Privacy Policy in accordance with art. 13 EU Reg. n. 2016/679

This privacy policy is provided pursuant to and in accordance with art. 13 of EU Regulation no. 2016/679 of 27 April 2016 (hereinafter “GDPR”) concerning the protection of natural people personal data.

In particular, UniSMART – Fondazione Università degli Studi di Padova as Data Controller, pursuant to the obligations deriving from the GDPR, provides you the following information regarding the methods and purposes of the processing of personal data collected while you browse the website (http://www.unismart.it/).

A. DATA CONTROLLER The Data Controller for all personal data collected and processed in relation to the management of the Website http://www.unismart.it/ is UniSMART – Fondazione Università degli Studi di Padova, with registered office in Padova, via VIII Febbraio, n. 2 and the place of business in Padova, via Venezia, n. 15.

Tel.: 049 807 8598

E-mail: [email protected]

Certified e-mail: [email protected]

B. CATEGORIES OF PERSONAL DATA AND PURPOSES OF THE PROCESSING 1. CATEGORIES OF PROCESSED DATA

1.1 When the User voluntary send communications or requests to the e-mail addresses indicated in the various sections of the Website, the personal data included in the e-mail text will be collected.

1.2 The optional and voluntary filling in of the forms on the Website involves the collection of the personal data requested therein.

1.3 In the “UPDGrade!” section, the User can subscribe to the webinars listed therein and access the related recordings. To this end, the User clicks on the “participate” button and fills out the relevant form. By doing so, the following personal data are collected: name, surname, e-mail address, current job.

1.4. In the “UnitiCovid19” section, the User can report activities of its company designed in response to the emergency situation related to the Corona virus, requesting support to start them or advertising them, if already started. To this end, the User fills out the relevant forms. This operation involves the collection of the following personal data: name and surname, e-mail address and telephone number of a contact person of the company and any other data that will be spontaneously disclosed.

1.5 Browsing data – The computer systems and software procedures used to operate the Website collect some personal data, whose transmission is an integral part of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by Users who connect to the Website, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and device environment of the User. These data are used exclusively to obtain anonymous statistical information on the use and proper functioning of the Website. The data may be used to ascertain any liability, only at the request of the oversight bodies, in the event of alleged cybercrimes against the Website or the Data Controller.

2.PURPOSES OF THE PROCESSING

The data will be processed for the following purposes:

  • As regards point 1.1, to respond to the User’s requests;
  • As regards point 1.2, for the purposes indicated in the respective forms;
  • As regards point 1.3, to keep the User updated on masters, advanced training courses and lifelong learning courses organized by the University of Padova, relating to the selected area of ​​interest;
  • As regards point 1.4, a) to provide the User with the requested services; b) to inform the User about the services offered by UniSMART by the sending of a brochure;
  • As regards point 1.5, to allow the browsing of the Website.
C. LEGAL BASIS FOR PROCESSING The legal basis for the processing of the personal data indicated above is:

  • As regards point 1.1, the data subject consent, expressed by sending a request to the e-mail address of the Data Controller;
  • As regards point 1.2, the need to response to the request of the data subject;
  • As regards point 1.3, the pursuit of a legitimate interest of the Data Controller. The data subject has the right to object to the receipt of newsletters through the “unsubscribe” function, which is present in each communication;
  • As regards point 1.4, lett. a) the need to response to the data subject’s request; lett. b) the pursuit of a legitimate interest of the Data Controller;
  • As regards point 1.5, the need to allow the browsing of the Website.

The data subject has the right to freely withdraw the given consent by sending a written request to the DPO e-mail address: [email protected].

With the exception of technical cookies, which are strictly necessary for the operation of the Website, the provision of data is left to the will of the User, who decides to browse the Website and to use services that involve the installation of cookies, after having read the brief information contained in the appropriate banner.

You can avoid the installation of cookies by keeping the banner open (without closing it by clicking on the “ok” button), as well as through the specific functions available on your browser. Please consider that most Internet browsers are initially set up to accept cookies automatically. At any time, you have the possibility to set your browser to accept cookies (in whole or in part) or to reject them, disabling them on all websites. Furthermore, you can set your browser preferences in such a way as to be notified every time cookies are stored on your device. Finally, at the end of each browsing session, you can delete the cookies collected from the hard drive of your device. If you want to delete the cookies installed, remember that each browser has different procedures for managing settings.

You can get specific instructions for some of the main browsers, selecting the links below.

Mozilla Firefox: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie

Google Chrome: https://support.google.com/accounts/answer/61416?hl=it

Opera: http://help.opera.com/Windows/10.00/it/cookies.html

Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies

Apple Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT

It is also possible to visit the websites www.aboutcookies.org or www.youronlinechoices.com for more information about the managing of cookies in the used browser. If you want to delete cookies from the Internet browser of your smartphone / tablet, you have to refer to other specific instructions.

ATTENTION: If you disable cookies, the Website may not work properly.

D. METHODS OF PROCESSING Your personal data are processed with automated and non-automated tools, for the purposes for which they are collected. Specific security measures are observed to prevent the loss, unlawful or incorrect use or unauthorized access to the data. Your personal data may be used on behalf of the Data Controller by data processors in order to ensure the correct performance of the Website’s activities. The processing which is necessary to provide the services through this Website may also be carried out by the web service provider.

It should be noted that personal data may be processed through software for the sending of newsletters and for the managing of the data collected through the forms.

E. DATA RETENTION Data retention period:

  • data collected by requests sent to the e-mail addresses mentioned on the Website: they are kept for the time strictly necessary to respond to the request;
  • data collected through forms: they are kept until the purpose indicated in the form is achieved;
  • data for the participation in webinars and / or for the use of recordings: they are kept until the data subject exercises, at any time, the right to object to the processing;
  • data collected for the Uni.t.i project: they are kept until the data subject exercises, at any time, the right to object to the processing;
  • data collected through e-mails sent to apply to selection calls: they are kept until the end of the selection procedure;
  • browsing data: they are kept for the technical time necessary to achieve the purposes which they are collected for and in any case for a maximum period of 6 months.

The Data Controller will retain your personal data for a longer period, if the retention is reasonably necessary to comply with legal obligations, meet regulatory requirements, resolve disputes between Users, prevent fraud and abuse or apply this privacy policy.

The Data Controller will keep your personal data until the expiry of the retention period or until the withdrawal of the consent by the data subject and in any case such personal data will be automatically deleted or made permanently anonymous.

F. COOKIES In order to make the browsing of the Website as efficient and simple as possible, the Website uses cookies. Therefore, when you visit the Website, a minimum amount of information is entered into your device, such as small text files called “cookies”, which are saved in your browser’s directory. There are different types of cookies, but basically the main purposes of the cookies are to improve the operation of the Website and to perform specific functions.

Cookies are used to improve your browsing experience. In particular:

  • They allow you to efficiently navigate through the sections of the Website.
  • They record the username and the set preferences so that you do not need to enter the same information several times during the visit.
  • They monitor the use of services by the Users, in order to optimize the services and the browsing experience.
  • They allow targeted advertising information based on the interests and Users’ behaviour.

There are various types of cookies. The types of cookies used on the Website are listed below.

Technical cookies

This type of cookies is necessary for the proper functioning of some areas of the Website. These cookies include both persistent cookies and session cookies. In the absence of these cookies, the site or some parts of it may not work properly. Therefore, they are always used, regardless of the User’s preferences. Cookies in this category are sent only by the Data Controller.

Analytical cookies

This type of cookies is used to collect information about the use of the Website. The Data Controller uses this information for statistical analysis, to improve the Website, to simplify its use, as well as to monitor its correct functioning. This type of cookies collects anonymous information about Users’ activities on the Website and about the ways they land on the Website and on the pages visited. These cookies can be sent from the Website itself or from third-party domains.

Third-party Cookies

These cookies will be installed only when the Data Controller enables the related functions made available by the platform. In particular:

Google Analytics

Google Analytics is a web analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA), for purposes of browsing history, monitoring visits, navigation statistics. The information and the privacy policy relating to the use of Google cookies are available at the following links:

  • http://www.google.it/policies/privacy/partners/
  • https://www.google.it/intl/it/policies/technologies/types/ and https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
  • to refuse Google Analytics cookies, you need to download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=it
  • Information and general notes on Google services: http://www.google.it/analytics/learn/privacy.html

These cookies are activated only with the explicit consent of the data subject.

Facebook cookies

(https://it-it.facebook.com/policies/cookies/) These cookies show companies and organizations advertisements to subjects who may be interested in their products, services or promoted causes. These cookies are also used to evaluate the performance of advertising campaigns of companies that use Facebook services. These cookies are activated only with the explicit consent of the data subject.

Facebook pixel cookies

(https://it-it.facebook.com/policies/cookies/) Facebook Pixel is a tool to collect statistical data, which allows to measure the effectiveness of advertising, by analysing the Users’ actions on the Website.

These cookies are activated only with the explicit consent of the data subject.

G. RECIPIENTS AND CATEGORIES OF RECIPIENTS Your personal data will not be disclosed to indeterminate subjects. The data may be communicated to well-defined subjects, only by the Data Controller and for the specified purposes, and in particular to:

  1. Software houses;
  2. Data processors and persons authorized to the processing.

You can receive the list of the external data processors by sending a request to the DPO e-mail address: [email protected].

H. DATA SUBJECT’S RIGHTS The data subject has the right:

  • of access, rectification, erasure, restriction and opposition to the data processing;
  • to receive, without hindrance from the Data Controller, the data in a structured, commonly used and machine-readable format, also in order to transmit them to another data controller;
  • to withdraw the consent to the processing, without any prejudice to the lawfulness of processing based on consent before its withdrawal.

The reply to the Data Subject for the exercise of all rights will follow within one month of receipt of the request and this time period may be extended up to three months in particularly complex cases.

The aforementioned rights can be exercised by sending a written request to this e-mail address: [email protected]

I. COMPLAINT TO DATA PROTECTION AUTHORITY The Data Subject has the right to lodge a complaint with the relevant Data Protection Authority.

The complaint is the tool that allows the Data Subject to turn to a Data Protection Authority in order to complain about any breach of data protection law, pursuant to art. 77 of the GDPR, and to request an investigation by the Authority.

The complaint can be lodged by the Data Subject with the Supervisory Authority of the place where he resides, where he works or where the alleged infringement occurred.

The Data Subject has the right to an effective judicial remedy before the competent Court, if he considers that his rights have been infringed as a result of the processing.

L. DATA TRANSFER TO THIRD COUNTRIES The data entered in the forms will sometimes be processed through Google Forms; the contact data that are collected to send newsletters will be processed through Mailchimp and MailUp programs; sometimes the Data Controller uses Rebrandly as a “link shortener” service; in all these cases, the data could be transferred to countries outside the European Union.

However, these service providers, as external data processors, declare that the third countries guarantee an adequate level of protection of data subjects rights by virtue of compliance with one or more of the conditions set out in Articles 45-47 of the GDPR. If personal data are stored on servers of US service providers, it is acknowledged that the US government authorities may have access to these data, provided that the conditions required by law are met.

 M. DPO (Data Protection Officer) The Data Controller has appointed a specific Data Protection Officer (DPO), who can be contacted at the following e-mail address: [email protected]