Dear User,

in accordance with the provisions of Article 13 of the General Data Protection Regulation n. 679/2016 (or GDPR), we wish to inform you that:

1. Purposes of the treatment

The User’s personal data will be processed exclusively for the following purpose:

• updating the User about the activities and products related to MAELSTROM;
• registration of the User in the Virtual Forum created within the MAELSTROM project;
• fulfillment of obligations under European and national legislation or execution of the order of the Judicial Authority;

2. Optional provision of data

Users are free to provide their personal data.

Failure to provide data does not make it impossible to navigate the site. However, failure to provide data involves the non-receipt of the newsletter and the inability to participate in the Forum.

3. Data Controller

The Data Controller is CIMA Research Foundation (www.cimafoundation.org).

4. Data Protection Officer

The Data Protection Officer, for the sole activities of management of the Users’ audience in the Forum, is CIIMAR (www2.ciimar.up.pt) which, in the treatment of personal data, complies with what is written in this document.

5. Treatment modalities

The User’s data are treated exclusively in digital format.

The Data Controller adopts adequate technical and organizational measures to ensure a level of security appropriate to the type of data processed and, for this purpose, the Data Controller uses media or systems of his property or third parties suitable to ensure adequate standards of protection of the data provided. Specifically, for the management of the newsletter, the Data Controller uses the Mailchimp service, whose privacy policy can be found at mailchimp.com/legal/privacy/.

6. Type of data processed

The type of data processed belongs to the category of personal data provided voluntarily by the User.

The personal data provided are: name, surname, email.

These data are acquired through the Partners of this or other similar projects.

7. Communication and dissemination of personal data

The data provided by the user are mainly processed by the staff of the owner.

Indeed, some processing operations may also be carried out by third parties, because they are entrusted with certain functional activities for the provision of the final service. In head to these additional subjects, are imposed appropriate obligations regarding the protection of personal data and entrusted with the status of data processors in relation to the activities assigned.

The data provided by the User may also be communicated, for the purposes mentioned above, to persons to whom the communication must be made in compliance with an obligation imposed by law, regulation or legislation, or to comply with an order of the Judicial Authority.

8. Transfer of personal data to countries outside the European Union

As allowed by Art. 44 et seq. GDPR, personal data provided may be transferred outside Europe only to Mailchimp, which guarantees a level of data protection appropriate and adequate to the European standard, as verifiable at the link: https://mailchimp.com/gdpr/

9. Data retention times

The data collected will be kept for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.

10. Rights of the interested parties

The User may exercise the rights under Art. 15 et seq. GDPR, where applicable. Among these, the right to request rectification, restriction or deletion of registration data.

Requests must be sent to the Data Controller.

It is always possible, moreover, to exercise the right to lodge a complaint with a Control Authority or refer the matter to the Guarantor for the protection of personal data, when it is believed that the processing has been carried out in a manner that does not comply with the Regulation.