Information on the processing of personal data on the websites of the University portal system

The University of Insubria, data controller, also referred to as "University", informs his own portal system users about the use it makes of their personal data, collected during web browsing, as required by art. 13 of Regulation (EU) 2016/679 (General Data Protection Regulation or “GDPR”; consult).

The University portal system includes the official websites www.uninsubria.itwww.uninsubria.euhttp://intranet.uninsubria.it and the Personal Home Pages (HPP), which have the first part of the address http://hpp.uninsubria.it, and the information only applies to these. 

What is described below does not include other websites that may be accessed by the user via links (hyperlinks).

1. Data Controller and Data Processor

The Data Controller is the University of Insubria, in the person of the Rector, with registered office in Varese (VA) in Via Ravasi, 2.

The Data Processor for the provision of the services of the University Portal system is the CINECA consortium with registered office in Via Magnanelli, 6/3, 40033 Casalecchio di Reno (BO).

2. Data Protection Officer (DPO)

Pursuant to art. 37 et seq. of the GDPR, the University has appointed the Data Protection Officer (DPO), who can be contacted using the e-mail address privacy@uninsubria.it.

 

3. Object of processing

These are information, not collected for being associated to identified data subjects, but that could, through processing and association with data held by third parties, allow to identify users. This category of data includes the IP addresses or domain names of the users’ computers connecting to the site, the addresses in URI (Uniform Resource Identifier) of the requested resources, the request time, the method used to submit the request, the file size obtained in response, the numeric code of the response status given by the server (good end of process, error, etc.) and other parameters related to the operating system and the user’s computer environment.

The management of the University’s portal system employs a technology called "cookies", which helps to understand which part of the website is most frequented, what is their path in the website and how much time have remained in the site. Recording and track/path management activities are performed in ways that make the data unidentifiable. To learn more, we suggest you consult the Cookie Policy.

In order to support statistical process of services’ use, anonymous cookies are used limited to the following registered information: display language, country and city of origin, browser used, operating system, internet service provider, screen resolution. 

The provision of data is optional. If the user does not intend to accept them, he can deny consent of using cookies or following the instructions of the browser producer used. Learn more: Cookie settings

During the filling in of online forms, personal data are requested and used to identify the subject; the data are provided expressly by the user and are optional.

4. Purpose of data processing
  1.  Allow navigation on the site
  2. Provide the information and services requested (specific information is provided on the web pages dedicated to particular services on request).
  3. Obtain anonymous and aggregated statistical information on service use, check the correct service functioning, carry out monitoring activities to support the security of the service and for identifying actions to improve the service (for navigation data).
  4. Fulfill legal obligations and/or comply with orders from public authorities.
  5.  Ascertain liability, in case of possible computer crimes against the site or its users.
5. Legal Basis for Processing

The legal basis for processing of navigation data is the execution of the service requested by the interested subject (art. 6 (1) (b) GDPR). As such, the conferral is necessary to ensure the navigation of the platform and inherent in the use of the same.

The legal basis for cookies depends on the type of cookies involved. Specific information is therefore provided in the specific Cookie policy.

The legal basis for the data provided by the subject who fills the forms on the platform, is the execution of the service requested by the data subject (art. 6 (1) (b) GDPR). Unless otherwise indicated, the provision of this type of data is necessary in order to perform the service requested by the user.

6. Processing methods

Personal data are processed in compliance with the principles of art. 5 of the GDPR, also through manual, IT and telematic tools and, in any case, in order to ensure the security and confidentiality of the data.

Specific security measures are observed to prevent data loss, illegal or incorrect use and unauthorized access, in full compliance with art. 32 of the GDPR.

The processing carried out by the CINECA Consortium, as Data Processor on behalf of the Data Controller, in this case the University of Insubria, is related to the purposes described in point 4 and comply with the GDPR in articles. 5 to 11. In compliance with these principles, as stated in the GDPR: 

  1. lawfulness, respecting the consent expressed by the user;
  2. minimization, that is, the processing carried out uses the minimum of the data necessary for the purpose for which they were collected;
  3. limitation, or processing is limited to the purposes described in point 4;
  4. security, that is, the University of Insubria guarantees the application of the security measures provided by international standards and suggested by the best practices of the sector;
  5. correctness, the University provides the tools to keep the data adherent to reality;
  6. integrity, the University adopts best data management practices, in order to minimize errors in their management, extractions of log files (related to the activities carried out through the service), including through cross-referencing and data processing, may be carried out to identify those responsible for abuses and/or illegal activities carried out by data subjects or third parties,

as part of a user’s interaction with web services belonging to contexts with authentication, basic log information related to access to the single service and session information, structured in accordance with the W3C standard https://www.w3.org/TR/WD-logfile.html 

7. Data retention period

The data will be stored for the time required by the relevant legislation or for that strictly necessary for the pursuit of the purposes described in point 4.
In particular:

  1. the data collected pursuant to art. 2a, aimed at the management of telematic services and statistical analysis, are kept for up to 12 months;
  2. the data collected pursuant to art. 2b and 2c, aimed at statistical analysis and improvement of the services provided, are kept for a maximum of 26 months;
  3. the data collected pursuant to art. 2d, aimed at providing services to the interested user, are kept for the duration of the contractual relationship of the interested party with the University.
8. Dissemination of data and categories of individuals who may become aware of it

The data collected will not be disclosed or communicated to third parties, except in the cases provided for by the information and/ or legislation in force and, in any case, in the manner permitted by this.
No data transfers are planned abroad.

The data may be known by the staff and collaborators of the University, identified as Authorized for the processing of data, responsible for the management of the websites of the portal system and/ or involved in the provision of services related to it.

Since, as described above, the University avails itself of the professional services offered by the CINECA Consortium for the provision of the services of the Portal system, natural persons may also become aware of the data as part of their duties (employees, interns or professional consultants) identified by CINECA as authorised to process data.

9. Rights of the data subject

In the cases provided, the data subjects have the right to obtain from the University of Insubria (Data Controller) access to their personal data, their correction or cancellation, their portability, the limitation of their processing or to oppose the processing (art. 15 and ss. of the GDPR).
To exercise these rights, the data subject can contact the Data Protection Officer (DPO), sending the request by email to privacy@uninsubria.it

10. Rights of complain

Data subjects who believe that the processing of personal data relating to them carried out through this site occurs in violation of the provisions of the GDPR, have the right to lodge a complaint with the Guarantor for the Protection of Personal Data (art. 77 of the Regulation) can be contacted at garante@gpdp.it or through www.gpdp.it, or to contact the appropriate courts (art. 79 of the Regulation).

11. Third parties

The official websites that come under the University portal system make use of "third-party" content and services, as a result of incorporation (embedding) of external resources or the implementation of technologies that can extend the functionality and improve the browsing experience of users.
It is therefore possible that, during the visit to these sites, other cookies, technical and/ or able to carry out profiling, are sent by these third parties to the user’s terminal, even without the Data Controller being aware of, and cannot intervene.
To learn more, we suggest you consult the Cookie Policy.

12. Amendments to this Policy

This Policy may be amended and updated. We suggest that you consult it periodically, by accessing www.uninsubria.eu/privacy.