Close this search box.

Privacy Policy for ISPM Call for applications


Dear Mr / Mrs, Miss Data subject

pursuant to the legislation on the protection of personal data Legislative Decree 30 June 2003, n. 196 (hereinafter “Privacy Code”) and subsequent amendments and articles 13 and 14 of EU Regulation 2016/679 (GDPR) we inform you that the personal data provided through the form available at the URL, which allows you to send your curriculum vitae, will be processed by the Company, in the research and selection of participants in the International Summer School, specifically aimed at training project managers in the field of academic research as well as, where selected, for the organization and participation in the course itself.


The Data Controller of your data is:

With head office in CATANIA
Via Santa Sofia n 89
Biological Tower – floor 11 North Tower
Tel. +39 095 4781472

Type of data processed

The personal data collected are / will be personal data, nationality, contact data (Email and Telephone number), as well as those that you will indicate in the Curriculum (including educational qualifications, those relating to training and professional experience / work, and any qualifications valid for evaluation purposes) (the “Data”).

The interested party must not indicate any data suitable to reveal racial and ethnic origin, religious, philosophical or other convictions, political opinions, membership of parties, unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data suitable to reveal the state of health and sexual life.

Legal basis and purpose of the treatment

The provision and processing of your data as indicated above takes place:

– to execute activities of a pre-contractual / contractual nature, requested by the candidate, by spontaneously forwarding the curriculum and filling in the form on the site;

– on the basis of express consent.

The processing of your personal data will be carried out:

– to allow the Data Controller to manage, in all its phases, the selection of participants in the International Summer School and, where selected, for the organization and participation in the course;

– for “purposes “related or instrumental” to the course itself.

Mandatory and optional nature of the provision of data and consequences of any refusal

You have no obligation to provide us with your personal data.

You provide us with your personal data, on a voluntary basis, as a subject who wishes to participate in the selection for the International Summer School and, a refusal to provide them, will make it impossible for your application to be taken into consideration and that you can partecipate the course.

The processing of data for purposes related or instrumental to the conduct of the course itself is optional. The refusal to provide consent to the processing, and to the communication of personal data to independent third parties, for accessory and instrumental purposes, does not compromise the selection and / or participation in the course, but will only determine the impossibility that the Company can reserve them air or train travel, transfers, hotels and / or take out insurance policies in your favor. Consent can be revoked at any time, but the revocation does not affect the lawfulness of the treatment based on consent before the revocation.

Retention period

The Data will be kept by the Data Controller for a maximum of 12 months, starting from the date of receipt of your CV, if it is not selected.

In the event that you are selected to participate in the International Summer School, your data will be kept for a period of 10 years from the termination of participation in the International Summer School, in accordance with the general principles laid down in accounting and administrative matters.

however, without prejudice to cases in which, storage for a later period is required by the competent authorities or, pursuant to applicable legislation or, for the needs deriving from the management of any litigation.

Method of treatment

The processing will take place by means of any operation or set of operations applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, comparison or interconnection, limitation, cancellation or destruction, in the following ways: data collection from the data subject; recording and processing on paper; recording and processing on magnetic, IT and any other type of suitable medium, including the Cloud.

The processing is carried out “by” and “at” our organization in compliance with the principles of necessity, relevance, also with the aid of electronic tools or with manual and / or IT and / or telematic systems designed to store, manage and transmit the data collected, with logic strictly related to the purposes.

In any case, the treatment will be carried out with the use of suitable technical and organizational measures to guarantee the security and confidentiality of the data.

For the purposes set out above, if necessary, the data may be transferred to countries of the European Union and to non-EU countries for which there is an adequacy ruling by the Commission.

Categories of subjects to whom the data can be communicated

Your data may be disclosed: to legal, administrative, tax, labor consultancy firms, to companies or subjects appointed by the Data Controller to carry out specific processing and / or data processing, to IT consultants, system administrators, who will operate as external managers.

Furthermore, your data may be communicated to our specifically authorized collaborators and employees and, in the context of their duties and, to the Data Protection Officer, if appointed, within the functions entrusted to it.

The updated list of the subjects appointed as Data Processors can be requested by e-mail, using the contact details indicated in the epigraph.

Your data may be communicated exclusively for the purposes specified above, in compliance with the principle of relevance, and within the limits of the law, to the categories of subjects indicated below, who will carry out the processing as Autonomous Data Controllers, as subjects unrelated to the our organization, namely: to subjects who can access them, by virtue of provisions of law or secondary or community legislation, to public administrations and, with your consent, to hotels, airlines and trains, travel agencies , to companies and / or entities that organize transfers, to brokers and / or insurance companies.

Our company may also disclose your personal data to third parties: (i) where required by EU or Member State legislation; (ii) in case of legal proceedings; (iii) in response to a request from law enforcement that is based on legitimate grounds.

Rights of the data subject

The data subject, at any time, may exercise the rights provided from articles 15 to 22 and of article 77 of the New Regulation 2016/679 (GDPR) and this also pursuant to Legislative Decree no. 196 of 30 June 2003, as amended by Legislative Decree no. 101/2018, towards the Data Controller and more precisely:

– Right of access to personal data, pursuant to art 15 of the GDPR.

– Right to rectification and integration of personal data, pursuant to art 16 of the GDPR.

– Right to obtain the erasure of personal data in the cases provided for by art 17 of the GDPR.

– Right to restriction of processing of personal data in the cases provided for by Article 18 of the GDPR.

– Right to the notification of the recipients of the personal data being processed, pursuant to Article 19 of the GDPR.

– Right to data portability of personal data, in the terms and conditions, pursuant to Article 20 of the GDPR.

– Right to object to the processing of personal data, pursuant to art 21 of the GDPR.

– Right not to be subject to automated decisions, including profiling, pursuant to art 22 of the GDPR.

The data subject also has the:

– Right to obtain the contact details of the Data Protection Officer, if appointed;

– Right to revoke any consent given to the processing of data, at any time and without this prejudicing the lawfulness of the processing carried out before the revocation.

The rights are exercised, with a request addressed, without formalities to the Data Controller, also through a designated person, which will be seen to without delay. The request can be transmitted using the contact details indicated in the epigraph.

Pursuant to art. 77 GDPR 2016/679, the data subject also has the right to lodge a complaint to the competent supervisory authority based on his or her habitual residence, place of work or place of violation of rights. In Italy, the Guarantor for the protection of personal data is competent to the Data Protection Authority.

Pursuant to art 2 – undecies of the Legislative Decree n. 196 of 30 June 2003, as amended by Legislative Decree 101/2018, the data subject is informed of the following: “1. The rights referred to in Articles 15 to 22 of the Regulation cannot be exercised with a request to the Data Controller or with a complaint pursuant to Article 77 of the Regulation if from the exercise of these right can derive an actual and concrete prejudice to: a) the interests protected under the provisions on money laundering; b) the interests protected under the provisions on support for victims of extortion requests; c) the activity of parliamentary committees of inquiry established pursuant to article 82 of the Constitution; d) the activities carried out by a public entity, other than economic public bodies, based on the express provision of the law, for exclusive purposes relating to monetary and currency policy, the payment system, the control of intermediaries and credit and financial markets, as well as the protection of their stability; e) to carry out defensive investigations or to exercise a right in court; f) the confidentiality of the employee’s identity who reports pursuant to law 30 November 2017, no. 179, the offense of which he or she became aware because of his office. 2. In the cases referred to in paragraph 1, letter c), the provisions of the parliamentary regulations or the law or the founding rules of the Commission of inquiry apply. 3. In the cases referred to in paragraph 1, letters a), b), d) e) and f) the rights referred to in the same paragraph are exercised in accordance with the provisions of law or regulation governing the sector, which must at least bear direct measures to regulate the areas referred to in Article 23 (2) of the Regulation. The exercise of the same rights can, in any case, be delayed, limited or excluded with reasoned communication and made without delay to the data subject, unless the communication may compromise the purpose of the limitation, for the time and within the limits in which this constitutes a necessary and proportionate measure, taking into account the fundamental rights and the legitimate interests of the data subject, in order to safeguard the interests referred to in paragraph 1, letters a), b), d), e) and f). In such cases, the rights of the data subject can also be exercised through the Guarantor in the manner referred to in Article 160. In this case, the Guarantor informs the data subject that all the necessary checks have been performed or that a review has been carried out, as well as the right of the data subject to bring a judicial appeal. The Data Controller informs the data subject of the faculties referred to in this paragraph”.

Catania, 16 July 2020

Subscribe Newsletter
Keep updated on all ISPM news and events