This policy describes how owsd.net (also reachable at owsd.ictp.it) is managed with regard to the processing of personal data of visitors who use it and who interact with the web services offered by ORGANIZATION FOR WOMEN IN SCIENCE FOR THE DEVELOPING WORLD – OWSD -, with registered office in ICTP Campus, 34151 Trieste, Italy.
This policy is a disclosure provided pursuant to Section 13 of the Italian Legislative Decree no. 196 of 30 June 2003, (Code for the protection of personal data; for brevity referred to hereafter as the "Code"). It only applies to this website and does not concern other websites that may be accessed by the user via links.
The information provided is also based on the guidelines in the Recommendation No. 2/2001, which was adopted on 17 May 2001 by the European data protection authorities within the Working group set up under Article 29 of European Directive 95/46/EC in order to establish minimum requirements for the collection of personal data online, and, in particular, the manner, timing and the nature of the information to be provided by data controllers to users when they visit the web pages regardless of the purpose.
What is meant by "personal data"?
Personal Data is every piece of information related to a natural or legal person, body or association, identified or identifiable, also indirectly, through reference to any other information (such as a number or an ID code.)
Particularly important are:
- “identification data”: personal data which allow direct identification of a person (e.g. the first and the last name, email address, Tax ID as well as an image, the recording of one’s voice or one’s fingerprint, or medical, accounting or financial information of that person);
- “sensitive data”: personal data requiring special precautions on account of its nature; sensitive data are any data which may reveal a person’s racial origin or ethnicity, religious or other beliefs, political opinions, membership of parties, trade unions and/or associations, state of health or sex life;
- “judicial data”: personal data which can reveal certain judicial measures which required inclusion in the person’s criminal record (for example, final criminal convictions; paroling; residency and/or movement restrictions; and alternatives to detention). The fact of being a defendant and/or the subject of criminal investigations falls within the scope of this definition as well.
With the evolution of the new technologies, other personal information have taken on a significant role, such as those relating to electronic communications (via the Internet or telephone) and those which enable the geo-location, by providing information about frequented and travelled to places.
For more information on personal data, users can visit: http://www.garanteprivacy.it.
What does “processing” mean and who are the subjects involved?
Processing (personal data) is an operation or set of operations concerning the personal data.
The code definition is wide-ranging as it includes collection, recording, organization, storage, modification, selection, extraction, usage, blockage, communication, dissemination, cancelation and destruction of data. Each of these operations is a form of data processing.
The individual, the company, the association or any other entity that is actually in control of the processing of personal data is the “data controller”. It is empowered to take the essential decisions on the purposes and mechanisms of such processing including the applicable security measures (Section 4, par 1, let. f), of the Code.
If the personal data is processed by a company or a public administrative body, it is the entity as a whole that acts as the data controller rather than the individual or department/unit that manages or represents such entity (e.g. Chairman, CEO, auditor, Minister, General Director, etc.). The cases where an individual is the data controller mostly concern processing operations performed by self-employed professionals or single-person corporations.
The data controller may entrust with specific data processing management and control tasks of an individual, company, association or organization, even outsider, designated as “data processor” on account of the relevant experience and/or skills. (Section 4, par. 1, let. g), of the Code.
An employee or a co-worker that processes or actually uses personal data on behalf of the Data Controller's organization in accordance with the instructions given by the Data Controller and/or the Data Processor (if the latter has been appointed) is a “persons in charge of the processing” (Section 4, par. 1, let. h), of the Code.
“Data subject” is the individual to which the personal data relates.
Who processes the personal data of the users of this website?
Visiting this site may result into the processing of data concerning identified or identifiable persons.
The data controller is ORGANIZATION FOR WOMEN IN SCIENCE FOR THE DEVELOPING WORLD – OWSD -, with registered office in ICTP Campus, 34151 Trieste, Italy.
The processing operations related to the web-based services that are made available through this website are carried out exclusively by OWSD personnel and by interfase srl, via Belpoggio 6/a, 34123 Trieste (website development and maintenance) as data processors.
Where are the personal data processed?
The processing operations related to the web-based services that are made available via this website are carried out at OWSD offices, ICTP Campus, 34151 Trieste, Italy.
When necessary from time to time, data can be processed by the staff of interfase srl, the company responsible for the website maintenance and development and designated as data processor in accordance with the Code, at the headquarters of this company in via Belpoggio 6/a, 34123 Trieste.
Which categories of personal data are processed?
The electronic systems and software, set to run this website, collect some personal data implicit with the use of internet communication protocols.
Although the collected information is not associated to identified users, by its own nature it may allow user’s identification if processed and associated with third-party data.
This category of data includes: IP addresses or domain names of computers that access the website, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method for submitting the request to the server, the answer’s file size, the numerical code showing the status of the response supplied by the server (ok, error, etc.) and other parameters relative to operative system and user’s computer environment.
These data are used only for anonymous statistical analyses about this website and to check the site’s correct functioning, and once processed they are immediately deleted. In case of crimes against the site, collected data could be used to investigate for responsibilities: in all other cases, data on web contacts are not stored permanently, unless users request so.
Data supplied by users on a voluntary basis
Specific and synthetic information will be progressively reported or displayed on the website sections dedicated to on-line services.
On the website the sensitive or judicial data will not be processed without the data subject’s consent. Where the data subject’s name indicates his nationality, this information will not be regarded as sensitive because it is not allowing the disclosure of racial or ethnic origin in the real sense.
The user acknowledges that any indication of personal data and contact details to any third party other than by the data subject is a processing of personal data in respect of which he acts as independent data controller, assuming all obligations and responsibilities under the Code. In this sense, the user warrants that the owner of any given third parties that will be so designated by the user (and which will consequently be processed as if the third party had provided in his informed consent to the processing) has been acquired by the user itself in full compliance with the Code. The user gives about the wider indemnification with respect to any dispute, claim or request for compensation from the processing that should be received by the data controller from any third party concerned because of the provision of data indicated by the user in violation of the rules on the protection applicable data.
Users can provide their data on the basis of a freely chosen, explicit and voluntary option for the following purposes:
TO REGISTER OR TO AUTHENTICATE:
To access the website’s restricted back-office, users are prompted to register or log in using email, username and password, which allow their identification.
In case users want their accounts and their information to be deleted, they can send a request to email@example.com or contact OWSD at the contacts published on the website.
Once logged in, users can apply for OWSD membership through the online application form reachable in the personal restricted area.
TO APPLY FOR OWSD MEMBERSHIP
Registered and logged-in users can apply for becoming an OWSD Member accessing the dedicated online form. The application requires several personal data to be entered.
The application is available in the user’s personal page accessible after login, where the following information is presented and explained:
- Which information is mandatory in order to apply
- Which information is published on the profile
- Which information is visible to other logged-in members
- Which information is only accessible by OWSD staff and used for administrative matters
- How the user can access, change or delete the information inserted, directly on the website or contacting OWSD
If the user wants to apply for membership she can follow these steps:
- Register in the website
- Click on APPLY FOR MEMBERSHIP at the top of his personal page after login
- Click on SAVE inside the application form at any time and come back later to continue the application. The inserted information is stored in the website database.
- Click on the button “View your Member Profile” in her personal page to have a preview of the public member profile that will be online after approval.
- SUBMIT the application.
The application is not evaluated until submission has been confirmed. Once the application is evaluated, an email is sent to the user’s email address. The user who do not have heard from OWSD after 20 days can contact firstname.lastname@example.org
From the moment the membership is confirmed, the new member can share information with the global OWSD Community using her online profile. The profile appears in the list of OWSD Members on the website. The information from the membership application is organized in the profile as follows:
All website visitors can view the following information: Name, Surname, Nationality, Field of Specialization, Country of residence, Picture (if uploaded). If the member is awarded an OWSD Fellowship, this is also displayed on the public profile.
OWSD Members can view the following additional information on other members’ profile: Academic Background, City of residence, OWSD National Chapter, other Institutions the member is affiliated to, and the info regarding the member’s Current research, Professional Activities, Presentations given, Workshops and Conferences attended, and Awards. If the member is awarded an OWSD Fellowship or an OWSD Award, she will be able to insert some information about it to share with the community of OWSD Members, only after OWSD staff has recognize it and activated the associated section on the member’s profile.
Some data are compulsory in order to save the application form. If not all the required information is inserted, the form cannot be saved and the inserted data are lost.
All the other information can only be viewed and used by OWSD staff and are not published or communicated to third parties. Most important, the contact information (email, postal address, phone, fax, skype), Date and Country of birth, Gender, Personal title, and Home Institute information are not public.
After the application is submitted, the user cannot change the information sent. From the moment the application is approved, the user can edit the information again and update her Member profile. The above underlined information in the Member profile is essential to identify you as an OWSD Member and cannot be edited via the website after the membership has been approved. However, if the member wishes to change this information can contact email@example.com
The information inserted in the form is used by OWSD to:
- Evaluate the application and approve or reject the request
- Create a personal member profile published on the website. The personal page of the registered user explains which data is publicly displayed, which data is visible only to other logged-in members, which data is used only by OWSD offices for administrative purposes.
- Contact the member for any communications related to the OWSD objectives as stated in the OWSD Statute.
- Send newsletters to the email addresses of the member who has consented.
The information inserted is stored in the website database and copied to a FileMaker database accessible only upon authorization. The FileMaker database is the main database of OWSD, it is located in a Demilitarized Zone (DMZ) at ICTP, Trieste.
The user must give the authorization to the use of the inserted data in order to save and submit the form.
TO SEND COMMUNICATIONS OR TO CONTACT OWSD:
Sending e-mails to the addresses specified at owsd.net/contact requires the acquisition of senders’ address in order to give feedback on their requests, and implies also the acquisition of other personal data included in the message.
Similarly, phone calls made or faxes sent to the numbers on the site at owsd.net/contact involve the acquisition of the data reported by the caller or the sender.
Users are recommended not to provide sensitive data of theirs or of third parties, in particular those related to health, without having previously given their consent in the manner prescribed by law.
TO SEND CV:
Users can send their curriculum vitae:
- To nominate themselves as candidates for working in OWSD.
- To make their membership application and member profile more complete thus enhancing their possibility to find opportunity worldwide through the OWSD networking actions.
The curriculum must indicate the data needed to evaluate the candidate's profile.
OWSD reserves the right to delete a curriculum containing illegal and inappropriate expressions, and if it contravenes the principles of honesty and good faith.
The data will be used for the selection of personnel and for creating job and collaboration opportunities with scientific institutions worldwide.
The data will be archived by OWSD, users can, at any time, access their data to update, amend, complete, correct or delete their data by accessing their profile online or contacting OWSD at firstname.lastname@example.org
Sensitive data will not be treated in the absence of consent.
TO APPLY FOR FELLOWSHIP:
TO SHARE WITH SOCIAL NETWORKS:
Buttons / social widgets to Facebook
Facebook Like Button and its variants are services operated by Facebook Inc., a company that conforms to the Safe Harbor Framework between the USA and EU, ensuring that the data were in line with European safety standards. With its "click", the user can interact with the social network via this site, but in this mode Facebook will acquire data related to the visit to the site.
Please note that Facebook does not share any information in his possession with OWSD and whoever processed the data in the USA.
For more information: https://en-gb.facebook.com/privacy/explanation
For more information: https://developers.google.com/+/web/buttons-policy
Twitter social buttons / widgets (Twitter)
Twitter is a company that respects the "Safe Harbor" in force between the United States and the European Union, ensuring that the data were in line with European safety standards, it runs a service that allows the user to interact with the social network via this site, but thus it acquires data relating to the visit to the site. Twitter does not share any information in its possession with OWSD and processes data in the USA.
For more information: https://twitter.com/privacy?lang=en
LinkedIn’s mission is to connect the world’s professionals to allow them to be more productive and successful. The registered users (“Linkedin Members”) share their professional identities, engage with their network, exchange knowledge and professional insights, post and view relevant content, and find business and career opportunities. Content on some of the services offered by Linkedin is also visible to unregistered viewers (“Linkedin Visitors”).
For more information: https://www.linkedin.com/legal/privacy-policy
For which purposes may the be processed?
In addition to the specific purposes listed above and the detailed information that the user will find in the relevant sections of the website or will otherwise receive, the purpose of treatment pursued in general can be summarized as follows: analytics data and session data will be gathered for technical as well as statistical purposes.
Providing the requested data is obligatory or voluntary?
Subject to the specifications made with regard to navigation data and technical cookies, the users are always free to provide personal data when requested. However, if they refuse to provide certain data, in some cases, this will make it impossible to fulfill requests such as: receive the requested information from OWSD; display Members’ personal profile page on owsd.net; access restricted areas of the website; apply for OWSD membership; receive OWSD newsletters; be contacted for an award; apply for fellowship.
How are personal data processed?
The collected personal data will be processed via digital databases remotely accessible via authenticated connection, paper and fax, and will be shared with individuals involved in the business organization of this website or external third parties (technical service suppliers, hosting providers, etc.). The data will be handled through instruments and with modalities that ensure data privacy and security, in accordance with the provisions of the Code. In fact, personal data are kept and controlled, also in consideration of technological innovations, of their nature and the specific features of the processing, in such a way as to minimize, by the means of suitable preventative security measures, the risk of their destruction or loss, whether by accident or not, of unauthorized access to the data or of processing operations that are either unlawful or inconsistent with the purposes for which the data have been collected.
How long is the period of retention of personal data?
The users’ personal data are kept for the time strictly necessary to achieve the purposes for which they were collected and, in any case, until the data subject objects the processing.
Is the data subject’s consent necessary?
Pursuant to Section 24 of the Code, consent shall not be required if the processing:
a) is necessary to comply with an obligation imposed by a law, regulations or Community legislation;
b) is necessary for the performance of obligations resulting from a contract to which the data subject is a party, or in order to comply with specific requests made by the data subject prior to entering into a contract;
c) regarding the data taken from public registers, lists, documents or records that are publicly available, without prejudice to the limitations and modalities laid down by laws, regulations and Community legislation with regard to their disclosure and publicity;
d) regarding the data related to economic activities that are processed in compliance with the legislation in force as applying to business and industrial secrecy;
e) is necessary to protect life or bodily integrity of a third party. If this purpose concerns the data subject and the latter cannot give his/her consent because (s)he is physically unable to do so, legally incapable or unable to distinguish right and wrong, the consent shall be given by the entity legally representing the data subject, or by a next of kin, a family member, a person cohabiting with the data subject or, failing these, the manager of the institution where the data subject is hosted. Section 82(2) shall apply;
f) with the exclusion of data disclosure, is necessary for carrying out the investigations by defense counsel referred to in Act no. 397 of 07.12.2000, or else to establish or defend a legal claim, provided that the data are processed exclusively for the said purposes and for no longer than it is necessary to be there, in complying with the legislation in force concerning business and industrial secrecy;
g) with the exclusion of data disclosure, is necessary to pursue a legitimate interest of either the data controller or a third party recipient in the cases specified by the Garante on the basis of the principles set out by the law, unless said interest is overridden by the data subject’s rights and fundamental freedoms, dignity or legitimate interests, [Amended by Section 6(2)a, item 3. of decree no. 70 dated 13 May 2011 as converted, with amendments, into Act no. 106 dated 12 July 2011]
h) with exclusion of external communication and dissemination, it is carried out by non-profit associations, bodies or organizations, recognized or not, with regard either to entities having regular contacts with them or to members in order to achieve specific, lawful purposes as set out in the relevant memorandums, articles of association or collective agreements, whereby the mechanisms of utilization are laid down expressly in a resolution that is notified to the data subjects with the information notice provided for by Section 13,
i) is necessary exclusively for scientific and statistical purposes in compliance with the respective codes of professional practice referred to in Annex A), or else exclusively for historical purposes in connection either with private archives that have been declared to be of considerable historical interest pursuant to Section 6(2) of legislative decree no. 499 of 29 October 1999, adopting the consolidated statute on cultural and environmental heritage, or with other private archives pursuant to the provisions made in the relevant codes;
i-bis) concerns information contained in the CVs as per Section 13(5-bis); [Added by Section 6(2)a, item 3. of decree no. 70 dated 13 May 2011 as converted, with amendments, into Act no. 106 dated 12 July 2011]
i-ter) exclusion of dissemination is subject to Section 130 hereof, concerns communication of data between companies, bodies and/or associations with parent, subsidiary and/or related companies pursuant to Section 2359 of the Civil Code, or between the former and jointly controlled companies, or between consortiums, corporate networks and/or corporate joint ventures and the respective members, for the administrative and accounting purposes specified in Section 34(1-ter) hereof, providing such purposes are expressly referred to in a decision that shall be disclosed to data subjects jointly with the information notice referred to in Section 13 hereof. [Added by Section 6(2)a, item 3. of decree no. 70 dated 13 May 2011 as converted, with amendments, into Act no. 106 dated 12 July 2011].
Apart from these cases, the consent to the processing of data is necessary and freely stated by giving active consent (usually a box to flag is present) “I have read and agree to the processing of my personal data”. In its absence it will not be possible to respond to the request.
Are personal data subject to communication or dissemination?
Apart from communications made to comply with legal obligations or by order of authority, personal data are subject to communication:
- to other scientific institutions abroad for networking in accordance with the statute and objectives of OWSD
- to administrative partners in Trieste
- via the website (online members profile)
Personal data will be brought to the attention of the processing officers appointed by the controller data and third parties (such as companies providing computer support and ensuring the proper functioning of the site), and committed to achieve the purposes described above. In any case, the processing by third parties shall be fairly done and in compliance with the laws in force.
Are the personal datatransferred abroad?
Considered the international nature of the activity of OWSD, personal data may be transferred worldwide to other scientific Institutions and Organizations.
What are the rights that the users have as a data subject?
Pursuant to Sections 7, 8, 9 and 10 of the Code, the visitor, as a data subject, shall have the right to obtain confirmation whether his personal data exist or not, regardless if they are already recorded, and to have communication about such data in an intelligible form. He shall have the right to be informed; a) of the source of the personal data; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification data concerning data controller, data processors and the representative designated as per Section 5; e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know the said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing. He will have also the right to obtain; a) updating, rectification or, where interested therein, integration of the data; b) deleting, anonymization or blocking of data that have been processed unlawfully, including data whose retention isn’t necessary for the purposes for which they have been collected or subsequently processed; c) confirmation that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected. A data subject shall have the right to object, in whole or in part, a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
The rights referred to in Section 7 may be exercised by making a request to the data controller or processor without formalities through e-mail: email@example.com
Hopefully we have clarified things for the users. If more information is needed, users can contact the data controller through e-mail: firstname.lastname@example.org
LAST UPDATED: 07-07-15