INFORMATION ON THE PROCESSING OF PERSONAL DATA
to. Pursuant to and in accordance with Article 13 of EU Regulation 679/2016.

CYBER 4.0 Association (hereinafter, “CYBER 4.0” or “Data Controller“), having its registered office in Via Adito Desio, 60 – 00131, C.F. 96418070585 and VAT No. 16264201001, as the data controller of your personal data, informs you, pursuant to Article 13 of Regulation (EU) 679/2016 (“GDPR”), that your personal data will be processed in the manner and for the purposes set out below. In this regard, before communicating any personal data, the Data Controller invites you to carefully read this information notice (hereinafter, “Information Notice”), which contains important information on the protection of personal data and the security measures adopted to ensure their confidentiality in full compliance with the GDPR and the national reference legislation (Legislative Decree No. 196/2003 as amended by Legislative Decree 101/2018).

Data Controller and Data Protection Officer
The Data Controller is the company CYBER 4.0 having its registered office in Via Ardito Desio, 60 – 00131 Rome, C.F. 96418070585 and P.IVA n. 16264201001.
E-mail address: cyber@cyber40.it. The updated list of Data Processors is kept at the registered office of the Data Controller, and can be consulted upon specific written request pursuant to Article 15 of the GDPR. The Data Protection Officer (DPO) can be contacted at the e-mail address: dpo@cyber40.it.

Purposes of the Processing of Data Collected
This information is provided in relation to personal data that Cyber 4.0 comes into possession of for the purposes of registration and participation in informational and dissemination events of cultural, educational and research activities, which may also involve audio and video photographic recordings of the data subjects. In addition, if consent is provided by the data subject, the data may be used for promotional purposes (sending the Cyber 4.0 newsletter).

Legal basis for processing
The Data Controller processes Personal Data related to the data subject exclusively on the basis of the following conditions:

  • processing is necessary for the pursuit of the legitimate interest of the Controller;
  • The User has given consent for the specific purpose.

Types of Data Collected
The personal data processed are:

  • common personal data (e.g., first and last name, contact data); specifically, personal data are those collected through the application form for the training and orientation event, i.e., those data strictly necessary for the registration, delivery, management and improvement of the training and orientation activity;
  • Any data regarding images and/or audio/video footage taken during the in-person or hybrid event.

Method and place of processing of collected Data
The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The processing is carried out by means of computer and/or telematic tools, with organizational methods and logics strictly related to the indicated purposes. Some Data may be subsequently disseminated via social media (YouTube, LinkedIn, Facebook, Instagram, Twitter). The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located.

Recipients of Personal Data
Your personal data may be disclosed and/or transmitted to:

  • Subjects involved in the organization and management of information and dissemination events, cultural, educational and research activities, (administrative, commercial, marketing, legal, system administrators staff) or external parties (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication and marketing agencies) appointed, if necessary, as Data Processors in accordance with Article 28 GDPR;
  • any individuals, appointed as Data Processors in accordance with Article 28 of the GDPR, who may process the data (photos and/or videos) depicting you as part of the communication activities they carry out on behalf of Cyber 4.0;
  • Any third parties performing printing and communication activities for the event;
  • any third parties such as Cyber 4.0 Members and entities that participated in the days of the 2024 edition Forum that request them to document the days of the event on their institutional channels (website social pages).

Retention Period
Data are processed and retained for the time required by the purposes for which they were collected. Data regarding images and/or audio/video footage taken during the in-person or hybrid event are retained no longer than one year from the date of the event. At the end of the retention period, the Personal Data will be irreversibly deleted. Therefore, at the expiration of this period the right of access, deletion, rectification and the right to Data portability can no longer be exercised.

Rights of the Data Subject
Users may exercise certain rights with respect to the Data processed by the Data Controller. In particular, the Data Subject has the right to:

  • Revoke consent at any time. The data subject may revoke the previously expressed consent to the processing of his or her Personal Data.
  • Object to the processing of their Data. Data subjects may object to the processing of their Data when it is done on a legal basis other than consent. Further details on the right to object are provided in the section below.
  • access their Data. The data subject has the right to obtain information about the Data processed by the Data Controller, certain aspects of the processing, and to receive a copy of the Data processed.
  • Verify and request rectification. The data subject can check the correctness of his or her Data and request that it be updated or corrected.
  • Obtain restriction of processing. When certain conditions are met, the data subject may request the restriction of the processing of his or her Data. In this case, the Data Controller will not process the Data for any purpose other than its preservation.
  • Obtain the deletion or removal of their Personal Data. When certain conditions are met, the data subject may request that their Data be deleted by the Data Controller.
  • receive their Data or have it transferred to another owner. The Data Subject has the right to receive his or her Data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred unimpeded to another data controller. This provision is applicable when the Data are processed by automated means and the processing is based on the consent of the Data Subject, a contract to which the Data Subject is a party or contractual measures related thereto.
  • Propose complaint. The data subject may file a complaint with the relevant data protection supervisory authority or take legal action.

How to Exercise Rights
To exercise the rights of the Data Subject, Users may address a request to the following email address: privacy@cyber40.it. Requests are filed free of charge and processed by the Holder as soon as possible, in any case within 30 days of receipt.