(hereinafter generically “site”)
Pursuant to Article 13 of EU Regulation no. 2016/679 (hereinafter the “Regulation”), the methods for processing the personal data of users who consult this website, accessible electronically at the address www.terzamissione.unina.it, are reported. This information does not apply to other sites, pages or online services that can be reached via any links published on this site.
DATA PROCESSING HOLDER AND UNIVERSITY DATA PROTECTION MANAGER
- The Data Controller is the University of Naples Federico II, with registered office in Corso Umberto I n. 40 – 80138 Naples, in the persons of the Rector and the General Manager, in relation to the specific legislative and statutory provisions. For contacts relating to problems relating to the processing of personal data: Email: email@example.com PEC: firstname.lastname@example.org
- The Data Protection Officer (DPO) can be reached at the following address: University of Naples Federico II Corso Umberto I n. 40 – 80138 Naples. Email: email@example.com PEC: firstname.lastname@example.org.
PURPOSE OF THE PROCESSING AND LEGAL BASIS
The personal data collected during the process of using the services are used exclusively for the pursuit of the institutional and disclosure purposes explicitly defined on this site.
The legal basis for the processing of personal data is represented by the execution of a task of public interest or connected to the exercise of public authority vested in the University, pursuant to art. 6, par. 1, lett. e) of the 2016/679 European Regulation. For registration and participation in events with the help of online platforms, the legal basis for the processing of personal data is represented by the express consent of the interested party to the processing of their personal data, through the voluntary act of use of this website and / or third party services (eg EventBrite, Linkedin, Microsoft Teams, Google Forms) pursuant to art. 6, par. 1, lett. a) of the 2016/679 European Regulation.
OBJECT OF THE TREATMENT AND OBLIGATORY PROVISION OF THE PROVISION
The personal data being processed are those provided by the user concerned during the registration procedure for the event with the help of forms on the site and / or those offered by third-party online service platforms (eg. EventBrite, Linkedin, Microsoft Teams, Google Forms).
In cases where the user is requested to fill in an online form and the collection of personal data is envisaged (online contact forms, subscription to services, etc.), in order to allow the data subject to be aware that he or she provides his data, the information for the processing of personal data is always shown with the relative checkbox for viewing, with the link to the page that indicates the purposes of the processing and specifies the use of the data collected, as well as providing all the information required by legislation on the processing of personal data.
It should be noted that, in some cases, based on the service requested, the user may be directed to the use of third-party services external to this site (eg. EventBrite, Linkedin, Microsoft Teams, Google Forms).
Personal data may be processed by employees or collaborators of the Data Controller who, operating under the direct authority of the latter, are appointed as authorized for the processing and receive adequate training and operating instructions in this regard.
METHOD OF TREATMENT
The personal data collected by the structures of the Federico II university assigned to this, are processed manually, on paper and mainly computerized, and inserted in paper and / or computerized archives.
Processing using IT and telematic tools is suitable for guaranteeing the security and confidentiality of the data. The collection and use of personal data takes place in compliance with the principles of:
- lawfulness, correctness and transparency;
- purpose limitation;
- data minimization;
- limitation to conservation;
- integrity and confidentiality, pursuant to art. 5 of EU Regulation 2016/679, in such a way as to guarantee its security and protect the confidentiality of the interested party.
These data will not be the subject of any fully automated decision-making process or any profiling processing. The data may be processed anonymously for the performance of statistical activities aimed at improving the services offered.
For the computerized management of data, the Federico II university can make use of third parties who guarantee the adoption of technical and organizational measures adequate to meet the requirements of EU Regulation 2016/679 and the protection of the rights of the interested party. These parties are appointed as Managers of the individual treatments pursuant to art. 28 of EU Regulation 2016/679.
Personal data may be processed by employees or collaborators of the Data Controller who, operating under the direct authority of the latter, are appointed as authorized for the processing and receive adequate training and operating instructions in this regard. In particular, they will be treated by the technical-administrative and teaching staff in relation to the different activities envisaged by the relevant treatments.
The University may communicate the personal data in its possession if the communication is compulsorily required by community provisions, laws or regulations. For these purposes only, personal data may also be disclosed to public entities entitled to request such data, such as the judicial and / or public security authorities .
Personal data may also be disclosed to public authorities or private entities where teaching or research or internship activities relating to the chosen study path could be carried out .
The personal data of the interested party could be shared by the University of Naples Federico II with external subjects and third parties, for example organizers of independent events or organizations and associations connected to the University (for example to individual Departments). The University can receive information on the interested party from foundations, associations and institutions that are connected to the initiatives and missions of the University. These independent third parties will send personal data only if the interested party has clearly indicated their consent to participate in the various initiatives.
In this case, the processing of data of the interested parties will refer to the third parties and external services involved.
The University could make use of the support of external suppliers for the provision of some services necessary for the technical-administrative, logistical and organizational management that could become aware of the personal data of the users concerned, for the sole purpose of the requested service and which in any case would be previously authorized as external data processors; in these cases the data will be deleted at the end of the event for which they are used.
DATA RETENTION TIME
The data will be stored both in paper archives and in electronic archives for the time strictly necessary to achieve the purposes offered by the services provided by the site and in any case, following the exhaustion of these purposes, up to a maximum of 12 months.
As regards the deletion of any data collected by third party services, please refer to the respective policies of their websites.
TRANSFER TO NON-EU COUNTRIES
The University does not transfer the personal data in question to third countries or to international organizations. Any transfer of personal data by the University will be made to the non-EU country where an adequacy decision has been adopted by the European Commission pursuant to art. 44 and 45 EU Regulation 2016/679.
If there is no such adequacy decision, the transfer of personal data to a non-EU country will be carried out only following the release of the explicit consent of the interested party referred to in art. 49, paragraph 1 of EU Regulation 2016/679. Some IT platforms used for the use of the services offered, in particular those relating to third party services, may involve the transfer of personal data to a third country outside the EU , as in the case of use of web and “cloud” services.
Users are therefore invited to view the individual sites of third party services regarding their respective privacy and data processing policies.
RIGHTS OF THE INTERESTED PARTY
The data subject has the right to request the University of Naples Federico II as the Data Controller, pursuant to art. from 15 to 22 of EU Regulation 2016/679:
- access to personal data and to all information referred to in art. 15 of the 2016/679 EU Regulation; – the rectification of their inaccurate personal data and the integration of incomplete ones;
- the cancellation of their data (the so-called “right to be forgotten”), with the exception of those contained in documents which must be kept by the University;
- the limitation of processing where one of the hypotheses referred to in art. 18 of the 2016/679 EU Regulation; – the opposition to the processing of their personal data, except as provided for with regard to the necessity and obligation of data processing in order to use the services offered;
- the revocation of any consent given for non-mandatory data processing, without prejudice to the lawfulness of the processing based on the consent given before the revocation;
- the portability of data, where the conditions are met, in the event that the legal basis of the processing is consent, also for the purpose of communicating such data to another Data Controller.
METHOD OF EXERCISE OF RIGHTS FOR PARTICIPATION IN THE ACTIVITIES EXPOSED ON THIS SITE
To exercise the rights to protect their personal data, the interested party can contact the Data Controller in the person of the Rector and the Data Protection Officer, using the following contacts:
- Data controller : Email : email@example.com PEC : firstname.lastname@example.org
- Data Protection Officer (DPO): Email : email@example.com ; PEC : firstname.lastname@example.org
The interested party has the right to lodge complaints with the Guarantor Authority for the Protection of Personal Data if he deems that the processing of data concerning him does not comply with the provisions in force pursuant to art. 77 of EU Regulation 2016/679.