INFORMATION FOR THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF EU REGULATION NO. 679 OF 27 APRIL 2016

This information is issued pursuant to art. 13 of EU Regulation no. 679 of 27 April 2016 (or GDPR), relating to the protection of individuals with regard to the processing of personal data and in compliance with the legislation on the processing of personal data, as well as the free movement of such data.

Data controller
MOST - National Center for Sustainable Mobility Foundation, based in Milan, in Piazza Leonardo da Vinci n. 32 and with operational headquarters in Milan, at Via Durando n. 39 Contact point: segreteria@centronazionalemost.it

Data Protection Officer
Contact point: privacy@centronazionalemost.it

Purpose of the processing, legal basis and data retention period
Personal data will be used for the following purposes:

1. Fulfillment of contractual obligations inherent to MOST's institutional activities;
2. Fulfillment of regulatory obligations;
3. Promotion and dissemination initiatives on sustainable mobility issues.

The legal basis of the processing is to be found:

- in the art. 6, paragraph 1, lett. a) of the GDPR, or in the consent of the interested party;
- in the art. 6, paragraph 1, lett. b) of the GDPR, or in the execution of a contract;
- in the art. 6, paragraph 1, lett. c) of the GDPR, or in the legal obligation of the Data Controller;
- in the art. 6, paragraph 1, lett. e) of the GDPR, or in the execution of a task in the public interest;
- In the art. 6, paragraph 1, lett. f) of the GDPR, or in the legitimate interest.

The personal data being processed will be kept for the period of duration indicated in the various 2nd level information, in accordance with the conservation obligations established by law or regulation.

see also: second level information

Type of data being processed
The Data Controller processes the data of the interested parties according to the principle of minimization, or to the extent that a treatment is necessary for the execution of the intended purposes or if it is required by legal obligations.

Processing methods
Personal data may be processed both on paper and digitally, manually and/or with electronic or, in any case, automated means.
Data processing takes place in compliance with the security measures identified pursuant to art. 32 of the GDPR, reducing the risks of accidental or illegal destruction, loss, modification, unauthorized disclosure or access, or treatment that does not comply with the purposes of the collection.
Also, the data will be processed exclusively by duly authorized and trained personnel.

Categories of recipients
In relation to the purposes indicated, the data may be communicated to public and/or private subjects, or they may be communicated to companies and/or persons who provide services, including external ones, on behalf of the Data Controller. In particular, the data collected can be transmitted to suppliers of services necessary for the performance of the purposes listed, formally appointed by MOST as Data Processors pursuant to art. 28 of the GDPR. Also, the data will be transferred to the Ministry of University and Research (or MUR) for reporting purposes related to PNRR obligations.
Personal data may also be communicated to public administrations, even anonymously, if they have to process the same for any proceedings within their institutional competence as well as to all those public entities to which, in the presence of the relative conditions, the communication is obligatorily envisaged by provisions of the European legal system, laws or regulations, as well as insurance bodies for any accident practices.
The data processed can be communicated to:

- consultants and accountants or other lawyers who provide functional services for the purposes indicated above;
- subjects who process the data in execution of specific legal obligations of regulation or internal and/or community legislation, within the limits set by these rules;
 - judicial or administrative authorities, for the fulfillment of legal obligations;
- subjects who operate as external Managers (pursuant to articles 4.8 and 28 of the GDPR) explicitly appointed by MOST, for purposes auxiliary to the activities and services provided.

Transfer to a non-EU country or international organizations
Personal data will be processed by the Data Controller within the territory of the European Union.
If for technical and/or operational reasons it is necessary to use subjects located outside the European Union, or if it is necessary to transfer some of the data collected to technical systems and services managed in the cloud and located outside the of the European Union, the treatment will be regulated in accordance with the provisions of Chapter V of the EU Regulation and authorized on the basis of specific decisions of the European Union.
All necessary precautions will therefore be taken in order to guarantee the most complete protection of personal data, basing the transfer:
a) on the adequacy decisions of the recipient third countries expressed by the European Commission;
b) on adequate guarantees expressed by the recipient third party pursuant to art. 46 of the EU Regulation;
c) on the adoption of binding corporate rules, the so-called Corporate binding rules.

Rights of the interested parties
The interested party has the rights referred to in art. 15 GDPR and precisely the following rights of:
- obtain confirmation of the existence or otherwise of one's Personal Data from the Owner, even if not yet registered;
- get the indication:
a) the origin of the Personal Data;
b) the purposes and methods of processing;
c) of the logic applied in case of treatment carried out with the aid of electronic instruments;
d) of the identification details of the Data Controller, of the managers and of the other persons in charge.
- get:
a) updating, rectification or integration of data;
b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which they were collected;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those who have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves a manifestly disproportionate use of means;
- oppose, in whole or in part and for legitimate reasons, the processing of your Personal Data even if pertinent to the purpose of the collection.

The interested party also has the rights pursuant to articles 16-21 of the GDPR, namely the right to rectification, the right to be forgotten, the right to limitation of treatment, the right to data portability as well as the right to complain to the Guarantor Authority for the protection of Personal Data.
The interested party may, at any time, exercise their rights by sending a request to the Data Controller via the following contact point: privacy@centronazionalemost.it 

Informativa Acquisti

Informativa Organi Collegiali

Informativa Eventi

MOST
Sitemap
Headquarter
  • Via Durando 39
  • 20158 Milan (MI)
  • (+39) 02 91773004
  • segreteria@centronazionalemost.it
  • C.F. 97924630151
Follow us

on our pages

Social

© Copyright 2023 Most - All Rights Reserved

AI Website Generator