Vai al contenuto

10.1 Privacy policy procurement through Contracta



In order to submit bids on the Contracta platform, economic operators are required to provide data, documents and information which, if they relate to natural persons representing or otherwise connected to them, fall within the scope of Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (aka “GDPR”) and of the further applicable rules on the protection of personal data.

The processing of personal data by the Contracting/Granting Authority in its capacity as data controller will be carried out in compliance with the provisions of the aforementioned legislation.

In its capacity as “Data Controller”, MUSE – MUSEO DELLE SCIENZE sets out below the purposes and methods underlying the collection and processing of your personal data.

1. Identity and contact details of the Data Controller

The Data Controller is MUSE – MUSEO DELLE SCIENZE located in Corso del Lavoro e della Scienza, 3 – 38122 Trento.

Below are the contact details where the Data Controller may be reached:

In the context of electronic procurement procedures, Trentino Digitale S.p.A. acts as data processor on behalf of the Data Controller, covering the role of system administrator, for all personal data processed for the specific purpose of carrying out the procedure through the Contracta platform.

2. Identity and contact details of the Data Protection Officer

The Data Protection Officer of MUSE – MUSEO DELLE SCIENZE is QSA S.r.l. – ENGINEERING CONSULTING TRAINING, having its registered office in via alla Marcialonga, 3 – 38030 Ziano di Fiemme (Trento).

Below are the contact details where the Data Protection Officer may be reached:

3. Purposes of processing and legal basis

Personal data, including special (judicial) data, are collected to enable economic operators to take part in the procurement procedure and, notably, to run checks on their administrative, technical and economic capabilities and, with reference to the successful bidder, to enter into and perform the ensuing contract, including complying with accounting requirements and payment of the consideration under such contract and, in any case, in compliance with the applicable regulations.

The provision of personal data is required by law, and is also necessary for the purposes of participation in the procurement procedure as well as for entering into and perform the contract. Refusal to provide the data as required will prevent participation in the procedure, i.e. entering into and performing the contract.

Legal basis: The processing of personal data is carried out for the purpose of performing a task in the public interest or in any case in the exercise of official authority vested in the controller within the meaning of Articles 6(1)(e) and 9(2)(g) of the GDPR and Articles 2-ter and 2-sexies of Legislative Decree No. 196/2003.
In addition, the aforesaid processing is necessary for the purposes of contract execution and performance, including in the pre-contractual phase, pursuant to Article 6(1)(b) of the GDPR as well as for fulfilling the legal obligations to which the data controller is subject pursuant to Article 6(1)(c) of the GDPR.

4. Processing methods

Your data will be processed by authorised persons working under the authority of the Data Controller, in such a way as to guarantee security and confidentiality, using computer and electronic tools and the Contracta platform.
No automated decision-making processes will be used, including profiling.

5. Source of personal data

The personal data and contact details of the users of the economic operator and, where necessary, the data relating to the tracking of the operations carried out with respect to significant events in relation to the contract term, are disclosed to the Contracting/Granting Authority by Trentino Digitale S.p.A (i.e. the operator of the Contracta platform) in accordance with the technical rules adopted by AgID with Resolution No. 137 of 1 June 2023, which the Provincial Authorities of Trento make available to Contracting and Granting Authorities in accordance with provincial regulations for the discharge of public contract award and performance procedures pursuant to Article 25(3) of Legislative Decree No. 36 dated 31 March 2023 (Public Procurement Code).

6. Third parties to whom the data may be disclosed

The data may be disclosed to the public authorities as laid down by law to establish compliance with subjective and objective requirements, including:

(a) the National Anti-Corruption Authority;
(b) authorities responsible for tax and administrative inspections and audits;
(c) judicial authorities in the cases as laid down by law;
(d) any other public or private entity in the cases as laid down by EU or Italian law.

The data may be passed on to other parties (e.g. other parties to the proceedings, participants in the procedure, other applicants), in particular in the event of a request for access to administrative records.

The data may be disclosed on the website of the Contracting/Granting Authority in the “Transparent Administration” section, and/or on the website of the Public Procurement Observatory of the Provincial Authorities of Trento, as well as in the other cases regarding transparency and anti-corruption and open data in accordance with the provisions of Legislative Decree No. 83 dated 8 March 2005 (Digital Administration Code).

7. Duration of processing and retention period

The personal data of natural persons pertaining to the participating economic operators will be stored throughout the duration of the procedure and for the period following its conclusion until the expiry of the limitation or prescription periods for appeals and actions connected with such procedure or, in the event of a dispute, until the relevant judgment has become final.

The personal data of natural persons pertaining to the successful bidder will be retained for the entire term of the procurement contract and for ten years from the date of termination thereof, by reason of any potential legal action that may be brought, or, in the event of a dispute, until the relevant judgment has become final.

8. Transfer of data outside the European Union

The data collected will not be transferred to non-European countries.

9. Data Subject Rights

Rights of access, rectification, amendment and erasure of data, portability, limitation of processing and withdrawal of consent given.

The data subject may access his or her personal data directly through the functions provided to the economic operator by Contracta, and has the right to ask the Data Controller at any time for access to his or her personal data or to exercise, in the cases as laid down by law, the right to restrict the processing of data relating to him or her.

You may exercise the aforesaid rights by using any of the Data Controller’s contact details provided under 1 above.

For any requests for action on personal data such as rectification or erasure, users may contact the economic operator to whom they report if no such function is available on Contracta. Within the scope of procurement procedures, data rectification and erasure are permitted subject to the specific regulations. Objection to processing, for reasons related to special circumstances, is allowed unless there are legitimate grounds for continuing processing.

Right to lodge a complaint with the Supervisory Authority.

Data subjects who believe that personal data concerning them are being processed in breach of the GDPR have the right to lodge a complaint with the Data Protection Authority.