Art 13 and 14 EU Reg 2016/679 (GDPR)
This page describes the methods of processing of personal data carried out through this website with reference to the processing of personal data of the users who consult it and/or interact with the web services provided through the site itself. Following consultation of this site or the request for web services, data relating to identified or identifiable persons may in fact be processed.
1. DATA CONTROLLER and DATA PROTECTION RESPONSIBLE (DPO)
The Data Controller of the data processing carried out through the site, with the exclusion of subsequent processing carried out by the parties outside of this site, is:
Opera Universitaria - via della Malpensada 82/A 38123 Trento
The Data Protection Officer (DPO) can be reached at the following contact details email@example.com
2. TYPES OF DATA PROCESSED, PURPOSE AND LEGAL BASIS FOR PROCESSING
2.1 Data provided voluntarily by the User for requested Services
If the user, in order to access the services/information offered, voluntarily provides some of his or her personal data, collected through special forms on the site, this action involves the acquisition of such data by the Data Controller in order to provide the services requested. In particular:
User registration and request at accommodation or insertion of accommodation - structure evaluation and relationship: identification data such as name, surname, email address are collected, as well as additional optional personal information relating to the User to allow the request for information to be processed;
Sending communications relating to the requested services: periodic communications can be sent inviting you to review the services on the portal;
Statistics: some data collected from users (such as nationality) are used for statistical analysis, only and exclusively in aggregate form.
Some of the requested data are necessary for the provision of the service and they are indicated with an asterisk. Other data are purely optional and can be entered by the User to allow a more complete and personalized service or, with prior consent in the cases provided for by current legislation, to receive informative and commercial communications or personal interests and information or habits or consumption choices.
The purposes of the processing are therefore, depending on the services requested: execution of the service requested by the User by filling in the forms on the site; communication with users regarding the requested service and the request for service evaluation; prevention of fraud and abuse to the detriment of the site.
The legal basis for the processing is the fulfilment of contractual obligations if and insofar as requested by the User as well as the legitimate interest of the owner in sending communications related to the service provided.
Specific summary information and requests for consent, if necessary, will be progressively reported or displayed on the pages of the site set up for particular services on request.
2.2 Navigation data
In addition to what is set out below in relation to cookies, the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow the Users to be identified.
This category of data includes IP addresses or the domain names of the computers used by Users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User's operating system and computer environment.
This data is used to obtain anonymous statistical information on the use of the site and to check that it is functioning correctly.
The data could be used to identify responsibility in the event of possible computer crimes against the site.
The site uses Google Analytics, a web analysis service provided by Google, Inc. ("Google").
The purposes of the processing of such data are therefore: to enable the operation of the site and the performance of the services requested by the User; to monitor and improve the operation of the site; to obtain and use statistical information on the use of the site; to ascertain liability in the event of hypothetical computer crimes.
The legal basis for the processing of such data is therefore the legitimate interest of the owner in the performance and improvement of the site services provided.
2.3 Cookies and tracking
A cookie and similar technologies are small pieces of information used to store technical and/or personal details on the computer, identify Users of a service and enable certain functionalities. These cookies are used by the Data Controller and its partners for technical, statistical and/or profiling reasons.
The legal basis for the processing is therefore the legitimate interest of the holder in the case of technical cookies and the consent of the data subject in the case of profiling cookies.
For further information on the cookies used by the Services and how to refuse them, please visit the Technical Cookies Policy accessible HERE.
3 COMMUNICATION OF DATA TO THIRD PARTIES
3.1 Data provided voluntarily by the User
The personal data provided by the User are managed by the internal subjects of the Data Controller companies (collaborators and employees) identified above according to their competences and within the scope of their duties and/or any contractual obligations.
Some data may be communicated to: external subjects/companies to whom the communication of personal data is necessary or in any case functional for the execution of the service requested or the management of the contractual relationship with the interested party (consultancy, strategic, IT companies, hosting companies or companies that manage services on behalf of the Data Controllers) in the ways and for the purposes illustrated above.
3.2 Data dissemination
No data deriving from the web services is disseminated, this term being understood to mean giving knowledge of it in any way to an unspecified number of subjects.
4. TRANSFER TO THIRD COUNTRIES
The personal data provided by the User and other types of processed data and browsing data may be processed or transferred to non-EU countries, for the purposes indicated above, in compliance with current regulations on the transfer of data to third countries pursuant to Article 44 et seq. of EU Regulation 2016/670 (GDPR) and current local regulations.
5. PROCESSING METHODS
Personal data are processed using IT tools and in compliance with the confidentiality and protection measures provided for by current legislation. Specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorised access.
6 DATA RETENTION PERIOD
Data provided by the User: The personal data provided by the User are kept for the period necessary to perform the indicated purpose(s) and, if necessary for the fulfilment of contractual, fiscal, legal obligations for the period provided for by the local legislation in force.
7. AUTOMATED PROCESSES
Automated decision-making processes (e.g. cookies) may be carried out for the site's functionalities and/or automated processes aimed at analysing the User's habits, choices, navigation methods, through cookies or third party services, subject to the consent of the interested party as specified below.
8 PROVISION OF DATA AND CONSEQUENCES OF FAILURE TO PROVIDE DATA
Apart from what has been specified for navigation data, the User is free to provide the personal data indicated in the request forms for site services. However, failure to provide the data indicated as compulsory will make it impossible to perform the service requested. Failure to provide the data indicated as optional, on the other hand, could result in the provision of an incomplete service and the impossibility of carrying out the Controller's further activities.
9. RIGHTS OF THE DATA SUBJECTS, RIGHT TO LODGE A COMPLAINT AND WITHDRAWAL OF CONSENT
The subjects for whom the personal data have been collected, according to the methods illustrated in this Policy, have the right at any time to request, if the legal requirements exist, access to their personal data, to rectify, cancel or limit the same, to oppose the processing and to exercise the right to data portability.
The data subject has the right to withdraw at any time any consent given to the processing of his/her data, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.
It should be remembered that once your personal data has been deleted, it can no longer be retrieved and the stored contents will also be permanently deleted. The User's personal data will also be deleted when they are no longer required for the purposes for which they were originally collected.
To exercise the rights provided for by the regulations in force regarding the protection of personal data and to know the complete list of External Data Processors appointed for each area and activity or to obtain information regarding the transfer of data to non-EU countries and relative guarantees, you may write to firstname.lastname@example.org.
We will respond to your request as soon as possible, in any case within a maximum of 30 days.
You also have the right to lodge a complaint with a supervisory authority regarding the processing of your data, in particular in the member state where you usually reside or in the member state where you work or where the alleged infringement took place.
10. MINORS, TRUTHFULNESS OF DATA ENTERED AND USER OBLIGATIONS
This Site does not direct its Services to children and minors, as understood by local law.
We reserve the right, in any case, to contact the User and verify the fulfilment of these requirements and, in the event of failure to do so, the right to interrupt or suspend the services provided.
Last update date: 12/07/2021