This is to inform you that Fondazione 1563 per l’Arte e la Cultura della Compagnia di San Paolo (hereinafter also referred to concisely as Fondazione 1563) and Fondazione Museo Nazionale dell’Ebraismo Italiano e della Shoah (hereinafter also referred to concisely as Fondazione MEIS) will process your personal data in accordance with EU Regulation 679/2016.

Fondazione 1563 and Fondazione MEIS have signed a Joint Controllership Agreement pursuant to article 26 of EU Regulation 679/2016, jointly determining the purposes and means of processing of personal data in relation to the project called “REMEMBR-HOUSE: An educational KIT to raise awareness on the Holocaust and promote knowledge of civil rights and EU values” (hereinafter also the Project) in compliance with the obligations and responsibilities referred to in EU Regulation 679/2016, Legislative Decree 196/2003 as amended and supplemented, and current legislation relevant to the sector.

  • The Data Controller is Fondazione 1563 per l’Arte e la Cultura della Compagnia di San Paolo in the person of its pro tempore legal representative Piero Gastaldo, with registered office at Corso Vittorio Emanuele II, 75, Tax Code 97520600012 – contact email: privacy@fondazione1563.it.
  • The Data Controller is Fondazione Museo Nazionale dell’Ebraismo Italiano e della Shoah (hereinafter also referred to concisely as Fondazione MEIS) Tax Code 93072970382 and VAT No. 01938920384 with registered office in Ferrara, at Via Piangipane, 79-83, in the person of its pro tempore legal representative – contact email: privacy@meisweb.it

Fondazione 1563 and Fondazione MEIS act as independent Data Controllers for the following

  • Processing purposes: the data are processed in the context of everyday activities: institutional obligations, cultural production/archiving for historical and scientific research purposes, pre-contractual measures, implementation of legal obligations, contractual, administrative, accounting, banking, insurance obligations.

Fondazione 1563 and Fondazione MEIS act as Joint Data Controllers for the following

  • Processing purposes: as regards the Project, for contractual obligations including the publication of data in aggregate form on the EU portal and delivery to the relevant EU agency of the copy of the attendance registers, management, accounting, administrative, reporting and insurance obligations.
  • By virtue of the Joint Controllership Agreement pursuant to article 26 of EU Regulation 679/2016 signed between Fondazione 1563 and Fondazione MEIS, the processing of your personal data carried out for the Project is one of the primary purposes.

Communication of your personal data is a necessary requirement for the Data Controllers and/or Joint Data Controllers to fulfil their pre-contractual, contractual and/or legal obligations, particularly as regards requests to register for the event and take part in the Project in general. You are therefore required to provide your personal data as your request is processed in your interest and to fulfil your express wishes. In terms of further purposes, subject to you signing the relevant consent and the consent being issued correctly, your personal data may be processed for audio/video recording and/or photo shooting of your image for use/publication of the photos in competitions, publications, social media, websites, brochures, films and videos made during the course of Project events. Without consent to the data processing, the respective consent form will be considered invalid even if signed.

  • Legal basis for processing: pre-contractual measures/contractual obligations, legitimate interest of the Data Controller, fulfilment of legal obligations, consent.
  • Data processing methods: the data will be processed using manual, computerised and telecommunication tools for reasons strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.
  • The data collected fall into the following data category:

Personal data:any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, with an identifier, such as a name, an identification number, location data, an online identifier or one or more characteristic elements of their physical, physiological, genetic, mental, economic, cultural or social identity;

The personal data collected may fall within

Particular data categories”: personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or relate to genetic data, biometric data intended to uniquely identify a natural person, data relating to a person’s health, sex life or sexual orientation.

  • Categories of subjects to whom the data may be communicated

In the interest of Fondazione 1563:

Fondazione Compagnia di San Paolo (Joint Controllership Agreement pursuant to article 26 , EU Regulation 679/2016 in accordance with governance principles regarding Internal Audit activities)

Prisma – Progetti, Innovazione, Soluzioni e Management S.c.a.r.l. (External data processing company operating under a service provision agreement)

Suppliers, professionals, including those working in associated form (e.g. to fulfil legal/judicial, tax-related or accounting obligations), if necessary appointed as external data processors.

Public Administration.

Under the Joint

//

Controllership Agreement:

Prisma – Progetti, Innovazione, Soluzioni e Management S.c.a.r.l. (External data processing company operating under a service provision agreement)

Alicubi Srl (external data processor in respect of the Project website creation assignment) Relevant EU Agency for the Project

Designated Persons

pursuant to article 2(14) of Legislative Decree 196/2003,
as amended by Legislative Decree 101/2018. 101/2018

Authorised Persons pursuant to article 29 GDPR

  • Data retention period: the data will be retained until the purposes for which they were collected have been achieved, for ten years as allowed by current tax, civil, anti-money laundering laws, or until the validity of the contractual obligations referred to in the Project and the related statute of limitations/forfeiture terms have expired, without prejudice to the legitimate interest of the Data Controller, legal obligations.

Personal data may be retained for longer periods provided that they are processed exclusively for storage purposes in the public interest, for historical or scientific research or for statistical purposes, in accordance with Article 89(1), without prejudice to the implementation of technical and organisational measures required by EU Regulation 679/2016 and current sector legislation protecting the rights and freedoms of the data subject (“storage limitation”).

  • Data transfer

The data are stored on the servers of the respective Data Controller, or at third-party companies appointed as external data processors, processing the data on behalf of the individual Data Controller, whose servers are located within the European economic area. In the event of transfer outside the EU, the standard contractual clauses will be signed as required by Decision 2021/914/EU, the provisions of the Italian Data Protection Authority (Garante per la protezione dei dati personali) and article 46 of EU Regulation 679/2016.

  • Rights of the data subject: You can contact the Data Controller at the above email address to exercise your rights, as provided for by EU Regulation 679/2016 and Legislative Decree 196/2003, as amended and supplemented, and therefore: request access to personal data, rectify or delete data, restrict or object to data processing. You can also exercise the right to data portability or the right not to be subjected to a decision based solely on automated processing.

Under the Joint Controllership Agreement, Fondazione MEIS has assumed the role of coordinator so you may use the following contact address: privacy@meisweb. it If the processing is based on article 6(1)(a) or – without prejudice to the application of article 9(2)(j), on article 9(2)(a), you are entitled to withdraw your consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.

  • You are also entitled to lodge a complaint with a supervisory authority.

Finally, we inform you that your data will be:

  • processed lawfully, fairly and transparently;
  • collected for the explicit and lawful purposes specified above, and subsequently processed in a way that is not incompatible with these purposes;
  • appropriate, relevant and limited to what is required for the purposes for which they are obtained and processed (“data minimisation”);
  • accurate and, if necessary, updated, deleted and/or corrected;
  • processed in such a way as to guarantee adequate security of the personal data – including protection, through appropriate technical and organisational measures – in order to protect them from unauthorised or unlawful processing and from accidental loss, destruction or damage.
  • The information referred to in this document and any communications and actions undertaken pursuant to articles 15 to 18 and articles 20 and 21 of EU Regulation 679/2016 is free. If the requests of the interested party are manifestly unfounded or excessive, in particular due to their repetitive nature, the Data Controller may:
    1. charge a reasonable fee to cover the administrative costs incurred in providing the information or communication or taking the requested action; or
    2. refuse to fulfil the request. The burden of demonstrating the manifestly unfounded or excessive nature of the request falls on the Data Controller.