There are different types of user:
- those who only visit the site;
- those who belong to the UniTo community and are registered service users;
- those authorized to perform data entry operations through the services offered online by the University of Turin
This page describes the management of the website with reference to the treatment of users' personal data.
This information is also provided pursuant to article 13 of Leg. Dec. 196/2003, Code on the protection of personal data, to those who use the interactive online services accessible through the portal at the following virtual address www.unito.it which corresponds to the home page of the University of Turin official website.
This notice is also inspired by Recommendation no. 2/2001 issued by the European Authorities for the protection of personal data issued and adopted on 17 May 2001 as a Group, instituted by article 29 of directive 95/46/EC, to identify the minimum requisites for the collection of personal data online and in particular the timeframes and nature of information data controllers must provide to users upon their being connected to web pages regardless of the purposes of the connection.
Personal data concerning identified or identifiable individuals may be collected as a result of accessing the Athenaeum Portal.
The personal data "controller" is the University of Turin, headquartered at no. 8 Via Verdi, in Turin, postal code 10124.
Data gathered through the Athenaeum Portal is processed:
- at the Athenaeum registered headquarters (legal address Via Verdi no. 8, 10124 Turin)
- at CINECA (Consorzio Interuniversitario, legal address Via Magnanelli no. 6/3, 40033 – Casalecchio di Reno – Bologna)
- at CSI - Piedmont (legal address Corso Unione Sovietica no. 216, 10134 Turin)
The Privacy managers for the above data management entities are listed on the respective websites.
Personal data supplied by those looking to receive information material is used solely for the purpose of fulfilling their request, and communicated to third parties only when doing so is necessary to fulfil the request.
During normal operation, the IT systems and software procedures by which the portal operates collect certain personal data that is implicitly transmitted through the use of internet communication protocols, and can be used to improve the quality of service offered.
This information is not collected with the intent of associating it with identified users although by nature, through elaboration and association, this data could lead to the identification of users.
This type of data includes IP addresses or domain names of the computers used to connect to the website, the requested resources URI (Uniform Resource Identifier) notation, time of the request, method used to submit the request to the server, size of the file obtained in response to it, the numerical code indicating the server response status (successful, error etc.) and other parameters pertaining to the operating system and IT environment of the user.
This data is used solely to compile anonymous statistics (in aggregate form) on the use of the website, the services rendered and to verify everything works properly; the data is deleted periodically.
Pursuant to their specific request, the data may be used by the Court of Justice and police authorities to ascertain responsibility in case of cyber crimes affecting the portal or third-party systems.
Data voluntarily supplied by the user
The optional, explicit and voluntary sending of emails to the addresses indicated on this website imports the acquisition of the sender's addresses for reply purposes as well as any other personal data listed in the email. Rest assured that this information will be treated in the righteous, lawful, transparent and confidential manner set forth by legislative decree 196/03.
Users should refrain from writing sensitive and/or judicial data in the body of their email other than the minimum required to process the service request. Sensitive data shall in any case be treated according to the principles and provisions set forth by the Athenaeum bylaws on the matter of sensitive and judicial data.
Personal data is not disclosed to third parties except as required by law pursuant to the specific request of the Postal Service and Communications Police, Courts of Justice and Police authorities.
All websites of the University of Turin portal system use the following set of cookies:
- Anonymous visitor cookies
- Session cookies: no user's personal data is deliberately collected by the website;
- Permanent cookies: no user's personal data is deliberately collected by the website.
- Registered user cookies
No user's personal data is deliberately collected by the website. The cookie is not used to transmit information of personal nature.
- Session cookies: this cookie is used only to access and use the Restricted Access area of the portal (allows users to login) and navigate the site under the same authentication credentials.The so-called session cookies (which disappear upon closing the browser rather than being permanently stored on the user's computer) are only used to transmit the session identification data (consisting of numbers randomly generated by the server) required for the user to securely and efficiently explore the website.
These cookies effectively eliminate the need to resort to other IT techniques that could prejudice the users' navigation privacy in order to improve the quality of services offered.
The cookies data is collected and used solely for institutional purposes, in an aggregate and anonymous manner.
- Permanent cookies: we do not use any type of permanent cookies, meaning user tracking systems.
The provision of personal data is optional by nature. Users who choose to withhold personal data should be advised that this may affect their ability to access, use and receive services offered online, in addition to service quality and performance.
Below are a few simple rules regarding the use of passwords by members of the University of Turin Portal community and users who load data to the portal through the relative applications:
- the above mentioned subjects know the utmost diligence and care must be taken in keeping service access authentication credentials confidential, in a safe place (similarly to their bancomat/ATM PIN code) and should never be shared or assigned to more that one user, regardless of any difference in time
- users are urged to change their password periodically and use different access passwords for each website and social network
- passwords should contain at least 8 characters or otherwise the maximum allowed by the application, if less
- passwords should not contain references easily tied to the owner (like the first and last name, relatives' names, taxpayer or matriculation number, date of birth, cell number, etc.). We recommend using passwords that contain a mix of lower and upper case letters, numbers, punctuation marks and non-alphabetic characters (such as ! $ # o %)
- users are directly responsible for any activity performed under their password. Moreover, the user assumes sole and exclusive responsibility for every service-related activity performed and undertakes to relieve and indemnify the University of Turin for any claim, demand or threat tied or derived from his/her own use or abuse of the service
- users should charge their passwords every three/six months and are held to immediately notify the University of Turin of any unauthorized use of their username and password or any other security violation they may become aware of.
The Athenaeum does not ask users to confirm their password via email; it is therefore necessary to be duly alert and avoid falling prey to phishing scams (a type of cyber scam by which the attacker attempts to trick the victim into providing personal data – Source: Wikipedia Italian version).
Additional rules applicable to those performing data entry operations
These individuals know they are directly responsible for operations conducted under their own password and are held to keep all work related information secret, can not divulge nor communicate to external parties any information pertaining to data management and processing methods, or use it in a way that may damage or jeopardise these and, unless specifically authorized to do so in writing by the manager, may not copy any information contained in the databank either in full or in part.
Personal data is only used for institutional purposes, is processed by both electronic and non electronic means, and kept only for the time necessary to fulfil the purpose for which it was collected pursuant to the principles of pertinence, completeness and excess avoidance.
Specific security measures are taken to prevent the loss of data, its illicit or improper use, and instances of unauthorized access.
Users may exercise their right to verify their personal data pursuant to art. 7 of Leg. Dec. 196/2003, by sending a specific request titled "privacy right" ("diritti privacy”) to the Direzione Sistemi Informativi, Portale, E-learning, who is responsible for the collection, processing and reporting of data via email at firstname.lastname@example.org, or by regular mail (Università degli Studi di Torino - Direzione Sistemi Informativi, Portale, E-learning - via Verdi 8, 10124 Turin). This applies to all information regarding the treatment of personal data collected through the Athenaeum Portal unless otherwise indicated within a specific application.
Requests for information of any other type should be sent to the responsible department or person listed in the University Directory.
This policy may be referenced by specific service disclaimers published online and may be updated and revised to reflect changes in the applicable regulations and the further development of information technology.
The University of Turin reserves the right to change this section at any given time and communicate its decision by suitable electronic means.