Privacy Policy in accordance with art. 13 EU Reg. n. 2016/679

This privacy policy is provided pursuant to and in accordance with art. 13 of EU Regulation no. 2016/679 of 27 April 2016 (hereinafter “GDPR”) concerning the protection of natural people personal data.

In particular, UniSMART – Fondazione Università degli Studi di Padova as Data Controller, pursuant to the obligations deriving from the GDPR, provides you the following information regarding the methods and purposes of the processing of personal data collected while you browse the website (http://www.unismart.it/).

A. DATA CONTROLLER The Data Controller for all personal data collected and processed in relation to the management of the website http://www.unismart.it/ (the “Website”) is UniSMART – Fondazione Università degli Studi di Padova, with registered office in Padova, via VIII Febbraio, n. 2 and the place of business in Padova, via Venezia, n. 15.

Tel.: 049 807 8598

E-mail: [email protected]

Certified e-mail: [email protected]

B. CATEGORIES OF PERSONAL DATA AND PURPOSES OF THE PROCESSING
  1. CATEGORIES OF PROCESSED DATA

1.1 When the user voluntary send communications or requests to the e-mail addresses indicated in the various sections of the Website, the personal data included in the e-mail text will be collected.

1.2 The optional and voluntary filling in of the forms on the Website involves the collection of the personal data requested therein.

1.3 Browsing data

The computer systems and software procedures used to operate the Website collect some personal data, whose transmission is an integral part of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Website, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and device environment of the user. These data are used exclusively to obtain anonymous statistical information on the use and proper functioning of the Website. The data may be used to ascertain any liability, only at the request of the oversight bodies, in the event of alleged cybercrimes against the Website or the Data Controller.

  1. PURPOSES OF THE PROCESSING

The data will be processed for the following purposes:

  • As regards point 1.1, to respond to the user’s requests;
  • As regards point 1.2, for the purposes indicated in the respective forms;

As regards point 1.3, to allow the browsing of the Website.

C. LEGAL BASIS FOR PROCESSING The legal basis for the processing of the personal data indicated above is the need to response to the request of the data subject and to allow the browsing of the Website, and therefore the execution of a contract or of steps prior to entering into a contract.
D. METHODS OF PROCESSING Your personal data are processed with automated and non-automated tools, for the purposes for which they are collected. Specific security measures are observed to prevent the loss, unlawful or incorrect use or unauthorized access to the data. Your personal data may be used on behalf of the Data Controller by data processors in order to ensure the correct performance of the Website’s activities.

It should be noted that personal data may be processed through software for the sending of newsletters and for the managing of the data collected through the forms.

E. DATA RETENTION Data retention period:

–  data collected by requests sent by users to the e-mail addresses mentioned on the Website: they are kept for the time strictly necessary to respond to the request;

– data collected through forms: they are kept until the purpose indicated in the form is achieved;

– browsing data: they are kept for the technical time necessary to achieve the purposes which they are collected for and in any case for a maximum period of six months.

The Data Controller will retain your personal data for a longer period, if the retention is reasonably necessary to comply with legal obligations, or for the establishment, exercise or defence of legal claims.

The Data Controller will keep your personal data until the expiry of the retention period; after that, the personal data will be deleted or made permanently anonymous.

F. COOKIES Cookies and similar technologies are information sent or read by websites and apps on devices during their first visit, which are then transmitted back to those websites and apps during the next visit.

UniSMART uses cookies in order to:

– make the Website remembering the settings of the users from time to time;

– understand how users interact with the Website by collecting and reporting information anonymously;

– make advertisement more relevant for the user.

According to the applicable law, a prior explicit consent for the use of cookies is not always required. In particular, consent is not required for the use of “technical cookies”, that are cookies used for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or strictly necessary to provide a service explicitly requested by the user. In other words, consent is not required for cookies which are indispensable for the operation of the Website. “Analytics cookies”, on the other hand, allow UniSMART to analyse and improve the functioning of the Website but will process IP addresses anonymously.

The data subject’s prior consent is required for non-anonymised “analytics” and “profiling cookies”, which are those used to elaborate statistical analysis on the use of the Website or to profile the user in order to show targeted advertising. Profiling is based, for example, on the tracking of the visited Website’s sections or on information (interests, age, sex, geolocation and similar) which third parties collect on the user by observing his/her browsing activities. Unique identifications (“ID”), such as those stored by cookies, are used to distinguish the devices and actions of one user from those of other users.

Third parties’ profiling cookies on the Website belong to Google and to Facebook / Meta.

The user can authorize or disable all cookies at any time and can always change his/her mind. Cookies from other websites or from third parties may track actions on different websites, not only on ours.

There are different types of cookies which, accordingly to their characteristics and functions, are stored on the devices for different periods of time: there are session cookies, which are automatically deleted when the user closes the browser, and persistent cookies, which remain on devices until a pre-established date.

For more detailed information about the cookies of the Website, their duration and to know how to block them, click here.

G. RECIPIENTS AND CATEGORIES OF RECIPIENTS Your personal data will not be disclosed to indeterminate subjects. The data may be communicated to well-defined subjects, only by the Data Controller and for the specified purposes, and in particular to:

a) Software houses;
b) Data processors and persons authorized to the processing.

You can receive the list of the external data processors by sending a request to the DPO e-mail address: [email protected].

H. DATA SUBJECT’S RIGHTS The data subject has the right:

– to request information about the personal data processed by UniSMART and to receive in a structured, commonly used and machine-readable format the personal data;

– not to be subject to a decision based solely on automated processing, without a previous explicit consent;

– to ask UniSMART the rectification or the erasure of personal data or the restriction of their use only for certain purposes;

– to change idea and ask UniSMART to stop processing the data.

In some limited cases, the Data controller may not be able to comply with the requests of the data subjects, as long as it is forbidden by law provisions or by the act of a public authority.

The requests to exercise these rights shall be sent to the Data Protection Officer of UniSMART: [email protected].

In any case, the data subject has the right to lodge a complaint with the relevant supervisory authority (Data protection Authority) if he/she believes that the processing of personal data is against the applicable law.

I. DATA TRANSFER TO THIRD COUNTRIES The data entered in the forms will sometimes be processed through Google Forms; the contact data that are collected to send newsletters will be processed through Mailchimp and MailUp programs; sometimes the Data Controller uses Rebrandly as a “link shortener” service; in all these cases, the data could be transferred to countries outside the European Union.

However, these service providers, as external data processors, declare that the third countries guarantee an adequate level of protection of data subjects rights by virtue of compliance with one or more of the conditions set out in Articles 45-47 of the GDPR. If personal data are stored on servers of US service providers, it is acknowledged that the US government authorities may have access to these data, provided that the conditions required by law are met.

J. DPO (Data Protection Officer) The Data Controller has appointed a specific Data Protection Officer (DPO), who can be contacted at the following e-mail address: [email protected]