The protection of personal data at FBK

Regulation (EU) 679/2016 "General Data Protection Regulation (GDPR)," together with Legislative Decree No. 196/2003 "Code on personal data" as amended by Legislative Decree No. 101/2018, define rules regarding the protection of individuals with regard to the processing of personal data and the free movement of data. Fondazione Bruno Kessler, aware of the importance of the protection of your personal data, is committed to processing them taking into account the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, retention limitation, integrity, confidentiality and accountability.

FBK is actively engaged in adapting to new regulatory obligations to ensure compliance with the GDPR. In this context, the Corruption, Transparency and Privacy Unit, ensures organizational-functional oversight and support in the area of personal data protection and supports FBK staff in GDPR compliance activities.

The Head of the Unit  -  Alessandro Dalla Torre - received special power of attorney so that he can represent FBK, committing it with his signature and issuing declarations, in the performance of the activities that fall within the competencies of the conferred role, being able in particular to ensure, on behalf of the Data Controller, the coordination of the aspects related to the legislation on the protection of personal data for the Foundation, including the power to sign Joint Controllership Agreements, appointments to Data Processors, internal appointments and communications, correspondence with the Data Protection Authority.

Pursuant to Article 37 of the GDPR and with the purpose of overseeing the privacy system adopted in relation to the relevant regulations, Anna Benedetti was appointed as Data Protection Officer (DPO) by the Foundation's Board of Directors (more details can be found at the link https://trasparenza.fbk.eu/Altri-contenuti/Protezione-dei-dati-personali). 
 

Through the support and advisory service [email protected], [email protected] and, only for internal FBK staff, [email protected], the DPO may be asked for opinions and suggestions by FBK staff for compliance with the provisions of the GDPR.

The Data Controller is FBK as a whole, which exercises completely autonomous decision-making power over the purposes and methods of processing, including the security profile.

The Foundation has defined an Organizational Model of Privacy Responsibility aimed at the proper processing of personal data. This model is consistent with the organizational chart of the Foundation. On the occasion of the annual update of the general organizational chart, the Foundation also updates the line of internal responsibilities regarding the processing of personal data, identifying in the Heads of the organizational articulations and sub-articulations (Centers, Units, Services, Directorates ...) the Internal Managers of the Processing of Personal Data with regard to the processes attributable to their exclusive competence.