PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA PURSUANT TO REGULATION (EU) 2016/679

This privacy policy notice (hereinafter, also “Policy”) – to be understood as a policy pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter, also “Regulation”) – is provided by Agenzia ICE, in its capacity as data controller, in order to illustrate the processing operations, put in place in order to allow you to visit the website https://www.innovitsf.com/ (hereinafter, also “Site”). Agenzia ICE is the government body for the promotion and internationalization of Italian companies abroad, it promotes the consolidation and economic-commercial development of Italian companies in foreign markets, including attracting foreign investment to Italy. Among other things, Agenzia ICE carries out information, assistance, consulting, promotion and training activities for Italian small and medium-sized enterprises; for enterprises to join the activities, Agenzia ICE issues calls (hereinafter referred to as “Calls”) for the selection of participating enterprises.

Personal data controller and processor

The data controller of your data is Agenzia ICE – Italian Trade Agency, with registered office in via Liszt, 21 – 00144 Roma, Tel. 06-59921 (henceforth “Agenzia ICE” or also “Data Controller”). The Data Protection Officer, designated by the Data Controller to carry out the functions provided for by the European Data Protection Regulation, can be reached at the e-mail address privacy@ice.it .

Types of processed data

Within the limits of the purposes and methods described in this Policy, the following categories of data may be processed (hereinafter referred to as “Personal Data”):

Navigation Data

The computer systems and software procedures that enable the operation of the Site collect certain data, not associated with directly identifiable users (e.g. IP addresses; domain names of devices used by users to visit the Site; URI – Uniform Resource Identifier notation addresses; date, time and type of resources requested; method used for the request to the server; and additional data and parameters regarding the interaction between the user and the Site and the computer device used by the user). This data is processed to obtain anonymous statistical information on the use of the Site and ensure its operation. Regarding the data collected by the Site through cookies, please refer to the Cookie Policy.

Data provided by the user in order to receive the newsletter

Completing the form prepared by the Data Controller for the request to receive the newsletter involves the acquisition of your Personal Data (personal and contact data) necessary to provide the requested service. With regard to other Personal Data that you may provide through the Site in order to participate in the activities and initiatives provided by the Data Controler (Call application) or access additional features, you will be provided with specific privacy policy pursuant to art. 13 of the Regulations at the time of data collection. The data provided may also flow into the Central Data Bank of Agenzia ICE, which may use them within the scope of its institutional activity, including, providing you with the opportunity to participate in the Call. The Data Controller will not process data belonging to special or judicial categories referred to in Articles 9 and 10 of the Regulation.

Purposes of processing and legal basis

Agenzia ICE will process your Personal Data to enable you to take advantage of the online assistance and information services and features of the Site, as well as for purposes of performing its institutional tasks and public interest, and to enable effective institutional communication. Processing through the Site is carried out in pursuit of the following purposes:

  • To enable the proper functioning of the Site The Data Controller will process your navigation data in order to ensure the proper functioning of the Site as well as navigation within it. The processing is based on the performance of public interest activities carried out by the Controller (art. 6 co. 1, letter “e” of the Regulation);
  • To receive newsletters The Data Controller will process the data (personal and contact details) you provide in order to deliver the newsletter you may have requested. The processing is based on consent (art. 6 co. 1, letter “b” of the Regulation), it is therefore carried out only where you express your interest to receive the newsletter and voluntarily provide your Personal Data for this purpose. Please note that you may revoke your previously given consent at any time by writing to privacy@ice.it. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal.

Data processing methods

Agenzia ICE processes Personal Data in compliance with the principles set forth in the Regulations, binding the processing to the principles of correctness, lawfulness and transparency, for explicit and legitimate purposes related to the fulfillment of the law, institutional purposes, and administrative activities instrumental to them. Only Personal Data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected are processed. The data are processed by Agenzia ICE staff, adequately trained, acting as authorized personnel for the processing of the data, or by any persons authorized for occasional maintenance operations of the systems, applications and data necessary for the operation of the Site. Processing is carried out in such a way as to ensure adequate security of Personal Data, through the use of automated tools and through technical and organizational measures aimed at preventing data loss, illicit or incorrect use and unauthorized access. The data will not be used for purposes other than and in addition to those described in this Policy, unless we inform you in advance. The processing will be done by computerized means. Your data may also be processed by other third parties who carry out part of the processing activities and/or activities related and instrumental to the same on behalf of the Data Controller. These subjects will also be appointed as data processors pursuant to Article 28 of the Regulations (hereinafter, “Processors”). To request the list of Processors, please write to: privacy@ice.it

Retention period

Personal Data will be retained for a time period not exceeding the achievement of the purposes or in accordance with the deadlines stipulated by legal regulations. They may be kept for longer periods provided that they are processed exclusively for archiving purposes in the public interest, scientific and historical research or statistical purposes subject to the implementation of appropriate technical and organizational measures required by the Regulations to protect the rights and freedoms of the data subject.

Data sharing and transfer

The Data Controller, in the performance of its institutional activities, may disclose your data to other parties exclusively for the purpose of ensuring the most successful delivery of services you may have requested or to fulfill public interest tasks and specific legal obligations. Your Personal Data may also be managed through online software or cloud services, located within the European Union, in compliance with the rights and guarantees provided by the Regulations. If your Personal Data is to be managed with cloud services located outside the European Economic Area, the Data Controller ensures that your data will be processed in accordance with the provisions of Chapter V of the Regulations, i.e. on the basis of adequacy decisions of the European Commission pursuant to Article 45 of the Regulations in compliance with the appropriate safeguards or conditions set out in Articles 46 or 47 or 49 of the Regulation.

Data subject rights

The subjects to whom the above-mentioned Personal Data refer (so-called “data subjects”), have the right to exercise their rights in the manner and within the limits provided by the current privacy legislation. In relation to the processing of your Personal Data, you have the right to request from the Data Controller:

  • access: you may request confirmation that there is or is not a processing of data concerning you, as well as further clarification regarding the information set forth in this Policy, as well as to receive the data itself, within the limits of reasonableness;
  • rectification: you may request to rectify or supplement the data you have provided to us or otherwise in our possession, if inaccurate;
  • erasure (right to be forgotten): you may request that your data acquired or processed by the Data Controller be deleted, if it is no longer necessary for our purposes or where there are no disputes or controversies outstanding, in case of withdrawal of consent or your opposition to processing, in case of unlawful processing, or if there is a legal obligation to delete it;
  • restrict processing: you may request the limitation of the processing of your Personal Data, when one of the conditions set forth in Article 18 of the Regulation is met; in this case, your data will not be processed, except for storage, without your consent, except as explained in the same article in paragraph 2;
  • portability: you may request to receive your data or have them transmitted to another data controller indicated by you, in a structured, commonly used and machine-readable format.

In order to exercise your rights, you may consult the page on the institutional website of Agenzia ICE at the following link: https://www.ice.it/it/privacy, or contact the Data Controller, or the Data Protection Officer at: privacy@ice.it.

Right to a complaint

Data subjects who believe that the processing of Personal Data relating to them carried out through this service is in violation of the provisions of the Regulation, have the right to lodge a complaint with the Guarantor for the Protection of Personal Data, as provided for in Article 77 of the Regulation themselves, or to take appropriate legal action (Article 79 of the Regulation).

This Policy may be supplemented with further guidance, including in consideration of regulatory changes and/or measures of the European Data Protection Board (EDPB) and the National Data Protection Authority.