This page describes the methods of processing personal data carried out through this website with reference to the processing of personal data of users who consult it and/or interact with the web services provided through the site. As a result of consulting this site or requesting web services, data related to identified or identifiable persons may be processed.
The data controller of the data processed through the site, excluding subsequent processing carried out by third parties outside of this site, is: Opera Universitaria – via della Malpensada 82/A 38123 Trento
The Data Protection Officer (DPO) can be reached at the following contact details: dpo@operauni.tn.it
2.1 Data voluntarily provided by the User for Requested Services
If the user voluntarily provides certain personal data through specific forms on the site to access the services/information offered, such action involves the acquisition of these data by the Data Controller to provide the requested services. In particular:
User Registration and Request at Accommodation Facilities or Insertion of Accommodation Facilities – Structure Evaluation and Report: Identification data such as name, surname, email address, and other optional personal information related to the User are collected to fulfill the request for information.
Sending communications related to the requested service: Periodic communications may be sent, inviting the user to review the service on the portal.
Statistics: Some data collected from users (such as nationality) are used solely and exclusively in an aggregated form for statistical analysis.
Some of the data requested in the forms are necessary for the service provision and are marked with an asterisk. Other data are optional and may be provided by the User to enable a more complete and personalized service or, with prior consent where required by applicable law, to receive informational and commercial communications or to analyze interests, personal information, habits, or consumption choices.
The purposes of the processing are, therefore, depending on the requested services: execution of the service requested by the User through the completion of the site’s forms; communication with users regarding the requested service and service evaluation request; prevention of fraud and abuse to the detriment of the site.
The legal basis of the processing is the fulfillment of contractual obligations if and as required by the User, as well as the legitimate interest of the Data Controller to send communications related to the service provided.
Specific summary information and potential consent requests, if necessary, will be progressively presented or displayed on the pages of the site prepared for particular services upon request.
2.2 Browsing Data
In addition to what is described below regarding cookies, the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
These are information that is not collected to be associated with identified subjects, but which by their nature could, through processing and association with data held by third parties, allow the identification of Users.
This category of data includes IP addresses or domain names of computers used by Users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the operating system and computing environment of the User.
These data are used to obtain anonymous statistical information about the use of the site and to check its correct functioning.
The data may be used to identify responsibilities in the case of potential cybercrimes against the site.
The site uses Google Analytics, a web analysis service provided by Google, Inc. (“Google”).
See the Google cookie policy for Google Analytics.
The purposes of the processing for such data are: enabling the site to function and performing the services requested by the User; monitoring and improving the site’s functioning; obtaining and using statistical information about the site’s usage; determining responsibility in the case of potential cybercrimes.
The legal basis of the processing of such data is, therefore, the legitimate interest of the Data Controller for the performance and improvement of the site’s services provided.
2.3 Cookies and Tracking
A cookie and similar technologies are small fragments of information used to store technical and/or personal details on the computer, identify Users of a service, and enable certain functionalities. These cookies are used by the Data Controller and its partners for technical, statistical, and/or profiling purposes.
Upon the first access to the site, it is possible to accept profiling cookies or consult the Cookie Policy. It is also possible to configure the browser to deny cookie acceptance in principle or to receive a notification before a cookie is stored.
The legal basis of the processing is, therefore, the legitimate interest of the Data Controller for technical cookies and the consent of the data subject for profiling cookies.
For more information on cookies used by the Services and how to reject them, visit the Technical Cookie Policy accessible HERE.
3.1 Data Voluntarily Provided by the User
The personal data provided by the User are managed by internal personnel of the Data Controller’s companies (collaborators and employees) as identified, according to their responsibilities and/or contractual obligations.
Some data may be communicated to external parties/companies to whom the communication of personal data is necessary or functional for the execution of the requested service or the management of the contractual relationship with the data subject (consulting companies, strategic, IT companies, hosting companies, or those managing services on behalf of the Data Controllers) in the ways and for the purposes described above.
3.2 Data Disclosure
No data derived from web services is disclosed, with “disclosure” meaning making the information known in any way to a plurality of indeterminate subjects.
The personal data provided by the User and other types of data processed, including browsing data, may be processed or transferred to non-EU countries for the purposes indicated above, in compliance with the current regulations on data transfer to third countries under Articles 44 and following of EU Regulation 2016/670 (GDPR) and local legislation.
Personal data are processed using computer tools and in compliance with confidentiality and security measures provided for by the current regulations. Specific security measures are taken to prevent data loss, illegal or incorrect use, and unauthorized access.
Data provided by the User: The personal data provided by the User are stored for the period necessary to fulfill the purposes indicated and, if necessary, for compliance with contractual, fiscal, and legal obligations for the period required by local legislation.
Automated decision-making processes (e.g., cookies) may be carried out for the site’s functionalities and/or automated processes aimed at analyzing the habits, choices, and browsing modes of the User, through cookies or third-party services, with the consent of the data subject as specified below.
Apart from the browsing data, the User is free to provide the personal data indicated in the service request forms on the site. However, failure to provide the mandatory data will prevent the requested service from being carried out. Failure to provide optional data could result in the provision of an incomplete service and the impossibility of carrying out the Data Controller’s further activities.
Data subjects whose personal data have been collected according to the methods outlined in this Policy have the right, at any time, to request access to their personal data, rectification, deletion, restriction, objection to processing, and the exercise of the right to data portability, provided the legal grounds exist.
The data subject has the right to withdraw consent at any time, without affecting the lawfulness of the processing based on the consent before its withdrawal.
It is important to note that once personal data is deleted, it cannot be recovered, and any stored content will be permanently erased. The personal data of the User will also be deleted when they are no longer necessary for the purposes for which they were originally collected.
To exercise the rights provided by the applicable data protection regulations and to obtain the full list of External Data Processors appointed for each area and activity, or to obtain information on the transfer of data to non-EU countries and related guarantees, the User can write to operauniversitaria@pec.operauni.tn.it
We will respond to your request as soon as possible, in any case within a maximum of 30 days.
The data subject also has the right to file a complaint with a supervisory authority for data processing, particularly in the member state of habitual residence or the state where the data subject works or where the alleged violation occurred.
This site does not target its services to children or minors, as defined by local law.
By registering for a service and accepting this privacy policy, the User confirms that they meet the age requirements in their country to enter into a contract or request the provided services. Additionally, the User confirms that they have previously obtained parental/guardian consent where applicable.
We reserve the right to contact the User to verify the possession of these requirements and, in the absence of these, the right to interrupt or suspend the provided services.
This Privacy Policy will be updated periodically in the event of changes to the processing or services provided or compliance with regulatory requirements. Please consult this page frequently, referring to the last update date provided at the bottom.
Last updated: 12/07/2021