Anyone who uses University services and tools or contributes to the implementation of institutional activities

Processing for the purposes of identifying and verifying the digital identity of a person

Purposes of processing personal dataSpecific processing purposes and methods

Personal data and any special categories of data (for example, data that may be revealed by photographs) are processed in order to establish and verify the identity of staff, students, collaborators, and third parties working at the University.

To this end, the data may be processed:

  • for digital signing purposes, to allow signatories to electronically sign documents in the performance of their institutional duties (for example, in order to maintain digital records of exams and/or for other record-keeping purposes);
  • to assign usernames and passwords in order to allow access to the University network, the related network services and IT applications (including the creation of an electronic mailbox to be used of institutional communications). The data are also processed in order to ensure the proper management of authorisations, including from an IT perspective, through the digital identity of the data subject;
  • to assign a badge to each employee, collaborator, student and third party so that they can be identified within the University. This badge also enables: 
    • access to rooms;
    • the control of physical access to the structures and rooms of the University in order to protect its assets and improve security. It should be noted that, for this purpose, the badges are equipped with radio-frequency identification (RFID), which makes it possible to identify users through the University’s “CIP” (access control) system. The personal data used (name, surname, student registration number, affiliation/type of appointment, access and exit data) are recorded when the badge is passed over the reader.

Legal basisLegal basis of the processing and nature of the provision of data

The legal basis for the data processing is found in articles 6, paragraph 1, letter e) (processing carried out in the public interest) and 9, paragraph 2, letter g) (processing for reasons of substantial public interest) of Regulation (EU) 2016/679.

The provision of personal data is compulsory. Refusal to provide the data will make it impossible to perform the work and/or make use of the University services.

Recipients of personal dataRecipients

In addition to the recipients mentioned in the general privacy policy, the data may also be sent to third parties appointed as Data Processors pursuant to art. 28 of Regulation (EU) 2016/679, who may directly assist the University in activities that entail the processing of personal data (including: printing and issuing badges, issuing certificates signed electronically and/or for authentication purposes and/or to manage the University’s information systems and services relating to digital identity management).

Data retention periodData retention period

The data processed internally with regard to the assignment and expiry of digital signatures will be retained for the entire period during which the service is active and may be retained for longer periods for statistical analysis and/or service improvement purposes.

Retention periods for usernames and passwords are defined by the regulations or through decrees issued by senior management.

Once the badge is returned to the University, it is destroyed by the relative office.

Processing of personal data for the purposes of transparency (publicity and access), prevention, and fighting corruption and maladministration

Purposes of processing personal dataSpecific processing purposes and methods

In order to encourage data subjects to participate in administrative activities, as well as to promote widespread forms of monitoring the fulfilment of institutional duties and the use of public resources, it may be necessary to process some of the data subject’s personal data (e.g. personal details, career data, financial and income data, etc.) by publishing them on the University website in the “Transparent Administration” section.

The data in question may be originally collected for different purposes (for example, when assigning a specific institutional or professional position) and may be published in compliance with current regulation.

Legal basisLegal basis of the processing and nature of the provision of data

The legal basis for such processing is to be found in the institutional tasks entrusted to the Alma Mater Studiorum – University of Bologna aimed at complying with legal provisions for the purposes of transparency (publicity and access), prevention, and fighting corruption and maladministration, in light of the regulatory framework set out below:

  • art. 6 of Regulation (EU) 2016/679, paragraph 1 (c) (processing for legal obligations) and (e) (processing for reasons of public interest);
  • Legislative Decree No. 165/2001 - General rules concerning the organisation of employment in public administrations;
  • Legislative Decree No. 33 of 14 March 2013 - Restructuring the rules governing the public administration’s obligations in relation to the publicity, transparency and dissemination of the information
  • Legislative Decree No. 97 of 25 May 2016 - Restructuring the rules governing the right of civic access and the public administration’s obligations in relation to the publicity, transparency and dissemination of the information;
  • Law No. 190 of 6 November 2012 - Provisions for the prevention and repression of corruption and illegality in the public administration;
  • Legislative Decree No. 39 of 8 April 2013 - Provisions on the preclusion from and incompatibility of positions in the public administration and publicly controlled private corporations;
  • Law No. 241 of 7 August 1990 - New regulations on administrative procedure;
  • Legislative Decree No. No. 50 of 18 April 2016 - Public contracts code.

The provision of data for the above-mentioned purposes is mandatory.

Recipients of personal dataRecipients

Data are processed by the Persons in charge of their transmission and publication identified in the Corruption Prevention Plan – Annex A), by the Head of Corruption Prevention and Transparency and disseminated on the University website by persons specifically authorised by the Alma Mater Studiorum – University of Bologna.

Data retention periodData retention period

If the data subject’s personal data are disclosed for the above-mentioned purposes, they will be published for five years starting from 1 January of the year following the year of publication.

The only exceptions are:

  • acts that continue to have effect at the end of the five-year period, which must remain published until they cease to have effect (e.g. information on political bodies and public administration managers, which is updated and may remain online beyond the five-year period, until their term of office ends or their position is vacated);
  • data concerning holders of political offices, managers and holders of positions, consultants and collaborators (such data shall remain published for three years after the position is vacated).

Once these deadlines have elapsed, a request for generalised civic access to the data may be submitted pursuant to art. 5 of Legislative Decree 33/2013.

Privacy and cookie policy applicable to users of the University Portal system websites

Privacy and cookie policy applicable to users of the University Portal system websites

Privacy policy applicable to users of ACNP - Italian Periodicals Catalogue

Privacy policy applicable to users of ACNP - Italian Periodicals Catalogue (in Italian)

Processing in relation to subscriptions to newsletters promoted by the University

Purposes of processing personal dataSpecific processing purposes and methods

This privacy policy is for those subscribing to newsletters and guarantees them the possibility of unsubscribing at any time. The newsletters have been created in order to achieve one or more of the following purposes contemplated in Law no. 150/2000, including:

    • illustrating the activities of the University and how it operates;
    • raising awareness of and facilitating access to services;raising awareness of topics of significant public and social interest;facilitating the internal simplification of procedures and administrative processes;

promoting the image of the University (and Italy) in Europe and the rest of the world, publicising and enhancing the visibility of important local, regional, national and international events.

The personal data are processed in order to register the data subject on a mailing list for the purposes of managing the University newsletters, also through specific organisational units. To this end, data subjects will automatically receive by email all communications pertaining to the topic or area of reference.

The newsletters may also be used to facilitate the sharing of administrative, teaching or research procedures and activities, and to maintain a dialogue with and between students, teachers, professional staff and, in general, all Italian and foreign citizens interested in the activities discussed in the newsletters.

Legal basisLegal basis of the processing and nature of the provision of data

The legal basis for the processing is found in art. 6, paragraph 1, letter e) (processing carried out in the public interest) of Regulation (EU) 2016/679.

If the data subject does not provide the data for the purposes and in the manner described above, said data subject will not be able to use the service related to the newsletter.

Recipients of personal dataRecipients

In addition to the potential recipients mentioned in the general privacy policy, the data may be processed by companies and foundations appointed as Data Processors to perform activities such as, for example, website maintenance and managing web spaces.

Data retention periodData retention period

With regard to the above purposes, the data will be kept only for the period during which the newsletter service is active.

 

Processing of personal data for an event

Purposes of processing personal dataSpecific processing purposes and methods

The aim of this document is to provide all the information necessary to take part in events run by Alma Mater Studiorum - University of Bologna for which information different to that specified below has not been provided. When registering for an event, if a different privacy policy pursuant to articles 13 and 14 of Regulation (EU) 2016/679 is provided, the data subject must refer exclusively to the content of the specific privacy policy provided at the registration stage.

More specifically, the personal data collected when participating in an event may be processed for the following purposes:

  1. to guarantee and manage participation in the event concerned. The data will be processed in order to register data subjects for the event, to contact them with regard to information strictly related the event and, where applicable, to monitor the University’s learning, project and/or research activities;
  2. to create informational and promotional multimedia materials and videos. The personal data, and in particular the data subject’s image, may be processed in order to create videos and multimedia materials to be used for informational and promotional purposes with a view to achieving the institutional goals pursued through the event.
    The images, videos and other multimedia materials will be stored in electronic and/or other formats using any type of technological support for the purposes and within the limitations defined above and may be disseminated in accordance with Law 150/2000 via institutional websites and social network channels (including but not limited to: Facebook, Twitter, YouTube). Use of the images does not give the right to receive any remuneration. All use of images that might prejudice the honour, reputation or dignity of the person shown, filmed or recorded is specifically excluded, regardless of the circumstances.

Legal basisLegal basis of the processing and nature of the provision of data

The legal basis for the processing referred to in point (I) is found in art. 6, paragraph 1, letter e) (processing carried out in the public interest) of Regulation (EU) 2016/679.

In the event that the data subject decides not to provide their data for the purposes and methods referred to in point (I), the University will not be able to guarantee and manage their participation in the event.

The legal basis for the processing referred to in point (II) is found in art. 6, paragraph 1, letter a) (processing based on the consent given by the data subject) of Regulation (EU) 2016/679.

Data subjects will be deemed to have given their consent to appearing in the videos and multimedia materials referred to in point (II) if they voluntarily go to an area where it has been indicated that photographic, video or audio recordings will be made (e.g. conference halls spaces at a conference, etc.). These spaces will be clearly labelled with a specific information icon.

Recipients of personal dataRecipients

In addition to the potential recipients mentioned in the general privacy policy, the data may be processed by companies and foundations appointed as Data Processors to perform activities such as, for example, website maintenance, managing web spaces, taking photos and recording and editing videos.

Data pertaining to participants may also be processed by those funding the project or activity in relation to which the event was planned, solely for monitoring and reporting purposes.

Data retention periodData retention period

With regard to the purposes referred to in point (I), the data will be kept only for the time strictly necessary for the event to take place, except in cases where the data must be kept for longer in order to comply with legal requirements or with the retention periods established in, for example, calls for funded research proposals.

With regard to the purposes referred to in point (II), the data will be kept for the time strictly necessary to achieve said purposes and, unless otherwise indicated at the time of providing the data, for not more than five years.