The following rules about privacy – in accordance with Article 13 of EU Regulation 2016/679 General Data Protection Regulation (GDPR)– are aimed at describing the procedures of collection and use of personal data through this Internet website and are addressed to the users of the web services, which are accessed electronically at the web address: www.myacademic-id.eu related to the home page of the official website of the project MyAcademicID.
Identity and contact details for the Data Controller
The Data Controller is EDUCatt – Ente per il Diritto allo studio universitario dell’Università Cattolica, registered office in Largo Gemelli, 1 Milan, Italy. The Data Protection Officer (DPO) is Mr. Cosimo Calabrese who can be contacted at the following email address: email@example.com
Purposes of the processing and legal basis
Personal data - exclusively of non-sensitive nature - communicated by the interested party will be processed by the Data Controller while they will be visiting the following website areas: “Contact”; “Events”.
In “Contact”, data collection and use are made in order to:
- a. fulfil the requests made by the interested party and provide the requested services. In accordance with Article 6 of GDPR, the legal basis for the data processing is the fulfilment of the services required by the user (point b).
- b. comply with a legal obligation the DPO is subject to; meet the obligations required by the law, by national and European Union regulations or by Authority orders. In accordance with Article 6 of GDPR, the legal basis for the data processing is the compliance with a legal obligation (point c).
In “Events”, data collection and use are made in order to:
- c. enrol the parties concerned to events, meetings, conferences organized during the lifetime of the MyAcademicID project. In accordance with Article 6 of GDPR, the legal basis for the data processing is the fulfilment of the services required by the user (point b).
Apart from this data, freely provided by the user on the website, the browsing data - collected as a result of using our services - may also be processed. In particular:
- - specific information concerning the device used to connect to the Internet (for example, the kind of device, information related to the mobile network, etc.);
- - log info. When using our services or viewing the content provided by the Owner, some information in the server’s logs may be automatically collected and recorded. This information might include: the data related to the way in which our service is used, such as search queries; info related to Internet connection data, like IP addresses and all the other connected data; info on the events generated by the device, system activities, hardware settings, browser type and language, time and date of the queries and of the referring URL; the cookies that might identify the browser and the user’s account uniquely.
All the partners involved in the project could use different technologies to collect and record information when the website is visited and/or a service is used which might require the delivery of one or more cookies or anonymous identifiers to the user’s device.
Types of data processing
The DPO processes the personal data, exclusively of non-sensitive nature, communicated by the interested party while visiting the website areas “Contact” and “Events”, via email or when filling out special forms. The processing of the personal data for the mentioned purposes is done by means of automated or computer-based procedures, in respect of the rules of confidentiality and security provided by law, by the ensuing rules and by internal procedures specially issued. The processing owner undertakes not to disclose the submitted data to unauthorized persons or use it for purposes other than those specified above. This data can be produced only at the request of authorities entitled by law.
Nature of data provision and consequences of consent to treatment
All data communicated by the interested party or sent while registering for an event is indispensable for the provision of the requested services. The users’ personal identification data and their email address are, therefore, obligatory, as strictly connected to the nature of the required services. It follows that the consent to the processing of data is mandatory and any refusal would put the Data Owner in the conditions of not being able to execute the requested services. Furthermore, the processing is necessary for compliance with a legal obligation to which the controller is subject, as specified in point b.
Communication and transfer of data
The data can be communicated to the partners of the MyAcademicID project, to public and private individuals, physical or legal persons (legal, administrative and fiscal offices, computer companies, or others) that must be necessarily informed for the right fulfilment of the purposes of the project, for contractual, administrative and accounting purposes, as to provide the interested parties with a guarantee that they can use and enjoy the website. The data may be communicated to other subjects, when it is provided for or required by law. The personal data is processed inside the territory of the European Union.
Duration of the processing
Personal data will be processed for no longer than it is necessary for the purposes for which the data was collected. In particular, it should be noted that the browsing data will be deleted within two years after its processing. However, a longer period will be possible if it is necessary to retain the data by law or by regulation.
Data Subjects’ Rights
In accordance with GDPR (Articles 13, 15-22), data subjects have the following rights, in particular:
- - to obtain confirmation as to whether or not their personal data is being processed.
- - to access their data and the following information: purposes for the processing, categories of personal data, recipients or categories of recipients, conservation period;
- - to obtain correcting or integrating their personal data if it is incorrect;
- - to obtain cancellation of the data concerning them, in the circumstances laid down in Article 17 GDPR;
- - to withdraw their consent for the information to be processed, without affecting the lawfulness of the processing based on consent before their withdrawal;
- - to obtain that the personal data relating to them is only stored and not used in any other way, in the circumstances laid down in Article 18 GDPR;
- - to obtain a copy of the data concerning them in commonly used electronic format, easily legible and interoperable, where their personal data is processed by electronic means, pursuant to a contract or with their consent.
If the subjects have any queries or comments, or if they want to exercise their rights, they can contact the Owner of the Treatment sending an email to firstname.lastname@example.org.