Cookies and legal notice
- The Data Controller determines the purposes for which and the means by which personal data is processed
- The Data Protection Officer (DPO) ensures, in an independent manner, that an organization applies the laws protecting individuals’ personal data.
- The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas.
This document outlines our approach to compliance with the General Data Protection Regulation (GDPR) and all other relevant data-protection legislation. It also sets forth your privacy rights. Please take a moment to familiarise yourself with our privacy practices.
Identity and contact details for the Data Controller
For data protection purposes, European University Foundation is the Data Controller of any personal information submitted and related to the Websites. You may contact us at:
Purposes of the processing and legal basis
Personal data – exclusively of non-sensitive nature – communicated by you will be processed by the Data Controller while you will be visiting the following website areas: “Contact” and “Events”.
In “Contact”, data is collected and processed in order to:
a. fulfil the requests made by you and provide you with the requested services. In accordance with Article 6 of GDPR, the legal basis for such data processing is the fulfilment of the services required by you (point b).
b. comply with legal obligations we are subject to; meet our obligations required by the law, by national and European Union regulations or by Authority orders. In accordance with Article 6 of GDPR, the legal basis for such data processing is the compliance with a legal obligation (point c).
In “Events”, data is collected and processed in order to:
c. enrol you in events, meetings, conferences organized during the lifetime of the MyAcademicID project. In accordance with Article 6 of GDPR, the legal basis for such data processing is the fulfilment of the services required by you (point b).
Apart from the mentioned personal data, freely provided by you on the website, the browsing data – collected as a result of using our services – may also be processed. In particular:
- specific information concerning the device used to connect to the Internet (for example, the kind of device, information related to the mobile network, etc.);
- log info. When using our services or viewing the content provided by us, some information in the server’s logs may be automatically collected and recorded. This information might include: the data related to the way in which our service is used, such as search queries; info related to Internet connection data, like IP addresses and all the other connected data; info on the events generated by the device, system activities, hardware settings, browser type and language, time and date of the queries and of the referring URL; the cookies that might identify the browser and the user’s account uniquely.
All the partners involved in the project could use different technologies to collect and record information when the website is visited and/or a service is used which might require the delivery of one or more cookies or anonymous identifiers to the user’s device.
Types of data processing
We personal data, exclusively of non-sensitive nature, communicated by you while visiting the website areas “Contact” and “Events”, via email or when filling out special forms. The processing of the personal data for the mentioned purposes is done by means of automated or computer-based procedures, in respect of the rules of confidentiality and security provided by the applicable laws, by the following rules and the internal procedures established for that purpose.
When and how your information is shared
We undertake not to disclose the submitted data to any unauthorized persons or use it for purposes other than those specified above. This data can be produced only at the request of authorities entitled by law.
1) We may share your personal information with third-party service providers which perform services and functions at our direction and on our behalf such as our accountants, IT service providers, printers, payment providers, lawyers, providers of security and administration services and other business advisers.
2) The data can be communicated to the partners of the MyAcademicID project, to public and private individuals, physical or legal persons (legal, administrative and fiscal offices, computer companies, or others) that must be necessarily informed for the right fulfilment of the purposes of the project, for contractual, administrative and accounting purposes, as to provide the interested parties with a guarantee that they can use and enjoy the website.
3) We may share your personal data with a third-party auditing organisation in accordance with our legitimate interests to verify aggregated statistics about circulation and usage of our services or to review our policies, processes and procedures for compliance with relevant standards.
Your personal data is processed inside the territory of the European Union.
Data storage and retention
We will retain your personal information as needed to fulfil the purposes for which it was collected. We will retain and use your personal information no longer than is necessary to comply with our business and legal obligations. In general, we make reference to the time limitations related to any potential auditing, to the ongoing provision of services to users, and to the applicable statute of limitation.
Your data subject rights
You have several rights under data-protection law in relation to how we use your personal information. You have the right, free of charge, to:
- Request a copy of the personal information we hold about you in a structured, commonly used and machine-readable format
- Rectify any inaccurate personal information we hold about you
- Withdraw your consent where we have relied upon your consent to process your information
- Erase the personal information we hold about you subject to certain exceptions
- If technically feasible, have your personal information transmitted to another data controller in a machine-readable format at your request
- Restrict processing of your personal information in certain circumstances
- Object to our use of your personal information for our legitimate interests, for profiling and for direct marketing purposes
- Not be subject to a decision which is based solely on automated processing where that decision produces a legal effect on you or otherwise significantly affects you. We do not make automated decisions of this nature
- Lodge a complaint with the appropriate data-protection authority if you have concerns about how we process your personal data
These rights are in some circumstances limited by data-protection legislation. If you wish to exercise any of these rights please contact us at firstname.lastname@example.org. We will take measures to verify your identity which we will do by reference to copies of acceptable identification documentation supplied by you.
We will endeavour to respond to your request within a month. If we are unable to deal with your request within a month we may extend this period by a further two months and we will contact you and explain why.
Consequences of not providing information
All data communicated by the interested party or sent while registering for an event is indispensable for the provision of the requested services. Your personal identification data and email address are, therefore, obligatory, as strictly connected to the nature of the required services. It follows that the consent to the processing of data is mandatory and any refusal would put us in the conditions of not being able to execute the requested services. Furthermore, the processing is necessary for compliance with a legal obligation to which the controller is subject, as specified in point b.