Information notice pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)
WHY THIS INFORMATION
Pursuant to Regulation (EU) 2016/679 (hereinafter "GDPR"), this page describes how we process personal data. This information is provided pursuant to art. 13 GDPR. The information does not apply to other third party websites that may be consulted through links on this website, for which no responsibility is assumed.
Personal data that can be processed
Personal data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and computer environment.
Data communicated voluntarily
The optional, explicit and voluntary sending of messages to the contact addresses indicated on this site and/or the filling in of data collection forms entails the subsequent acquisition of the sender's address, necessary in order to respond to requests, as well as any other personal data entered.
Information about the processing of personal data carried out through Social Media platforms
Regarding the processing of personal data carried out by the owners of social media platforms used by the Data Controller, please refer to the information provided by them through their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of the dedicated Social Media platforms, to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.
Specific information notices
Specific information notices may be present in the pages of the Site in relation to particular services or processing of data provided.
COOKIES AND OTHER TRACKING SYSTEMS. What are they? What are they used for?
For cookies and other tracking technologies please refer to the cookies policy in the footer of the site and the following link.
1. WHO IS THE DATA CONTROLLER? HOW TO CONTACT HIM?
The data controller, pursuant to Articles 4 and 24 of EU Reg. 2016/679, is LUMSA Libera Università Maria Ss. Assunta, with registered office in via della Traspontina, 21 - 00193 Rome (Italy), in the person of the special attorney. Contact information of the data controller: firstname.lastname@example.org.
2. HAS THE DATA PROTECTION OFFICER BEEN APPOINTED? WHAT ARE HIS CONTACT DETAILS?
The Society has also appointed a Data Protection Officer (RPD/DPO) pursuant to articles 37 - 39 of EU Reg. 2016/679 whose contact details are given below: email email@example.com.
3. PURPOSE OF THE PROCESSING, LEGAL BASIS, DATA RETENTION AND NATURE OF THE PROVISION
PURPOSE OF THE PROCESSING
NATURE OF THE PROVISION
The data necessary for the use of web services, are also processed in order to:
- obtain statistical information on the use of services (most visited pages, number of visitors per time slot or daily, geographical areas of origin, etc.);
- to check the correct functioning of the services offered.
The data will also be used to determine responsibility in case of computer crimes against the site.
The processing is necessary for the purposes of pursuing the legitimate interests of the data controller or a third party, as long as the interests or fundamental rights and freedoms of the data subject that require the protection of personal data do not prevail, having considered the reasonable expectations held by the data subject and the activities strictly necessary for the operation of the website and the navigation itself
(Art. 6, par. 1 lett. f and C47 of the GDPR).
The data subject has the possibility to obtain, upon request, information about the balancing test performed.
The retention of browsing data will last until the end of the browsing session.
In case of need to ascertain crimes by the judicial authorities, the information collected on the servers will be kept for a maximum of 7 days.
The provision of data is necessary for navigation on the website.
In addition to navigation, personal data will be processed for:
PURPOSE OF THE PROCESSING
NATURE OF THE PROVISION
Provide feedback in case of contact or information requests, including through the filling out of online forms.
The processing is necessary for the performance of a contract to which the data subject is party or the implementation of pre-contractual measures taken at the request of the same - C44 and art. 6 par. 1 lett. b) of the GDPR.
For the time necessary to provide feedback to the request and in any case no longer than 1 year.
The provision of personal data is mandatory.
Failure to provide the necessary data will make it impossible to be contacted and receive information.
Manage requests from interested parties, pursuant to artt. 15 et seq. of the GDPR (rights of the interested party).
The processing is necessary to comply with a legal obligation to which the data controller is subject - C45 and art. 6 par. 1 lett. c) of the GDPR.
5 years from the closing of the application, subject to litigation.
The provision of personal data is mandatory, as it is essential to be able to implement the obligations of the law.
4. TO WHOM THE PERSONAL DATA WILL BE COMMUNICATED? RECIPIENTS OF DATA?
Personal data will be communicated, depending also on the purposes under specific areas, to subjects who will process the data as autonomous Data Controllers or Data Processors (art. 28 GDPR) and processed by individuals (art. 29 GDPR) acting under the authority of the Data Controller and Processors on the basis of specific instructions provided, regarding the purposes and methods of processing, for specific purposes according to the area involved.
The data will be communicated to recipients belonging to the following categories:
- Subjects based in Italy, which provide services related to communication networks, including e-mail, host and website management;
- Freelancers, firms or companies based in Italy, as part of assistance and consultancy relationships;
- Subjects based in Italy who provide services for the management of the activities indicated above in the purposes;
- Competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request.
The list of Data Processors is available by writing to firstname.lastname@example.org or to the other addresses indicated above.
5. WILL THE DATA BE TRANSFERRED TO NOT-EEA COUNTRIES?
Please note that the data will be stored in Italy for hosting services, management, development and maintenance of the site. All third parties to whom the data may be communicated are based in Italy. You are free to request further information by contacting the data controller at email@example.com.
6. IS THERE AN AUTOMATED PROCESS?
Personal data will be processed manually in traditional, electronic and automated ways. Please note that no fully automated decision-making processes are carried out.
7. WHAT ARE YOUR RIGHTS? HOW CAN YOU EXERCISE THEM?
You may exercise your rights as expressed by the EU Regulation 2016/679 at art. 15 et seq. by contacting the Data Controller by writing to firstname.lastname@example.org or the Data Protection Officer ex art. 38 paragraph 4, by writing to the email address email@example.com or the PEC address firstname.lastname@example.org.
You have the right, at any time, to request access to your personal data (art.15), rectification (art.16), cancellation (art.17), limitation of processing (art.18). The data controller communicates (art.19) to each of the recipients to whom the personal data have been transmitted any rectification or cancellation or limitation of processing carried out. The data controller shall inform the data subject of such recipients if the data subject so requests. In the cases provided for, you have the right to the portability of your data (art.20) and in this case you will be provided in a structured format, commonly used and readable, by automatic device. You have the right to object (art.21), at any time, to the processing of data based on legitimate interest, and in cases where the legal basis is consent, you have the right to withdraw the consent given without affecting the lawfulness of the processing based on the consent before the withdrawal.
In the event that the data subject considers that the processing of personal data carried out by the Controller is in violation of the provisions of Regulation (EU) 2016/679, he/she has the right to lodge a complaint to the Data Protection Authority, in particular in the Member State in which he/she normally resides or works or in the place where the suspected violation of the Regulation has occurred (Garante Privacy https://www.garanteprivacy.it/), or to take appropriate legal action.
8. CHANGES TO THE POLICY
The Data Controller reserves the right to modify, update, add or remove parts of this policy. In order to facilitate verification and modification of the text, the notice will contain the date of update.