This page contains information concerning the administration of the website of the Free University of Bozen-Bolzano, and in particular with regard to the processing of user data. It consists of a privacy notice required by the legislative authority pursuant to Article 13 of European Regulation 679/2016 - on the protection of natural persons with regard to the processing of personal data - hereafter referred to as the “GDPR” - for all individuals visiting the official website of the Free University of Bozen-Bolzano (hereafter also referred to as the “University” or “unibz”): www.unibz.it.
The privacy notice applies only to the website of the University and not to any other websites that may be accessed via links appearing on the site.
Furthermore, this information notice corresponds to Recommendation 2/2001 adopted 17 May 2001 - Minimum requirements for the online collection of personal data - by the Working Party established in accordance with Article 29, Directive 95/46/EU of the European Parliament on the Protection of individuals with regard to the processing of personal data.
The Data Controller warrants, in accordance with the statutory provisions, that personal data will be processed taking into account the rights and basic freedoms, and the dignity of the party concerned, and in all cases in accordance with the law and with due regard for the protection of privacy. In particular, data will be processed in accordance with the principles of legality, good faith, transparency, purpose limitation, data minimisation and storage limitation, integrity, accuracy and confidentiality.
As a result of possible changes to the statutory provisions, or the implementation of new technologies on the website that might affect current processing methods, as well as organisational changes to the privacy structure of the Data Controller, it may be necessary to revise and update this information.
Specific information notices regarding certain services or data processing may be published on the corresponding pages of this website or communicated directly.
- Data Controller and DPO
The Data Controller is the Free University of Bozen-Bolzano, located at Piazza Università 1, 39100 Bolzano (Italy) in the person of its President and legal representative pro tempore.
The data centers of Unibz and Eurac Research (tax number: 01659400210, located in Bolzano, Viale Druso 1) collaborate through the scientific platform SCIENTIFIC NETWORK SOUTH TYROL (also "SNS") which Unibz uses to provide certain services. Unibz and Eurac Research are Joint Controllers of the personal data processed in this context and, accordingly, have entered into an agreement pursuant to art. 26 of the GDPR to define their respective roles and responsibilities. The Joint Controllers have determined that complaints and requests to exercise rights submitted by data subjects will be handled within the framework of the processing purposes set out in the Joint Controller Agreement, and data subjects may in any case exercise their rights against both Joint Controllers pursuant to art. 26, par. 3 of the GDPR.
Art. 37, par. 2, GDPR provides the obligation for public authorities or public bodies to designate a Data Protection Officer (DPO). The Data Protection Officer can be contacted at the following e-mail address: firstname.lastname@example.org.
Facebook and Instagram
For institutional pages, Facebook and Instagram offer a variety of analytical tools from which to draw aggregate data that help to understand how people interact. Meta Platforms Ireland Limited, the Company that offer Facebook and Instagram services, then receives data from subjects who view the Free University of Bozen-Bolzano pages who would otherwise not interact with social media.
With regard to the processing of the statistical data of Facebook and Instagram pages, Free University of Bozen-Bolzano and Meta Platforms Ireland Limited. ("Meta") are Joint Controllers.
Similarly, with regard to the inclusion of the Facebook “like” button on the pages of the site that allows users to share their preferences on social networks, Free University of Bozen-Bolzano and Meta must also be considered Joint Controllers” for data collection operations, not for post-collection processing operated by Meta.
At this linkyou can consult the appendix on the data processing controller for Insights Data on the Facebook page, which indicates the division of responsibilities of Facebook Ireland and Free University of Bozen-Bolzano administrator of the Facebook page.
At the page you can consult the Meta Products policy statement and find, among other items, the following information:
– what types of information they collects;
– how Meta Products uses such information;
– how this information is shared;
– the legal bases for data processing;
– how to exercise the rights provided by the GDPR;
– Meta’s contact details for personal data protection issues;
– the contact details of the Data Protection Officer for Meta;
– Facebook and Instagram visitors rights under the GDPR;
– the retention period of the data.
Type of data processed
“Personal data” are all information referring to an identified or identifiable natural person, who may be recognised either directly or indirectly, in particular by means of correlation to an identifier, such as a name, an identification number, location data, an online user name or to one or more specific characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
A. Navigation Data
The information systems and software procedures utilised by this internet presence collect some personal data as part of their normal function, the transmission of which is technically necessary - using the Transmission Control Protocol - to surf the internet at all. This is information that is not collected in order to identify the relevant user, although - by processing and assigning the data of third parties - based on the nature of the data it would be possible (e.g. IP address, browser version, domain name of the computer used to visit the site). The same goes for the floating button on the bottom left of each single page of the website. This so called feedback button gives users the possibility to send their input about malfunctions or mistakes on our website or ask for information about the University. These data are used solely to obtain anonymous, statistical information about visits to the site and whether it is functioning correctly. The data could be used, in the event of damage being caused deliberately to the site, to determine the initiator, and would be saved in this case. These data will not be forwarded or disseminated; if requested, they must be made available to the postal police, the court authorities and the judicial police. Navigation data may be used to determine liability in cases of IT offences to the disadvantage of the unibz website.
B. Voluntary nature of data provision
The optional, explicit and voluntary sending of electronic mail and/or transmission of personal data entails the acquisition of the address and/or other possible personal data of the sender that is needed in order to respond or to perform the required service. A failure to provide this voluntary data could lead to the desired result not being achieved. This data can only be forwarded to third parties if it is required for the purpose of handling enquiries. The forwarding of data to third parties for marketing and profiling purposes is not permissible.
C. Cookies and similar technologies
– Technical cookies, i.e. for navigation or visits, essential for the smooth running of the website or for the use by visitors of the content and services offered.
– Analytics cookies help to understand how users make use of the site. These cookies do not collect either information on the identity of the visitor or personal data. The information is processed in aggregated and anonymous form.
– Third-party cookies are cookies that originate from other websites or web servers and serve the purposes of these sites. “Social plugins” such as Facebook, Twitter and Google+ warrant particular attention. These are parts of the visited website that are generated by the websites of third parties and are integrated in the visited website. The most frequent use of social plugins is for the exchange of content with social networks.
These plugins pertain to the transmission of cookies from and to the websites of third parties. This information from “third parties” is governed by the corresponding regulations, which must be observed. Click here for more information on Google cookies (content available in Italian): www.AllAboutCookies.org. Below are internet addresses where a variety of information about and possible uses of cookies can be found:
– Facebook policy
– Facebook settings: access your account. Privacy settings.
– Twitter policy
– Twitter settings
– Google+ policy
– Google+ settings
– Youtube policy
– Youtube settings
unibz does not intentionally collect specific kinds of personal data or sensitive data / judicial data via its website. It is recommended that you do not share such data via the website.
- Purpose of and legal basis for the processing of data
The personal details transmitted by the user via the website are processed for the following purposes:
a) statistical analysis/research on the basis of aggregated or anonymised data, without the user being identified, in order to be able to assess the functions of the website and its user-friendliness and interest;
b) completion of data collection forms for the purpose of receiving the newsletter or general messages by email;
c) the performance of a contract, to which the data subject is party, or for the performance of pre-contractual measures at the request of the person concerned;
d) in order to fulfil a legal obligation to which unibz is subject;
e) to justify, assert or defend against legal claims or, in the case of actions taken by the courts, in the context of their judicial activities.
The lawfulness of the processing of personal data (legal basis) is subject to the conditions set out in art. 6 paragraph 1 of the 2016/679 European Regulation.
- Mandatory or voluntary communication of data and possible consequences of a failure to provide it
Personal data is communicated on a voluntary basis; however, refusing to provide it may mean that it is impossible to deal with an enquiry or a legal obligation, or that the website may not function fully.
- Recipient(s) of the personal data
The personal data may, in addition to the Data Controller, be processed by a data processor or by representatives / persons who have access to personal data and who are subordinate to the Data Controller or data processor, who have been appointed and adequately trained for this purpose.
Personal data may be communicated to third parties for the purposes of handling enquiries, including for the sending of emails, analysing the functional capability of the website, executing legal obligations or with prior consent.
- Place of processing of personal data and transmission of data to third countries
The personal data collected via the services of this website are collected at the various locations of the University by employees who have been specifically assigned this role. Alternatively it will be processed by persons who carry out occasional maintenance work on the website and who have also been appointed for this purpose and are bound by confidentiality. To this end, the University may, in the context of assigning this task, and whilst adhering to the best possible security measures, utilise the help of external companies, consultants, associations, software suppliers and service providers. Some personal data could be transmitted to third countries outside of the EU but only if the transmission of personal data is connected to the performance of the institutional activities of the University. Unibz guarantees that in any case, the electronic or analogue processing of personal data by the recipient shall be in accordance with statutory provisions.
WordPress is a system that unibz makes available to some of its members to autonomously manage websites that are independent of the official one on which this text is written. WordPress users can be members of the Press and Event Management Office, lecturers, researchers or PhD students of unibz (hereinafter referred to as "User/s"). Visitors of such websites may be people who connect to them through the Internet (hereinafter referred to as Visitors).
By its very nature, a website based on WordPress can also be used as a "blog", which is defined as a set of articles, possibly written by different users, ordered chronologically and/or according to arbitrary categories. Articles provide for the possibility of being commented by visitors, as well as by the users themselves; comments, in turn, may include the response of other visitors and this can lead to interesting discussions about the article's content.
The data that users are required to submit when registering are limited to the email address and are mandatory in order to obtain a valid account. When a comment is published, however, in addition to the email address, a visitor is also required to enter his or her name and surname.
Opinions and comments published by users and visitors and the information contained therein will not be used for any other purpose than being published. In particular, this data will not be aggregated or selected by any other kind of database except WordPress itself. Any statistical processing that the user may intend to carry out in the future will be performed exclusively on an anonymous basis.
The dissemination of personal data of users and visitors is directly attributable to the initiative of the individual user/visitor, we guarantee that no further communication or dissemination of the data is intended. In any case, the user or the visitor may at any time exercise the rights guaranteed by Articles. 15 ff. GDPR (see below “9. Rights of the data subject).
If users use WordPress to collect any other kind of data subject to EU Regulation n.2016/679, the user will be held personally responsible for the collection and processing of the same, and has to inform visitors and collect their consent in accordance with all applicable laws, and ensure them any right expressly provided by the current legislation.
- Retention Period
Personal data shall only be retained for the time that is absolutely essential for the fulfilment of the above mentioned purposes and compliance with the associated statutory requirements. Once this period has elapsed, the data shall be destroyed or anonymised.
- Rights of the data subject
The data subject has the right to access their personal data, to have that data corrected or deleted, the right to limit its processing, the right of objection, the right to data transmission, to complain to the responsible national regulatory authority ( Garante della Privacy: www.garanteprivacy.it), provided that an infringement in the processing of personal data is suspected, plus all other rights recognised by the prevailing statutes (Articles 15 et seq GDPR). If approval has been granted for the processing of personal data, then the data subject has the right to withdraw this approval. In order to exercise his or her rights pursuant to Artt. 15-22 GDPR, the data subject may use the following downloadable form (Italian / German) and send the completed form together with a copy of a valid identification document and any necessary documentation by e-mail to email@example.com.
- Links to other websites
The website of the Free University of Bozen-Bolzano may contain links to other websites that are not administered by the University and with which the University has no joint proprietorship of personal data. The University shall not be liable for the content and security measures used by these websites, and expressly rejects any liability.
Latest revision dated 08/03/2022