Information Notice Concerning the Processing of Personal Data
(Regulation (EU) 2016/679)
IPAC’23 conference participants

Elettra – Sincrotrone Trieste S.C.p.A.

Principles relating to processing of personal data

Article 5 of the Regulation (EU) 2016/679 of the European Parliament and of the Council “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”, hereinafter (GDPR) sets out that any processing of personal data must be carried out according to the principles of lawfulness, fairness and transparency.

Your personal data shall be collected, used and processed following the principles above and therefore the processing shall have specific, explicit and lawful purposes.

The personal data shall be:

• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• accurate and, where necessary, kept up to date;
• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

The information in this document, provided pursuant to articles 12, 13, from 15 to 22 and 34 of the GDPR, concerns the rights of the data subject, more specifically the “transparent information, communication and modalities for the exercise of the rights of the data subject”.

Processing

According to the GDPR, ‘processing’ means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”.

Purpose of personal data processing

Your personal data (name, surname, email address) are required for:

• proceed with your registration in the IPAC’23 event, so as to allow for:
  • the magement of your activity as a participant in the IPAC’23 conference;
  • identification and verification of the access authorisation at the IPAC’23 conference venue during the days of the conference;
• the correct reference to you as submitter, author, co-author or presenter for one or more scientific contributions;
• the pubblication of the IPAC’23 conference proceedings, included list of authors and

Videos and photos taken during IPAC’23 might be published in the proceedings and for promotional activities regarding the scientific research.

Amendments and updates

This notice may be subject to amendments or integrations, of which you shall be informed.

Consequences of a failure to provide personal data

The provision of your personal data is required in order to:

• include you in the list of authors for one or more scientific contributions to the conference;
• allow actual participation in the conference as a possible presenter or general

A denial to provide such information or a failure to consent to the processing phases shall prevent your possibility to participate in the conference in either active (author/presenter) or passive (attendee) way.

Recipients of personal data

Your personal data, subject to processing for the purposes above, shall be transmitted to the following data controller, also involved in IPAC’23 conference organisation and management activities:

• Istituto Nazionale di Fisica Nucleare (INFN) in order to assign the grant to students who has applied for it;
• the Professional Conference Organiser (PCO) responsible for all the logistics of the events;
• the Scientific Programme Committee (SPC);
• the European Physical Society – Accelerator Group (EPS-AG).

Data processing

Data processing shall be carried out in compliance with the GDPR prescriptions, with special reference to Articles 32 “Security of processing”, 33 “Notification of a personal data breach to the supervisory authority” and 34 “Communication of a personal data breach to the data subject”.

Admission to the conference venue shall be permitted by means of a temporary non- transferable badge assigned to the attendee.

Processing operations shall be carried out by authorised subjects, constantly identified, suitably trained and informed on the obligations under the GDPR.

Processing shall be carried out using computer, telematic and electronic systems, which may or may not be connected to the Internet, or using paper supports according to logics closely connected to the purposes declared.

In addition, processing may be carried out using video surveillance systems, installed for the purposes of workplace safety and protection of the corporate assets, according to the provisions of art. 4 of Law no. 300 of 20 May 1970 (Workers’ Statute) as amended by art. 23 of Legislative Decree no. 151 of 14 September 2015 (Jobs Act) and the Regulation on the subject of video surveillance dated 8 April 2010, issued by the Italian Data Protection Authority.

In any case, the processing operations shall be carried out in such a way as to guarantee the security, confidentiality and availability of the data, according to principles of

correctness, lawfulness and transparency, aimed at protecting the fundamental rights and freedoms of natural persons.

If data subjects would access the Elettra facilities in relation to the purposes above, their personal data will be processed also by personal recognition and identification by means of a valid identification document by the porter and security service operators.

Cookies

The website of the IPAC’23 conference uses session cookies, which are required for users to navigate the website appropriately and safely. Session cookies created do not affect users’ privacy during their browsing experience on our website, as they do not entail processing their personal identification data. Session cookies are not permanently stored and indeed cancelled when the connection is terminated.

Data Controller

The Data Controller is:

Elettra – Sincrotrone Trieste S.C.p.A. with headquarters in Strada Statale 14 km 163,5 in Area Science Park – 34149, Basovizza – Trieste, in the person of the President and CEO Prof. Alfonso Franciosi

Tel. +39 040 37581 – Fax +39 040 9380902

Contacts of the Data Protection Officer (DPO)

The Data Protection Officer (DPO) appointed by Elettra can be reached using the following contacts:

• e-mail: dpo@elettra.eu
• post: Elettra – Sincrotrone Trieste S.C.p.A. Strada Statale 14 km 163,5 in Area Science Park – 34149 Basovizza – Trieste, Italy – Responsabile della protezione dei dati (Data Protection Officer)

Further information available at the following address:

http://www.elettra.eu/privacy.html

Period of personal data retention

The personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

Rights of the data subject

In relation to his or her personal data, the data subject may exercise the following rights:

• Right of access (art. 15 of the GDPR) – The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.

If required, the controller shall provide a copy of the personal data undergoing processing, on condition that such copy does not prejudice the rights and freedoms of third parties.

• Right to rectification (art. 16 of the GDPR) – The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

• Right to erasure (right to be forgotten) (art. 17 of the GDPR) – The data subject shall have the right to obtain from the controller without undue delay the erasure of personal data concerning him or her.

• Right to restriction of processing (art. 18 of the GDPR) – The data subject shall have the right to obtain from the controller restriction of processing.

• Right to data portability (art. 20 of the GDPR) – The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

• Right to object (art. 21 of the GDPR) – The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

• Right to lodge a complaint with a supervisory authority (art. 77 of the GDPR) – Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

Elettra – Sincrotrone Trieste S.C.p.A.
President and CEO
Prof. Alfonso Franciosi