Our Data Controller here informs about processing methods of personal data made available by users of the website https://www.df.unipi.it, in accordance with Art. 13 of the EU Regulation No. 679/2016 “General Data Protection Regulation” (GDPR).
According to the aforementioned regulation (GDPR), processing will be based on the principles of lawfulness, fairness and transparency, adequacy, relevance, purpose and storage limitation, accuracy and updating, data minimisation and accountability.
The types of users are:
- Website users;
- Website users interested in online services.
1. DATA CONTROLLER
The Data Controller of the data you provided is the University of Pisa, with registered office in Lungarno Pacinotti 43 – Pisa, represented by the pro tempore Rector.
2. DATA PROTECTION OFFICER (DPO)
At the Data Controller, the Data Protection Officer (DPO) is available, appointed pursuant to Art. 37 of EU Regulation on 2016/679. The DPO can be contacted as follows:
e-mail: responsabileprotezionedati@unipi.it
certified e-mail system (Posta Elettronica Certificata – PEC): responsabileprotezionedati@pec.unipi.it
3. PURPOSE AND LEGAL BASIS OF THE PROCESSING
Collected personal data shall be processed for the following purposes:
1. ensuring browsing and access to the website;
2. providing users with required information and services;
3. obtaining anonymous statistical information about the use of the Web Portal or related services; checking its proper operation; carrying out monitoring activities in support of its security and identifying actions aimed at its improvement (for browsing data);
4. fulfilling legal obligations, complying with orders from Public Authorities, ascertaining possible liability in the event of hypothetical computer crimes to the detriment of the website or its users.
The legal basis of the data processing involves:
1. accomplishment of public interest tasks;
2. consent of the data subject pursuant to Art. 6, par. 1, GDPR.
4. CATEGORIES OF PROCESSED DATA
1. Browsing data: During their normal operation, the computer systems and software procedures used in this website obtain some personal data whose transmission is implicit in the use of Internet. This information is not collected to be associated with identified data subject, but by its very nature could allow users to be identified, through processing and association with data held by third parties.
This category of data includes the “IP addresses” or domain names of the computers used by users connecting to the website, the addresses in URL (Uniform Resource Locator) notation of the requested resources, the time of the request, the method used in submitting the request to the web server, the file size obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc…) and other parameters related to the user’s operating system and computer environment.
Browsing data related to the IP addresses of HTTP and HTTPS requests are stored in web server logs and used for computer security checks and statistical purpose.
The concerned data may also be used, at the request of the competent judicial authority and with the safeguards provided by law, to ascertain liability in the event of computer crimes committed to the detriment of the website.
2. Data provided directly by the website user: it refers to data collected to enable the user to access certain services. The provision of such data is not mandatory, however, any refusal to provide it may not allow the user to take advantage of the concerned services.
Specific information notices will be available on the webpages set up for the provision of certain services or for joining specific initiatives.
3. Data collected through cookies: cookies are small text strings that a website sends to the user’s browser (e.g. Internet Explorer, Mozilla Firefox or Google Chrome), which stores them and transmits them back to the same website the next time the same user visits it.
The https://www.df.unipi.it portal uses technical cookies. Technical cookies enable normal browsing the website and the use of its services; they allow, for example, authentication to restricted areas and the storage of temporary user preferences. They are indispensable for the proper operation of certain areas of the website.
The web portal uses ‘Matomo’ software for tracking monitoring. The analytical cookies installed by the software are used to produce aggregate statistics and are in no way used for visitor profiling activities. The information obtained is stored and processed in the University’s servers and is not disclosed to third parties.
The portal makes use of third‐party content (by resource embedding techniques). Therefore, it is possible that during a visit of the web portal other cookies, both technical and capable of user profiling, may be sent by these third parties to the user’s computer.
The providers of those services shall be liable for providing information notice about processing and consent to use; we hereby list the services used and a link to their policies regarding privacy and the use of cookies from their servers:
- Youtube (informativa)
When visiting the web portal the user may reject, in whole or in part, the cookies sent by both the web portal and third‐party websites by acting on the settings available in the browser. For specific instruction regarding your browser, please see the help provided with your software or visit the website of the relevant manufacturer. Disabling cookies may prevent the proper operation of certain services or the enjoyment of
some content.
5. DATA PROCESSING
Personal data will be mainly performed automatically, according to logic strictly related to the purposes and for the time strictly necessary to fulfil the purposes for which they were collected, using appropriate and preventive security measures such as to minimise the risks of destruction and loss of the data, unauthorized access or processing that is forbidden or does not in accordance with the collection purpose.
6. CATEGORIES OF PERSONS AUTHORIZED TO PROCESS DATA
Personal data of users will be known and processed in compliance with the current relevant regulations only by technical and administrative staff authorized for processing by the Data Controllers or formally appointed external Data Processors.
7. PERIOD OF DATA STORAGE
Determining the period for which the personal data will be stored meets the principle of necessity of processing. Therefore, personal data are stored for as long as necessary to carry out the purposes. Specifically:
1. browsing data will be stored for a maximum of 30 days;
2. data directly provided by the user will be stored as indicated in specific information notices relating to certain services or initiatives;
3. data collected through cookies will be stored for a maximum of 13 months.
8. PLACE OF PROCESSING AND DATA COMUNICATION
Data related to the web services offered by this website will be processed in the registered office of the
University of Pisa. No data resulting from the service shall be disseminated. The personal data provided by
users accessing the telematic services are used for the sole purpose of using the service and are not communicated to third parties, unless the communication is required by law.
9. RIGHTS OF DATA SUBJECT AND HOW THEY ARE EXERCISED
Users may exercise their rights under sections 2, 3 and 4 of Chapter III of EU Regulation No. 679/2016 (e.g.,
rights to information and access, rectification and erasure, restriction and right to object to personal data
processing and portability). The user has, also, the right to lodge a complaint with the supervisory authority
(in Italy: the Italian DPA – Data Protecon Authority, www.garanteprivacy.it, e‐mail garante@gpdp.it, helpline phone 06696771).
10. INTELLECTUAL PROPERTY
All rights to the contents (e.g., texts, images and structure of the website) are reserved in accordance with current law. The contents of the pages of the website may not, either in whole or in part, be copied, reproduced, transferred, uploaded, published or distributed in any way without the prior written consent of
the University of Pisa, except for the possibility of storing them in one’s own computer or printing extracts of the pages of this website for personal use only. Any form of link to this website if entered by third parties must not cause damage to the image and activities of the University of Pisa. The so‐called deep linking, i.e. the non‐transparent use, on third-party sites, of parts of the web site is forbidden. It is also forbidden to link directly to the pages of the web site, related to the services provided, if this involves the acquisition of their personal data, without passing through the introductory page of the service, containing the privacy policy. Any failure to comply with these provisions, unless explicitly authorized in writing, will be prosecuted in the
competent civil and criminal courts.
11. LIMITATION OF LIABILITY
The University of Pisa cannot be held liable in any way for damages of any nature caused directly or indirectly by accessing the website, by the inability or impossibility of accessing it, by reliance on the news contained therein or by their use. The University of Pisa reserves its right to change the contents of the website and this page at any time and without notice. Therefore, please check that the version you are referring to is as updated as possible.
The University of Pisa assumes no liability for services offered by third parties with which the website has activated a link, and for any other content, information or anything else contrary to the laws of the Italian State present in the resource of the third party linked to the attached link. Any links to external websites are provided only as a service to users, with the exclusion of any liability for the correctness and completeness of the indicated set of links. Moreover, the indication of links does not imply, on the part of the University of
Pisa, any kind of approval or sharing of liability in relation to the completeness and correctness of the information contained in the indicated web sites.
This information does not concern other pages or services reachable through hypertext links that may be available on the website but refer to resources outside the Unipi domain.