Information on cookies and the processing of personal data on the University Portal system websites

Processing of the personal data of the website users.

1. Reason for this statement

This statement, in accordance with art. 13 of Legislative Decree No. 196/2003 - Personal Data Protection Code, is addressed to users who interact with the Portal System of the Alma Mater Studiorum - University of Bologna at the address: http://www.unibo.it, which corresponds to the homepage of the University’s official Portal.

This statement is valid only for the websites of the “University Portal System” and does not apply to websites that users may access via any links. The presence of this statement in the page footer guarantees that users are in the "Portal System" of the University of Bologna.

The policy is also inspired by EU Recommendation No. 2/2001, which the European Authorities for the protection of Personal Data, part of the Group established by Art. 29 of Directive No. 95/46/EC, adopted on 17 May 2001 to identify the minimum on-line data collection requirements, and specifically the methods, terms and nature of the information that the Data Controller must provide users when they connect to the website, regardless of the purpose of the connection. 

2. Type of Data Processed

Alma Mater Studiorum - University of Bologna, in its capacity as Data Controller, informs that, by entering personal information on the website and/or by accessing the University's web services, data relating to identified or identifiable persons may be processed. The Portal System websites may also use:

  • cookies to make the services easy to navigate and to ensure the efficient use of the web pages of the Alma Mater Studiorum - University of Bologna.
  • cookies to help improve the services provided to users, making their use more effective and/or enabling specific functions.
  • cookies sent by other websites or servers (i.e. “third-party cookies”), which may contain elements (for example, images, maps, sounds, specific links to other sites) present on the page that the user is visiting.

2.1  Cookies used

2.1.1 Session cookies

The Portal System websites use:

  • session cookies, which are indispensable to manage user authentication when accessing on-line services and reserved areas. These cookies (which are not permanently saved on the user’s computer but are eliminated once the browser is closed) are used to transmit session details required to allow users to browse the website safely and efficiently.
  • session cookies for load balancing, to optimise the website performance and reduce page loading times.
  • cookies strictly necessary for the correct functioning of the websites and to save navigation preferences.

By disabling these cookies users will not be able to use some of the on-line services. 

2.1.2 Analytical/monitoring cookies

Portal System websites use third-party analytical cookies, which the third party has undertaken to use only to supply the service and to store separately without cross-referencing the information collected with any other information it may have.

In particular, the University uses the following services:

  • Piwik, an open source Web Analytics software, used to analyse user navigation data in anonymous and aggregate form, directly without the intervention of third parties. For further information, please see the relevant Privacy policy;
  • Google Analytics, an analytical tool owned by Google, Inc. that allows the University to obtain anonymous and aggregated statistics, used to optimise the websites and its services.  The University has set up a technical tool, suggested by the third party, to mask the IP address and allow all user IP addresses to remain anonymous. IP anonymising/masking takes place as soon as data is received by Google Analytics collection network, before the data is stored or processed to generate statistics on the use of the web portal. Google Analytics anonymises the address as soon as this is technically feasible, in the passage upstream from the network on which the data is collected. For further information, please see Google Analytics IP Anonymization section or visit Data privacy and security overview.

On some pages (ex.: in the web application Studenti Online), the website also uses New Relic, an analytics service provided by New Relic, Inc., 188 Spear Street - Suite 1200 - San Francisco, CA – 94105 USA, which uses cookies to collect and analyse aggregate information on user navigation. For further information on the privacy policies adopted by New Relic, Inc., please click here.

Analytical/monitoring cookies can be disabled without affecting the navigation of the portal: to disable cookies, please see “How to disable cookies” in the following section.

2.1.3 Other types of cookies

On some of its pages, the Portal System may integrate functionalities developed by third parties and/or third party profiling cookies, which may be installed during navigation. The objective of this integration is to assess the effectiveness of the University’s communication activity and divulge and give visibility to University activities and content on matters of public and social interest. These may include, but are not limited to:

  • the use of java script to register and send to Facebook information regarding users who have visited specific pages in response to postings on Facebook;
  • the use of services that allow to interact with social networks (ex.: “social plug-ins”) or with other external platforms, through pages of the Portal System websites (for example, view videos on YouTube and Vimeo, Google Maps).

In these cases, or when users access the site after logging in through their Facebook, LinkedIn, Google or Twitter account, some personal data may be acquired by the social network platforms. The information collected by third parties is processed and managed in accordance with the relevant policies, which we recommend reading. For reference and to ensure transparency, the cookies and privacy policies are listed below.

2.1.4 How to disable cookies

Disabling all cookies

Users can deny consent to the use of cookies by selecting the appropriate settings in their browser: nevertheless, all the functions of the Portal System websites will be available during non-authenticated navigation.  

The links below lead to information on how to disable cookies on the most popular browsers (for all other browsers, we advise users to look for this option in the help section of the software).

Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies#ie=ie-10  

Google Chrome: https://support.google.com/chrome/answer/95647?hl=it

Mozilla Firefoxhttp://support.mozilla.org/it/kb/Gestione%20dei%20cookie?redirectlocale=en-US&redirectslug=Cookies

Opera: http://help.opera.com/Windows/10.00/it/cookies.html

Apple Safarihttp://www.apple.com/it/privacy/use-of-cookies/ 

Disabling third-party cookies

Third-party cookies may also be disabled following the instructions available in the relevant policies (paragraph 2.1.3) and/or made available directly by the data controlling companies.

To disable only Google Analytics cookies users may use the opt-out add-on provided by Google for the most commonly used browsers. This way, users will be able to access all the on-line services of the Portal System websites. 

Deleting previously stored cookies

Even if users deny consent to the use of external cookies, before doing so the cookies may already have been stored on their device. For technical reasons, it is not possible to remove these cookies, however the browser allows users to delete them using the privacy settings. Browser options include a "Delete navigation data" option, which can be used to delete cookies, website data and plug-ins. 

2.2 Remote traffic data

The information technology systems and software procedures used by the Portal System websites during normal operations acquire some personal data whose transmission is implicit in the use of Internet communication protocols and is necessary to improve the quality of the service offered.

This information is not collected to be associated with identified users, but due to its nature, when elaborated and associated, it may lead to their identification.

This category of data includes: IP addresses, domain names of the computers used by users to connect to the site; the addresses in URI (Uniform Resource Identifier) format of the resources requested, the time when the request is made, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server (successful, error, etc.) and other parameters concerning the user's operating system and computer environment. The provision of personal data is compulsory. Unless otherwise provided, this data is stored for six months.

This data is used solely to obtain anonymous statistical information on how the site is used and/or to make sure it is working properly. This data could also be used to ascertain liability in the event of hypothetical cyber-crimes or in the event of damages caused to the University or to third parties. Data is treated in accordance with Rectoral Decree 271/2009, art. 14 Annex B, and may be provided to the Authorities in the event of investigations, inspections, etc.

2.3 Data voluntarily provided by users

The optional, explicit and voluntary sending of emails, messages and any other type of communications, addresses or contact details indicated on this portal implies the subsequent acquisition of the sender's email address and any other personal data used to reply to requests. All data will be processed in compliance with the principles of correctness, lawfulness and transparency, protecting confidentiality as required by Legislative Decree No. 196/03.
Specific summary information will be progressively provided or displayed on the relevant website pages for specific services. 

3. Data Controller

The Data Controller is Alma Mater Studiorum - University of Bologna, with its headquarters in via Zamboni no. 33, 40126 – Bologna, Italy.
The "Data Processors" are the persons responsible for the administrative, technical, teaching and scientific facilities (the list of Directors/Vice-deans and Heads of each facility are listed on the website www.unibo.it).

The processing of personal data in connection with the web services offered by the Portal System, mentioned in points 2.1 and 2.2, is carried out where the Data Processors are located: AAGG (via Acri, 12 - 40126 Bologna) and Ce.S.I.A. (viale Filopanti, 3 – 40126 Bologna). Please see the names of the people responsible for these administrative facilities.

The list of the administrators of the University’s central systems is available from CeSIA at the request of the data subject by writing to assistenza.cesia@unibo.it

Users intending to object to the processing of their data for legitimate reasons must notify Alma Mater Studiorum - University of Bologna by writing to AAGG — University Portal Unit, via Acri, 12 - 40126 Bologna, or sending an email to privacy@unibo.it

4. Optional Data

Aside from the mentioned cookies and browsing data, users are free to provide personal details by filling in the forms on the Portal System websites or when contacting the University to request information and for any other communications, or when accessing specific services.
If users do not provide this data, they may not be able to receive what they requested.

5. Data Processing Modalities

Personal data are processed exclusively for University purposes, with automated systems only for the time necessary to fulfil the purposes for which they were collected.
Specific security measures are in place to prevent loss, unlawful and inappropriate use of data and unauthorised access.

6. Data Subject Rights

Data subjects shall have the right to obtain at any time confirmation as to whether or not personal data concerning them exist, to be informed of the content and source of such data, to check their accuracy and request integration, updating or rectification (article 7 of the Personal Data Protection Code).

Pursuant of the same article, data subjects have the right to request that their personal details are deleted, transformed into anonymous format, block any unlawful use of their details, and refuse authorisation to process their personal details for legitimate reasons.

These rights can be exercised by writing to the Data Controller at the address above.

This Privacy Policy shall be subject to updates.