Please find below the following notices:
A. Data Protection Notice for Visitors of the Website
B. Data Protection Notice for Participants in Ideas and Planning Competitions
Do not hesitate to contact us if you have any questions.
A. Data Protection Notice for Visitors of the Website
Content
1. Subject of this Notice
In accordance with Article 13 of the General Data Protection Regulation (EU) 2016/679 (hereinafter: “GDPR“), we explain below how we process your personal data when you visit our website www.tinnestiftung.it (hereinafter: our “Website“) and what cookies we use on the Website.
This notice does not apply to any other website, not even to those to which we may refer by hyperlink.
2. Data Controller and Dontact Details
We, the TINNE Foundation, are the data controller within the meaning of Article 4(7) GDPR:
TINNE Foundation for Art, Culture and Education, South Tyrol
Fraghes 1
39043 Chiusa (BZ)
Italy
E-mail: info@tinnestiftung.it
PEC: tinnestiftung@pec.it
3. Purposes of Processing and Lawful basis
When you visit our website, we – like any other website – automatically collect certain technical data. Such data is stored in a log file and is therefore hereinafter referred to as “Log Data“.
Log Data includes, in particular, the IP address of your terminal equipment (e.g. computer, smartphone or tablet), the time stamp of access, the content of the request (the specific page), the so-called HTTP status code, the amount of data sent as well as information on the browser used (e.g. Internet Explorer or Safari) and the operating system of your terminal equipment (e.g. Windows or MacOS).
Log Data is processed for establishing a connection between your terminal equipment and our Website and for evaluating system security and stability. It is stored for 7 days and then automatically deleted unless the judicial authority investigates any criminal offences.
We do not use profiling cookies or similar technologists (hereinafter: “Cookies“) on our website. Only the cookie “Elementor” is used to enable us to apply or change the content of our Website in real time as well as the cookie “wp-wpml_current-language” for language recognition. These cookies can be considered as technically necessary and therefore do not require consent or a cookie banner. They persist at most for the duration of the session.
The law basis for such processing – insofar as it such processing involves personal data – are our overriding legitimate interests (Article 6(1)(f) GDPR) deriving from the aforementioned purposes.
4. Recipients of Data
To the extent necessary for the above-mentioned purposes, authorised employees and external consultants (in particular IT consultants) may gain knowledge of the data concerning you. Moreover, our web hoster, the company Aruba S.p.a., receives the data which it processes on our behalf and for the above-mentioned purposes.
5. Data Transfer to Third Countries or International Organisations
We do not intend to transfer the data to a third country, i.e. a country that is not part of the European Economic Area (EEA), or an international organisation.
6. Data Security
Data is transmitted encrypted on our Website. For such purpose, we use the SSL cryptographic protocol (Secure Sockets Layer).
7. Your Rights as Data Subjects
As a data subject, you have, in connection with the data processing in question, the right of access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR) and the right to object (Article 21 GDPR). However, limitations to these rights may derive from the GDPR itself.
Please note in relation to the said right to object: Where your person data is processed on the basis of our legitimate interests (Article 6(1)(f) GDPR), and subject to the conditions of Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data. Where the legal requirements are met, we will no longer process your personal data, with the exception of the processing that is necessary for establishing the connection with our Website.
If you wish to exercise any of these rights or have any questions about them, please contact us (please see the contact details set out at point 1 above).
8. Right to Lodge a Complaint with a Data Protection Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
The Italian supervisory authority is the Garante per la protezione dei dati personali (GPDP) based in Rome (https://www.garanteprivacy.it).
Version 1.0 of 22 February 2022
B. Data Protection Notice for Participants in Ideas and Planning Competitions
Content
1. Scope of this Notice
In accordance with Articles 13 and 14 of the General Data Protection Regulation (EU) 2016/679 (hereinafter: “GDPR“), we explain below how we process your personal data when you participate in ideas and planning competitions (hereinafter: “Competition“) organised by us.
2. Data Controller and Contact Details
We, the TINNE Foundation, are the data controller within the meaning of Article 4(7) GDPR:
TINNE Foundation for Art, Culture and Education, South Tyrol
Fraghes 1
39043 Chiusa (BZ)
Italy
E-mail: info@tinnestiftung.it
PEC: tinnestiftung@pec.it
3. Purposes of Processing and Lawful Basis
We process the personal data that we receive either from you directly or from third parties (e.g. other members of your bidding consortium) and that is necessary and admissible for participation in and handling of the Competition.
The lawful basis for the processing is the performance of pre-contractual measures (Article 6(1)(b) GDPR) and the fulfilment of legal obligations to which we are subject (Article 6(1)(c) GDPR), in particular as per the Legislative Decree (Italy) of 18 April 2016, No. 50, the Law (Italy) of 6 November 2012, No. 190, and the Provincial Law (Autonomous Province of Bolzano South Tyrol) of 17 December 2015, No. 16.
The provision of your data is necessary for participating in the Competition. We will retain the data for as long as required by law and thereafter until the applicable limitation periods for the establishment, exercise or defence of legal claims arising from the Competition have expired.
4. Recipients of Data
Insofar as it is necessary and admissible for the above-mentioned purposes, in particular [authorised employees and external consultants, the competition coordinator, the curators and all persons acting as jurors] may receive data concerning you.
5. No Data Transfer to Third Countries or International Organisations
We do not intend to transfer the data to a third country, i.e. a country that is not part of the European Economic Area (EEA), or an international organisation, unless it is data that must be published by law and is therefore by its nature accessible also from outside the EEA.
6. Your Rights as Data Subjects
As a data subject, you have, in connection with the data processing in question, the right of access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR). However, limitations to these rights may derive from the GDPR itself.
If you wish to exercise any of these rights or have any questions about them, please contact us (see the contact details above under point 1).
7. Right to Lodge a Complaint with a Data Protection Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
The Italian supervisory authority is the Garante per la protezione dei dati personali (GPDP) based in Rome (https://www.garanteprivacy.it).
Version 1.0 of 22 February 2022