INFORMATION IN ACCORDANCE WITH ARTICLE 13 OF EU REGULATION 2016/679 (GDPR) FOR THE PROCESSING OF DATA COLLECTED THROUGH WEB BROWSING
The University of Parma informs the parties concerned that this note pertains to the processing of personal data of Users browsing through the University web portal www.unipr.it, and the federated websites detailed below (See paragraph 11 - LIST OF WEBSITES REFERRED TO BY THE NOTE). The validity of this note is limited to the websites mentioned above, hence the information contained in this document is not relevant to any other websites, even though they are accessible from links provided in them. This is without prejudice to the University of Parma's compliance with current legislation on transparency and the mandatory publication of data and documents. The University undertakes to comply with the general principles of the EU Regulation 2016/679 of lawfulness, correctness, transparency, appropriateness, relevance and necessity in processing the data acquired, using appropriate technical and organisational measures to protect the confidentiality and the rights of users.
1. PARTIES CONCERNED BY DATA PROCESSING
The Data Controller is the University of Parma, with registered office in via Università 12, 43121 Parma, Italy:
Tel.+39 0521 902111
The Data Protection Officer can be contacted at the following addresses:
2. PURPOSE OF DATA PROCESSING
The data collected are used exclusively within the University's institutional activities and for the following purposes:
- to enable navigation of the web portal;
- to provide the user with the information and services requested;
- to promote and divulge the results of Research activities, through the presentation of the skills of the University's lecturers and researchers (publication of information relating to: scientific curriculum vitae, projects, publications, etc.);
- to verify the proper functioning of the web portal, carry out monitoring activities for security purposes and identify actions aimed at improving the website (for navigation data);
- fulfil legal obligations, comply with orders from public authorities, ascertain possible liability in the event of hypothetical computer crimes to the detriment of the site or its users.
3. TYPES OF DATA PROCESSED
The IT systems and application procedures used to operate this website acquire during their normal operation the following types of data, in automated form:
- navigation data collected during the visit to the website, transmitted implicitly with the use of Internet communication protocols or in the use of third-party technologies and/or web resources. For example:
- IP address of the device connected to the website (made anonymous during acquisition), type of browser and device used, date and time of visit, web page of origin of the visitor (referral) and exit, etc.;
- The optional, explicit and voluntary sending of e-mail messages to the addresses indicated on this site entails the subsequent acquisition of the sender's address, which is necessary to reply to requests, as well as any other personal data included in the same request.
- The optional, explicit and voluntary registration through specific web forms present on the site entails the subsequent acquisition of all the data contained in the fields filled in by the user and the processing is carried out exclusively to provide the service requested.
4. LEGAL BASES OF DATA PROCESSING
The legal bases of the processing can be identified as follows:
- performance of tasks of public interest,
- legitimate interest;
- processing of data useful for the prevention and suppression of fraud and any illegal activity;
- processing necessary for the performance of a contract where the data subject is one of the parties;
- consent by the interested party as per Section 6(1) GDPR.
The provision of data and thus consent to the collection and processing of data is optional. The user may withhold consent and may revoke consent already given at any time. However, denying consent may result in the inability to provide certain services and degrade the browsing experience on the web portal.
5. METHODS OF PROCESSING
The personal data collected are processed in compliance with the principles of lawfulness, fairness and transparency, indicated in Article 5 GDPR, including with the aid of computer and telematic tools suitable for storing and managing the data, and, in any case, ensuring their security and protect the utmost confidentiality of the data subject.
For some sites, the processing operations are carried out by the CINECA Consortium or Amazon Web Services (AWS) in their capacity as Data Processor as per Article 28 of the GDPR, are limited to the purposes described in Section 3, and are carried out ensuring adequate security of personal data, including protection from unauthorized or unlawful processing and from accidental loss, destruction or damage, by means of appropriate technical and organizational
6. CATEGORIES OF PERSONS AUTHORIZED TO PROCESS AND TO WHOM THE DATA MAY BE COMMUNICATED
The personal data of users will be known and processed, in compliance with current legislation on the subject, by employees and collaborators of the University (identified as Authorized Persons for Processing) assigned to the management of the portal and involved in the provision of services associated with it. The data may be communicated exclusively:
- to the structures of the University requesting it, for the University’s institutional purposes or in compliance with legislative obligations;
- to non-economic public entities or consortia participated by the University (e.g. MIUR) when the communication is necessary for the performance of institutional functions of the requesting entity;
- to any external parties, identified as Data Processors ex art. 28 RGPD, whose updated list is always available to the Data Controller;
- to Public Security Authorities or other public entities for purposes of defense, state security and detection of crimes, or to the Judicial Authority in compliance with legal obligations, where criminal offenses are identified.
Outside of the above cases, personal data are not in any way and for any reason communicated or divulged to third parties. Finally, personal data will not be transferred to third countries or international organizations unless this is strictly related to specific requests coming from the user, for which special consent will be acquired.
7. DATA RETENTION
In relation to the different goals and the purposes for which they were collected, the data will be kept for the time stipulated by the relevant legislation or for the time strictly necessary for the pursuit of the purposes.
8. RIGHTS OF DATA SUBJECTS
Data subjects have the right to obtain from the University of Parma, in the cases provided for, access to their personal data and the rectification or cancellation thereof or the restriction of the processing concerning them or to object to the processing (Articles 15 et seq. of the Regulations).
The application is made by contacting the Data Protection Officer at the addresses listed in Article 1 of this document. More information can be found on the Rights of Data Subjects page.
9. RIGHT TO COMPLAIN
The interested parties who believe that the processing of personal data relating to them carried out through this site is in violation of the Regulation, have the right to lodge a complaint with the Data Protection Authority, as per Article 77 of the Regulation, or to take appropriate legal action (Article 79 of the Regulation).
10. CHANGES TO INFORMATION
This information may change over time. Hence, it is advisable to check that the version referred to is current by accessing the Privacy section of the web portal.
11. LIST OF SITES REFERRED TO BY THE NOTE
This policy applies to the following sites:
GROUP A (sites hosted on AWS managed by Cookiebot)
GROUP B (sites hosted on AWS not managed by Cookiebot)
GROUP C (site hosted by CINECA)
Cookies are small text files sent by a site to the user's browser to be stored and retransmitted to the same site on the user’s next visit. Through cookies it is possible to collect information about the user who is visiting a website (e.g. date, time, pages visited, time spent on the site ...). Some information may fall under the definition of personal data and therefore subject to specific legal regulations.
Each site may use different categories of cookies among those described below, which are highlighted in the banner requesting consent proposed to the user on their first visit.
Technical cookies are necessary to ensure the proper functioning of the site and help make it more user-friendly by enabling basic functionality such as page navigation and access to any protected areas of the site. It is not necessary to propose the consent banner if only technical cookies are used on a site, since no personal data is processed.
The University of Parma monitors site access statistics to analyse user interaction by collecting and transmitting information anonymously.
The sole aim of Profiling cookies is to understand the preferences of individual users, so as to submit specific content of interest to them during browsing.
The sites included in the policy may make use of content and services by "third parties" following the incorporation of external resources in the web pages (such as maps, images, videos ...) during the drafting of the content, to expand functionality and improve the browsing experience of the users. Therefore, while browsing the user may also receive on his device cookies managed by other organizations (so-called "third-party" cookies), typically profiling cookies, without the Owner being aware of them or being able to intervene on them.
On these sites there are technical and tracking cookies (Web Analytics Italia) and third-party cookies described in the section "Third-party cookies".
On these sites we have used Google Analytics, a data analysis service provided by the company Google Inc, to collect aggregated information on the number of users and how they visit the site. The general statistics are then processed and used for improving the communication service.
Third-party profiling cookies may be present in registration campaigns to monitor interaction with social networks and the Google platform. The information collected may be transferred to partners for remarketing and behavioral targeting purposes.
Facebook Remarketing (Facebook, Inc.)
Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook, Inc. that links the website's activity with the Facebook advertising network.
- Personal data collected: Cookies and Usage Data.
Google Adwords (Google, Inc.)
Google Adwords is a targeted advertising service provided by Google, Inc. that links this website's activity with the Google's advertising network.