In particular, UniSMART – Fondazione Università degli Studi di Padova as Data Controller, pursuant to the obligations deriving from the GDPR, provides you the following information regarding the methods and purposes of the processing of personal data collected while you browse the website (http://www.unismart.it/).
A. DATA CONTROLLER
The Data Controller for all personal data collected and processed in relation to the management of the website http://www.unismart.it/ (the “Website”) is UniSMART – Fondazione Università degli Studi di Padova, with registered office in Padova, via VIII Febbraio, n. 2 and the place of business in Padova, via P. Beldomandi, n. 1. Tel.: 049 827 8670 E-mail: email@example.com Certified e-mail: firstname.lastname@example.org
B. CATEGORIES OF PERSONAL DATA AND PURPOSES OF THE PROCESSING
- CATEGORIES OF PROCESSED DATA
1.1 When the user voluntary sends communications or requests to the e-mail addresses indicated in the various sections of the Website, the personal data included in the e-mail text will be collected.
1.2 The optional and voluntary filling in of the forms on the Website involves the collection of the personal data requested therein.
1.3 Browsing data: the computer systems and software procedures used to operate the Website collect some personal data, whose transmission is an integral part of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and device environment of the user. These data are used exclusively to obtain anonymous statistical information on the use and proper functioning of the Website. The data may be used to ascertain any liability, only at the request of the oversight bodies, in the event of alleged cybercrimes against the Website or the Data Controller.
PURPOSES OF THE PROCESSING
The data will be processed for the following purposes:
As regards point 1.1, to respond to the user’s requests;
As regards point 1.2, for the purposes indicated in the respective forms, to consent the hosting of the event, to send communications related to the selected areas of interest and to subscribe to the newsletter of UniSMART.
As regards point 1.3, to allow the browsing of the Website.
C. LEGAL BASIS FOR PROCESSING
The legal basis for the processing of the personal data indicated above is the need to response to the request of the data subject and to allow the browsing of the Website, and therefore the execution of a contract or of steps prior to entering into a contract. The legal basis for the processing of personal contact data to send communications connected to the selected areas of interest is represented by the legitimate interest of the Data Controller, which is connected to the implementation of activities in the interest of the University of Padova.
The subscription to the newsletter as well as the communication of data to the co-organizers of the events for purposes not related to the event are based on the specific and explicit consent of the Data subject.
D. METHODS OF PROCESSING
Your personal data are processed with automated and non-automated tools, for the purposes for which they are collected. Specific security measures are observed to prevent the loss, unlawful or incorrect use or unauthorized access to the data. Your personal data may be used on behalf of the Data Controller by data processors in order to ensure the correct performance of the Website’s activities.
It should be noted that personal data may be processed through software for the sending of newsletters and for the managing of the data collected through the forms.
E. DATA RETENTION
Data retention period:
- data collected by requests sent by users to the e-mail addresses mentioned on the Website: they are kept for the time strictly necessary to respond to the request;
- data collected through forms: they are kept until the purpose indicated in the form is achieved;
- browsing data: they are kept for the technical time necessary to achieve the purposes which they are collected for and in any case for a maximum period of six months.
The Data Controller will retain your personal data for a longer period, if the retention is reasonably necessary to comply with legal obligations, or for the establishment, exercise or defence of legal claims.
The Data Controller will keep your personal data until the expiry of the retention period; after that, the personal data will be deleted or made permanently anonymous.
Cookies and similar technologies are information sent or read by websites and apps on devices during their first visit, which are then transmitted back to those websites and apps during the next visit.
– make the Website remembering the settings of the users from time to time;
– understand how users interact with the Website by collecting and reporting information anonymously;
– make advertisement more relevant for the user.
The data subject’s prior consent is required for non-anonymised “analytics cookies”. They help in keeping track of website visits and its usage, with the aim of improving our services. Also “profiling cookies” require the data subject’s prior consent. They are cookies used to elaborate statistical analysis on the use of the Website or to profile the user in order to show targeted advertising.
These cookies use data that are not immediately referable to the data subject but, due to their structure, could permit the identification of the data subject with the help of the processing and the matching with third parties’ data. Profiling is based, for example, on the tracking of the visited Website’s sections or on information (interests, age, sex, geolocation and similar) which third parties collect on the user by observing his/her browsing activities. Unique identifications (“ID”), such as those stored by cookies, are used to distinguish the devices and actions of one user from those of other users.
Third parties’ profiling cookies on the Website belong to Google and to Facebook / Meta.
The user can authorize or disable all cookies at any time and can always change his/her mind. Cookies from other websites or from third parties may track actions on different websites, not only on ours.
There are different types of cookies which, accordingly to their characteristics and functions, are stored on the devices for different periods of time: there are session cookies, which are automatically deleted when the user closes the browser, and persistent cookies, which remain on devices until a pre-established date.
G. RECIPIENTS AND CATEGORIES OF RECIPIENTS
Your personal data will not be disclosed to indeterminate subjects. Nevertheless, the data may be communicated to well-defined subjects, only by the Data Controller and for the specified purposes, and in particular to:
- Software houses;
- Data processors and persons authorized to the processing.
In particular, the registration to events organized by UniSMART in collaboration with third parties involve the communication of data, filled in the form, to the co-organizer of the event who, as Data processor, is authorized to use such data only for organisational purposes, as laid down in the specific form. However, if consent is given, the data can be shared and processed by the co-organizer as an autonomous data controller also for purposes unrelated to the organization of the event.
You can receive the list of the external data processors by sending a request to the DPO e-mail address: email@example.com.
H. DATA SUBJECT’S RIGHTS
The data subject has the right:
- to request information about the personal data processed by UniSMART and to receive in a structured, commonly used and machine-readable format the personal data;
- not to be subject to a decision based solely on automated processing, without a previous explicit consent;
- to ask UniSMART the rectification or the erasure of personal data or the restriction of their use only for certain purposes;
- to change idea and ask UniSMART to stop processing the data.
In some limited cases, the Data controller may not be able to comply with the requests of the data subjects, as long as it is forbidden by law provisions or by the act of a public authority.
The requests to exercise these rights shall be sent to the Data Protection Officer of UniSMART: firstname.lastname@example.org.
In any case, the data subject has the right to lodge a complaint with the relevant supervisory authority (Data protection Authority) if he/she believes that the processing of personal data is against the applicable law.
I. DATA TRANSFER TO THIRD COUNTRIES
The data entered in the forms will sometimes be processed through Google Forms; the contact data that are collected to send newsletters will be processed through Mailchimp and MailUp programs; sometimes the Data Controller uses Rebrandly as a “link shortener” service; in all these cases, the data could be transferred to countries outside the European Union.
However, these service providers, as external data processors, declare that the third countries guarantee an adequate level of protection of data subjects rights by virtue of compliance with one or more of the conditions set out in Articles 45-47 of the GDPR. If personal data are stored on servers of US service providers, it is acknowledged that the US government authorities may have access to these data, provided that the conditions required by law are met.
L. DPO (Data Protection Officer)
The Data Controller has appointed a specific Data Protection Officer (DPO), who can be contacted at the following e-mail address: email@example.com.