Privacy notice on the processing of personal data pursuant to articles 13 and 14 of the European Regulation 2016/679 (“GDPR”)
This privacy notice is provided to you not just to fulfill the obligations pursuant to the Laws governing the protection of personal data—EU Regulation 2016/679 (hereinafter referred to as “GDPR”), Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (or “Code for the Protection of Personal Data”) and the relevant provisions of the Authority for the protection of personal data—but also due to the fact that the University of Eastern Piedmont “Amedeo Avogadro” (hereinafter referred to as “University” or “Uniupo”) strongly believes the protection of personal data to be a fundamental value of its mission and wishes to provide any information that can help you protect your confidentiality and control the use made of your personal data when you browse the agingproject.uniupo.it site (hereinafter referred to as the “Site”). Personal data shall be regarded as any information, such as personal data, navigation data, information on economic and health status, lifestyle, etc., related to any identified or identifiable natural person, defined as “interested” (hereinafter also referred to as “User”). To facilitate your access to the information on personal data processing, the present disclosure addresses each specific section of the Site collecting personal data so that the User can easily identify which types of data processing are being conducted when he/she is browsing the aforementioned Site sections.
The Data Controller—i.e., the subject establishing the purposes and means of personal data processing that any User can contact to exercise the rights recognized by the GDPR—is the University of Eastern Piedmont “Amedeo Avogadro”, VAT No. 01943490027, Tax Code 94021400026, Office of the Rectorate at Via Duomo, No. 6, 13100, Vercelli, Italy.
The Data Controller can be contacted by sending an e-mail to firstname.lastname@example.org.
The University has appointed a Data Protection Officer (DPO), who can be contacted at the following e-mail address: email@example.com.
Sources and categories of the processed data, nature of data provision, and processing methods
The personal data subject to processing are mainly collected from the User while this latter is browsing the Site or is using the services made available to him/her by the Site. The policy laid out in this privacy notice solely relates to the personal data processed in the various sections of the Site and exclusively pertains to the processing of personal data performed in the context of the Site, whereas it does not apply to any other websites to which the User is redirected. The data collected by the Site are mainly processed electronically through software and IT procedures that ensure the presence of technical and IT security measures (such as the implementation of the HTTPS transmission protocol for the transfer of information entered on the Site).
Types of data and nature of the provision
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected so as to be associated with identified Users but, due to its very nature, could allow the identification of the Users through processing and association with data held by third parties. This category of data includes the IP addresses or domain names of the computers used by the Users browsing the site, the Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the User’s IT environment (such as, by way of example but not limited to, the name and type of device connected to the Site). The provision of such data is not mandatory; if the User decides not to provide such data, he/she will not be allowed to browse the Site and access the features made available by the same.
Purpose of processing
- These data are used in order to obtain anonymous statistical information on the use of the Site, check its correct functioning, improve the quality of the services offered, and optimize the functionality of the Site.
- These data are processed to a strictly necessary and proportionate extent to ensure the security of the networks and information the Site carries.
Art. 6 (1) (f) GDPR – Legitimate interest of the Data Controller in maintaining the safety of the Site, and that the same is not used in ways that infringe the rights of others or as means to offend others or commit any fraud (cf. recital 47 of the GDPR).
The personal data referred to in this section shall be kept for up to 6 months from collection, except for any objection of the interested party, which shall be exercised at any time in the manner indicated in the “Rights of the interested party” section of this disclosure.
Types of data and nature of the provision
The Site hosts a contact area that can be used by the User to submit specific requests.
This section gathers the following types of data:
- first name;
- email address;
- User’s message.
The University shall not conduct any type of control in relation to the information uploaded in the “Message” field and shall therefore ask Users not to enter information from which, even indirectly, it is possible to gain knowledge of data belonging to particular categories as laid out in Article 9 of the GDPR. If these types of data are entered, the University shall not take this information into consideration in the feedback formulated and shall rather proceed to delete such data in a secure manner that does not allow for their recovery. The provision of data in this area is optional. If the User decides not to provide such data, the same shall not be able to forward any information requests to the University, which shall not thus be able to provide an appropriate feedback.
Purpose of personal data processing
To respond to the information requests of the Users.
For the purposes of defense and legal protection of the Data Controller.
Article 6 (1) (b) GDPR – the processing is necessary for the execution of pre-contractual measures adopted at the request of the interested party.
Article 9 (2) (f) GDPR – the processing necessary to ascertain, exercise, or defend a right in court.
For as long as necessary to respond to the requests made by Users and for a period of 6 months from the receipt of the User’s request in order to correctly manage any subsequent requests from the same User or for additional information relating to the same issue or similar issues.
Tipi di dati e natura del conferimento
All’interno della homepage del Sito è presente un box che reindirizza l’Utente verso la pagina tramite la quale quest’ultimo può inoltrare richiesta di iscrizione alla newsletter. Tale sezione raccoglie le seguenti tipologie di dati:
– Indirizzo email;
Il conferimento dei dati in tale area ha natura facoltativa. Qualora l’Utente decida di non conferire tali dati, non sarà possibile inoltrare la richiesta di iscrizione alla newsletter dell’Università, che si troverà dunque impossibilitata a dare opportuno corso a tale richiesta dell’Utente.
Finalità di trattamento
Iscrizione alla newsletter.
Art. 6 (1) (a) GDPR
Consenso dell’Utente a seguito dell’inserimento all’interno dello specifico box del proprio indirizzo email. Tale consenso è revocabile in qualsiasi momento, senza pregiudicare la liceità del trattamento svolto primo della revoca, seguendo le istruzioni riportate all’interno della sezione “Diritti dell’interessato”
Periodo di conservazione
Fino alla revoca del consenso espresso da parte dell’Utente.
Types of data and nature of the provision
On the homepage of the Site there is a push button that redirects the User to a page that can be used by the latter to submit a request for subscription to the newsletter. This section collects the following types of data:
- Email address;
The provision of data in this section is optional. If the User decides not to provide such data, it will not be possible to submit the request for registration to the University newsletter, which will therefore be unable to properly process this User request.
Purpose of processing
Subscribe to the newsletter.
Art. 6 (1) (a) GDPR
Consent of the User upon inserting his/her email address in the specific box. This consent can be revoked at any time, without affecting the lawfulness of the processing of the personal data performed prior to the revocation, by following the instructions laid out in the “Rights of the interested party” section.
Until the consent of the User is revoked by the same.
Any recipients or categories of recipients of personal data and transfer of personal data to a third country or outside the European Economic Area (EEA).
The personal data shall only be accessed by authorized subjects duly instructed (also with regard to the compliance with security measures and confidentiality obligations) pursuant to Article 29 GDPR (such as, by way of example but not limited to, the University staff dealing with the response to the requests made by the Users by means of the form provided by the Site).
The data may be further accessed as independent Data Controllers or Data Processors pursuant to Article 28 GDPR, professionals, and consultants appointed by the Data Controller.
In particular, but not limited to, the following subjects shall be allowed to access personal data:
- Individuals who provide services for the management of the information system and communication networks of the University (including e-mail accounts);
- Companies that support the University in the administration of the Site (e.g., the Internet service provider) or that provide the services that the User is requesting;
- Competent authorities for the fulfillment of legal obligations and/or provisions of public bodies, upon explicit request;
In order to obtain an updated list of subjects that may gain knowledge of personal data, it is possible to send a communication by email to the address firstname.lastname@example.org or to the email address of the DPO, making sure to clearly specify the reason for such request.
The University guarantees that personal data shall never be disclosed nor transferred outside the European Economic Area. Should the transfer of the personal data to a third country located outside the European Economic Area prove necessary, the University guarantees that such transfer shall take place only in the presence of an adequacy decision by the European Commission or other adequate guarantees provided for by the Laws on protection of personal data (such as the stipulation of standard contractual clauses with the subject receiving the data, who shall, in any case, ensure that the User’s personal data are subject to the same level of protection guaranteed by the University).
Minors under the age of 18 shall not provide information or personal data to the University without the consent of subjects exercising parental responsibility over them. Thus, the University invites all those exercising parental responsibility over minors to inform the latter about the safe and responsible use of the Internet and the Web and to implement any procedures, recommended from time to time, concerning those initiatives in which the University intends to process the personal data of minors.
The exercise of the rights indicated in this section shall not be subject to any formal constraint and shall be free of charge, except for manifestly unfounded or excessive requests, pursuant to Art. 12 (5) of the GDPR.
With regard to the types of data processing described in this disclosure and pursuant to the GDPR, Users shall exercise the following rights:
- Right to access their personal data and all information referred to in Art. 15 of the GDPR;
- Right to rectify inaccurate personal data and integrate incomplete ones;
- Right to cancel their data, except for those contained in documents that must be kept by the University, unless there is a legitimate overriding reason to proceed with the processing;
- Right to limitation of data processing where at least one of the conditions referred to in Art. 18 of the GDPR is met;
- Right to object to the processing of their personal data, without prejudice to the provisions regarding the necessity and mandatory nature of such data processing for the purpose of establishing the relationship; and
- Right to revoke any consent given for non-mandatory data processing without undermining the lawfulness of the processing based on the consent given prior to the revocation.
The interested party also has the right to lodge a complaint with the Guarantor for the Protection of Personal Data (www.garanteprivacy.it) or the Guarantor Authority of the EU state in which the interested party habitually resides or works, or the place where the alleged violation has occurred, in relation to a treatment that the interested party considers to be non-compliant.
For all the aforementioned requests, the User shall contact the Data Controller by sending a notice through traditional postal mail to the address Via Duomo, n. 6 – 13100 Vercelli or by email to the address email@example.com or to the email address of the DPO firstname.lastname@example.org.
Changes to this information
This information has been updated as of 18/12/2020 Any future changes made to this information shall be published on this web page. The University invites Users to regularly view this page so as to be updated with regard to any changes to its policy. If necessary, the changes made to this privacy notice shall be notified to the User by e-mail.