EU Regulation 2016/679 “General Data Protection Regulation” (hereafter referred to as “GDPR”) guarantees the individual’s right to the protection of their own personal data.  In accordance with the above-mentioned legislation, personal data shall be processed lawfully, fairly and in a transparent manner, it shall be relevant and limited to what is necessary in relation to the purposes for which they are processed, in a manner that ensures appropriate security of the personal data.

As an interested party and as referred to in the GDPR Articles 13 and 14, the University of Trento provides you with the following information concerning the use of your personal data published on the Digital University (DU) Web portal.

  1. Data Controller and Data Protection Officer
  2. The Data Controller is the University of Trento, via Calepina n. 14, 38122 Trento, Italy, email: ateneo@pec.unitn.it; ateneo@unitn.it.

    Contact coordinates of the Data Protection Officer are: avv. Fiorenzo Tomaselli, via Verdi n. 8, 38122 Trento, Italy, email: rpd@unitn.it.

  3. Purposes of data processing
  4. The University of Trento processes personal data with the purpose of fulfuling the following:

    1. Compliance with University transparency obligations in relation to its institutional activities of education and research;
    2. Promoting institutional activities carried out at the university.

  5. Types of data processed
  6. Within the scope of the purposes noted above,, the following categories of personal data shall be processed:

    • Personal records;
    • contact information;
    • personal pictures;
    • information on previous academic and professional history (curricula vitae), on publications, on research projects that the individual has taken part in, on courses being held, on thesis-related activities and types of thesis, on office hours and personal notices published for the university community;
    • internet browsing data;

    Internet browsing data

    While users browse the Web portal, some personal data (Internet browsing data) are collected, as their transmission is inherent to the use of Internet communication protocols. This category of data include: the IP address or the domain name of devices used for connecting to the Web portal; the URI (Uniform Resource Identifier) address of resources requested; the time of the request; the method used for submitting the request to the Portal server; the size of the file accessed through the request; the server-side numerical code corresponding to the request outcome (file accessed, error, etc…) and other data related to the user operating system and technology environment.

    This information is not collected with the aim of being associated with identified Data Subjects, but – given their nature – it would enable  users to be identified, through processing and linkage with third-party data.

    Internet browsing data are used to extract aggregated and anonymous statistical information regarding Web portal use and to check the correct functioning of the portal. They are preserved only for the time strictly necessary to achieve the purposes for which they were collected. Data might be used in order to assess responsibility in case of possible computer crimes to the detriment of the Web portal.

    Cookies

    The cookies adopted on this Web portal do not store sensitive data. They allow information to be gathered in order to improve the portal’s “user experience”, to improve the web services provided and to develop new services on the Web portal.

    This Web portal uses Google Analytics – a data analysis service provided by Google, Inc. (“Google”) – in order to improve the usability of web services and communication with users; and also with the aim of estimating the level of internationalization of users and to promote institutional activities by establishing the parameters of the different types of users. Google might transfer data collected to third parties, as required by law. Data are collected for institutional purposes only and will not be passed on for commercial purposes.

    Further detailed information on Google Analytics is available on the web page http://www.google.it/analytics/terms/it.html.

    The DU Web portal uses the following cookies:

    COOKIE NAME

    DESCRIPTION

    OWNER OR THIRD PARTY

    TIME SPAN

    PURPOSE

    cookie-agreed

    Cookie recording acceptance of the portal 

    cookies

    UniTrento

    90 days

    Used to record user choice on cookies’ acceptance.

    _ga

    Google Analytics cookie

    Google

    Analytics

    2 years

    Used to distinguish users.

    _gat

    Google Analytics cookie

    Google

    Analytics

    10 minutes

    Used to throttle request rate. 

     

      _utma

    Google Analytics cookie

    Google

    Analytics

    2 years from creation or update

     

    Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.

      _utmt

    Google Analytics cookie

    Google

    Analytics

    10 years from creation or update

     

    Used to throttle request rate.

      _utmb

    Google Analytics cookie

    Google

    Analytics

    30 years from creation or update

     

    Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.

      _utmc

    Google Analytics cookie

    Google

    Analytics

    Browser session

    Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.

     _ utmz

    Google Analytics cookie

    Google

    Analytics

    6 months from from creation or update

     

    Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.

    _ utmv

    Google Analytics cookie

    Google

    Analytics

    2 years from creation or update

     

    Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.

    Further information on Google Analytics cookies is available under the following URL:

    https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=it#gajs 

     

    Disabling cookies

    The user can disable either all the cookies or the cookies from Google Analitycs only. In any event, the user is allowed to browse the Digital University Web portal and to have access to all its functions even when disabling all the cookies.

    The user can disable all the cookies by selecting the appropriate settings on his/her own browser. On the most common browsers, instructions on how to disable cookies are available under the following links:

    Google provides an add-on allowing to disable Google Analitycs cookies only. The add-on, provided for most common browsers, is available under the following links: https://tools.google.com/dlpage/gaoptout?hl=it (IT)

    https://tools.google.com/dlpage/gaoptout?hl=en (EN)

    Please follow instructions provided through the add-on, in order to set your choices.

    Cookies that might have been previously stored on the user device, before consent was denied, can be deleted by using functions available on most common browsers for privacy settings: e.g. “Clear browsing data”, “Delete browsing history”, or similar functions. Please follow instructions provided on the browser.

  7. Legal basis for processing
  8. The Data Controller processes personal data:

    • in accordance with the purposes mentioned above (point 2, subpoint a) and in compliance with legislative obligations (GDPR, Article 6, paragraph 1, point c), especially when the implementation of legislative decree 33/2013 is concerned;
    • in accordance with the purposes mentioned above (point 2, subpoint b), during the implementation of activities of public interest (GDPR, Article 6, paragraph 1, point e), namely while aiming to promote and support research activity and scientific collaboration (ex Legistative Decree 196/2003, Article 100, and subsequent amendments thereof).

  9. Data sources
  10. Data mentioned at point 3 above are usually gathered from the internal University information systems: Online Didactics System (ESSE3), Institutional Research Information System (IRIS), Projects Register (Anagrafica Progetti), Information system on degrees’ theses (TEA), University personal register (ADA).

    Personal pictures, curricula vitae, information related to thesis-related activity, office hours and own messages to the university community are directly edited by the Data Subject. Therefore, these data may not be kept visible on the personal webpage. Their visibility can be switched on/off, at any time, by the Data Subject.

  11. Methods of processing
  12. Data processing is always computerized, solelyby authorized sta ff, as required by their assigned duties and roles. Data processing shall be undertaken according to the following guidelines: respecting current legislation, fairness, transparency, suitability, relevance and necessity. 

    No profiling activities shall be conducted (GDPR, Article 14, Paragraph 2, Point g).

  13. Recipient categories and possible transfer abroad
  14. The processed data might be transferred to public and private organizations in order to comply with legislative obligations or  internal regulations of the university.

    Processed date will not be transferred to non-EU Countries.

  15. Data preservation
  16. In accordance with provisions outlined in GDPR, Article 14, the University shall store processed personal data, for the time necessary to fulfil the above-mentioned purposes and, in any event, while complying  to specific norms and law obligations.

  17. Rights of the Data subject
  18. Data Subjects are entitled to ask the Data Controller at any time to exercise his/her rights  described in the GDPR, Article 15 et seq. Namely, they can contact the Data  Controller and request for access to their own personal data, for amendment  of inaccurate and/or incomplete data, and for cancellation. They can also pose limitations to the processing of their own personal data, refuse or withdraw their consent to data processing, without that refusal compromising the legitimacy of past data processing based on any previous data processing agreement. Data Subjects have, in any event, the right to issue a claim to the Data Protection Authority (GDPR, Article 77).

For further information and in order to exercise these rights, Data Subjects can send a specific request to contact addresses specified above.