User privacy of the site https://orbis-project.eu/
EU Regulation 679/2016 (“GDPR”)
COPERNICANI (hereinafter “Copernicani” or the “Controller”) is committed to the protection of the Personal Data entrusted to it. Therefore, their management and their security are guaranteed with the utmost care, in accordance with the requirements of the privacy legislation pursuant to EU Regulation 679/2016 (GDPR)
This disclosure illustrates who we are, for what purposes we may use your data, how we manage them, to whom they may be disclosed where they may be transferred and what your data are.
COPERNICANI is an independent, cross-party advocacy group engaged on promoting innovation with registered office at Piazza Repubblica, 1 – 20121 Milan (Italy), Tax Code no. 97803240155.
COPERNICANI has been entrusted by the European Union to realize the “Orbis Project”, funded from the European Union’s Horizon Europe Framework Programme under Grant Agreement No. 101094765.
Orbis Project aims to augment participation, co-creation, trust and transparency in deliberative democracy at all scales, also through the website https://orbis-project.eu/ (hereinafter the “Site”)
The Site allows its users (hereinafter “Users” or individually “User“) to view and receive news from Orbis Project and European Union institutions, to register to seminars, workshop, events organized under the Orbis project (the “Event”), to participate to on-line polls and interviews, and, more in general, it helps to promote the activity of the European Union’s Institutions and the culture of democracy with the aim to augment participation, co-creation, trust and transparency in administrative and decision-making process at all level.
Should the User directly provide third parties, including members of any mailing list, attendees to conference or seminars, other User of the Site or any other third party in general, with information of a personal nature, Copernicani will not be responsible for this further and independent processing.
Copernicani will acquire through the Site personal data relating the Users and will process them in compliance with the law on personal data processing, with particular reference to the GDPR and Legislative Decree 196/2003 and further amendments
Who will process my data?
Your data will be processed, as Data Controller, by:
Piazza Repubblica, 1
20121 Milan (Italy)
Tax Code no. 97803240155.
The list of external processor for the processing of personal data is available on request to the Controller, at the contact details above.
How your personal data is collected
Copernicani collects your personal data from the following sources:
- from you, typically when you:
- visit the Site, including when you search, register or use our newsletter services, our social networks or our online payment/ticketing portals or sign-up for an Event.
- complete our surveys and feedback forms;
- communicate with us by post, email, online chat, social media, telephone or another format;
- complete forms in relation to attending or participating in an Event, including buying or registering for tickets online;
- attend and participate in an Event;
- interact with us when you sign up to a mailing list, or you message us via email, sms, chat or social network.
- from third parties such as:
- ticketing agencies who sell tickets or process ticket orders on our behalf;
- a third party who may purchase tickets on your behalf or register your details with us;
- our website, webinar, ticketing and sign-up platform providers;
- our payment provider who will confirm details of your payment;
- publicly available sources when researching and creating biographies of speakers and key attendees.
What categories of personal data are collected?
We collect the following categories of personal data:
Identification, background and contact details
- general information such as your name, title, gender and date of birth;
- your image, audio and likeness (as captured in social network photo you may make publicly available)
- your contact details including address, email address, online chat or social media account details and phone number;
- your qualifications, professional experience and institution or employer (where you provide us such information for example in an Event);
Online and transactional
- details of your IP address, browser type and operating system when you visit our Site;
- events that you have attended in the past or for which you are registered to attend in the future;
- payment details and your financial transactions in relation to Events if any payment if foreseen;
- records of communications sent to you by Copernicani or received from you;
The basis for processing your data, how we use that data and with whom we share it
We will process your personal data either in ways you have consented to, or because it is otherwise necessary for a lawful purpose pr for providing services by Copernicani or related to other legal grounds under GDPR.
We set these out as follows: Copernicani, for example in relation to a specific service provided by Copernicani to you, (legal basis art. 6.1 letter b GDPR)
In this respect we use your personal data for the following purposes:
- to deliver the services you have requested;
- to correspond with you about such services, including sending you pre and post-service information.
As part of this process, we will expect to share your personal data with:
- our agents, contractors and service providers (including providers of accommodation, catering, IT, webinar and other support services) where applicable and where it is necessary for them to receive the information;
- our bank to whom payment details are provided in order to process a payment;
- co-organisers or partners who are involved in the delivery of an Event;
Other legitimate interests (legal basis art. 6.1 letter f GDPR)
Your personal data will also be processed because it is necessary for Copernicani’s legitimate interests or the legitimate interests of a third party. This will always be weighed against your rights, interests and expectations. Examples of where we process data for purposes that fall under legitimate interests include:
- creating biographies of attendees or a delegate or speaker list and distributing the biography/list to speakers and attendees (except in circumstances where it is appropriate to gain your consent);
- sharing your information with sponsors of an event (except in circumstances where it is appropriate to gain your consent);
- filming, photographing or otherwise recording Events and publishing such content on our website, social media accounts and other formats where it would not be necessary, appropriate or practicable to obtain your specific consent (for example, we may seek specific consent for prominent or impactful uses);
- analysing and improving the use of our Site;
- analysing who is attending our Events, including so that we can monitor the success of our outreach programs and understand trends in participation;
- processing feedback to improve the quality of our Events.
Upon explicit consent (legal basis art. 6.1 letter a GDPR)
Your personal data may be used for marketing and promoting the image of Copernicani and their services as well as the image and activity and services of the European union and its organizations and institutions.
This can be done only upon express consent release by the User upon appropriate check of the dedicated box for consent.
The communication with the User can be performed by post, telephone, social media and electronic mail (but without prejudice to your rights under the legislation that regulates the sending of marketing communications by electronic means).
Where applicable, consent will always be specific and informed on your part, and the consequences of consenting or not, or of withdrawing consent, will be made clear.
Legal obligations (legal basis art. 6.1 letter c GDPR)
Your personal data will be processed for compliance with Copernicani’s legal obligations. For example:
- for the detection and prevention of crime and to assist the police and other competent authorities with investigations;
- to comply with tax legislation, safeguarding duties and subject access requests of others.
We may share your personal data with:
- our agents and contractors where they require your personal data to perform the services outlined above; and
- direct mail agencies who assist Copernicani in the administration of marketing communications.
List of external processors treating your data under 4.8 and 28 GDPR is available upon request to be submitted to the Controller at the contact details above.
Special categories of personal data
Copernicani does not process and does not request to you types of personal data that the law considers to fall into a special category (such as race, religion, health, sexual life, political preferences or criminal record).
However, if in any case we receive from you data that may be considered as data included in categories as per art. 9 and 10 of GDPR, the treatment of such data will be done under the following circumstances:
- where you have provided your explicit consent. Examples might include where you have provided information on your political preferences;
- where such processing is necessary for the establishment, exercise or defence of legal claims (including sharing with Copernicani’s insurers and legal advisers) or the prevention or detection of crime.
International transfers of data
Copernicani will in limited circumstances disclose personal data to third parties, or allow personal data to be stored or handled, in countries outside the European Economic Area. For example, we will transfer data to IT and ticketing/sign-up platform providers based overseas (such as EventBrite) and share information with international coorganisers of an Event.
In these circumstances, your personal data will only be transferred where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law, such as:
- an approved certification mechanism;
- where Copernicani has entered into contractual clauses approved by the European Commission that provide appropriate safeguards; or
- there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).
In any case, no data under art. 9 and 10 GDPR will be transferred outside the European Union
We don’t use personal characteristics such as age, role, your expressed interests, your previous interactions with Copernicani or geographical location to target our communications, and advertising and promotions.
However we may use your personal characteristics (such as those contained within your Facebook profile) to assist us in identifying and targeting new audiences for our scopes and services.
Your rights under the Data Protection Legislation
The GDPR confer a series of rights to the Data Subject that according to the Guidelines on Transparency WP 260 it is mandatory to summarise their main contents within the disclosure paper. These rights are summarised below:
Right of access (to personal data only): the right to obtain confirmation from the Data Processor that personal data is being processed concerning the Data Subject and, in this case, to obtain access to personal data and to be informed about the purposes of the processing; on the categories of personal data in question; on the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are in other countries or belong to international organisations; whenever possible, on the retention period of the personal data provided or, if this is not possible, on the criteria used to determine such period; if the data has not been collected from the Data Subject, the right to receive every information available on its origin; the right to receive information on the existence of an automated decision-making process, including profiling and significant information on the logic employed, as well as the importance and expected consequences of such processing for the Data Subject.
Right of rectification and integration: The Data Subject has the right to obtain the correction of any inaccurate personal data without undue delay from the Data Processor. Taking into account the purposes of the processing, the Data Subject has the right to obtain the integration of incomplete personal data, also by providing an additional declaration. The Data Processor shall inform each of the recipients to whom the personal data have been transmitted of any corrections, unless this proves impossible or involves a disproportionate effort. The Data Processor shall inform the Data Subject about those recipients upon request of the latter.
Right to cancel: the Data Subject has the right to obtain from the Data Processor the cancellation of their personal data without unjustified delay (and where the specific reasons pursuant to Article 17, Paragraph 3 of the GDPR do not exist, on the contrary they relieve the Data Processor from the obligation of cancellation) if personal data is no longer necessary with respect to the purposes for which they were collected or otherwise processed; or if the Data Subject revokes the consent and there is no other legal basis for the processing; or if the Data Subject opposes the processing for marketing or profiling purposes, also by revoking its consent; if the personal data has been processed unlawfully or concerns information collected from minors, in violation of Article 8 of the GDPR. The Data Processor communicates to each of the recipients to whom the personal data has been transmitted, any cancellations, unless this proves impossible or involves a disproportionate effort. The Data Processor shall inform the Data Subject about those recipients upon request of the latter.
Right to limitation of processing: the Data Subject has the right to obtain the limitation of the processing from the Data Processor (i.e., according to the definition of “processing limitation” provided by Article 4 of the GDPR: “the marking of personal data stored with the objective to limit processing in the future”) when one of the following hypotheses occurs: the Data Subject disputes the accuracy of personal data for the period necessary for the Data Processor to verify the accuracy of such personal data; the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited; although the Data Processor no longer needs it for processing purposes, personal data is necessary for the Data Subject to ascertain, exercise or defend a right in court; the interested party opposed marketing processing, pending verification of the possible prevalence of the legitimate reasons of the Data Processor with respect to those of the Data Subject. If processing is limited, such personal data shall be processed, except for storage, only with the Data Subject’s consent or for the assessment, exercise or defence of a right in court or to protect the rights of another natural or legal person or for reasons of significant public interest the party who has obtained the limitation of processing is informed by the Data Processor before such limitation is revoked. The Data Processor shall inform each of the recipients to whom the personal data have been transmitted of any limitations, unless this proves impossible or involves a disproportionate effort. The Data Processor shall inform the Data Subject about those recipients upon request of the latter.
The right to oppose: the Data Subject has the right at any time to oppose, for reasons related to their particular situation, to the processing of their personal data concerning carried out by the Data Processor or for the performance of a task of public interest or connected to the exercise of public powers vested in the Data Processor or carried out for the pursuit of the legitimate interests of the Data Processor including by third parties (including profiling). Furthermore, if personal data is processed for direct marketing or commercial profiling purposes, they have the right at any time to oppose the processing of personal data for such purposes.
Right not to be subjected to automated decisions, including profiling: the Data Subject has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning the same or which significantly affects their person, except in cases where the automated decision is necessary for the conclusion or execution of a contract between the Data Subject and a Data Processor; is required by law, in compliance with measures and precautions; or is based on the explicit consent of the person concerned.
For any purpose, the link to the Articles from 15 to 23 of the Rules on the rights of the Data Subject.