Privacy & Cookie policy
Last update January 8, 2024
Pursuant to Legislative Decree 196/2003 and Regulation (EU) 2016/679 (hereinafter "EU Regulation"), this page describes the methods of processing personal data of users who consult the website of Fondazione COISPA ETS (hereinafter "COISPA") accessible electronically at the following address: https:///www.fondazionecoispa.org/. This policy is a derivative of the EU Regulation and must be applied to COISPA’s activities, data processing and data and information systems. We inform you that following your visit to this site, we may process data relating to identified or identifiable persons. This information does not concern other websites, pages or online services accessible through hypertext links that may be published on the site.
Identity of the data Controller
The data Controller is Fondazione COISPA ETS (hereinafter "COISPA") with registered office in Bari (BA), via dei Trulli n. 18/20 - c.a.p. 70126, (Email: segreteria@fondazionecoispa.org, PEC: fondazionecoispa@pec.fondazionecoispa.org, Tel.: +39 0805433596).
General Data Protection Regulation (GDPR)
The GDPR is EU Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. It repeals Directive 95/46/EC. The GDPR comes in force on 25 May, 2018. More information can be found on the EC GDPR site.
COISPA as data owner and processor
The COISPA gathers personal data via several data and information systems and for a range of COISPA activities, such as the organisation of events. COISPA is the owner and processor of this data and does not pass on non public data on to third parties. All data gathered and processed by COISPA is subject to the EU General Data Protection Regulation (GDPR), which aims to protect the privacy of all EU inhabitants.
​
You can contact COISPA through e-mail at segreteria@fondazionecoispa.org; at the address via dei Trulli 18-20, Torre a Mare, Bari 70126, Italy. For questions concerning private data and how COISPA makes use of it, please contact segreteria@fondazionecoispa.org.
Complaints concerning the privacy policy of COISPA, or concerning unlawful data processing by COISPA, can be addressed to supervisory authority (Garante Authority for the protection of personal data - www.garanteprivacy.it), as provided by art. 77 of the GDPR, or go to the appropriate courts (Art. 79 of the GDPR).
Visitor tracking on websites and cookies
1. Data provided by the User
COISPA collects the personal data provided by users when sending a message using the addresses and/or contact forms on the site. The optional and voluntary sending of messages to the contact addresses, as well as the compilation and forwarding of the forms on the site, involve the acquisition of the contact data of the sender necessary to provide feedback, as well as all personal data included in communications.
​
The data provided will be used with computer and telematic tools for the sole purpose of providing the requested service.
2. Navigation data
The Data Controller collects data relating to the use of the website by the user. This information is acquired by the computer systems and software procedures responsible for the operation of the online portal, during their normal operation, Moreover, the transmission of the same is connected and inherent to the use of Internet communication protocols.
​
This data category includes the IP addresses or domain names of computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server and other parameters related to the operating system and the computer environment of the user.
​
These data, necessary for the use of web services, are also processed for the purpose of:
- obtain statistical information on the use of the services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);
- to check the proper functioning of the services offered.
​
The navigation data do not persist for more than seven days and are deleted immediately after their aggregation (subject to any need for detection of crimes by the judicial authority).
3. Cookies and other tracking systems
The Fondazione COISPA ETS (COISPA) informs about the use of cookies on its websites.
​
Cookies are files that can be downloaded to your computer through web pages. They play an essential role in the presentation of many information society services. Among others, they allow a web page to store and retrieve information about the browsing habits of a user or a team and, depending on the information obtained, can be used to recognize the user and improve the service offered.
Cookies typologies
Depending on the entity that manages the domain from which cookies are sent and the data obtained, it is possible to distinguish two types of cookies: own cookies and third-party cookies.
​
There is also a second classification based on the time period in which they are stored in the customer’s browser: session cookies or persistent cookies.
​
Finally, there is another classification with five types of cookies depending on the purpose of the data obtained: technical cookies, customization cookies, analysis cookies, advertising cookies and behavioral advertising cookies.
Cookies used in the website
The COISPA website uses Google Analytics, the analytical tool that helps website and application owners understand how their visitors interact with their properties. Cookies are used to collect information and to inform about website usage statistics without personally identifying Google visitors. Learn more about Google Analytics cookies and privacy.
​​
For the promotion of social media, Twitter, Facebook and YouTube cookies are used to allow our visitors to follow us on such social media; the contents of Twitter, Facebook and YouTube may be incorporated on the home page
​​
Finally, a session technical cookie called cookies_policy is downloaded. Its purpose is to manage and remember whether the user’s consent for the use of cookies on the website has been accepted or not, so that the former can not see the information at the bottom of the page.
Acceptance of the cookies policy
COISPA assumes the user accepts the use of cookies. However, information about the cookie policy will be displayed at the bottom of all portal pages to inform the user.
Given this information, you can take the following actions:
- Accept cookies: If the user clicks the "Accept" button, this warning will no longer appear when entering a portal page.
- Review the cookies policy: the user can access this page, which details the use of cookies, as well as pop-ups to change the browser settings.
Your rights as a data subject
A data subject is the natural person for whom personal data is processed. Each person has the right to be informed on what personal data is being processed and to have access to their personal data.
​
In relation to the data subject of the processing referred to in this information, the data subject is granted at any time the right to:
- ask the Data Controller for access to your personal data and information relating to them (art. 15 of the GDPR); the correction of inaccurate data or the integration of incomplete data (art. 16 of the GDPR); the deletion of personal data concerning you (on the occurrence of one of the conditions indicated in art. 17, par. 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article); the limitation of the processing of your personal data (to the use of one of the hypotheses indicated in art. 18, par. 1 of the GDPR);
- request and obtain from COISPA - in cases where the legal basis of the processing is the contract or consent, and the same is carried out by automated means - your personal data in a structured and machine-readable format, also in order to communicate such data to another data controller (c.d. right to the portability of personal data - art. 20 of the GDPR);
object at any time to the processing of your personal data to the use of particular situations that concern you (Art. 21 of the GDPR).
The request is made by contacting COISPA via PEC at fondazionecoispa@pec.fondazionecoispa.org, by e-mail at segreteria@fondazionecoispa.org or by registered letter at Bari (BA), via dei Trulli n. 18/20 - c.a.p. 70126.
​
Note that not all rights are absolute: COISPA can have compelling legitimate grounds that outweigh the interests and rights of the objector (accountancy, juridical reasons,...). When a request is made, COISPA may demand extra information to confirm identity. Note that the GDPR stipulates that each request made must be logged.
Legal bases for data processing
There are several legal grounds for data processing. The most common is prior consent, which can be withdrawn at any time. A processing of data can be within agreement. Some of the services offered by COISPA require a personal account, and the processing of this data is limited to the linked services and is within agreement. COISPA has the legal obligation to process personal data for accountancy purposes, and has to keep this data for as long as is mandatory. COISPA also processes personal data for common interest: COISPA has the mandate to describe the marine scientific landscape in Italy, and gathers professional data on scientists and institutes for this purpose.
​
With reference to the purposes indicated in the previous paragraph, the legal basis of the same is, with regard to point:
1) the need to implement a contract to which the person concerned is a party or pre-contractual measures taken at his request;
2) the need to pursue the legitimate interest of the controller (in particular with regard to the prevention of fraud and insolvency).
Data processing by COISPA
The COISPA privacy policy lists all data and information systems which process personal data. For some of the systems a more specific disclaimer is made, and direct contact details are given in the disclaimer. Questions can also be directed to segreteria@fondazionecoispa.org.
​
The basic principles of the GDPR is to keep the processing of personal data to a minimum - data privacy by design and by default - and to think about how to protect data from the beginning - data protection by design. To this end COISPA places its systems and data processing under scrutiny, and deletes data or renders it anonymous where possible.
Visitor tracking on websites and cookies
The personal data processed by COISPA are not disclosed, that is, it is not given to indeterminate subjects, in any possible form, including that of their provision or simple consultation. They may, however, be communicated to workers who work for COISPA, or to subjects authorised for processing as operating under the authority of the data controller. On the basis of their roles and duties, they were entitled to process personal data, taking into account their respective competences and in accordance with the instructions given to them by COISPA.
​
COISPA has appointed third-party service providers in relation to the operation of the website, such as hosting service providers, Website-related service providers, IT maintenance service providers, as well as service providers that allow the integration into the website of other functions that the user may use at his discretion. These service providers, designated as Data Processors, are provided with only the personal data necessary to provide the services and are not allowed to use or disclose the personal data of the data subjects for other purposes, without the consent of the person concerned.
The data may also be communicated, as far as strictly necessary, to subjects who for the purpose of processing orders or other requests or services related to the transaction or the contractual relationship with COISPA, must supply goods and/or perform services or services on behalf of COISPA. Finally, the data may be disclosed to persons entitled to access them by virtue of legal provisions, regulations, Community regulations.
Data transfer
Under no circumstances does the Data Controller transfer personal data to third countries or international organisations.
However, it reserves the right to use cloud services. In that case, the service providers will be selected from those who provide adequate guarantees, as well as provided for EU Regulation.
Data storage
COISPA retains and processes personal data for the time necessary to fulfil the purposes indicated. Subsequently, personal data will be stored and not further processed, for the time established by the current provisions on civil and tax matters.
It should also be added that, where a user provides COISPA with personal data that are not required or not necessary for the performance of the requested service or for the provision of a service closely related to it, Fondazione COISPA ETS cannot be considered the owner of these data, and will provide for their cancellation as soon as possible.
COISPA services requiring personal data
For some of the services and activities of COISPA, an account and/or processing of personal data is necessary. By entering your personal data and/or creating an account you agree to the data processing. This data is kept for as long as the agreement lasts, and at least as long as is required for legal purposes (e.g. accountancy). For purposes concerning proof in juridical disputes, COISPA may store personal data up to 10 years after the fact, which is the maximum legal term for placing personal claims.
Data quality by data provenance
Data quality is much improved by knowing the source and its level of expertise in the respective area and/or other relevant knowledge. For this reason COISPA can request for personal data (e.g. work experience, school degrees) to accompany data (in broad sense) offered to COISPA. This provenance info, if made public, will not identify the data source unless allowed by the data subject.
Questions and remarks sent to COISPA via mail, web form or other media
COISPA keeps a record of each data, library or information request it receives. This record includes the work-flow needed to answer the questions in a timely manner. These records, and other similar requests, are kept for statistical purposes. In the yearly overview, COISPA could report on the number of requests received and answered. The data are rendered anonymous/pseudonymous as soon as possible.
Note that questions and remarks sent to COISPA discussion for comments sections are posted publicly. This includes: the posted content and your name, but does not include provided contact info.
Personal data offered for job applications
Personal data offered in the context of job applications will be used solely for processing the application, unless consent was given for alerts on future job offers. The data will only be available to COISPA personnel handling the job offer and to the members the jury (COISPA and/or external experts).
​
The emails and personal data received at segreteria@fondazionecoispa.org will be stored for 10 years for evidence purposes in case of juridical claims by the applicant.
​
In case of hiring, the personal data will be shared with the secretariat for COISPA.
Changes to the Privacy Policy
Please note that the COISPA Privacy Policy is reviewed periodically. COISPA reserves the right to modify its Privacy Policy at any time without notice. Any changes to the Privacy Policy will be posted on this page and will become effective on the date of posting. We encourage you to periodically review this page for the latest information on our privacy practices.
Recourse
Any comments, complaints or questions regarding this policy, or complaints or objections about our use of personal information, should be addressed by sending an email with your comments to coispa@coispa.eu.
Refusal to provide the data
In the event that the Data Subject does not provide his data identified as necessary for the performance of the requested service, COISPA will not be able to follow up the processing related to the management of the aforementioned service, nor the obligations that depend on it.
In the event that the Data Subject does not provide consent to the processing of personal data for the activities that require it, such processing will not take place for the same purposes without this entailing effects on the provision of other services requested, or those for which he has already given his consent. In the event that the Data Subject has given consent and should subsequently revoke or oppose the processing, your data will no longer be processed for such activities, without this entailing any detrimental consequences or effects for the person concerned or for any other services requested.