Information on the Processing of Personal Data in the Context of the Use of the XYdigitale Website

Information on the Processing of Personal Data in the Context of the Use of the XYdigitale Website

The EU Regulation 2016/679 ‘General Data Protection Regulation’ (hereafter GDPR) establishes the right of every person to the protection of personal data concerning them.

Pursuant to art. 13 of the GDPR, the University of Trento intends to provide users (hereinafter ‘interested persons’) of the XYdigitale website with the following information.

1. Data Controller

The Data Controller is the University of Trento, via Calepina n. 14, 38122 Trento (TN); Email: ateneo@pec.unitn.it; ateneo@unitn.it.

2. Contacts of the Data Protection Officer

The Data Protection Officer (DPO), whom you can contact for information regarding your personal data, can be contacted at the following Email address: rpd@unitn.it.

3. Purpose of the Processing and Legal Basis

The University of Trento carries out the processing as part of the execution of its tasks in the public interest, pursuant to Article 6, Paragraph 1, Letter e) of the GDPR, for allowing web surfing of the XYdigitale site.

4. Categories of Processed Data

Navigation Data

While browsing, the XYdigitale website acquires personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes the IP addresses or domain names of the computers of the users who connect to the platform, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

These data are used to obtain anonymous statistical information on the use of the website and to check its correct functioning. They can also be used to ascertain any computer crimes committed against the portal or other computer systems of the University.

Navigation data is not collected to identify the interested persons but, given their nature, through processing and association with data held by third parties they could allow the user to be identified.

What are Cookies

Cookies are small strings of text that the websites visited by the interested persons can send to the navigation terminal, on which they are stored before being re-transmitted to the same websites on the next visit by the same persons.

Through cookies it is possible to collect information relating to users who visit a website (e.g. the date and time of the visit, the pages viewed, the time spent on the site), some of which may fall within the definition of ‘personal data’ and therefore be subject to specific laws.

While browsing the Internet, the interested person may receive two different types of cookies: those of the same site visited (the so-called ‘First-party cookies’) or those of different websites or web servers (the so-called ‘Third-party cookies’).

What Cookies Does the Platform Use

The Platform makes use of the following types of first-party technical cookies, for whose installation no consent is required from the interested person.

Third-Party Analytics/Statistical Cookies

Not present.

How to Disable Cookies

You can refuse consent to the use of cookies by selecting the appropriate setting on your browser. Below are links with instructions for disabling cookies for the most popular browsers (for other browsers that may be used, it is suggested to look for this option in the software help).

• Instructions for Google Chrome
• Instructions for Google Chrome (mobile)
• Instructions for Mozilla Firefox
• Instructions for Internet Explorer
• Instructions for Microsoft Edge
• Instructions for Opera
• Instructions for Apple Safari
• Instructions for Apple Safari (mobile)

To Disable Third-Party Cookies

The deactivation of third-party cookies is also possible through the methods described in the respective information and/or made available directly by the third-party owner company for said treatment.

To Delete Cookies Already Stored on the Terminal

Even if the authorization to use third-party cookies is revoked, before this revocation the cookies may have been stored on the user’s terminal. For technical reasons it is not possible to delete these cookies, however the browser allows their elimination in the privacy settings. In fact, the browser options contain the ‘Delete browsing data’ option which can be used to delete cookies, site data and plug-ins.

5. Nature of Data Provision

The provision of personal data is essential for the use of all the site’s functions. Failure to provide personal data may make it impossible to fully use the aforementioned features.

6. Processing Methods

The processing of personal data is carried out electronically by personnel authorized to process data in relation to the tasks and duties assigned and in compliance with the principles of lawfulness, correctness, transparency, adequacy, pertinence, accuracy, non-excess, integrity and confidentiality (Article 5, Paragraph 1 of the GDPR). No profiling or automated decisions are made.

7. Categories of Recipients

The data will be communicated to the staff of the University structures involved in achieving the aforementioned purpose.

Apart from these cases, personal data may be disclosed to third parties only in the event of fulfillment of a legal obligation and/or a provision of the judicial authority.

Personal data may be transferred to non-EU countries. In this case, the transfer will be made on the basis of an adequacy decision pursuant to Article 45 of the GDPR or, in its absence, of the standard data protection clauses pursuant to Article 46, Paragraph 2, Letter c) of the GDPR.

8. Period of Data Retention

The collected data will be kept for the period necessary to achieve the above-mentioned purposes. In particular, navigation data will be kept for a maximum period of six months.

9. Rights of the Interested Parties

At any time, the interested persons may exercise the rights established by the Articles 15 et seq. of the GDPR against the Data Controller, via the Email contacts indicated above.

• Access to personal data and other information indicated in the Article 15 of the GDPR.
• Rectification of own personal data if inaccurate and/or their integration if they are incomplete.
• Deletion of personal data except in cases where the University is required to keep them pursuant to the Article 17, Paragraph 3, Letter b) of the GDPR.
• Limitation of the treatment in the hypotheses indicated by the Article 18 of the GDPR.
• Opposition to the processing of personal data concerning them in cases where this is permitted pursuant to the Article 21 of the GDPR.

To exercise the rights, it is possible to use the appropriate form found on the ‘Privacy and Protection of Personal Data’ page of the University portal and send it to the above contact details of the Data Controller.

The interested persons who believe that the processing of their personal data occurs in violation of the GDPR have the right to lodge a complaint with the Guarantor for the protection of personal data pursuant to the Article 77 of the GDPR or to take the appropriate legal action.