Public registration

NCLC 01/26 | NATO CIMIC LIAISON COURSE

Information notice

INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA, DOCUMENTS, IMAGES AND ACCESS TO DIGITAL SERVICES

Please read the following Information Notice and terms carefully.

By selecting “I agree”, you confirm that you have read, understood and accepted this Information Notice and the applicable terms and conditions governing registration, participation, account creation, authentication, access to the Activities Portal, Wi-Fi services, Dirty Internet access, internal network resources, credential-delivery procedures, OTP verification, security logging, authorized use and the processing of personal data, documents and images, where such services or processing activities are provided, required or authorized for the selected activity.

1. DATA CONTROLLER

The Data Controller of your personal data is the:
MULTINATIONAL CIMIC GROUP - HQ
Caserma Mario Fiore
Via Riviera A. Scarpa, 75
31045 Motta di Livenza (TV), Italy
hereinafter referred to as the “Controller”.

2. PURPOSES AND LEGAL BASIS OF THE PROCESSING

The processing of personal data, documents, images, photographs, account information, authentication data, access credentials, access logs and activity-related records provided through this web portal or collected during the relevant course, event, training activity or authorized support activity is carried out for the following purposes:

Purpose of Processing Legal Basis
A. Management of Registration and Activity Participation: processing necessary for registration, identity verification, administrative management, access control, communications with participants and participation in the selected activity. Performance of a contract or pre-contractual measures pursuant to Article 6.1.b GDPR.
B. Legal, Fiscal, Accounting and Administrative Obligations: processing necessary to comply with legal, fiscal, accounting, administrative and accountability obligations arising from registration and participation. Compliance with a legal obligation pursuant to Article 6.1.c GDPR.
C. Documentation, Reporting, Institutional Communication and Official Channels: processing and publication of images, photographs and activity-related material on this web portal and/or official related communication channels, exclusively for documentary, informational, institutional and non-commercial purposes connected with the activity. Legitimate interest of the Controller pursuant to Article 6.1.f GDPR, where applicable. Where the Controller acts in the performance of an official or public task, the legal basis may be the performance of a task carried out in the public interest or in the exercise of official authority pursuant to Article 6.1.e GDPR, where applicable.
D. Historical Archive and Internal Statistics: retention and use of participant data and activity-related records for internal statistical, archival, accountability and organisational purposes. Legitimate interest of the Controller pursuant to Article 6.1.f GDPR, where applicable, or public interest / official authority pursuant to Article 6.1.e GDPR, where applicable.
E. Account Creation, Authentication and Digital Services: processing necessary to create, activate, manage, suspend or revoke personal accounts, usernames, passwords, first-access links, credential-retrieval links, tokens, OTP codes and related authentication procedures for the Activities Portal, Wi-Fi services, Dirty Internet access, internal network resources or other digital services, where provided, required or authorized for the selected activity. Performance of a contract or pre-contractual measures pursuant to Article 6.1.b GDPR, legitimate interest of the Controller in IT security and service administration pursuant to Article 6.1.f GDPR, compliance with legal obligations pursuant to Article 6.1.c GDPR, and/or public interest / official authority pursuant to Article 6.1.e GDPR, where applicable.
F. Logging, Cybersecurity, Incident Handling and Service Protection: processing of authentication data, access logs, technical logs and security-related information for cybersecurity, incident prevention, incident handling, access control, protection of systems and lawful administration of the service. Legitimate interest of the Controller in protecting systems, networks, users and institutional resources pursuant to Article 6.1.f GDPR, compliance with legal obligations pursuant to Article 6.1.c GDPR, and/or public interest / official authority pursuant to Article 6.1.e GDPR, where applicable.

3. ACCESS TO DIGITAL SERVICES, PORTAL, WI-FI AND DIRTY INTERNET, WHERE APPLICABLE

Depending on the nature, organization and requirements of the selected course, event, training activity or authorized support activity, the Controller may provide participants with access to one or more digital services, including the Activities Portal, Wi-Fi services, Dirty Internet access, internal network resources, credential-delivery procedures and related authentication systems.

Such services are provided only where they are necessary, useful or authorized for the management, delivery, support, security, documentation or administration of the relevant activity.

Where these services are provided, dedicated personal credentials, usernames, passwords, first-access links, credential-retrieval links, tokens and/or OTP codes may be created, assigned or made available to the participant.

Acceptance of this Information Notice and of the applicable access, authentication, security and acceptable-use rules is required before such services, accounts or credentials are created, activated or made available.

If the participant does not accept this Information Notice and the applicable terms and conditions, the relevant digital services, accounts or credentials will not be activated or made available. Where such services are essential for participation in the selected activity, failure to accept may prevent registration, participation or access to the related service.

4. ACCOUNT ACTIVATION

Your account, where applicable, will be generated, activated or made available only after you accept this Information Notice and the applicable terms and conditions by selecting “I agree”.

The creation, activation or availability of any account, credential, access link, token, OTP procedure, Activities Portal access, Wi-Fi access, Dirty Internet access or related digital service may depend on the requirements, configuration and authorization rules of the selected course, event, training activity or authorized support activity.

5. AUTHENTICATION, CREDENTIALS AND ACCOUNT SECURITY

Access to the Activities Portal, Dirty Internet network resources and/or Wi-Fi services may require the creation and activation of personal user credentials.

All accounts, usernames, passwords, first-access links, credential-retrieval links, tokens and OTP codes are strictly personal. They may not be shared, transferred, disclosed, forwarded or made available to any other person.

Users are responsible for safeguarding their credentials and for all activities carried out through their assigned account, subject to applicable law and to the organization’s assessment in case of reported unauthorized use.

Any suspected loss, disclosure, compromise or unauthorized use of credentials must be reported immediately to the competent organizational point of contact.

The organization may reset, suspend, revoke or disable any account or credential where required for security, administrative, operational or compliance reasons.

6. ACTIVITIES PORTAL ACCESS, WHERE APPLICABLE

Access to the Activities Portal may be provided to users for the sole purpose of downloading training materials and/or digital material related to the management, administration, support or documentation of the relevant course, event or authorized activity.

Portal access is separate from Dirty Internet and Wi-Fi access.

For portal access, users do not receive a pre-set password. After the portal account has been created, users will receive a first-access email containing a secure link or token. By using this link, users will be required to set their own password.

Once the password has been created, users may access the portal using either their assigned portal username or the email address to which the first-access email was sent.

Portal access requires authentication with password and OTP verification. OTP verification is part of the portal login process and may be required at each access.

Portal access shall remain active only for the duration of the relevant course, event or authorized support activity, and may be suspended or disabled once the course or event has been concluded, archived or otherwise terminated.

Use of the portal and of any material made available through it shall be limited to authorized training, administrative, institutional or event-support purposes, as applicable.

7. DIRTY INTERNET AND WI-FI ACCESS, WHERE APPLICABLE

Dirty Internet and Wi-Fi access credentials are managed separately from Activities Portal credentials.

Where such access is authorized, users will be assigned dedicated domain credentials. These credentials may be used, where enabled, to access Dirty Internet services, internal network resources and/or Wi-Fi services.

For Dirty Internet and Wi-Fi access, users must use their assigned domain username. The email address used for portal communication or credential delivery cannot be used as a username for Dirty Internet or Wi-Fi access.

Domain credentials will be delivered through the official secure credential-delivery procedure. The user may receive an email or secure link allowing them to view their assigned domain username. The password will not be directly exposed in the email.

To view or retrieve the password, the user must complete OTP verification through the secure credential-delivery procedure. OTP verification is required only for the secure display or retrieval of the password and does not replace the normal authentication required to access Dirty Internet or Wi-Fi services.

After the password has been retrieved, access to Dirty Internet and/or Wi-Fi services shall be performed using the assigned domain username and password. Users may change their password where permitted by the applicable technical procedure and organizational rules.

The use of Dirty Internet and Wi-Fi access is limited to the purposes authorized by the organization and by this Information Notice.

8. PERSONAL RESPONSIBILITY AND ACCOUNT SECURITY

By accepting these terms, you acknowledge and agree that:

  • the assigned account is strictly personal and may not be shared, transferred, disclosed, forwarded or made available to any other person;
  • you are personally responsible for all activities carried out through your account;
  • any unauthorized access to systems, networks, accounts, services or credentials may constitute a violation of applicable law and internal security rules;
  • you must protect your credentials and immediately report any suspected loss, disclosure, compromise or unauthorized use.

9. AUTHORIZED USE FOR TRAINEES AND PARTICIPANTS

Internet access, portal access, Wi-Fi access, Dirty Internet access and related digital services are granted only for training-related, educational, administrative, institutional and authorized support purposes connected with participation in courses, training activities, briefings, official communications and access to learning or organizational resources.

For trainees and course participants, authorized use may include:

  • access to course materials and training resources;
  • email or communications strictly connected with the course or authorized administrative needs;
  • web research relevant to training activities;
  • access to official public information sources required for the course;
  • use of digital services necessary or authorized for the management, support, security or documentation of the relevant activity.

Trainees and participants are not authorized to use the account or access services for procurement activities, supplier engagement, publication of institutional content, or any other internal functions reserved to authorized personnel, unless expressly authorized in writing.

Classification: the relevant network and services may be used solely for the handling of “NON-CLASSIFIED INFORMATION INTENDED FOR PUBLIC DISSEMINATION”.

10. DIRTY INTERNET USE

Where Dirty Internet access is provided, it is authorized only for non-classified information intended for public dissemination and for the limited training, administrative, institutional or support purposes expressly allowed by the organization.

Dirty Internet access is provided as a controlled institutional resource and shall be used with discretion and responsibility. Misuse may be reported to the competent authorities within the organization.

11. LOGGING, SECURITY AND PRIVACY

You acknowledge that the organization may implement technical logging, access control, authentication monitoring and network-security measures for cybersecurity, incident handling, service protection, access management and lawful administration of the service.

Any personal data processed in connection with account creation, authentication, access logs, credential management, OTP verification, security controls and service administration shall be handled in accordance with Regulation (EU) 2016/679, the General Data Protection Regulation, and the Italian Personal Data Protection Code, Legislative Decree No. 196/2003, as amended.

Further information on the processing of personal data may be provided through this Information Notice, the applicable privacy notice or institutional privacy documentation.

12. PROHIBITED CONDUCT

You shall not:

  • use the service for unlawful, unauthorized, abusive or improper purposes;
  • access, store, upload, download, exchange, disseminate or distribute obscene, hateful, discriminatory or otherwise inappropriate material;
  • use the service for private commercial activities, personal business or purposes unrelated to the authorized activity;
  • upload, download, exchange or distribute unauthorized software, copyrighted material, classified information, protected information or any material that the user is not authorized to handle;
  • interfere with the proper functioning of the network, systems, services or accounts;
  • introduce, distribute or facilitate malware, malicious code, unauthorized tools or harmful software;
  • send unsolicited mass communications or generate traffic that disrupts operations;
  • attempt to bypass, disable, evade or compromise security controls, authentication mechanisms, access restrictions or monitoring systems;
  • attempt to gain access to resources, systems, accounts, credentials, data or services for which you are not expressly authorized;
  • share, transfer, disclose, forward or make available to others any account, username, password, first-access link, credential-retrieval link, token or OTP code.

13. CONSEQUENCES OF MISUSE

Any misuse may lead to immediate suspension or withdrawal of access, exclusion from the relevant service or activity, internal reporting and any further action permitted by applicable law and organizational rules.

The organization may reset, suspend, revoke or disable any account, credential or access right where required for security, administrative, operational, disciplinary, compliance or legal reasons.

14. DATA RETENTION

Data will be processed for no longer than necessary to achieve the purposes for which they were collected, subject to applicable legal, administrative, fiscal, accounting, archival, security and accountability requirements.

  • For Users Who Participated in the Activity: personal data, documents, account information, access records and activity-related records may be stored for up to 10 years following the conclusion of the activity, where necessary to comply with applicable legal, fiscal, accounting, administrative and accountability obligations and to preserve internal historical, statistical and organisational records. After this period, the data will be securely deleted or anonymized, unless further retention is required by law.
  • For Users Who Did Not Participate in the Activity: if registration is not finalized or participation is withdrawn, personal data and documents will be deleted within 365 days from closure or cancellation, unless further retention is required by law or necessary for security, accountability or dispute-management purposes.
  • Images and Photographic Material: images and photographs published on official channels for documentary, informational and institutional purposes may remain available for the period during which the relevant communication, report, archive or institutional publication remains necessary and proportionate, unless removal is required under applicable law or following a justified request by the data subject.
  • Technical Logs and Security Records: technical logs, authentication records, access logs and security-related information may be retained for the period necessary for cybersecurity, incident handling, audit, accountability, compliance and lawful administration of the service, unless a longer retention period is required by law or necessary for the establishment, exercise or defence of legal claims.

15. USE AND PUBLICATION OF IMAGES AND PHOTOGRAPHIC MATERIAL

Images and photographic material may be collected, processed and published where necessary for the management, documentation, reporting and institutional communication of the activity.

  • Purpose: images may be used on this web portal and/or official related communication channels exclusively for documentary, informational, institutional and non-commercial purposes connected with the activity.
  • Scope: publication may include activity reports, official web pages, institutional communications, official social media channels, presentations and archival material relating to the activity.
  • Conditions: such use will respect the dignity, honour, reputation and privacy of participants. Images will not be used for commercial purposes or in contexts unrelated to the activity.
  • Mandatory Nature: where image processing and official publication are necessary for documentation, reporting and institutional communication of the activity, acceptance of this Information Notice is required for participation.

16. RECIPIENTS AND PROCESSORS

Personal data, documents, images, account information, credential-related information, access logs and security records may be processed by authorised personnel of the Controller and by service providers supporting the management of the web portal, registration process, hosting, IT security, email communications, authentication systems, credential-delivery procedures, administrative management and activity organisation.

Such parties may act as authorised persons, processors or independent controllers, depending on their role.

Data are not sold and are not used for commercial profiling.

17. INTERNATIONAL TRANSFERS

Where personal data are transferred outside the European Economic Area, the Controller will apply the safeguards required by the GDPR, including adequacy decisions, standard contractual clauses or other lawful transfer mechanisms, where applicable.

18. MANDATORY OR OPTIONAL PROVISION OF DATA

The provision of data required for registration, identification, participation, administrative management, activity documentation, account creation, authentication, access control, security logging and use of applicable digital services is necessary to manage participation in the selected activity and to provide the related services where applicable.

Failure to provide such data, or failure to accept this Information Notice and the applicable terms and conditions where required, may prevent registration, participation, account activation, access to the Activities Portal, access to Wi-Fi services, access to Dirty Internet services, access to internal network resources or use of the relevant service.

Where a specific service is not provided, required or authorized for the selected activity, the corresponding account, credential or access right will not be created or activated.

19. DATA SUBJECT RIGHTS

You may exercise your rights under Articles 15 to 22 of the GDPR, including access, rectification, erasure, restriction of processing, objection and, where applicable, data portability.

To exercise these rights, contact us at: pao@cimicgroup.org.

20. RIGHT TO LODGE A COMPLAINT

You have the right to lodge a complaint with the competent supervisory authority. In Italy, the competent authority is the Garante per la protezione dei dati personali.

21. DATA PROTECTION OFFICER / RPD

Where applicable, the Data Protection Officer / RPD may be contacted through the Controller at: pao@cimicgroup.org.

22. AUTOMATED DECISION-MAKING

The processing described in this Information Notice does not involve automated decision-making or profiling.

23. FINAL ACKNOWLEDGEMENT AND ACCEPTANCE

By selecting “I agree”, you confirm that:

  • you have read and understood this Information Notice and the applicable terms and conditions;
  • you accept the terms and conditions above;
  • you understand that the relevant account and/or credentials will be created, activated or made available only after acceptance of this Information Notice and the applicable terms and conditions;
  • you understand that Activities Portal access and Dirty Internet and Wi-Fi access are managed through separate credential and authentication procedures;
  • you understand that, for Activities Portal access, you may be required to set your own password through a first-access link or token and that portal login may require password and OTP verification;
  • you understand that, for Dirty Internet and Wi-Fi access, you must use your assigned domain username and password, and that OTP verification may be required only to securely view or retrieve the password through the credential-delivery procedure;
  • you understand that OTP verification used for secure credential delivery does not replace the normal authentication required to access Dirty Internet or Wi-Fi services;
  • you acknowledge that all accounts, credentials, links, tokens, OTP codes and passwords are strictly personal and must not be shared with any other person;
  • you accept responsibility for the proper, lawful and authorized use of any access, account, credential, service or digital resource granted to you;
  • you understand that access to the Activities Portal, Wi-Fi services, Dirty Internet access, internal network resources and related services may be provided only where required or authorized for the selected activity;
  • you understand that failure to accept this Information Notice and the applicable terms and conditions may prevent registration, participation, account activation or access to the relevant service, where such access or service is required for the selected activity.

Do you accept this Information Notice and the applicable terms and conditions?

MULTINATIONAL CIMIC GROUP - HQ
Caserma Mario Fiore
Via Riviera A. Scarpa, 75
31045 Motta di Livenza (TV), Italy
Email: pao@cimicgroup.org

🛠️ Technical Support

For technical assistance, please contact us at one of the numbers below:

Phone: +39 0422 280346
NCN: 4241.346
Military Line (SOTRIN): 1221346

You may also reach us by email at: webadmin@cimicgroup.org