This document aims to inform you about the lawfulness and purposes of the processing of the personal data you provide. Processing operations will be carried out in full compliance with the principles of fairness and transparency, as well as the protection of your privacy and your rights.
Therefore, in accordance with the provisions of European Regulation 2016/679 (hereinafter the “Regulation”) and Legislative Decree no. 196 of 30 June 2003, as amended by Legislative Decree no. 101 of 10 August 2018 (hereinafter the “Privacy Code”), we provide you with the following clear and detailed information regarding the processing of personal data, pursuant to Article 13 of the Regulation.
1. Data Controller
The Data Controller is the public body Regione Lombardia, with registered office at Piazza Città di Lombardia 1 – 20124 Milan, Italy.
2. Purposes and legal basis of the processing
| Purposes | Legal basis | Categories of personal data |
| Your personal data are processed within the scope of the procedure for which the declaration is made, in particular for: 1. Promoting and developing the research and innovation ecosystem of Regione Lombardia, fostering connections between the business sector and the research sector, in order to ensure territorial growth and employment levels, as well as the dissemination of technological know-how; 2. Sending notifications, news, and newsletters to inform participants about new content and initiatives of specific interest. |
For purpose 1: The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller (Art. 6(1)(e) of the GDPR), as well as pursuant to Art. 2-ter of the Italian Privacy Code; With reference to optional common personal data, the legal basis is also the data subject’s consent pursuant to Art. 6(1)(a) of the GDPR. For purpose 2: Processing is based on the data subject’s consent pursuant to Art. 6 (1)(a) GDPR. |
Common personal data: First name, Last name, Tax identification code, Short presentation, Professional presentation, Tags and areas of interest
|
3. Fully automated decision-making, including profiling
Your personal data will not be subject to any fully automated decision-making process, including profiling.
4. Obligation to provide personal data and consequences of refusal
Providing your personal data is necessary. Therefore, any refusal to provide them, in whole or in part, may make it impossible for the Data Controller to properly fulfill its obligations, including performing tasks carried out in the public interest or exercising official authority vested in it.
For optional personal data only:
Providing personal data is optional; however, failure to provide them may make it impossible to carry out the related processing activities. You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
5. Disclosure and communication of personal data to third parties
Recipients of your personal data have been adequately instructed to process your personal data and ensure the same level of security guaranteed by the Data Controller.
Your personal data will not be publicly disclosed.
The Data Controller has appointed the following data processors:
- Finlombarda S.p.A.: for user profile validation activities, mediation between users aimed at supporting the launch of project collaborations, and ensuring connections with external networks linked to the platform (e.g., Simpler, EEN, etc.);
- ARIA S.p.A.: for the management and maintenance of IT systems and related infrastructure;
- IBM Italia S.p.A.: for help desk services and system support for users.
6. Transfers of personal data outside the European Economic Area
Your personal data will not be transferred outside the European Economic Area (EEA).
7. Data retention period
Your personal data will be retained for no longer than 3 years from the date the user deletes their registration.
8. Rights of the data subject
You may exercise, at any time where applicable, the rights provided for in Articles 15 to 22 of EU Regulation 679/2016 by submitting a request to the Data Controller.
However, please note that under certain legislative measures introduced by national law, the Data Controller may limit the scope of obligations and rights, as specified in Article 23 of the Regulation and Article 2-undecies of the Privacy Code.
The following rights are recognized:
- Right of access (Art. 15)
- Right to rectification a (Art. 16)
- Right to erasure (Art. 17) (only for optional data)
- Right to data portability (Art. 20) (only for optional data)
- Right to restriction of processing (Art. 18)
- Right to object (Artt. 21 and 22)
9. Complaint to the supervisory authority
If you believe that the processing of your personal data violates applicable legislation, you have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it), pursuant to Article 77 of the Regulation, or to take legal action pursuant to Article 79 of the Regulation.
10. Data Protection Officer (DPO)
The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the following email address: rpd@regione.lombardia.it.
11. Amendments
The Data Controller reserves the right to update this privacy notice, including in view of future changes to personal data protection legislation.
Last update:
9 January 2024