE

Under Articles 7 and 13 of Regulation (EU) 2016/679 (“Regulation” from now on), this factsheet describes the personal data processing terms referring to those who participate, in various ways, in the training activities organised by the Istituto Zooprofilattico Sperimentale dell’Abruzzo e del Molise “G. Caporale” (“Istitute” from now on).

1.The identity and the contact details of the data controller.

The data controller is the Institute, in the person of its legal pro-tempore representative, located in Teramo (I), Campo Boario, 64100, segreteria@izs.it, protocollo@pec.izs.it, 08613321.

2. Subject matter of the processing.

The processing concerns the personal data of the participants who take part, in various ways, in the training activities of the Institute. The personal data will be requested or communicated to the Institute exclusively for the reasons set out below.

3. Purpose of the processing and legal basis.

Personal data collected will be processed for the purposes mentioned below:

1. manage the obligations related to the teaching assignment and/or to learners,improve competences, participate in projects and/or agreements, carry out internal and external audits- art. 6, par. 1, lett. b) of the Regulation;

2. fulfill obligations established by law, regulations, European legislation on training such as register data on the “ECM Suite” Training Information System – art. 6, par. 1, lett. b) of the Regulation.

The provision of such data to the Institute by the interested parties is mandatory for the purposes of participation in training events, under penalty of exclusion.

The registration on the in the “ECM Suite” Training Information System involves the collection of personal data that are useful for issuing the ECM certificates and for the reporting procedures required by the National Agency for Regional Health Services (hereinafter “Age.na.s”). Therefore, at the time of registration, the interested party communicates the following mandatory data to the Institute: name, surname, sex, date of birth, place of birth, tax code, residential address, telephone number, email address, job profile, profession, branch of knowledge, security question and related answer. The interested party may also communicate additional data that are entirely optional (for example, the billing address, the VAT number, the recipient code required for electronic invoicing, the certified mail address).

The email address or the telephone number collected during the registration process will be used by the Training and Projects Unit to communicate with the participant during the various phases of the training event (for example, by sending a confirmation email for the admission or for the closing of the event).

On the occasion of such data processing, the Institute may become aware of special categories of personal data (so called “sensitive and criminal data”), which might reveal, for example, the state of health. These data are processed in compliance with the guarantees provided for by the legislation (art. 9 of the Regulation) and according to the general authorisations approved by the Control Authority.

If the Data Controller intends to further process the personal data for a different purpose than the one for which data were collected, before such processing, it shall provide information regarding such different purposes and any other relevant information to the interested party.

4. Transfer and dissemination of data to third parties.

The collected personal data will be subject to transfer and/or dissemination to third parties (for example, other public administrations, national and international institutions, professional orders, Age.na.s) exclusively for the purposes referred to in the point 3.

5. Use of training material, confidentiality and dissemination of pictures and images on the social networks.

The training material collected and/or the the registrations made for training purposes during the event are protected by the legislation on copyright (L. 633/1941). Therefore, it is forbitten to use, disclose or disseminate them, in any form or way.

The confidential information and/or personal data of participants in the event, including pictures and videos, cannot be published, disclosed or disseminated in any way without the required consent of the interested party and cannot be used in any way for different and further purposes than the ones for which they were collected.

6. Processing terms.

Data will be processed according to the principles of accuracy, lawfulness, transparency and protection of confidentiality and of the rights that the legislation recognises to the interested party.

Personal data collected for the above-mentioned purposes will be processed both electronically on digital medium using the specific information systems and manually on analog medium. In any case, the processing is made exclusively by personnel in charge. Such processing involves collection, recording, organisation, structuring, retention, adaptation or modification, extraction, consultation, use, comparison and interconnection, restriction, erasure and destruction.

7. Location of processing.

Data are processed and archived both on paper or on dedicated servers located at the IZSAM headquarters and in any of the field offices of the Institute, even if temporary and belonging to other subjects.

Data can be also processed, on behalf of the Institute, by external professional figures and/or by subjects involved in technical, developmental, managerial and accounting-administrative activities for the above-mentioned purposes. These figures are appointed as data processors.

8. Terms and retention period.

The collected data will be retained on both analog and/or digital media, in accordance with the retention rules about the accounting and administrative documentation.

9. Rights of interested parties.

At any time interested parties have the right to ask the data controller for accessing their personal data, confirming such data exist, being aware of the content, the origin and the processing terms (art.15 of the Regulation), requesting the rectification (art.16 of the Regulation), the erasure (art.17 of the Regulation), the restriction (art. 18 of the Regulation), the notification (art. 19 of the Regulation), the portability (art. 20 of the Regulation), and the right to object to the processing of personal data (art. 21 of the Regulation).

10. Right to lodge a complaint.

The interested parties who consider that their personal data have been processed in breach of what is foreseen by the Regulation and of the Code, have the right to lodge a complaint to the Data Protection Supervisor or to start judicial proceedings. For any further information on the applicable legislation in the field of protection of personal data, please visit the website of the Control Authority (www.garanteprivacy.it).

11. Responsible for data protection or Data Protection Officer (DPO).

For any clarification or information, the interested party can contact the Data Protection Officer of the Institute (dpo@izs.it, dpo@pec.izs.it, +39 0861 3321).