Privacy policy - english version

The General Data Protection Regulation (EU Regulation 2016/679), hereinafter referred to as "GDPR", concerning the protection of natural persons with regard to the processing of Personal Data, provides for the protection of natural persons with regard to the processing of personal data as a fundamental right.

Pursuant to Article 13 of the GDPR, it is informed that the personal data (hereinafter referred to as "Data") provided to the University of Urbino Carlo Bo (hereinafter "University") will be processed solely for institutional purposes. The following information is made available regarding the processing of personal data of users who visit the University of Urbino Carlo Bo's Portal.

Last update: February 14, 2023

Data Controller and Data Protection Officer

The Data Controller is the University of Urbino Carlo Bo, represented by its Legal Representative, the Rector.

The contact details of the Data Controller are: Via A. Saffi, 2 – 61029 Urbino (PU) - Italy – Phone: 0722 305343 – e-mail: rettore@uniurb.it PEC: amministrazione@uniurb.legalmail.it

The contact details of the Data Protection Officer (DPO) are: Via Veterani, 36 - 61029 Urbino (PU) - Italy - Phone: +39 0722 305234 - e-mail: rpd@uniurb.it PEC: rpd@uniurb.legalmail.it

Subject of Processing

These are the browsing data collected by the University of Urbino Carlo Bo. The IT systems and software procedures used to operate the Portal acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols (e.g., personal data acquired through access logs). These data are processed for the technical management of the website and for the collection of analytical data on related traffic.

Purposes of Processing

The data collected are used exclusively for the University's institutional activities for the following purposes:

1. to allow navigation of the University Portal (www.uniurb.it) and the sites with URLs in the form *.uniurb.it;
2. to provide the user with the requested information and services (specific information is provided on the portal pages designed for particular requested services);
3. to obtain anonymous statistical information on the use of the University Portal or related services, to monitor its proper functioning, to perform security support activities, and to identify actions for improvement (for browsing data);
4. to comply with legal obligations, to comply with orders from Public Authorities, to ascertain any responsibilities in the event of hypothetical computer crimes against the site or its users.
5. to protect systems and ascertain any responsibilities in the event of hypothetical computer crimes against the Portal or its users.

Legal Basis of Processing

The Portal complies with legal obligations concerning information on the administration's activities, pursuant to Article 6, paragraph 1, letter c) of the GDPR and the execution of a task carried out in the public interest or in the exercise of official authority vested in the data controller, pursuant to Article 6, paragraph 1, letter e) of the GDPR, and additional obligations of collaboration with law enforcement.

The applicable regulations include Legislative Decree no. 82/2005 – Digital Administration Code (CAD) and subsequent amendments (in particular Article 53), Law no. 69/2009 which provides for the legal publicity of public administration and the "Official Register" section, and Legislative Decree no. 33/2013 which governs the "Transparent Administration" section.

For the anonymous collection of statistical data through third-party technical/analytical cookies, as well as for the display of third-party content that potentially uses profiling cookies (search results on the Portal), explicit user acceptance is required.

Therefore, by denying consent to the use of third-party cookies, neither anonymous statistical data on the use of the Portal will be collected, nor will third-party content that could potentially use profiling cookies be displayed. Instead, a notice will be shown and the option to give consent will be provided, allowing immediate content viewing.

At any time, by selecting the appropriate button on the page dedicated to cookie usage information, it is possible to give or deny consent to the use of third-party cookies.

Processing Methods

Personal data are processed using manual, IT, and telematic tools suitable for ensuring data security and confidentiality.

Specific security measures are observed to prevent data loss, illegal or incorrect use, and unauthorized access in full compliance with Article 32 of the GDPR.

The processing relates to the aforementioned purposes and respects the GDPR guidelines in Articles 5 to 11, adhering to the following principles as stated by the GDPR:

• lawfulness, respecting the consents given
• data minimization, using only the minimum necessary data for the purpose for which they were collected
• limitation to the aforementioned purposes
• security, ensuring the application of security measures as per international standards and best practices
• accuracy, using tools to keep data accurate
• integrity, adopting best data management practices to minimize errors

Log file extractions (related to activities performed through the service) may be carried out through cross-checks and processing of such data to identify those responsible for abuses and/or illegal activities conducted by the data subjects or third parties.

During user interaction with web services involving authentication, basic access information to the individual service and session information structured in accordance with the W3C standard format is logged.

Use of Cookies

The University Portal employs a technology called "cookies", small text fragments that the website sends to the user's browser, to be stored and retransmitted to the same site on the next visit.

Through cookies, it is possible to collect information about the user visiting a website (e.g., date, time, pages visited, time spent on the site), some of which may be personal data and thus subject to specific legal regulations.

The Portal uses cookies:

• Necessary: Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the site. The website cannot function properly without these cookies.
• Preferences: Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region you are in.
• Statistics: Statistic cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.
• Marketing: Marketing cookies are used to track visitors across websites. The intent is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

Registration and management of tracks/routes are performed in ways that make the data unidentifiable. Cookies are not used to transmit personal information, nor are user-tracking systems used.

For more information on the types of cookies used, their purposes, and how to disable them, please refer to the dedicated section on cookie usage information.

Third Parties

The University Portal (www.uniurb.it) and the sites with URLs in the form *.uniurb.it use "third-party" content and services due to the embedding of external resources or the implementation of technologies that can expand its functionality and improve user navigation experience.

Therefore, during navigation, some technical and/or profiling cookies may be sent by third parties to the users' terminals, without the Data Controller being aware of them or being able to intervene.

Categories of Subjects Authorized to Process and to Whom Data Can Be Communicated or Who Can Know the Data as Controllers or Authorized Personnel

Users' personal data will be known and processed, in compliance with current regulations, by internal staff responsible for managing the portal, authorized to process the data to fulfill their duties and to meet user requests.

The Data Controller may communicate the data for the aforementioned purposes to Supervisory Bodies, Judicial Authorities, and all other subjects to whom communication is mandatory by law to fulfill the stated purposes.

Outside the aforementioned cases, personal data are not communicated or disclosed to third parties for any reason. Personal data will not be transferred to third countries or international organizations.

Data Retention Period

Depending on the different purposes and goals for which they were collected, the data will be retained for the period provided by the relevant legislation or for the time strictly necessary to achieve the purposes. Navigation data collected by the University of Urbino Carlo Bo, aimed at the management of telematic services and statistical analysis, are retained for a maximum of 12 months.

Data Subject Rights

As a data subject, you have the right to request from the University, as the Data Controller, pursuant to Articles 15, 16, 17, 18, 19, and 21 of the GDPR:

• access to your personal data and all information referred to in Article 15 of the GDPR;
• correction of inaccurate personal data and integration of incomplete data;
• deletion of your data, except for those contained in documents that must be mandatorily retained by the University and provided there is no overriding legitimate reason for processing;
• restriction of processing where one of the conditions referred to in Article 18 of the GDPR applies.

You also have the right:

• to object to the processing of your personal data, subject to the necessity and mandatory nature of the processing for the establishment of the relationship;
• to withdraw consent given for non-mandatory data processing, without affecting the lawfulness of processing based on consent before its withdrawal.

Exercising Your Rights

You can exercise all the above rights by sending an email to the Data Protection Officer at the following email address: rpd@uniurb.it PEC: rpd@uniurb.legalmail.it

Complaint

As a data subject, you also have the right to file a complaint with the Data Protection Authority pursuant to Article 77 of the GDPR, following the procedures outlined at: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524 or to seek appropriate judicial remedies (Article 79 of the Regulation).

Changes to Information

This information may be subject to changes over time. It is advisable, therefore, to ensure that the version referred to is as up-to-date as possible by accessing the Privacy section of the University web portal www.uniurb.it.