Data Storage Privacy Policy

Home » Data Storage Privacy Policy

Privacy Policy for Data Storage

The purpose of this document is to inform the individual (hereinafter the “Party concerned”) regarding the processing of their personal data (hereinafter the “Personal Data”) collected by the data controller, the Institute for Biomedical Research and Innovation of the National Research Council, headquartered at Via Ugo la Malfa, 153, 90146 Palermo PA, CF / VAT number 80054330586, e-mail address, (hereinafter the “Data Controller”), through the website (hereinafter the “Application”).

Changes and updates will be binding as soon as they are published on the Application. If the concerned party does not accept the changes made to the Privacy Policy, they are required to cease using this Application and may request that the Data Controller delete their Personal Data.

Categories of Personal Data processed

The Data Controller processes the following types of Personal Data voluntarily provided by the concerned party:

  • Contact details: name, surname, address, email, telephone, images, authentication credentials, any additional information sent by the concerned party, etc.
  • Fiscal data: tax code, VAT number, etc.
  • Data relating to the employment relationship: data entered in the CV, data relating to the spouse or children, pension data, etc.

The concerned party’s failure to provide Personal Data for which there is a legal or contractual obligation, or which is a necessary requirement for the conclusion of a contract with the Data Controller, will result in the impossibility for the Data Controller to establish or continue the relationship with the concerned party.

The concerned party who communicates Personal Data of third parties to the Data Controller is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.

Cookies and similar technologies

The Application uses cookies, web beacons, unique identifiers, and other similar technologies to collect the concerned party’s Personal Data on the pages, links visited, and other actions performed when using the Application. They are stored to be transmitted to the concerned party’s subsequent visit. The complete Cookie Policy can be viewed at the following address:

Legal basis and purposes of processing

Processing of Personal Data is necessary:

  • for the performance of the contract with the Data Subject and specifically:
    • compliance with any obligation deriving from the pre-contractual or contractual relationship with the Data Subject
    • support and contact with the Data Subject: to respond to Data Subject’s requests
  • for legal obligations and specifically:
    • compliance with any obligation provided by current legislation, laws and regulations, in particular, in tax and fiscal matters

The Data Subject’s Personal Data may also be used by the Controller to defend himself in court proceedings before the competent judicial authorities.

Methods of processing and recipients of Personal Data

Processing of Personal Data is carried out using paper and electronic tools with organizational methods and logics strictly related to the purposes indicated and through the adoption of appropriate security measures.

Personal Data is processed exclusively by:

  • persons authorized by the Controller of Personal Data processing who have committed themselves to confidentiality or have an adequate legal obligation of confidentiality;
  • subjects who operate autonomously as distinct data controllers or as subjects designated as data processors by the Controller in order to carry out all processing activities necessary to pursue the purposes of this information (for example, business partners, consultants, IT companies, service providers, hosting providers);
  • subjects or entities to whom it is obligatory to communicate Personal Data by law or by order of the authorities.

The above-mentioned subjects are required to use appropriate safeguards to protect Personal Data and can access only those necessary to perform the tasks assigned to them.

Personal Data will not be indiscriminately disseminated in any way.


Personal Data will not be transferred outside the territory of the European Economic Area (EEA).

Retention period of Personal Data

Personal Data will be kept for the period of time necessary to fulfill the purposes for which they were collected, in particular:

  • for purposes related to the performance of the contract between the Controller and the Data Subject, they will be kept for the entire duration of the contractual relationship and, after termination, for the ordinary prescription period of 10 years. In case of a legal dispute, for the entire duration of the dispute, until the expiration of the terms for bringing legal actions
  • for purposes related to the legitimate interest of the Controller, they will be kept until the completion of such interest
  • for compliance with a legal obligation, by order of an authority and for legal protection, they will be kept in compliance with the timing provided by such obligations, regulations, and in any case until the expiration of the statutory limitation period provided for by the laws in force
  • for purposes based on the Data Subject’s consent, they will be kept until the consent is revoked

At the end of the retention period, all Personal Data will be deleted or kept in a form that does not allow the identification of the Data Subject.

Rights of the Data Subject

Data Subjects can exercise certain rights with respect to the Personal Data processed by the Data Controller. In particular, the Data Subject has the right to:

  • be informed about the processing of their Personal Data
  • withdraw their consent at any time
  • restrict the processing of their Personal Data
  • object to the processing of their Personal Data
  • access their Personal Data
  • verify and request the rectification of their Personal Data
  • obtain the limitation of the processing of their Personal Data
  • obtain the erasure of their Personal Data
  • transfer their Personal Data to another controller
  • lodge a complaint with the supervisory authority for the protection of their Personal Data and/or take legal action.

To exercise their rights, Data Subjects can submit a request to the following email address: Requests will be promptly handled by the Data Controller and processed as soon as possible, in any case within 30 days.

Data Protection Officer

The Data Protection Officer is Raffaele Conte, Piazzale Aldo Moro, 7, 00185 Roma, email address:, PEC address: The point of contact at the Data Controller is the Director of the organization, Andrea de Gaetano, whose contact details are: (email: PEC:, Via Ugo la Malfa, 153, 90146 Palermo PA).


Last update: 17/02/2023