pursuant to article 13 of Regulation (UE) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (in brief “GDPR”)
Last update: April, 15 2019
Dear users / customers,
in compliance with the European and Italian legislation in force in the sector, we ensure that the protection of Your personal data is guaranteed and that their confidentiality and integrity are preserved when You browse our Internet website https://www.uni-med.net/ and use it to obtain information on our activities, to learn about the history and reality of UNIMED, to find our contact details and to contact us, to subscribe to our newsletter service and, in general, in all other several occasions in which you have relationships with us, through the mutual exchange of contact information.
We invite You to inspect this policy concerning the modalities, the means and the purposes of processing of Your personal data.
1 – Data Controller and Processors
The Controller is UNIMED – Unione delle Università del Mediterraneo, with registered office in Corso Vittorio Emanuele II, 244 – 00186 ROMA, which may be reached to exercise the rights afforded by the GDPR or to obtain clarifications concerning this policy, at the following addresses:
– e-mail: firstname.lastname@example.org
– telephone: 06 68581430 / 68806186
– or by regular mail at the above-specified address.
The Data Controller takes advantage of third parties that provide some services to UNIMED and / or support it in carrying out certain activities: they have been appointed Data Processors pursuant to art. 28 GDPR.
2- Categories of data processed and purposes of processing
A) During browsing through the sections of our Website, which is permitted to any user without need to register, we obtain and process the following personal data, for the specific purposes listed:
(i) Browsing data concerning the session
The IT systems responsible for the functioning of this Website acquire, during their normal functioning, certain personal data whose transmission is implicit in the use of Internet communication protocols (e.g. IP addresses, Internet connection and traffic data, domain names of the devices used by Website visitors).
This information is not collected to be associated to identified data subjects or to identify users.
The data might be used to ascertain responsibilities in case of possible IT crimes against the Website.
(ii) Browsing data concerning services provided by third parties and/or obtained by third parties through the Website
The processing of the above-specified data has the purpose of ensuring the correct functioning and use of our website, through: a) performance evaluations of the Website during the browsing session, aimed at monitoring and improving the services we offer; b) analysis of the browsing data, in aggregate form, for statistical purposes and to keep track of the behavior of users, without this entailing profiling activity, (using Google Analytics’ functionalities).
B) Our Website shows a “contact form” tool, through which it is possible to contact the Company and send us requests for information or proposals for working collaboration. The data are collected and processed by a plug-in (which packages an e-mail subsequently sent to a company mailbox) and are kept in the mailbox of incoming e-mails for a limited period of time, for the sole purpose to respond to your requests.
Furthermore, our Website shows, in the same “contacts” section, addresses and contacts of the registered and operational offices of our Company; sending, optionally and voluntarily, electronic mail to the addresses specified on this Website entails the consequent acquisition of the address of the sender, necessary to reply to the requests, as well as of any other personal data that may be included in the letter; by sending the e-mail, You consent to the data processing for the specified purposes.
We process the personal data in question to allow You to contact us, to request information and/or assistance, and to allow our Company to reply to Your requests. The email provider is Google Suite.
C) On our Website there is also a special “registering form” tool, through which it is possible to subscribe to UNIMED’s newsletter service: we periodically give the subscribers information about our initiatives, the starting of new projects, the progresses of ongoing projects and their final result, the opportunities for collaboration, and / or relevant information for the purposes of Euro-Mediterranean academic cooperation, etc.
We process the personal data, once the service has been activated through subscription, to allow you to always be informed about our activities, initiatives and projects.
D) On all occasions when you come into contact with UNIMED – either indirectly, through on-line communications, or directly, both during face-to-face meetings between UNIMED staff / Directors and Associates or partners and collaborators and while participating at some particular events, conferences, seminars – we could acquire your personal and contact data (name, surname, position / role / profession, institutional / professional e-mail address, telephone number) by collecting business cards or exchanging references, or by submitting specific application forms in the context of relevant events and conferences: the above mentioned data are collected and processed, by registering and organizing them into a database, to facilitate future contacts between you and UNIMED for the purpose of mutual comparison and exchange of information and / or for the beginning of professional collaborations, to the aim of job networking, as well as for sending our newsletter, provided that UNIMED has previously received your consent to the data processing.
The provision of the personal data (by delivering a business card, by sharing the contact via messaging, verbal communication or filling the data in the application forms) results as your consent to their processing by UNIMED for the above specified purposes.
3 – Legal ground for the processing
The processing of personal data, depending on cases, is based on the following legal grounds:
the pursuit of a legitimate interest of the Controller to ensure the security of the Website, control its correct functioning and obtain statistics in relation to its use, as to the browsing data concerning the session, and to eventually exercise or defend a legal claim (article 6., paragraph 1, letter f);
the consent given by the user (as time-to-time above indicated) to the processing of data referred to in letters B), C) and D) and for what concerns the use of the browsing data related to services provided by third parties through the Website and/or obtained from third parties through the Website, (article 6, paragraph 1, letter a). Consent may be withdrawn at any time.
4- Modalities of processing
The processing of personal data will be performed through IT instruments, both automated and not automated (in such case, through human intervention in the management of IT systems) and through the use of analog instruments (paper management), according to logical processes closely correlated to the purposes of the same processing and, in any case, with the support of equipment and with modalities that guarantee the security and confidentiality of the same data, preventing loss of data, illegal or incorrect uses, and unauthorized accesses.
We use technical (“application”) cookies, both first party and third party, for data processing on our Website.
A “cookie” is a small quantity of data that are sent to the browser of the user by a Web server and that are subsequently stored on the hard drive of his or her computer.
The use of so-called session cookies is strictly limited to the transmission of session identifiers (represented by random numbers generated by the server), necessary to enable the secure and efficient exploration of the website, and to the acquisition of data to save the browsing preferences of the user (e.g., setting the language, managing statistics), in order to optimize the experience on the Website. Session cookies used in this Website avoid recourse to other IT techniques potentially prejudicial to the confidentiality of users’ browsing and do not allow acquisition of personal data identifying the user.
The management of newsletter service is supported by “MailChimp” web platform; instead, our database is created and implemented through a cloud software platform whose physical IT infrastructure is located and operates within the European Union.
5- Disclosure and dissemination of data
The entities that may become aware of the personal data are our employees and collaborators, who take care of the administrative management of the Web page and of relations with users / customers. The company taking care of the management of the Website may, possibly, become aware of the personal data, on the occasion of assistance / maintenance interventions.
The data are never transferred to, or in any case acquired by, third party entities located or in any case operating in countries outside the European Union, with the exception of the following: Google, LLC, limited to the functionalities above indicated; The Rocket Science Group LLC, limited to the functionalities of “Mailchimp” web platform used by UNIMED to manage the newsletter service, to whom the personal data are communicated as the company has been appointed Data Processor pursuant to art. 28 GDPR (both companies are included in the so called Privacyshield List https://www.privacyshield.gov/welcome: thus, they guarantee an appropriate level of protection).
Furthermore, some Google services are provided by Google Ireland Limited in favor of subjects based and / or operating within the European Union; the WordPress services are provided by Aut O’Mattic A8C Ireland Ltd, also a company based in the European Union. Finally, the software platform used for the implementation of our database is managed by Hivebrite, a French company to whom the personal data are communicated as the company has been appointed Data Processor pursuant to art. 28 GDPR.
Where needed, should we have an obligation to report a crime or in any case the need to pursue a legitimate interest to exercise or defend a legal claim on our part, the data of users might be disclosed to the judicial Authority or to police forces.
Apart from the cases just specified, personal data will not be disclosed to third parties and/or in any way disseminated outside the context of the European Union.
6- Data retention periods
Browsing data are deleted immediately after the processing, at the end of the browsing session (closure of the browser).
Data provided voluntarily by users (by sending e-mails), or by fax or by telephone, will be stored for the 12 months following delivery to users of the requested information, unless further storage of the data is necessary to comply with legal obligations, or the parties enter into another relationship.
Data processed through third party cookies (including sharing cookies) are stored for the period of time provided by the operators, according to the respective privacy policies; data processed through the use of Google Analytics cookies are stored for 26 months from their collection.
The data collected for the purpose of sending the newsletter will be processed and stored exclusively for the period during which the service will be active: therefore, up to a possible request to no longer receive the newsletter messages.
The data included in the UNIMED’s database will be processed and stored for a maximum period of 10 years from their acquisition; unless, prior to the expiration of this term, the data subject does not request cancellation or withdraw the consent to the processing.
7- Rights of the data subject concerning the processing of personal data (Articles 15-22 and 77 of the Regulation)
It is possible to submit requests to exercise the rights afforded by the Regulation (access, rectification, erasure, objection, restriction and portability if the conditions are present) by sending them to the above indicated UNIMED’s references.
To enable us to respond quickly, we kindly ask You – thanking You in advance for Your cooperation – to specify Your first and last name, e-mail address. Certain requests (for example concerning exercise of the right to access) must be accompanied by a photocopy of an identity document with Your signature to verify Your identity; it is also necessary to specify the address at which You wish to receive the answer. The answer will be sent within one month of receipt of the request.
The data subject has also the right, if he or she believes the processing of his or her data to be performed in infringement of the provisions of the Regulation, without prejudice to the right to complain to the competent civil or administrative judicial authorities, to lodge a complaint with the Supervisory Authority for the protection of personal data, within the limits of its jurisdiction.