Privacy Policy

OPHERA Project - Workshop Call for Applications - Privacy Policy

1 Definitions

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
MIBACT means the Italian Ministero pei beni e le attività culturali e per il turismo
OPHERA project means the project coordinated by SR-MAR entitled “Opening cultural heritage to communities during the central-Italy post-earthquake long-term restoration process: digital technologies and new competencies for cultural professionals”. OPHERA project is co-funded by the Creative Europe Programme of the European Union.
SR-MAR means the Segretariato Regionale del Ministero pei beni e le attività culturali e per il turismo per le Marche

2 Context and Controller

As the OPHERA project team collects and further processes personal data, it is subject to Regulation (EU) 2016/679 of 27 April 2016 on protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
OPHERA project is coordinated by Segretariato Regionale del Ministero per i beni e le attività culturali e per il Turismo per le Marche (SR-MAR). In this context the Controller of OPHERA project corresponds to the SR-MAR Controller
The data controller is the Ministero dei beni e delle attività culturali e del turismo con sede legale in Roma – Via del Collegio Romano, 27 00186 Roma - email: The contact persona at SR-MAR is Dr. Giovanni Issini.
Processing operations are under the responsibility of the Controller regarding the collection and processing of personal data.

3 What personal information do we collect, for what purpose, under which legal bases and through which technical means?

3.1 Types of personal data 

Personal data collected and further processed concern workshop applicant, tenderer and its staff or subcontractors (natural persons). Information can relate to the following data:

- Identification data: Name, surname, passport number, ID number;
- Function;
- Contact details (e-mail address, business telephone number, mobile telephone number, fax number, postal address, company and department, country of residence, internet address);
- Certificates for social security contributions and taxes paid, extract from judicial records;
- Financial data1: bank account reference (IBAN and BIC codes), VAT number;
- Information for the evaluation of selection criteria or eligibility criteria: expertise, technical skills and languages, educational background, professional experience including details on current and past employment;
- Declaration on honour that they are not in one of the exclusion situation referred to in articles 136 and 141 of the Financial Regulation.

3.2 Purpose
Upon reception of your expression of interest, grant application, tender or request to participate by the OPHERA coordinator committee, your personal data is collected and further processed for the purpose of the management and administration of experts or procurement or grant procedures by MIBACT services.

3.3 Legal bases
The legal basis for the processing operations on personal data is Regulation (EU) 2016/679 of 27 April 2016 on protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

3.4 Technical means
Your personal data is provided by submission of your application, expression of interest or tender.
The information is collected in files stored in an isolated secure system. The information is processed by OPHERA project personnel and transferred to MIBACT systems (as described in point 4.), under the responsibility of the Controller above mentioned.

4 Who has access to your personal data and to whom is it disclosed?

For the purpose detailed above, access to your personal data is given to the following persons, without prejudice to a possible transmission to the bodies in charge of a monitoring or inspection task in accordance with European Union law:
- OPHERA project staff members [project quality committee, project scientific committee, project coordinators committee, members of the partner institutions] as well as external experts and contractors who work on behalf of the MIBACT for the purposes of management and administration of the applications, and the bodies charged with a monitoring, audit or inspection task in application of Italian and European Union law (e.g. internal audits, Financial Irregularities Panel referred to in Article 93 of the Financial Regulation, Exclusion Panel referred to in Article 143 of the Financial Regulation, European Anti-fraud Office - OLAF);
- Members of the public; In case you are selected for grant by the OPHERA project, your personal data will be made public, in accordance with the MIBACT’s obligation to publish information on the outcome of the selection and grant awarding procedure and on the beneficiaries of funds deriving from the Union’s budget (Law 241/1990 - + trasparenza). The information will concern in particular your name and city of provenience, the amount awarded and the name of the project or programme for which you are awarded a contract. It will be published in OPHERA project website.

5 How do we protect and safeguard your information?

The collected personal data and all related information are stored after closure of OPHERA project work programme on the premises and on servers of a computer of SR-MAR

6 How can you verify, modify or delete your information?

In case you wish to verify which personal data is stored on your behalf by the responsible Controller, have it modified, corrected, or deleted, or restrict the processing, or object to it or to exercise the right to data portability, please make use of the contact information mentioned in the Call for applications of by explicitly describing your request. Any correction of your personal data will be taken into consideration from the data protection point of view. Special attention is drawn to the consequences of a request for deletion, as this may lead to an alteration of the terms of the call for applications.

7 How long do we keep your personal data?

Your personal data are kept:
- Files relating to grant procedures, including personal data, are to be retained in the service in charge of the procedure until it is finalised, and in the archives for a period of 10 years following the signature of the grant agreements or decisions. However, applications from unsuccessful applicants have to be kept only for 3 years following the finalization of the call.
- In any case, personal data are kept until the end of a possible audit if one started before the end of the above period.
- After the period mentioned above has elapsed, the files containing personal data are sampled to be sent to the historical archives of the SR-MAR for further conservation. The non-sampled files are destroyed.

8 Contact information

You have the right to access, rectify or erase or restrict the processing of your personal data or, where applicable, the right to object to processing or the right to data portability in line with Regulation (EU) 2016/679.
Any such request should be directed to the Controller, by using the contact information mentioned in the Call for expression of interest, Grant Application Form or the Call for tenders, and by explicitly specifying your request.
You may also contact the Data Protection Officer of the MIBACT or the logal reference person at SR-MAR: