Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller responsible for your personal data is:

Fondazione bioERGOtech ETS

Via Ciro Giovinazzi 70, 74123 Taranto, Italy

C.F. 90287640735

info@bioergotech.org

2. What Data We Collect

We collect the following categories of personal data depending on how you interact with our website:

Membership Applications

  • Full name and job title
  • Email address
  • Organisation name, type, website
  • Country and city
  • Scientific areas of interest
  • Statement of what you bring to and seek from the ecosystem

Member Portal Accounts

  • Email address and encrypted password
  • Full name and organisation details
  • Partnership level and access permissions
  • Login timestamps and session data

Website Usage

  • IP address and browser type (anonymised where possible)
  • Pages visited and time spent
  • Referring website or search query
  • Cookie preferences

3. How We Use Your Data

PurposeLegal Basis
Processing membership applicationsLegitimate interest / Pre-contractual steps
Providing Member Portal accessPerformance of a contract
Sending application status updatesLegitimate interest
Sending platform notificationsConsent / Legitimate interest
Improving website performanceConsent (analytics cookies)
Complying with legal obligationsLegal obligation

4. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy:

  • Membership applications: Retained for 2 years from the date of submission, or until you request deletion.
  • Member Portal accounts: Retained for the duration of your membership plus 1 year after account closure.
  • Website analytics: Aggregated data retained for up to 26 months.
  • Email communications: Retained for up to 3 years for record-keeping purposes.

5. Data Sharing

We do not sell your personal data. We share data only with trusted service providers who process it on our behalf:

  • Supabase Inc. — Database and authentication hosting (EU data residency available)
  • Vercel Inc. — Website hosting and deployment
  • Google LLC — Maps and productivity tools (Google for Nonprofits)

All third-party processors are bound by Data Processing Agreements and are required to process data only as instructed by us.

6. International Transfers

Some of our service providers are based outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

7. Your Rights

Under GDPR and Italian data protection law, you have the following rights:

Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ('right to be forgotten').
Right to Restriction
Request that we limit how we use your data.
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests.
Right to Withdraw Consent
Withdraw consent at any time where processing is consent-based.
Right to Complain
Lodge a complaint with the Italian Data Protection Authority (Garante).

To exercise any of these rights, contact us at info@bioergotech.org. We will respond within 30 days.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission (HTTPS), password hashing, and role-based access controls within the Member Portal.

9. Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Updates to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page indicates when it was last revised. We will notify registered members of any significant changes by email.

11. Supervisory Authority

You have the right to lodge a complaint with the Italian Data Protection Authority:

Garante per la protezione dei dati personali

Piazza Venezia 11, 00187 Roma, Italy

www.garanteprivacy.it

→ View our Cookie Policy