In compliance with article 13 of the Regulation (EU) 2016/679 (GDPR)
This information is provided pursuant to article 13 of the European Regulation 2016/679 (GDPR), with reference to the processing of personal and navigation data, to those who interact with the web portal www.protech-jeanmonnet.eu, corresponding to the web portal of the Jean Monnet Chair Eramsus + Programme “European Protection Law of Individuals in relation to New Technologies” (PROTECH) held at the Università degli Studi Suor Orsola Benincasa di Napoli (Law Department).
This information describes the management methods of the web portal in relation to the processing of personal data of users who consult it, who choose to register and who use online services, and refers only to the web portal and not to other websites possibly consulted by the user through links. The presence of the information link in the footer ensures that the user is in the web portal www.protech-jeanmonnet.eu
Consulting the portal may involve the processing of data relating to identified or identifiable people. Registration on the portal and subscription to online services give rise to the processing of personal data.
1. Data controller
The Data controller is the Università degli Studi Suor Orsola Benincasa di Napoli (hereinafter “UNISOB”), in the person of the Rector, Prof. Lucio d’Alessandro, with legal address in Via Suor Orsola, no. 10 – 80135 Naples, email: firstname.lastname@example.org, PEC: email@example.com.
2. Data protection officer (DPO)
The Data Protection Officer (DPO), to whom you can contact to exercise the rights referred to in articles 15 to 22 of the GDPR and /or for any clarifications regarding the protection of Personal Data, is the Lawyer Riccardo Imperiali, reachable by e-mail (firstname.lastname@example.org).
3. Type of data collected
3.1 Consultation of the web portal: navigation data
During their normal operation, the IT systems and application procedures used to operate the portal acquire some personal data whose transmission is implicit in the use of communication protocols on the Internet.
This information is not collected to be associated with identified interested parties but, by their nature and through associations with data held by third parties, they can allow identification of users.
Fall into this category, for example:
– IP addresses;
– the domain names of the systems used by users to connect to the portal;
– the addresses in URI (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and IT environment.
Cookies are divided into “technical”, “analytical” and “profiling”. Then, all cookies can be divided in “First- party” and “third-party” cookies.
“First- party” and “third-party” cookies
The portal uses “First-party” cookies. “First-party” cookies, in essence, are cookies set by the same website visited by the user, that is the site displayed in the URL window: in our case, the cookies set by the site of the Jean Monnet Chair PROTECH (www.protech-jeanmonnet.eu).
The portal also uses “Third-party” cookies. “Third-party” cookies are cookies that are set by a domain other than the one visited by the user: that is, cookies which are set by websites other than www.protech-jeanmonnet.eu. We therefore recommend that users read the privacy policies on the other websites visited through the links indicated below. We wish to underline how the University does not receive any information from the respective third party service providers or dealers, relating to data that may be recovered from them. In some cases, only aggregate, and therefore anonymous, statistics will be provided, which are necessary only for the accounting of third-party services purchased by us.
Third-party cookies are cookies from other websites (such as Facebook, Twitter, YouTube or LinkedIn) or from advertising circuits (Google AdSense, etc.) that can be sent to the user’s device following navigation on the portal.
“Technical”, “Analytical” and “Profiling” cookies
The portal uses technical cookies, which are in no way used for user profiling activities and do not allow the collection of personal information relating to users. This type of cookies has the sole purpose of ensuring the transmission of communication between the user and the portal on the Internet and to the extent strictly necessary to provide the service offered in completeness and in the best quality conditions. The cookie-related data generated directly from the portal are in Italian territory, compatibly with the location of the servers of our hosting service provider. Cookie-related data are managed only within the site itself and are not transferred to third parties
The technical cookies are distinguished in “session” and “persistent”: both are stored on the user’s device but the former is eliminated when the browser is closed, while the latter remains stored until they expire.
The portal uses “session” cookies for the functioning of navigation within the pages, such as for example allowing authentication to restricted areas or memorizing temporary user preferences; these cookies are deleted once the browser is closed.
The use of so-called session cookies (which, in any case, are not stored permanently on the user’s computer and are automatically deleted as soon as the browser is closed) is strictly limited for the purpose of data (consisting of numbers random generated by the server) that identify the specific session and are necessary to allow safe and efficient exploration. The so-called session cookies used on this portal avoid the use of other IT techniques that are potentially detrimental to the confidentiality of users’ browsing on the net.
The portal in some cases also uses “persistent” cookies, to store the user’s choices relating, for example, to the language or type of device.
Persistent cookies are stored on users’ devices between distinct browser sessions and allow you to remember user actions on a site. Persistent cookies can be used for a variety of purposes, including remembering users’ preferences and choices when using a site (or in some cases through different websites).
There are first-party and third- party analytical cookies on the portal.
Analytical cookies collect information in aggregate form on the number of users and how they use the website. The information collected by these types of cookies is made anonymous and unable to monitor your browsing activity on other websites.
With regard to third-party analytical cookies, tools are used that reduce the identifying power of cookies and the third party does not cross the information collected with others it already has.
There are third-party profiling cookies on the portal.
Profiling cookies are those that allow to create a personal profile of the browser based on user’s behavior, which are used in order to send advertising messages in line with the preferences expressed by the same in the context of surfing the net
4. Purpose of the processing
Your personal data will be processed in compliance with the principles of lawfulness, correctness, transparency, adequacy, accuracy and in general within the limits of GDPR only for the purposes related to the execution of the following purposes:
- To obtain anonymous statistical information on the use of the portal;
- to check the correct functioning of the portal;
- to send electronic communications and newsletters to the e-mail address provided by the user and with his consent
- to act in compliance with any other legal obligation not included in the previous purposes.
This information could also be used to ascertain responsibility in the event of hypothetical computer crimes against the portal itself or University. The communication of data can only be carried out following a request by the Judicial Authority in accordance with the law.
5. The lawful basis for processing
Università degli Studi Suor Orsola Benincasa di Napoli is the data controller and responds only for its own cookies, i.e. “first-party” cookies; “third-party” cookies fall under the ownership of the respective companies. The University is not responsible for the data processing carried out by these sites.
5.1. Consent for cookies
Some cookies are strictly necessary for the correct functioning of the site and do not require the user’s consent, such as those to ensure that the content of a page is loaded quickly and effectively, the distribution of the workload between different computers or those aimed at ensuring safety.
Other cookies are reasonably necessary or important, but they are not strictly indispensable and, therefore, require the user’s consent, such as analytical cookies or profiling cookies.
The portal uses third-party profiling cookies and is required to ask the users to consent to these cookies used through specific methods, such as the insertion of banners.
How to refuse fist-party cookies (technical o analytical)
By using the portal, without changes to the browser the configurations relating to the deactivation of cookies, the user accepts that all cookies, including those of third parties, can be installed on their device.
Visit the website http://AboutCookies.org for more information on cookies and how they affect your browsing experience.
The links to the producers’ websites of the most popular browsers that explain how to deny the consent to cookies are provided below:
– Microsoft Internet Explorer: https://support.microsoft.com/fil-ph/help/17442/windows-internet-explorer-delete-manage-cookies
– Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
– Google Chrome:
– Apple Safari: https://support.apple.com/et-ee/guide/safari/sfri11471/mac
How to refuse third-party cookies (analytics or profiling)
Since the portal is not able to govern the cookies issued by other sites, to obtain information about these cookies, their characteristics and how they work and to give or deny their specific consent, you must contact the sites that issue the cookies directly.
To obtain information on third-party cookies, you can contact:
- Google: https://tools.google.com/dlpage/gaoptout?hl=en
- Yahoo: https://info.yahoo.com/privacy/it/yahoo/cookies/
- Youtube: http://www.google.com/policies/privacy/
To obtain information on third-party cookies collected through social network plug-ins:
- Facebook information: https://www.facebook.com/help/cookies/
- Facebook (configuration): access your account. Privacy section.
- Twitter information: https://support.twitter.com/articles/20170514
- Twitter (configuration): https://twitter.com/settings/security
- Linkedin information: https://www.linkedin.com/legal/cookie-policy
- Linkedin (configuration): https://www.linkedin.com/settings/
5.3. Voluntary provision of data
The optional, explicit and voluntary sending of e-mails, messages or any type of communications addressed to the addresses indicated on this portal entails the subsequent acquisition of the sender’s address or any other personal data that will be used to respond to requests. It ensures that this processing will be based on the principles of lawfulness, correctness, transparency, adequacy, relevance and necessity referred to in art. 5, paragraph 1 of the GDPR.
5.4. Optional provision of data
Apart from what is specified for cookies and browsing data, the user is free to provide the personal data contained in the forms on the portal sites to request the sending of informative material, other communications or to access specific services. The absence of this personal data can make impossible to obtain what is requested.
6. Data processing methods
The processing will be carried out by paper and IT tools, exclusively by authorsed persons, according to the specific purposes of the services requested and subscribed.
Personal data will be processed and stored on remote servers managed by industry-leading providers that ensure compliance with high protection standards regarding the processing of personal data.
Personal data are processed both manually and with automated tools for the time strictly necessary to achieve the purposes for which they were collected.
Specific security measures in compliance with art. 32 GDPR are observed to prevent data loss unlawful or incorrect use and unauthorised access to personal data.
For the mentioned processing, the University can avail itself of the help of external companies, consultants, consortia, suppliers of software and operating services, through identified and appointed personnel, within the scope of the intended purposes and in order to guarantee maximum safety and confidentiality of data.
This could lead to a transfer of personal data outside the European Union. In particular, the personal data will be transferred to the Mailchimp company (https://mailchimp.com/legal/privacy/) which provides the email management services to the Data Controller. The company adheres and has certified its compliance with the Privacy Shield (https://www.privacyshield.gov/welcome).
7. Recipients of personal data
In no case the personal data will be disseminated, and they will be communicated exclusively to public or private subjects to fulfill legal, accounting and tax obligations. In any case, the communication of data will be limited to what is necessary for the fulfillment of these obligations.
8. Storage of personal data
The personal data will be kept for the time necessary to achieve the purposes referred to in point 4 and in any case, to fulfill the obligations of the Data controller regarding the storage of data and to make the prescription of a possible and hypothetical liability action against the Data controller or a person in charge of data processing.
9. Rights of the data subject
During the processing, the interested party can exercise, at any time, the following rights:
- to obtain confirmation of the existence or otherwise of the same data and, if so, know its content and origin;
- to verify its accuracy of the data or request the correction of inaccurate data, the integration of incomplete data or the updating of old data (right to rectification under article 16 GDPR);
- to obtain the restriction of the processing, if one of the hypotheses provided for by article 18 GDPR occurs;
- to obtain the erasure of personal data concerning him or her without undue delay unlawfully processed, or in the case of one of the other conditions set out in article 17, paragraph 1, GDPR;
- to object in any case, for legitimate reasons, to the processing, or to oppose to the processing in the other cases provided for by article 21 and 22 GDPR;
- withdraw at any time the consent freely given to the processing of personal data for the purposes specified, limited to cases where the legal basis of the processing is consent;
- to receive the personal data being processed in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where such transmission direct is technically feasible (so-called right to data portability, under article 20 GDPR);
Requests relating to the exercise of the aforementioned rights must be addressed to the Data controller via email (email@example.com) or mail to Università degli Studi Suor Orsola Benincasa di Napoli, via Suor Orsola no. 10, 80135 Naples
The data subject may also contact the DPO (firstname.lastname@example.org) for any question on the methods of processing of his or her personal data or on the related rights.
In the event of failure or partial reply by the Data Controller or the DPO to the aforementioned requests, the interested party will have the right to lodge a complaint to the Italian Data Protection Authority (www.garanteprivacy.it) in compliance with articles 77 ff. GDPR.