PRIVACY POLICY AND COOKIES

REGULATORY FRAMEWORK

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications).

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Guidelines on cookies and other tracking tools (Data Protection Authority Order No. 231 of 10 June 2021)

DATA CONTROLLER

When you visit and use our website, we may collect and process personal data, where personal data means any information relating to an identified or identifiable natural person (hereafter, referred to as “Data”). The Data Controller is Formal Methods Europe, an association established under the laws of the Netherlands, with offices at Coolhaven 181, 3015 GC Rotterdam, the Netherlands, registered with the Chamber of Commerce Haaglanden, number 27171991.

The Data Controller appointed the Fondazione Politecnico di Milano (hereinafter “FPM”) as Data Processor, with legal premises in Piazza Leonardo da Vinci, 32 20133 Milano, ex art. 28 GDPR for the processing of personal data for the organization of the 26th International Symposium of Formal Methods Europe: FM 2024 Symposium that take place from 9 September 2024 until 13 September 2024 (“FM24 Congress”). To contact FPM send email: privacy@fondazione.polimi.it or send an email to its Data Protection Officer, fpm-dpo@fondazione.polimi.it

TYPE OF DATA PROCESSED

Browsing data

The computer systems and software procedures used to run this website acquire personal data as part of their standard operations. The transmission of such data is an inherent feature of internet communication protocols.

This information is not collected in order to be associated with identified interested parties (data subjects) but might, because of the type of information it is, allow users to be identified through processes of elaboration and association with data held by third parties.

This category of data includes

IP addresses and/or the domain names of computers used by users who connect to this website,

the URI (Uniform Resource Identifier) notation of the requested resources,

the time of request, the method used to submit the request to the server,

the size of the file received in reply, the numerical code indicating the status of the response given by the server (successful, error, etc.)

and other parameters relating to the user’s operating system and IT environment.

This data will not persist for more than 12 months. These data are used for the sole purpose of computing anonymous statistics about the usage of the website and to check that it is working correctly. The data could be used to ascertain liability in the event of any computer crimes against this website. With the exception of this possibility, web contact data are deleted immediately after being elaborated.

Data provided by the user voluntarily.

The Data that users provide optionally, explicitly and voluntarily when compiling registration forms on this site will then be collected and stored by FPM, in order for FPM to provide the services requested such as register the user’s participation in events/conferences and or promote FM24 related initiatives.

Specific privacy policies are displayed on the pages of the web site created for the provision of certain services

COOKIES

Cookies are small text files containing a certain amount of information exchanged between a website and the user’s device (usually the browser). They are mainly used for the purpose of making websites function and operate more efficiently, as well as for the purpose of providing information to the owners of the website. Cookies can be either session or persistent. Session cookies remain stored in the terminal for a short period of time and are deleted as soon as the user closes the browser. Their use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable secure and efficient exploration of the site. Persistent cookies, on the other hand, remain stored in the user’s terminal until a pre-determined expiration date. Since they are not erased immediately when the browser is closed, these cookies allow to remember the choices made by the user on the website as well as to collect information about the browsed pages, the frequency of the browsing of the website, and identifying the users’ browsing path, in order to improve the experience on the website. Cookies, whether session or persistent, can finally be first-party or third-party depending on whether the subject installing the cookies on the user’s device is the owner of the website (first-party cookies) or a different subject (third-party cookies).

Managing Cookies
Normally, web browsers allow the control of most cookies through the settings of the browser itself. Please note, however, that the total or partial disabling of so-called technical cookies may affect the website’s functionality. In any case, if you do not wish to receive any type of cookies on your device, either from this website or others, you can raise the level of privacy protection by changing the security settings of your browser:

Mozilla Firefox:  https://support.mozilla.org/en-US/products/firefox/protect-your-privacy/cookies  

Google Chrome: https://support.google.com/chrome/answer/95647?hl=en

Microsoft Edge: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Safari on Mac: https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac

Safari su iPhone, iPad, o iPod touch: https://support.apple.com/en-us/HT201265

LEGAL BASIS FOR PROCESSING
For any personal data freely provided by the user through the services offered within the website, the Data Controller is legitimized to process the data as the processing is necessary to carry out pre-contractual measures requested by the user (art. 6, par. 1, lett. b) GDPR), or is legitimized as the user has given consent to a certain activity (art. 6, par. 1, lett. a) del GDPR). Additionally, the Data Controller may process the user’s data where required by a legal obligation to which the Data Controller is subject, such as a request for information about online activities from the competent authorities. More information on the legal basis of the processing activities will be provided within specific privacy policies.

The purposes of the Data Controller for the usage of the website:

  1. participation in the convention/conference FM24
  2. managing payments and tax and invoicing obligations;
  3. the fulfilment of all additional obligations required by law, regulations or community legislation, as well as by provisions issued by duly authorized authorities or bodies;
  4. the organization of activities connected to the FM24, such as the workshops, other events and the gala dinner, with the choice of menu according to personal preferences;
  5. the production of photos and videos of the FM24, for publication on the Politecnico and other project parties’ website and their social media channels

OPTIONAL PROVISION OF PERSONAL DATA

Besides what is specified for browsing data, the user is free to provide their own personal data. However, not providing them may result in the impossibility of obtaining what has been requested.It is not mandatory to acquire the user’s consent to use only technical cookies or third-party or analytical cookies assimilated to technical cookies. Their deactivation and/or denial of their operativity will result in the impossibility of proper navigation on the website and/or the impossibility of using the services, pages, features or content available therein. For all other types of cookies (e.g. marketing and profiling), the Data Controller will require specific consent.
Special categories of personal data will not be processed.

METHODS OF PROCESSING

Personal data are also processed through automated tools. Specific security measures are implemented to prevent data loss, illicit or incorrect use and unauthorized access. The Data Controller has adopted all appropriate security measures required by law and is following the main international standards, in addition the Data Controller has adopted additional security measures to minimize risks related to confidentiality, availability and integrity of personal data collected and processed.

RETENTION PERIOD

Personal data are processed through automated tools for the period of time strictly necessary to achieve the purposes for which they were collected. Data collected for purposes of statistical analysis are anonymized. In all cases, the processing activities comply with the principles of data minimization and retention limitation, and data will be processed for the period of time strictly necessary. More information on the retention time of personal data will be given in the specific privacy policies.

SHARING, COMMUNICATION AND DISCLOSURE OF DATA

Data collected through the website will not be divulged. The data collected may be transferred or communicated for activities strictly related and instrumental to the services to qualified and contracted parties according to the applicable and most protective legislation for the data subject (professionals, consulting and service companies, hardware and software support companies, companies with technical and organizational tasks on this website). Your data will also be processed exclusively by individuals authorized to process them, operating under the direct authority of the Data Controller (employees and collaborators in various capacities), who are instructed accordingly.

The data provided by users who forward requests for the sending of informative material (brochures, informational material, etc.) are used for the sole purpose of performing the service or provision requested and are communicated to third parties only if this is necessary for that purpose. Outside of these cases, personal data will not be communicated unless provided for by contract or law, or unless specific consent is requested from the person concerned.
In this regard, personal data could be transmitted to third parties, but only and exclusively in the following cases:

  1. there is explicit consent to share the data with third parties;
  2. it is necessary in order to provide the requested service;
  3. it is necessary in order to comply with requests from the Judicial or Public Security Authorities.

More information on the parties to whom the data controller may communicate personal data is provided within specific privacy policies.

TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION

The Data controller may make use of cloud services offered by certain providers, appropriately qualified as Data Processors, operating in the European Union or in third countries for which there is an adequacy decision by the European Commission and/or the Data Protection Authority.

With regard to the export of personal data to the United States, prior to any transfer and in light of the circumstances of the transfer, it will be assessed on a case-by-case basis that the level of data protection and related security measures are adequate and effective.

In the absence of an adequacy decision or adequate safeguards pursuant to Article 46 of the GDPR or binding corporate rules pursuant to Article 48 of the GDPR, the transfer will only take place with the explicit, specific and informed consent of the data subject pursuant to Article 49 of the GDPR on the possible risks arising from the transfer of personal data (lack of adequate safeguards to protect the data).

RIGHTS OF THE DATA SUBJECT

In relation to the processing of the aforementioned data, you may exercise the rights referred to in Art. 13 GDPR 679/16 as better expressed in Articles. 15-16-17-18-20-21 and 22 GDPR 679/16 and more specifically, you shall have the right to:

  1. obtain confirmation as to whether or not personal data concerning you are being processed, even if not yet registered, and request a copy in an intelligible form;
  2. request access to personal data, in addition to the right to data portability;
  3. obtain the updating and rectification or, where applicable, to have incomplete data completed;
  4. object, wholly or partially: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of their collection; b) to the processing of personal data concerning you for the purpose of direct marketing.
  5. obtain the erasure and transformation into anonymous form or restriction of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed;
  6. revoke consent at any time without prejudice to the lawfulness of the processing based on consent given before the revocation, in the cases provided for by law;
  7. lodge a complaint with a supervisory authority;
  8. obtain certification that the operations referred to in numbers 4 and 6 above, and their content, have been communicated to the persons to whom the data have been disclosed or disseminated, except in the case in which this proves to be impossible or involves the use of means that are manifestly disproportionate to the protected right.

CHANGES TO THIS PRIVACY POLICY

The Data controller periodically reviews its privacy and security policy and, where appropriate, it will be reviewed in relation to regulatory, organizational or technology-driven changes. If the policies are changed, the new version will be posted on this page of the website.

QUESTIONS, COMPLAINTS, SUGGESTIONS, AND EXERCISE OF RIGHTS

Anyone interested in more information, to contribute with their own suggestions, or to make complaints or objections regarding the privacy policies, how personal data are processed, as well as to assert their rights under the data protection regulations, may contact the Data processor writing to privacy@fondazione.polimi.it or send an email to its Data Protection Officer, fpm-dpo@fondazione.polimi.it

  1. DATA COLLECTION SECTION FOR REGISTRATION TO FM24 CONGRESS

INFORMATIVA PRIVACY

DATA CONTROLLER AND DATA PROCESSOR

Data controller: Formal Methods Europe, an association established under the laws of the Netherlands, with offices at Coolhaven 181, 3015 GC Rotterdam, the Netherlands, registered with the Chamber of Commerce Haaglanden, number 27171991

Data processor: Fondazione Politecnico di Milano, with legal premises in Piazza Leonardo da Vinci, 32 20133 Milano. To contact FPM send email: privacy@fondazione.polimi.it or send an email to its Data Protection Officer, fpm-dpo@fondazione.polimi.it

PURPOSES OF THE PROCESSING

The data you provide to the Data Controller, such as personal details and possibly bank data (where the course or event is subject to a fee) collected through the registration form is processed for the following purposes:

  • participation in the convention/conference FM24 Congress
  • managing payments and tax and invoicing obligations;
  • by the consent of the data subject, the promotion of activities of the Fondazione Politecnico and its project partners and Formal Methods Events.
  • by the consent of the data subjects, the production of photos and videos of the FM24 Congress for publication on projetc partners’ website and social media channels

TYPE OF DATA PROCESSED

The provision of data (es photos, films, recordings and any other form of documentation of the FM24 Congress) for the purpose described in point (iv) is optional, free and consent may be withdrawn at any time. Failure to provide your data, while not preventing participation in the FM24, shall prevent the use of photos and videos of the event in which you can be recognised. In the event that, if You have given your explicit consent to use your photos or imagines You authorize the Fondazione Politecnico of Milano, with legal premises in Piazza Leonardo da Vinci, 32 20133 Milano, ex art. 28 GDPR for the processing of your image, taking video of You for publication on the Data Controller and Data Processor and their project partner’s website and social media channels, as well as other information and promotions of the Fondazione Politecnico’s activities. Pursuant to the Italian law no. 633 of 22nd April 1941, You are not entitled to any compensation for the use the images, photographs, films, recordings and any other form of documentation of the FM24 Congress, which is understood to be free of charge with express waiver of any claims whatsoever in this regard.

Giving Your explicit consent means:

  • process my personal data for the purposes and in the manner set out in this consent.
  • all means of publication and use of my images and likeness and/or any interview statements from me, with the sole limitation that the methods of use are not such as to affect honor, reputation, and decorum.
  • process my personal data without limits of time or geographical limits.

You understand that the data collected will be stored, including in electronic form, on the Data Controller data bases, unless you withdraw your consent, and I also understand that my personal data will be used for dissemination and communication purposes only. 

You release, discharge, and agree to hold harmless the Data Controller and its designees, and all persons acting under its permission or authority, from any liability by irregular use of my personal data by third parties when thereof are being published.

LEGAL BASIS OF THE PROCESSING

The legal basis of the processing of personal data for the purposes referred to in parts (i) and (ii) of paragraph 1 above is the legitimate interest for the fulfilment of the institutional activities and provisions associated with the implementation of the FM24 Congress

The legal basis of the processing of personal data for the purposes referred to in parts (iii) and (iv) of paragraph 1 above is the consent of the Data Subject. Regarding purpose (iii), consent is requested to organize the activities connected to the event according to your needs and preferences. Regarding purpose (iv), consent is requested to allow FPM and the FM24 Congress partners to publish photos, videos, etc. of the event in which you can be identified for the communication and dissemination of the event.

PROCESSING METHODS

The processing of your personal data may include all operations or series of operations considered by law to be data processing. Data will be processed on paper and/or digital form, in compliance with the current legislation that requires the adoption of suitable measures to guarantee an adequate level of security.

RETENTION TIMES

For the purposes referred to in paragraph 1 above, your data will be stored for the period of time required by law and in any case no more than 10 years following the termination of the relationship/contract between you and the Data Controller. As the Event benefits from public funding, your data shall be stored (within the “required period of retention”) for 10 years from the date of the accounting procedures required by the financing body and/or the body that organized the call or funding; or for a longer retention period that may be imposed by legal or regulatory provisions (the start date of the required retention period may therefore be after the date of termination of the negotiation or contractual relationship).

DATA DISCLOSURE

With reference to purpose (i), and, provided that consent is given, to purpose (iii) (iv) in paragraph 1 above, your data will be disclosed, for the pursuit and within the limits of the foreseen purposes only, to the Fondazione Politecnico, as Data Processor pursuant to Art. 28, and to third parties for the fulfilment of contractual obligations and performance of institutional tasks of public interest, as well as to the online payment service provider (such as Pay-pal and similar, ZOHO and Easychair) and others, always within the European Union. Your data shall also be disclosed to the person, company or entity that operates independently to promote the FM24 Congress or to manage certain stages of its organization, in its own interest or in the interest of the Data Controller and the Fondazione Politecnico.

Additional subjects who may be recipients of personal data may be sponsors and project partners for individual events and only if express consent is given.

TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION

The Data controller may make use of cloud services offered by certain providers, appropriately qualified as Data Processors, operating in the European Union or in third countries for which there is an adequacy decision by the European Commission and/or the Data Protection Authority.

With regard to the export of personal data to the United States, prior to any transfer and in light of the circumstances of the transfer, it will be assessed on a case-by-case basis that the level of data protection and related security measures are adequate and effective.

In the absence of an adequacy decision or adequate safeguards pursuant to Article 46 of the GDPR or binding corporate rules pursuant to Article 48 of the GDPR, the transfer will only take place with the explicit, specific and informed consent of the data subject pursuant to Article 49 of the GDPR on the possible risks arising from the transfer of personal data (lack of adequate safeguards to protect the data).

RIGHTS OF THE DATA SUBJECT

In relation to the processing of the aforementioned data, you may exercise the rights referred to in Art. 13 GDPR 679/16 as better expressed in Articles. 15-16-17-18-20-21 and 22 GDPR 679/16 and more specifically, you shall have the right to:

  1. obtain confirmation as to whether or not personal data concerning you are being processed, even if not yet registered, and request a copy in an intelligible form;
  2. request access to personal data, in addition to the right to data portability;
  3. obtain the updating and rectification or, where applicable, to have incomplete data completed;
  4. object, wholly or partially: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of their collection; b) to the processing of personal data concerning you for the purpose of direct marketing.
  5. obtain the erasure and transformation into anonymous form or restriction of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed;
  6. revoke consent at any time without prejudice to the lawfulness of the processing based on consent given before the revocation, in the cases provided for by law;
  7. lodge a complaint with a supervisory authority;
  8. obtain certification that the operations referred to in numbers 4 and 6 above, and their content, have been communicated to the persons to whom the data have been disclosed or disseminated, except in the case in which this proves to be impossible or involves the use of means that are manifestly disproportionate to the protected right.

QUESTIONS, COMPLAINTS, SUGGESTIONS, AND EXERCISE OF RIGHTS

Anyone interested in more information, to contribute with their own suggestions, or to make complaints or objections regarding the privacy policies, how personal data are processed, as well as to assert their rights under the data protection regulations, may contact the Data processor writing to privacy@fondazione.polimi.it or send an e-mail to its Data Protection Officer, fpm-dpo@fondazione.polimi.it