In accordance with EU Regulation No. 2016/679 –General Data Protection Regulation (GDPR) and with the national legislation, hereinafter referred to collectively as the “Applicable Law”, this policy statement addresses the subject of privacy with regard to the processing of personal data of users of the online web services www.eurac.edu.
This policy is also in conformity with Recommendation n. 2/2001 related to the minimum requirements for online data collection in the European Union, adopted by the European Data Protection Authorities – Working Party of Article 29, Directive No. 95/46/EU on 17 May 2001.
The policy described herein applies solely to the websites of Eurac Research and excludes all other websites that can be accessed via links that appear on the Eurac Research websites. Eurac Research is not responsible for the content or any external links to other websites.
Pursuant to legal provisions, Eurac Research guarantees that the processing of personal data will be performed in consideration of fundamental rights and freedoms as well as the dignity of the data subject, and in accordance with the legislative provisions of the Applicable Law and the confidentiality clauses included therein. In particular, the processing of personal data will be carried out in accordance with the principles of lawfulness, fairness, transparency, accuracy, purpose and storage limitations, data minimisation, integrity and confidentiality.
Precise data protection information about specific services or data processing procedures may be displayed on the corresponding webpages of this website or transmitted directly to the data user.
1. Data Controller and Data Protection Officer
Data Controller: Eurac Research, with headquarters at Viale Druso 1, 39100 Bolzano, in the person of the legal representative pro tempore.
You can contact the DPO under the following e-mail Address: firstname.lastname@example.org
2. Types of Personal Data Subject to Processing
“Personal data” means any information relating to an identified or identifiable natural person (the “Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.
The personal data that may be processed includes browsing data, data provided voluntarily by the data subject and cookies.
A. Browsing Data
The computer systems and software used to run this website during normal operations acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in relationship to the users, but due to its inherent nature, such information could enable the users to be identified via processing and associations with data held by third parties. This category of data includes, for example, the IP addresses or domain names of the users’ computers connecting to the website.
The data is used for the sole purpose of obtaining anonymous statistical information concerning the website’s use and to monitor the website’s proper operation. In certain cases, the data may be used to ascertain liability in a suspected computer crime directed against the website. Other than the aforementioned cases, data on web contacts will not be held beyond the time required to meet requests made of the website. Personal data will not be disclosed to third parties; if requested, however, such data must be made available to the Italian Postal and Communication Police Service, legal authorities and criminal investigation police.
B. Data Provided Voluntarily by Users
The optional, explicit and voluntary sending or transmission of e-mail and/or personal data to the addresses given on the website will entail the subsequent acquisition of the sender’s email address (which is required to respond to requests), as well as any other personal data present in the e-mail. The provision of the information is voluntary, but refusal of such renders the user’s request impossible. This data will only be transmitted to third parties if necessary to the process of responding to the inquiry. The data will not be shared with third parties for marketing or profiling purposes.
C. Cookies and Similar Technologies
Cookies and similar technologies are information stored on websites and apps on the users devices during their first visit to the site. Cookies and related technologies allow websites and apps to remember user actions and preferences (such as login data, the default language, display settings, etc.) so that they will be available in the user’s subsequent visits. These technologies are used to perform IT authentications, session monitoring and to store information about the activities of users who access a service.
The website www.eurac.edu uses “persistent cookies” (small text files that the website temporarily saves directly on the computer) that allow the website to remember, for example, the user’s preferred language or to show other possible versions of the website.
The website may also use third-party cookies, which are cookies from sites or web servers other than this website that are used for purposes of such third parties. For example, “social plugins” such as Facebook, Twitter or Google+ may be present on webpages and are generated and integrated into the host’s page by these sites. The most common use of social plugins is for sharing content on social networks. These plugins transmit cookies to and from all third-party sites. This information from “third parties” is governed by the corresponding regulations, which must be observed. For more information and details about the various types of cookies, their operation and features, see the website www.allaboutcookies.org.
Below are links to webpages that describe the different uses of cookies:
· Facebook configuration: access account, click on ‘Privacy’
WordPress is a CMS (Content Management System) for creating and managing personal blogs. Blog posts are staff of Eurac Research or authorised external authors. A blog is an online journal or informational website displaying information in reverse chronological order, with latest posts appearing first. It is a platform where a writer or group of writers share their views on a subject. Posts may be commented on by other users and the comments may also include the feedback by other users, allowing interesting discussions about the post’s original content.
The data provided by the participants of the blog on registering is restricted to the e-mail address, which is required to receive notification of a post’s publication. When posting a comment, the user must submit their first and last name, which may or may not be published together with the posted comment. The e-mail address is used exclusively for sending news of the site.
The opinions and comments posted by the users and the information and data they contain are used exclusively for the purpose of publication of the blog. In particular, no aggregation or registration in a separate database has been planned. Any processing of personal data undertaken for statistical purposes at a future date would be done anonymously.
While the dissemination of user’s anagraphic data and the data visible in their posted comments may be attributable to the single user’s initiative, we guarantee that no other submission or dissemination of the data is currently foreseen. In any case, the users may exercise their rights according to art. 15 ff. GDPR.
Eurac Research does not deliberately gather or request special categories of personal data, sensitive data or judicial data through the website. All users are encouraged to refrain from supplying these types of data via the Internet.
2. Purpose and Legal Basis for the Data Processing
The personal data provided by using the website will be processed for the following purposes:
- Research or statistical analyses on aggregated or anonymous data (i.e. without identification of the data subject) aimed at measuring the functioning of the website, as well as its traffic, usability and interest;
- Completion of data collection forms for the purpose of receiving newsletters or communications in general via e-mail;
- The performance of a contract to which the data subject is party, or in order to process a data subject’s requests prior to entering into a contract;
- Compliance with a legal obligation to which the controller is subject;
- The establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
The lawful basis for processing Personal Data: a) it does not imply the processing of Personal Data, b) consent, c) performance of a contract, d) and e) legal obligation.
4. Mandatory or voluntary communication of data and possible consequences of a failure to provide it
The provision of personal data is voluntary, but refusal could interfere with the correct use of the services and its legal obligations, thus limiting the full functionality of the website.
5. Recipients of the Data Processed
The recipients of the data are, in addition to the data controller, the data processor (who is formally bound by a data processing agreement), and employees of Eurac Research or persons who have access to personal data and who are in charge of the data processing activities and authorised and instructed to carry out data processing activities by the data controller.
Personal data may be communicated to third parties for the purposes of handling enquiries, including for the sending of emails, analysing the functional capability of the website, executing legal obligations or with prior consent.
6. Transfer of Data
The personal data collected via the services of this website are collected by employees of Eurac Research who have been specifically assigned this role. Alternatively it will be processed by persons who carry out occasional maintenance work on the website and who have also been appointed for this purpose and are bound by confidentiality. To this end, Eurac Research may, in the context of assigning this task, and whilst adhering to the best possible security measures, utilise the help of external companies, consultants, associations, software suppliers and service providers. Some personal data could be transmitted to third countries outside of the EU but only if the transmission of personal data is connected to the performance of the institutional activities of Eurac Research. Eurac Research guarantees that in any case, the electronic or analogue processing of personal data by the recipient shall be in accordance with statutory provisions.
Eurac Research uses Newsletter2Go to send our newsletter to our subscribers. As part of your subscription, your data will be communicated to and processed by Newsletter2Go in its function as Data Processor. Newsletter2Go is a service provided by Newsletter2Go GmbH, Germany. The data that is collected when you register for the newsletter (i.e. email address, full name, IP address, and time and date of registration) will be sent to a server operated by Hetzner Online GmbH in Germany and stored there in accordance with the requirements of the GDPR. For further information about the data protection offered by Newsletter2Go see: https://www.newsletter2go.de/datenschutz/.
7. Retention Period of Personal Data
Personal data will be stored for the time necessary to carry out the purposes for which it was collected. When this period has been reached, the data shall be deleted or made anonymous.
8. Presence of Automated Decision-making Processes
There are no automated decision-making processes.
9. The Data Subject’s Rights
At any time the data subject has the right to request access to their personal data, and to correct or delete that data, or to limit its processing. In addition, the data subject has the right to data portability, as well as the right to lodge a complaint with a supervisory authority. When the data processing is based on consent, the data subject has the right to withdraw that consent at any time. The data subject may also exercise all other rights pursuant to current data protection regulations (art. 15 et seq. GDPR) by writing to the email: email@example.com.