PRIVACY STATEMENT

PERSUANT TO ART. 13 OF THE 2016/679 EU REGULATION AND COOKIE POLICY
* * *

1 - Premise.
The International Telematic University UNINETTUNO (hereafter referred to as UNINETTUNO) is responsible for the development of the computer-based platform of the studio.uninettuno.it website.

Through the studio.uninettuno.it website, it is possible to register for courses and access the didactic cyberspace that delivers the educational content of the studio.uninettuno.it website.
Course registration and use of the didactic cyberspace of the studio.uninettuno.it website are totally free of charge.
This document is intended to inform interested parties wishing to register for the course and use the didactic cyberspace of the site studio.uninettuno.it about the processing of their personal data.
2 – Information on the Controller of the Treatment.
UNINETTUNO, with registered office in Rome, Corso Vittorio Emanuele II n. 39, is the Data Controller of personal data in accordance with European Union Regulation 2016/679 and Italian law (Legislative Decree n. 196/03).
3 – Treatment aims, categories of personal data, and treatment juridical basis
The website studio.uninettuno.it processes personal data of data subjects only for the following purposes:

  • Navigation of the project website to provide users with the information and orientation content;
  • user registration to access the course;
  • individual access to the didactic cyberspace to use educational contents
  • evaluation of the skills level acquired during the learning process;
  • storage for inspection by supervisory authorities.

3.1)      Navigation data: they are technical information that are automatically acquired by the information system during consultation, through communication protocols; these data are used only to ensure normal navigation and use of the services also depending on the selected criteria (for example: the chosen language) and to obtain anonymous statistical information on the use of the portal and to check its functioning and are not associated to identifiable users; however, they may allow to indirectly identify the user by association with data owned by third parties.
The collection of browsing data is based on the use of cookies. Cookies are small text strings sent to the terminal (pc, notebook, smartphone, tablet, etc.) of the user during the consultation of the portal and sometimes stored in the browser to be retransmitted at the next consultation occasion. The use of these cookies does not require the consent of the data subject as the activity is necessary for the performance of a free-of-charge contract to which the data subject is a party or the execution of pre-contractual measures taken at the request of the data subject (Art. 6 co. 1° lett. b of the European Union Regulation 2016/679 “GDPR”).

The DEO4PA project website also uses Matomo's analytics cookies aimed at collecting information, in aggregate form, on the number of users who have visited the portal and their mode of consultation for the generation of internal statistics on the use of the portal in order to improve the services offered, the effectiveness of which is limited to one day in the case of the “_pk_ses#” cookie and one year after its installation in the case of the “_pk_id#” cookie. The use of these cookies also does not require the consent of the data subject as the activity is necessary for the pursuit of a legitimate interest of the owner (Art. 6 co. 1° lett. f of the European Union Regulation 2016/679 “GDPR”).
Finally, the DEO4PA project website employs cookies from Google Inc. to perform the CAPTCHA test. These cookies are necessary to implement the security measure known as Challenge/Response authentication: the CAPTCHA test protects the owner from spam by asking him to pass a simple test that proves that the user is a person and not a computer. The effectiveness of Google Inc. cookies is limited to the duration of site browsing activity in the case of the “rc::c” cookie and is persistent in the case of the “rc::a” cookie. The use of these cookies does not require the consent of the data subject.
No cookies are used for promotional or advertising purposes, even if they are from third parties (so called “profiling cookies”).
3.2)      Data actively communicated by the user: this is the personal data entered by the interested party in the course enrollment request form, found within the studio.uninettuno.it website.
The requested information is used exclusively to enroll the interested party in the course and assign himr personal credentials (id and password) to access the didactic cyberspace of the studio.uninettuno.it website.
The collection of the personal data required for enrollment in the course is necessary and without it, it is not possible to follow up on the data subject's request.
The processing of this personal data does not require the consent of the data subject as the activity is necessary for the performance of a free-of-charge contract to which the data subject is a party or the execution of pre-contractual measures taken at the request of the data subject (Art. 6 co. 1° lett. b of the European Union Regulation 2016/679 “GDPR”).
3.3)      Data produced by the user's interaction with the didactic cyberspace of the website studio.uninettuno.it: this is the personal data produced and processed during the performance of educational and training activities in the didactic cyberspace.
This personal data is traced for the necessary purpose of enabling the proper performance of the service.
Also in this case, the processing of these personal data does not require the consent of the data subject as profiling is necessary for the execution of the contract to which the data subject is a party (Art. 6 co. 1° lett. b of the European Union Regulation 2016/679 “GDPR”).
3.4)      Stored data: are all personal data actively communicated by the user and produced by the user's interaction with the didactic cyberspace of the website studio.uninettuno.it, permanently recorded by the system during the phases of the learning process and archived at the end of the course.
Personal data kept by the Controller be communicated only to the Supervisory Authority for the controls provided for in the case of projects co-financed by the European Commission.
These treatments do not require the consent of the data subject as the storage is necessary to fulfill a legal obligation (Art. 6 co. 1° lett. c of the European Union Regulation 2016/679 “GDPR”).
4 – Data location and security measures.

All personal data of the data subject are processed and stored on servers located within the European Union owned and/or at the disposal of the Data Controller and/or appointed third parties, duly appointed as Data Processors. Therefore, personal data may be communicated to these data processors for the provision of the services entrusted to them.
There are no plans to transfer personal data abroad to countries outside the EU.
All personal data of the data subject are protected by appropriate IT security measures against unauthorized access, temporary unavailability and loss of information.
5 – The duration of treatment and storage period of personal data.
At any time, the data subject is free to stop the processing of his personal data by deleting his registered account.
The storage period of navigation data collected using cookies varies: some are deleted automatically by the system at the end of the session, others are deleted within a day or a year, and others are persistent, as better specified in section 3.1 above).
The personal data actively communicated by the user and those produced by the user's interaction with the educational cyberspace of the site studio.uninettuno.it are stored for the entire duration of the course and at the end will be archived for a maximum period of 10 years, corresponding to the ordinary limitation period referred to in Article 2946 of the Civil Code, in order to ensure any documentary evidence in the context of any judicial proceedings or as part of audits and inspections by the Control Authorities and subsequently deleted.
6 – Rights of the data subject.
Every data subject has a right to ask the Controller for the:

  • Access and correction of incorrect personal data related to him;
  • Integration of incomplete ones;
  • Elimination of these data if they were illicitly treated or if their elimination is necessary to comply with legal obligations;
  • Limitation of the treatment of only the personal data related to him of which the data subject does not deny the correctness, waiting for the conclusion of checks on the denied ones and being accordingly informed before the above-mentioned limitation is removed;
  • Return of the provided personal data, in a structured format, of common use and readable by an automatic device, or the transmission of them to another owner of the treatment, also in a direct way, if technically feasible. The personal data that were not provided by the concerned person and those treated for the performance of task of public interest or connected to public powers of which the Controller of the treatment is responsible are excluded.

All requests can be forwarded to UNINETTUNO at its registered office, or to the following addresses: tel. +39 06 692076.70 / +39 06 692076.71 or e-mail: info@uninettunouniversity.net.
The Controller will comply with any request from the data subject without undue delay and, in any case, no later than one month after receipt of the request. This deadline may be extended by a maximum of two additional months, and it will be the responsibility of the Controller to notify the interested party, within one month of receipt of the request, of the extension and the reasons for the delay.
Should the data subject's requests be unfounded or excessive, in particular due to their repetitive nature, the Data Controller has the right to charge him a fee or even refuse the request.
In the event that the data subject considers that the processing concerning him infringes EU Regulation 2016/679 or that the Data Controller has not complied with its obligations related to the exercise of the aforementioned rights, he has the right under Article 77 of the same Regulation to lodge a complaint with the Supervisory Authority located in the Member State where he usually resides or works, or with the one located in the place where the alleged infringement occurred. This is without prejudice to any other administrative or judicial remedy.
7 – The person responsible for data protection.
The person responsible for data protection is Lawyer Gaetano Giordano who can be contacted via e-mail at the following address: dpo@uninettunouniversity.net or by tel./fax at the following number: +390637511524. The concerned people can contact him as regards any matters related to the treatment of their personal data and to the exercise of their rights ensuing from the above-mentioned Regulation. He has the duty of confidentiality as regards the performance of his functions.