Privacy Policy
Information on the processing of personal data pursuant to and for the purposes of Regulation (EU) No. 679/2016 carried out through the website www.fastlisa.eu (hereinafter “the Site”) also through the use of cookies.
The following information (hereinafter also referred to as the “Information Notice”) is provided by Alma Mater Studiorum – University of Bologna, in its capacity as Data Controller (hereinafter also referred to as the “Data Controller“) and member of the Fast-Lisa European Project consortium, to the user of the Website (hereinafter also referred to as the “Interested Party“), in compliance with the provisions of Regulation (EU) no. 679/2016 (hereinafter also referred to as the “Regulation“).
The Information is provided by the Data Controller to the Data Subject also in compliance with the current legislation on cookies and the Guidelines on Cookies and Other Tracking Devices approved by the Italian Data Protection Authority with Order No. 231 of 10 June 2021 (hereinafter the “Cookie Order“).
The Data Controller hereby informs the Data Subject of the processing of personal data concerning him/her carried out through the Site and the cookies used by the Site, emphasising its commitment and attention to the protection of the Data Subject’s rights.
The Policy also provides information on how cookies can be managed.
The Information is provided exclusively for the Site and does not, therefore, concern other sites, pages or online services that can be reached via hypertext links that may be published on the Site but refer to resources outside the domain.
The Controller may provide the user with additional information concerning specific services or the collection and processing of personal data in the sections of the site dedicated to individual services.
In any event, the Data Controller ensures that the processing of personal data will be carried out in compliance with the principles laid down in the legislation in force and with the rights of the data subject.
When you access the Site and use its services, you confirm that you have read the Policy.
The Data Controller is the Alma Mater Studiorum – University of Bologna, with registered office at via Zamboni, 33 – 40126 Bologna, Italy; (e-mail: privacy@unibo.it; PEC: scriviunibo@pec.unibo.it), in the person of the Rector pro tempore.
DPO (DATA PROTECTION OFFICER)
The DPO (Data Protection Officer) is identified as the Data Protection Officer at Alma Mater Studiorum – University of Bologna Studiorum (RPD/DPO) (registered office: via Zamboni, 33 – 40126 Bologna, Italy; e-mail: dpo@unibo.it; PEC: scriviunibo@pec.unibo.it).
Methods of processing, types of data processed, purposes of processing, retention periods and/or criteria for determining retention periods, legal bases
The data are processed using automated methods at the Owner’s computer systems, in compliance with the principles established by the legislation in force (in particular Article 5 GDPR: principles of lawfulness, correctness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, accountability) and in such a way as to guarantee the confidentiality and security of the data.
The following categories of personal data are processed: (1) navigation data; (2) data communicated voluntarily by the data subject; (3) data acquired via cookies.
- Navigation data
The computer systems, applications and software procedures used to operate the Site collect, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This category of personal data includes: (a) the IP address or domain name of the computer and terminal used by the Data Subject; (b) the URI/URL notation addresses of the resources requested; (c) the time of the request; (d) the method used in submitting the request to the server; (e) the size of the file obtained in response to the request; (f) the numerical code indicating the status of the response given by the server; (g) any search engine used to locate the link to the Site, subsequently used to access the Site; (h) other parameters relating to the operating system and the computer environment used by the data subject to access and navigate the Site.
Browsing data are collected and used for the following purposes:
(a) enable the use of the Site;
(b) monitoring the proper functioning of the Site and technological maintenance of the Site;
(c) ascertaining liability in the event of hypothetical wrongdoing to the detriment of the Controller through the Site or to the Site itself;
1.2. Legal Basis
The legal basis for the processing of personal data, pursuant to Article 6(1)(e) of the Regulation, is the performance of a task carried out in the public interest or in connection with the exercise of public authority, including the task of carrying out information and institutional communication activities pursuant to Law no. 150/2000 and R.D. 271/2009, which the Alma Mater Studiorum – University of Bologna is entrusted with.
1.3. Storage times
Surfing data is not retained for more than seven days and is deleted immediately. This is without prejudice to any need for further storage of data for the fulfilment of legal obligations or the investigation of criminal offences by the judicial authorities.
When the data subject voluntarily sends messages to the Controller’s addresses, by filling in the “Contact Us” form and subsequently sending them to the Controller, the latter acquires the data subject’s contact details such as: name, surname, e-mail address, as well as any other data communicated by the same when the message is sent (e.g. within the content of the latter).
The purpose of the processing of the data voluntarily communicated by the Data Subject is to allow the Data Subject to contact the FAST-LISA partnership and to allow the Data Controller to process the Data Subject’s requests within the framework of the Project.
The legal basis for the processing of personal data, pursuant to Article 6(1)(e) of the Regulation, is the performance of a task carried out in the public interest or in connection with the exercise of public authority, including the task of carrying out information and institutional communication activities pursuant to Law no. 150/2000 and R.D. 271/2009, which the Alma Mater Studiorum – University of Bologna is entrusted with.
2.3. Storage times
The data communicated voluntarily by the Data Subject are kept for the time strictly necessary to fulfil the purposes set out in point 2.1. Once the purposes of the processing have been fulfilled, the data will be deleted using methods that ensure its permanent deletion. This is without prejudice to any need for further storage of data for the fulfilment of legal obligations or the investigation of offences by the judicial authorities.
3 Data acquired via cookies
Cookies are “as a rule strings of text that websites (so-called ‘publishers’, or ‘first parties’) visited by the user or different websites or web servers (so-called ‘third parties’) place and store – directly, in the case of publishers, and indirectly, i.e. through them, in the case of ‘third parties’ – within a terminal device available to the user”. (Cookie Provision).
The Data Controller adopts the distinction between technical and profiling cookies provided by the Cookie Provision. In particular:
– technical cookies are designed to manage the technical aspects necessary to carry out the transmission of a communication over an electronic communication network or to provide a service requested by the user. They may also include, under certain conditions, analytical cookies;
– Profiling cookies are used to analyse the user’s browsing characteristics and create profiles based on their behaviour on the site.
Cookies can be permanent, i.e. stored in the device permanently; temporary, when they have a variable and limited duration; session, when they disappear when the browser is closed or when logging out.
For a precise and exhaustive description and definition of the different types of cookies, please refer to point 4 of the Cookie Policy. This site uses different types of internal and external cookies, a list of which is provided below, specifying the purpose, whether or not consent is required from the user and the retention period.
This site uses different types of internal and external cookies, a list of which is given below, specifying the purpose, whether or not consent is required from the user and the retention period.
Cookie name | Type | Brief description | Domain | Deadline | Consent | ||||
Persistent technician | Non-persistent technician (or session) | Part One | Part Three | Profiling | 1 year | ||||
COOKIELAWINFO-CHECKBOX-ANALYTICS | X | X | Cookie set by the GDPR Cookie Consent plugin. The cookie is used to store the user’s consent for cookies in the “Analytics” category. | fast.lisa.eu | 1 year | ||||
COOKIELAWINFO-CHECKBOX-FUNCTIONAL | X | X | Cookie set by the GDPR Cookie Consent plugin. The cookie is used to store the user’s consent for cookies in the “Functional” category. | fast.lisa.eu | 1 year | ||||
COOKIELAWINFO-CHECKBOX-NECESSARY | X | X | Cookie set by the GDPR Cookie Consent plugin. The cookie is used to store the user’s consent for cookies in the ‘Necessary’ category. | fast.lisa.eu | 1 year | ||||
COOKIELAWINFO-CHECKBOX-OTHERS | X | X | Cookie set by the GDPR Cookie Consent plugin. The cookie is used to store the user’s consent for cookies in the ‘Others’ category. | fast.lisa.eu | 1 year | ||||
COOKIELAWINFO-CHECKBOX-PERFOMANCE | X | X | Cookie set by the GDPR Cookie Consent plugin. The cookie is used to store the user’s consent for cookies in the “Performance” category. | fast.lisa.eu | 1 year | ||||
VIEWED_COOKIE_POLICY | X | X | Cookie set by the GDPR Cookie Consent plugin. It is used to store whether or not the user has consented to the use of cookies. It does not store any personal data. | fast.lisa.eu | 1 year | ||||
_GA | X | Persistent Google Analytics cookie that is used to uniquely distinguish users. | 2 years | ||||||
GAT | X | A cookie installed by Google Analytics that is used to store information on how visitors use a website and help create a file analytics on the performance of the website. | |||||||
_GID | X | Cookie that is used to limit the frequency of requests. These are third-party cookies that are placed on the device to allow you to use Google Analytics. They are used for collect information on how visitors use the website. | |||||||
_GCL_AU | X | Used by Google AdSense to check the efficiency of advertising on all websites using their services. It is the first-party cookie for the “Conversion Linker” functionality: it collects information from ad clicks and stores it in a first-party cookie so that conversions can be attributed outside the landing page. | 13 months | ||||||
The Site makes no use of cookies other than those expressly indicated in the list above.
For third-party cookies installed via the Site, information and consent obligations rest with the third party.
Below are links to the privacy policies and consent forms of the
third parties themselves.
https://policies.google.com/privacy?hl=it
3.1 Legal Basis
The legal basis for the processing of data for the necessary technical cookies can be found in the performance of tasks of public interest or in any case connected with the exercise of public powers by the Data Controller, thus falling under Article 6(1)(e) of the Regulation, including the task of carrying out information and institutional communication activities pursuant to Law No. 150/2000 and R.D. 271/2009.
The legal basis for the processing of data for optional technical cookies and profiling cookies is the consent of the Data Subject in compliance with and within the limits of Art. 6(1)(a) of the Regulation.
3.2 How to disable and/or not accept cookies
The data subject may refuse the use of cookies and may revoke a consent already given at any time. Since cookies are linked to the browser used, the Data Subject has the possibility, at any time, to set his or her browser to accept all cookies, only some, or to reject them, disabling their use by the Site. The Data Subject may also set his or her browser preferences in such a way as to be notified whenever a cookie is stored in the memory of his or her device.
Please note that at the end of each browsing session, the Interested Party may in any case delete both the browsing cache-memory and the cookies collected from his/her hard disk. Any deactivation of cookies by the Data Subject on his/her own device does not affect or influence in any way the interaction with the Site.
Links to reference sites illustrating how to disable cookies for the most popular browsers are provided below:
– Google Chrome https://support.google.com/chrome/answer/95647?hl=it
– Mozilla Firefox http://support.mozilla.org/it/kb/Gestione%20dei%20cookie?redirectlocale=enUS&redirectslug=Cookies
– Apple Safari http://www.apple.com/it/privacy/use-of-cookies/
– Microsoft Edge https://support.microsoft.com/it-it/microsoft-edge/eliminare-i-cookie-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
The cookie functionality can also be deactivated via the page provided by the EDAA (European Interactive Digital Advertising Alliance) available at the URL http://www.youronlinechoices.com/it/.
Even if the permission to use any third-party cookies is revoked, prior to such revocation the cookies may have been stored on the data subject’s device. For technical reasons, it is not possible to delete such cookies, but the data subject’s browser allows for their deletion in the privacy settings. The browser options contain the option “Delete Browsing Data” which can be used to delete cookies, site data and plug-ins.
Optional supply of personal data
The provision of personal data by the Data Subject – unless otherwise specified – is optional; however, failure to provide such data may make it impossible to obtain what is requested or to perform the indicated activity, including the correct and full navigation of the Site.
Recipients and categories of recipients of personal data, as well as the scope of their knowledge
For the pursuit of the purposes described, the Data Subject’s personal data will be known to the Data Controller’s employees, who will act as authorised processors and/or data controllers, and to the members of the Fast-Lisa partnership.
Personal data will not be disseminated in any case.
Finally, it should be noted that the User’s personal data may be made available to the competent authorities, if the legal requirements are met.
Transfer of personal data
Data processing does not involve the transfer of data outside the European Economic Area.
Rights of the concerned
The data subject may, under the conditions laid down in the Regulation, exercise the rights set out in Article 7(3) and Articles 15 to 22 of the Regulation.
In particular, the Data Subject is guaranteed the exercise of the following rights:
– right of access: pursuant to Article 15 of the Regulation, which provides for the data subject’s right to obtain confirmation as to whether or not personal data relating to him are being processed and, if so, to obtain access to his personal data, a copy thereof and communication of, inter alia, the following information (a) purpose of the processing; (b) categories of personal data processed; (c) recipients to whom the data have been or will be disclosed; (d) data retention period or criteria used; (e) the rights of the Data Subject (rectification, erasure of personal data, restriction of processing and right to object to processing); (f) right to lodge a complaint; (g) right to receive information on the origin of his or her personal data, if it has not been collected from the Data Subject; (h) the existence of an automated decision-making process, including profiling if it is carried out;
– right of rectification: pursuant to Article 16 of the Regulation, the Data Subject has the right to obtain, without undue delay, the rectification of inaccurate personal data concerning him/her and the integration of incomplete personal data;
– right to erasure (so called right to be forgotten): pursuant to Article 17 of the Regulation, the Data Subject has the right to obtain, without undue delay, the erasure of personal data concerning him/her when: (a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the Data Subject has withdrawn consent and there is no other legal basis for the processing; (c) the Data Subject has successfully objected to the processing of the personal data; (d) the data have been processed unlawfully; (e) the data must be erased in order to comply with a legal obligation; (f) the personal data have been collected in connection with the provision of information society services as referred to in Article 8(1) of the Regulation. The right to erasure does not apply to the extent that the processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims;
– right to restriction of processing: pursuant to Article 18 of the Regulation, the Data Subject has the right to obtain the restriction of processing when: (a) he/she disputes the accuracy of the personal data; (b) the processing is unlawful and the Data Subject objects to the erasure of the personal data and instead requests that their use be restricted; (c) the personal data are necessary for the establishment, exercise or defence of a legal claim; (d) the Data Subject has objected to the processing pending verification as to whether the legitimate reasons of the Data Controller prevail over those of the Data Subject;
– the right to data portability: pursuant to Article 20 of the Regulation, the Data Subject has the right to receive from the Controller, in a structured, commonly used and machine-readable format, personal data concerning him/her and to transmit them to another Controller without hindrance, where the processing is based on consent and is carried out by automated means. The right to obtain, moreover, that personal data be transmitted directly from the Controller to another Controller, where this is technically feasible;
– right to object: pursuant to Article 21 of the Regulation, the Data Subject has the right to object, at any time, to the processing of personal data relating to him/her based on the condition of legitimate interest, including profiling where it is carried out, unless there are legitimate reasons for the Controller to continue the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims;
– the right not to be subjected to an automated decision-making process: pursuant to Article 22 of the Regulation, the Data Subject has the right not to be subjected to a decision based solely on automated processing, including profiling where it is carried out, which produces legal effects concerning him or her or significantly affects him or her in a similar way, except where: (i) such decision is necessary for the conclusion or performance of a contract between the Data Subject and a Data Controller, (ii) the Data Subject has given his or her explicit consent, (iii) this is authorised by the law of the Union or the Member State to which the Data Controller is subject. In any case, an automated decision-making process may not concern the particular data referred to in Article 9 of the Regulation, except in the cases expressly provided for in Article 22, paragraph 4. The Data Subject may at any time obtain human intervention by the Controller, express his/her opinion and contest the decision;
– the right to revoke the consent given at any time and with the same ease with which it was given, without prejudice to the lawfulness of the processing based on the consent given before revocation (Article 7(3) of the Regulation).
The data subject also has the right to lodge a complaint with the Italian Data Protection Authority, Piazza di Montecitorio n. 121, 00186, Rome (RM), or to take legal action.
The exercise by the Data Subject of his/her rights is free of charge pursuant to Article 12 of the Regulation. However, in the case of requests that are manifestly unfounded or excessive, also due to their repetitiveness, the Data Controller may charge a reasonable expense contribution, in light of the administrative costs incurred in handling the request, or deny satisfaction of the request.
Requests concerning the exercise of the aforementioned rights should be addressed to the following e-mail address privacy@unibo.it.
It should be noted that the Data Controller, also through the designated structures, will take charge of the request and provide without undue delay – and in any case, at the latest, within one month of receipt of the request – the information concerning the action taken in respect of the request. This period may be extended by two months if necessary, taking into account the complexity and number of the requests. If the Controller has doubts as to the identity of the natural person making the request, it may request further information necessary to confirm the identity of the Data Subject.
The aforementioned policy may be subject to revisions as a result of changes in the legislation on the protection of personal data or technological implementations of the site that impact on the methods of data processing, as well as changes in the organisational structure of the Data Controller; therefore, users are invited to periodically review this policy in order to be constantly updated on the characteristics of the processing.
Any changes will take effect on the date of publication of the amended version of the Policy on the Site.
