Cookies and other personal data tracking tools on the University Portal System websites

This information is provided by the Data Controller (Alma Mater Studiorum - University of Bologna) to those interacting with the University Portal System through the websites with domain name and related subdomains that contain a direct link to this policy in the footer. The presence of the link informs users that they are within the University of Bologna “Portal System” and that the page being visited uses all or some of the cookies detailed in this policy. This information does not apply to other websites, pages or web services accessible via hyperlinks to any resources outside the domain that may be published in the Portal System.

For additional information on the Data Controller, on the Data Protection Officer and on how data subjects can exercise their rights, please refer to the Privacy Policy Statement.

1. Types of data processed and purposes of processing

Alma Mater Studiorum - University of Bologna, in its capacity as Data Controller, confirms that data relating to identified or identifiable persons may be processed after personal information is input to this website and/or access is made to the University web services. The Portal System websites may also use:

  • cookies to make the services easy to browse and to ensure efficient use of the Alma Mater Studiorum - University of Bologna web pages;
  • cookies to improve the services provided to users, making their use more effective and/or enabling specific functions;
  • cookies and other tracking tools sent by other websites or web servers (i.e. “third-party cookies”), which may host certain elements (for example, images, maps, sounds, specific links to web pages of other domains) that are present on the page that the user is visiting.

1.1 Strictly necessary cookies

1.1.1 Cookies to enable website functionality

The Portal System websites use:

  • session cookies, which are indispensable to manage user authentication when accessing web services and personal account areas. These cookies (which are not permanently stored on the user’s computer but are removed once the browser is closed) are used exclusively to transmit session details required to allow users to browse the website securely and efficiently;
  • session cookies for load balancing, to optimise the website performance and reduce page loading time;
  • strictly necessary cookies to enable website functionality or save browsing and cookie preferences (for six months).

If these cookies are disabled, users will not be able to use some web services.  

1.1.2 Analytical/monitoring cookies

Portal System websites use third-party analytical cookies, which the third party has undertaken to use only to provide the service and anonymously, without cross-referencing the information collected with any other information it may have.

In particular, the University uses the following services:

  • Matomo, an open source Web Analytics software to analyse statistical user browsing data in anonymous and aggregate form, directly and without the intervention of third parties. For further information, please visit the related Privacy Policy;
  • Web Analytics Italia (hereinafter WAI), based on Matomo, which uses cookies analytics of AgID for strictly statistical purposes and by implementing IP anonymization. For further information, please visit the related Privacy Policy;
  • On some pages (e.g. in the Studenti Online web application), the website also uses New Relic, a web traffic analytics service provided by New Relic, Inc., 188 Spear Street - Suite 1200 - San Francisco, CA – 94105 USA, which uses cookies to collect and analyse anonymous or aggregate information on user browsing. For further information on the privacy policies adopted by New Relic, Inc., please visit the Privacy Policy page. 

Analytical/monitoring cookies can be disabled without affecting navigation: to disable cookies, please see “How to decline and/or disable cookies” in the following section.

Having regard to the retention period established by the University for New Relic and Matomo cookies, please note the following:



Type   - Function/data collected



New Relic

Used by New Relic for session counts to   monitor the application.

When the browsing session ends



Records a unique ID for each user

13 months



Records the visit date 

30 minutes

1.2 Optional profiling cookies

On some of its pages, the Portal System may include functionalities developed by third parties and/or third-party profiling cookies, which may be installed during browsing. The website may use certain tracking tools called “pixels or beacons” of third parties, for instance Facebook or YouTube or other social web service providers. These cookies allow third parties to acquire data on the users that are browsing the University websites and interact with them directly on their favourite social media. 

The purpose of this integration is to assess the effectiveness of the University’s institutional communications and/or divulge and give visibility to institutional activities and/or content on matters of public and social interest. These may include, but are not limited to:

  • the use of JavaScript code to record and send information to Facebook, Instagram, LinkedIn or other social media about the users who have visited specific pages in response to ads posted on those social media;
  • the use of services that allow interaction with social media (e.g. “social media plugins”) or other external platforms via the Portal System pages (for example, to view videos on YouTube and Vimeo, Google Maps).

In these cases, or when users access the website after logging in through their Facebook, LinkedIn, Google or Twitter account, some personal data may be acquired by the managers of those social media platforms. The information collected by “third parties” is managed in accordance with the relevant policies, to which reference is made. For the sake of convenience and transparency, the web pages where the relevant cookie and privacy policies are published are listed below.

1.3 Remote traffic data

The information technology systems and software procedures used by the Portal System websites during normal operation acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols and is necessary to improve the quality of the service offered.

This information is not collected to be associated with identified users; however, due to its nature, it may lead to user identification when processed and combined.

This category of data includes the accounts and IP addresses of the users who connect to the website, the addresses in URI (Uniform Resource Identifier) format of the resources requested, the time when the request was made, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters concerning the user’s operating system and computer environment.

Unless otherwise specified pursuant to current regulations, this data is retained for six months. After the first six months, the data is rendered anonymous, by removing the last digit of the IP address, or is deleted.

This data is used solely to obtain anonymous statistical information on how the website is used and/or to make sure that information systems are working properly. This data could also be used to ascertain liability in the event of any cybercrimes or damages caused to the University or third parties. This data is processed in compliance with the requirements of R.D. 271/2009 and may be disclosed to the Judicial Authorities in the event of investigations, inspections etc.

1.4 Data voluntarily provided by users

The optional, explicit and voluntary sending of emails, messages and any other type of communications to addresses or contact details indicated on this portal implies the subsequent acquisition of the sender’s address and any other personal data used to reply to requests. Such processing will be carried out in accordance with the principles of the GDPR, having regard in particular to the lawfulness, fairness and transparency of processing, the use of data for specified, explicit and legitimate purposes relevant to the processing, in compliance with the principles of data minimisation, completeness and accuracy, storage limitation, integrity and confidentiality, and accountability (Article 5 GDPR). Specific policies for certain services are available at

2. Legal basis

The personal data referred to in this page is processed by the University in order to perform its tasks in the public interest or in relation to the exercise of its public powers, including the task of carrying out institutional communication and information pursuant to Law 150/2000 and R.D. 271/2009. The legal basis for the processing of profiling cookies or other similar tracking tools is the consent referred to in Article 6, paragraph 1, point (a) of Regulation (EU) 2016/679.

3. How to decline and/or disable cookies

Disabling cookies

Users can decline consent to the use of profiling cookies via the banner that pops up on first access or via the “Cookie settings” link in the website footer (e.g. see the homepage).

Consent to cookies can be revoked also by selecting the appropriate setting in the browser. However, please note that, by declining consent to all cookies, users will not be able to use authentication-based services.

The links below lead to information on how to disable cookies on the most popular browsers (for all other browsers, we advise users to look for this option in the help section of the software).

Internet Explorer  

Google Chrome

Mozilla Firefox:


Apple Safari: 

Disabling profiling and/or third-party cookies

Profiling cookies could also be disabled following the instructions in the relevant policies mentioned above, as made available directly by each third party.

Deleting previously stored cookies

Even if users revoke consent to the use of third-party cookies, before doing so the cookies may already have been stored on their device. For technical reasons, it is not possible to remove these cookies, however the browser allows users to delete them using the privacy settings. Browser options include a “Clear browsing data” option, which can be used to delete cookies, website data and plugins. 

4. Recipients of personal data

The recipients of personal data collected following access to some of the services listed above are providers of technological platform development, operation and management services, in their capacity as Data Processors pursuant to Article 28 of Regulation (EU) 2016/679.