Menu

Privacy policy

According to Article 13 of Regulation (EU) 2016/679 (General Data Protection Regulation or "GDPR"), the University of Turin, owner of the data processing (hereinafter also referred to as "University") and represented by the Rector Pro Tempore, informs the users of the University web portal (www.unito.it) and of the *.unito.it URL sites on the use of their personal data. 

 

The purpose of this policy is to provide maximum transparency regarding the information that the Portal collects and how it uses it, and is limited to the University Portal.

 

Version: June 2021.

Data Controller

The Data Controller is the University of Turin, represented by the Rector Pro Tempore, via Giuseppe Verdi n. 8, 10124 Torino, email [email protected] and PEC [email protected].

Personal Data Protection Officer (DPO)

According to Articles 37 et seq. of EU Regulation 2016/679 (GDPR), the University has appointed a Personal Data Protection Officer (DPO) who can be contacted by email at [email protected].

Types of data processed

The computer systems and application procedures used to operate the University Portal acquire the following types of automated data to operate:

  • navigation data collected during the visit to the website, the transmission of which is implicit in the use of internet communication protocols. By way of example: IP address of the device connected to the site, type of browser used, name of the internet service provider (ISP), time and date of the visit, web page of origin of the visitor (referral) and of exit, etc.
  • browsing data collected through Google Analytics, adopting all measures that reduce the possibility of identifying the users who connect to the site. For example: the type of device used to connect, the city from which the connection is made, the duration of the visit to a site, etc.
  • data collected through cookies while users are browsing the site. For further details on the cookies used by the web portal or the sites that make up its system, see the cookie policy.
Purpose of processing

The data collected are used exclusively for the University's institutional activities for the following purposes:

  • to allow navigation of the University's web portal (www.unito.it) and of the sites corresponding to the *.unito.it URL
  • to provide the user with the requested information and services (specific summarised information can be found about particular services in the portal pages)
  • to obtain anonymous statistical information on the use of the University web portal or related services, to check its correct functioning, for security monitoring and identify how it can be improved (for navigation data)
  • fulfil legal obligations, comply with orders from public authorities, ascertain any liability in case of hypothetical computer crimes against the site or its users.
Legal bases of the processing

The legal bases of the processing can be identified in the following:

  • performance of tasks in the public interest or connected with the exercise of public powers as provided for and established by Legislative Decree no. 82/2005 "Digital Administration Code" and subsequent amendments and additions in relation to the provision of those institutional services of teaching and research
  • processing necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject
  • processing of data for the prevention and suppression of fraud and any other illegal activity
  • consent of the data subject according to Article 6(1) of G.D.P.R. 2016/676.
Processing methods

The personal data collected are processed in compliance with the principles set out in Article 5 of G.D.P.R. 2016/676, even with the aid of computer and telematic tools designed to store and manage the data themselves, and, in any case, in such a way as to guarantee their security and protect the confidentiality of the data subject.

 

For the provision and management of the University Portal services, the University uses the CINECA Inter-University Consortium, the registered office of which is in in via Magnanelli, 6/3, 40033 Casalecchio di Reno (BO). CINECA Inter-University Consortium has been appointed as external Data Processor according to art. 28 of Regulation (EU) 2016/679.

 

Processing by the CINECA Consortium is carried out in such a way as to guarantee adequate security of personal data, including protection, by means of appropriate technical and organisational measures, from unauthorised or unlawful processing and from accidental loss, destruction or damage.

Use of cookies

Cookies are small text files that a website sends to your browser for storage and transmission to the same website the next time you visit.

 

Through cookies it is possible to collect information relating to the user visiting a website (e.g.: date, time, pages visited, time spent on the site), some of which may be defined as personal data and therefore be subject to specific legal regulations.

 

The University portal uses technical and third-party cookies of various types for the purposes detailed on the appropriate page.

Categories of those people authorised to process data

The personal data of users are processed, in compliance with current legislation, by employees and collaborators of the University (identified as Authorised Data Processors) who manage the portal and its services.

Period of data retention

In relation to the various purposes for which they were collected, the data will be stored for the legally allowed time or for the time needed to pursue those purposes.

More specifically:

  • browsing data will be stored for a maximum of 365 days
  • navigation data collected through Google Analytics will be stored for a maximum of 26 months
  • the data collected through cookies will be kept for a period of time not exceeding that indicated in the extended notice attached to this document.

Any extension of the retention period must be considered exceptional and may only take place in relation to:

  • special technical or security requirements
  • the extent to which the data is indispensable for the exercise or defence of legal claims
  • the obligation to keep or hand over the data in order to comply with a specific request of the judicial authority or the judicial police.
The Interested Party’s Rights

When provided for and permitted, the interested party may obtain from the University of Turin the exercise of rights over their personal data (Articles 15-20 of G.D.P.R. 2016/676).

 

With regard to the procedures on how to exercise the rights provided for, the interested party may send a request with the subject: "privacy rights" to the Director of the Information Systems, Portal and E-Learning Department at the following email address: [email protected].

Complaint

In the event that the University does not comply with the request on the exercise of data rights, it is possible to lodge a complaint according to Article 77 of G.D.P.R. 2016/676 with the supervisory authority (Autorità Garante per la protezione dei dati personali email address: [email protected] - website: www.garanteprivacy.it).

Third parties

The University Web Portal (www.unito.it) and the sites corresponding to the *.unito.it URL make use of content and services of "third parties" due to the incorporation of external resources or the use of technologies which extend its functionality and improve user browsing.

 

Below is a list of the services activated on this website, including links to the corresponding privacy and cookie policies:

 

For further information on the services listed above and how to opt-out, please refer to the corresponding policies.

Profiling

The Owner does not use tools aimed at profiling users.

Changes to the Information

This information may be modified over time. It is therefore advisable to check that the version you are referring to is the most up-to-date by accessing this Privacy section.