(rendered pursuant to Article 13 of the European Regulation No. 679/2016)
The National Council of Architects, Planners, Landscapers and Conservationists (hereinafter CNAPPC) is required to provide certain information on the use of the data subject’s personal data, in accordance with the provisions of art.13 of the European Regulation No. 679/2016 (hereinafter also the “GDPR”).
2. Data Controller
The controller of the personal data referred to in this policy is CNAPPC, based in Rome, via Santa Maria dell’Anima n. 10, postcode 00186, pec/certified email address: firstname.lastname@example.org.
3. Data Protection
Officer CNAPPC has designated the Data Protection Officer (DPO), who can be contacted by e-mail: email@example.com, also for the purpose of exercising the following rights.
4. Subjects authorized for processing
Personal data are processed, both electronically and on paper, by the subjects designated by CNAPPC within their staff, who have been given appropriate instructions on measures, precautions and modus operandi for the concrete protection of personal data.
5. Purposes of processing
The processing of the personal data provided by you is intended solely for performing institutional functions and, therefore, in accordance with art. 6 subsection 1, lett. e) of the GDPR, does not need your consent. In particular, your data will be used in the process of awarding grants under the design for peace project. No activities involving decisions based solely on automated data processing, including profiling, will be carried out.
6. Categories of personal data processed
For the purposes set out above, personal data such as first and last name, nationality, date and place of birth, residence or domicile, qualifications, professional experience, refugee status and e-mail address will be processed. If the selection is successfully passed, further data such as bank details may be requested and processed for the purpose of paying out the grants.
7. Personal data recipients
Only for the purposes set out in subsection 5 (Purposes of processing and constructive notice), the data may be communicated to other public subjects (e.g. Association of Architects, Planners, Landscapers and Conservationists of Rome and its Province, Embassy of Ukraine in Italy and other subjects taking part in the venture) or private citizens (e.g. hosting Firms). Some of these subjects, including providers of IT services that the data controller uses, may, if the conditions are met, receive and process personal data as data processors in accordance with art. 28 of the GDPR. A complete list of data processors may be requested from the data controller in accordance with subsection 10 below (Rights of data subjects). Certain personal data, with the exception of specific data pursuant to Art. 9 of the GDPR may be distributed as part of the activities of publicizing the project as stated in subsection 8 of the Announcement.
8. Transfer of personal data to non-EU countries
Personal data are not transferred outside the European Economic Area.
9. Retention period
The personal data are to be retained for a period no longer than that necessary for pursuing the above-mentioned goals and, in any event, for no longer than one year after the end of the workshop period. To this end, also by means of periodic checks, the close relevance, non-redundancy and essentiality of the data in relation to the current relationship, service or task to be established or terminated, also in relation to the data which you supply on your own initiative, shall be constantly checked. Data which, also as a result of the checks, are found to be in excess or irrelevant or non-essential shall not be used and, where possible, shall be deleted, destroyed or blacked out. The legal requirements for the retention of documents relating to the procedure remain.
10. Rights of data subjects
Unless there are grounds for exclusion depending on the purposes or methods of processing personal data, all Data Subjects are given the opportunity at any time to exercise a number of rights, including:
- accessing the personal data held by the Data Controller, obtaining proof of the purposes for which they are processed, of the categories of data involved, of the recipients to whom they may be communicated, of the applicable retention period and of the existence of automated decision-making processes;
- obtaining the rectification of inaccurate personal data concerning them without delay;
- obtaining the deletion of their personal data, where permitted;
- obtaining a restriction on processing, where permitted;
- objecting, in whole or in part, to the processing of their personal data in the cases provided for;
- lodging a complaint with the Italian Data Protection Authority pursuant to art. 77 of the GDPR. Requests to exercise rights in favour of the data subject may be informally addressed to CNAPPC using one of the e-mail addresses indicated in points 2 and 3 above.
11. Provision of data
The provision of data is optional, but necessary for the purposes indicated above. Failure to provide data will result in it being impossible to award a grant.