Privacy Policy

Privacy Policy on the protection of individuals with regard to the processing of personal data based on the EU Regulation 2016/679

EU Regulation 2016/679 “General Data Protection Regulation” (hereinafter “GDPR”), Legislative Decree No. 196/2003 “Personal Data Protection Code” and its Annex A. 4 “Code of Ethics and Good Conduct for the Processing of Personal Data for Statistical and Scientific Purposes” (Guarantor’s Order No. 2 of June 16, 2004, Official Gazette No. 190 of August 14, 2004) guarantees the right of every person to the protection of personal data concerning him or her.
Pursuant to the aforementioned regulations, the processing of your personal data, by the personnel involved in our activities, will be based on compliance with the principles set forth in Article 5 of the GDPR and, in particular, those of lawfulness, correctness, transparency, relevance, and no excessiveness and in such a way as to ensure adequate security of personal data.

The National Research Council (CNR) of Italy, as the data controller, informs you that the personal data related to you in our database will be processed in accordance with applicable legislation and the principles of fairness, lawfulness, transparency and protection of your privacy and your rights.

Type of data processed

Personal data (including, but not limited to, name, surname, company name, address, telephone, e-mail, bank and payment references – hereinafter also referred to as “personal data” or “data”) communicated by you and collected by CNR IRSA will be processed.
If necessary, the following will also be processed: educational qualification, membership in professional registers, orders or associations including membership number, job title, profession, work performed or role within the organization on which you depend, professional qualifications and/or specializations.
This Notice may be accompanied, should it be necessary, by a special form for the granting of consent as provided for in Article 7 of the Regulations, articulated according to the further type of use of your Personal Data.
Data sent and managed for project purposes with respect to which use has been allowed for the pursuit of specific project objectives are also subject to the GDPR.


Cookies consist of information installed within your browser that assist the Data Controller in providing the service in accordance with the described purposes. This Site uses Technical Cookies to save the User’s session and to perform other activities strictly necessary for its operation, no user profiling through third party services is provided. Users’ prior consent is not required for their installation, but it is sufficient information, pursuant to Measure No. 231 of June 10, 2021 of the Italian privacy authority (Autorità Garante per la protezione dei dati personali – GU General Series No. 163 of 09-07-2021). First-party technical identifiers are also used to produce aggregate statistics using the Entity’s own internal tools and in relation to an individual site, which are equated with “Cookies and other technical identifiers” as per Annex 1 to the measure “Guidelines cookies and other tracking tools – June 10, 2021 [9677876]” available at the following URL .

Legal Basis and Purpose of Processing

The legal basis for the processing is the data subject’s express consent to the processing of his or her personal data for one or more specific purposes (Art. 6 Paragraph 1 (a) of the GDPR. The purposes and methods of processing of your personal data are indicated by Article 6 of the Regulations, as well as in the specific disclosures associated with the collection and acquisition forms. This processing is aimed at the realization of the SD-WISHEES project’s objectives for the promotion of research and innovation activities, such as, for example: the sending of newsletters, the transmission of invitations to conferences and information events, the communication and dissemination of the project’s activities and outputs.

Methods of Processing

The processing of your personal data is carried out by means of the operations indicated in Article 4 No. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data will be processed exclusively by persons authorized to process and appropriately trained, as well as through data processors linked to the owner by specific contract. The processed personal data will not be subject to dissemination.

Retention of data

Your personal data will be processed using both paper and electronic and/or automated means. The Data Controller will process personal data in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes for which they are processed; personal data may be retained for longer periods for archiving purposes in the public interest, scientific or historical research or statistical purposes, in accordance with the protection of the rights and freedoms of the data subject (“storage limitation”) and, in any case, for a maximum period of 5 years after the end of the SD-WISHEES project.

Access to Data

Your Data may be made accessible for the above purposes::

  • to employees and collaborators of the Data Controller in Italy and within the European community, in their capacity as authorized parties and/or internal data processors and/or system administrators;
  • to other entities (by way of example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as data processors.

Nature of the conferment of Data and Obligatory nature of the conferment

The provision of data for the purposes referred to in Article 2 letters a, b, and c, is mandatory. In their absence, it will not be possible to execute any contracts concluded for the provision of services rendered by CNR IRSA. It is your right, therefore, to decide not to give any data or to deny later the possibility of processing data already provided and, in this case, you will not be able to receive newsletters, commercial communications and advertising material related to the services offered by the Owner.

Exercise of Rights by Users

Pursuant to Articles 15 et seq. of the Regulations, the subjects to whom the Personal Data refer have the right at any time to obtain confirmation of the existence or non-existence of the same at the Data Controller, to know its content and origin, to verify its accuracy or request its integration, cancellation, updating, rectification, transformation into anonymous form or blocking of Personal Data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, their processing. Requests should be addressed to the Data Controller:
To stop receiving informative material, communications from CNR IRSA, send an email to the sender indicating in the subject line “CANCEL SUBSCRIPTION”. Where applicable, you also have the rights set forth in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to complain to the Supervisory Authority as a supervisory authority.

Methods of exercising rights

You may at any time exercise the above rights by sending a communication by PEC or by registered mail:
IRSA – Istituto di Ricerca sulle Acque – C.N.R.
Strada Provinciale 35d, km 0,7 – 00015 Montelibretti

Data Controller:
Consiglio Nazionale delle Ricerche
Piazzale A. Moro 7
00185 ROMA

Data Protection Officer (DPO):
Consiglio Nazionale delle Ricerche
Piazzale A. Moro 7
00185 ROMA
mail di contatto:

Data processor:
Direttore del CNR-IRSA
Strada Provinciale 35d, km 0,7 – 00015 Montelibretti
mail di contatto: