Information on cookies and the processing of personal data on the University Portal system websites

Processing of the personal data of website users.

Pursuant to arts. 12, 13 and 14 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), this information is provided to persons who interact with the Portal system of Alma Mater Studiorum - University of Bologna, commencing from the address: www.unibo.it (being the home page of the official Portal of the University).

The University portal system may in fact collect and process the personal data of users, in order to guarantee the provision of on-line services, facilitate easier and more effective browsing, enable the University to analyse website traffic, improve the functioning of websites and services, and interact with users.

This information is provided for all websites within the "University Portal System", but not for any other websites that users may access via links. The presence of this information in the page footer (last part below) guarantees users that they are within the "Portal System" of the University of Bologna.

Justification for the lawfulness of processing is found in art. 6, para. 1 (e), of the GDPR.

  1. Parties involved in processing
  2. Types of data processed and reasons for processing
  3. Methods of processing
  4. Data retention period
  5. Nature of the provision of data
  6. Rights of data subjects

 

1. Parties involved in processing

The Data Controller is Alma Mater Studiorum - University of Bologna, with registered offices at via Zamboni 33 – 40126 Bologna, in the person of the Rector who is its Legal Representative.
Contact details:
e-mail: privacy@unibo.it
certified e-mail: scriviunibo@pec.unibo.it

The internal Data Processors responsible for responding to data subjects are:
with regard to management of the IT infrastructure and retention of the log files generated by CIP, the Head of the IT Systems and Services Division - CeSIA, viale Filopanti 3 - 40126 Bologna (BO). The list of system administrators is available from CeSIA and can be supplied to the data subject on request by writing to the address assistenza.cesia@unibo.it.

With regard to the processing of personal data related to the web services of the websites within the Portal System (see points 2.1 and 2.2), ARTEC – Industrial Relations, Third Mission and Communications Division – via Acri 12 – 40126 Bologna and Ce.S.I.A. – IT Systems and Services Division – viale Filopanti 3 – 40126 Bologna. The names of the heads of these structures can be found in the General Administration section.

Contact details of the Data Protection Officer (DPO):
e-mail: privacy@unibo.it 
certified e-mail: scriviunibo@pec.unibo.it

 

2. Types of data processed and reasons for processing

Alma Mater Studiorum - University of Bologna, in its capacity as Data Controller, confirms that data relating to identified or identifiable persons may be processed after personal information is input to this website and/or access is made to the University's web services. The Portal System websites may also use:

  • cookies to make the services easy to browse and to ensure efficient use of the web pages of the Alma Mater Studiorum - University of Bologna;
  • cookies to improve the services provided to users, making their use more effective and/or enabling specific functions;
  • cookies sent by other websites or web servers (i.e. “third-party cookies”), which may contain elements (for example, images, maps, sounds, specific links to the web pages of other sites) present on the page that the user is visiting.

2.1 Cookies

2.1.1 Session cookies

The Portal System websites use:

  • session cookies, which are indispensable to manage user authentication when accessing on-line services and reserved areas. These cookies (which are not permanently saved on the user’s computer but are eliminated once the browser is closed) are used to transmit session details required to allow users to browse the website safely and efficiently.
  • session cookies for load balancing, to optimise the website performance and reduce page loading times.
  • cookies strictly necessary for the correct functioning of the websites and to save navigation preferences.

By disabling these cookies users will not be able to use some of the on-line services.  

2.1.2 Analytical/monitoring cookies

Portal System websites use third-party analytical cookies, which the third party has undertaken to use only to supply the service and to store separately without cross-referencing the information collected with any other information it may have.

In particular, the University uses the following services:

  • Piwik, an open source Web Analytics software, used to analyse user navigation data in anonymous and aggregate form, directly without the intervention of third parties. For further information, please see the related Privacy policy;
  • Google Analytics, an analytical tool owned by Google, Inc. that allows the University to obtain anonymous and aggregated statistics, used to optimise the websites and its services.  The University has set up a technical tool, suggested by the third party, to mask the IP address and allow all user IP addresses to remain anonymous. IP anonymising/masking takes place as soon as data is received by Google Analytics collection network, before the data is stored or processed to generate statistics on the use of the web portal. Google Analytics anonymises the address as soon as this is technically feasible, in the passage upstream from the network on which the data is collected. For more information, please see Google Analytics section  IP anonymisation or visit Data privacy and security overview.

On some pages (ex.: in the web application Studenti Online), the website also uses New Relic, an analytics service provided by New Relic, Inc., 188 Spear Street - Suite 1200 - San Francisco, CA – 94105 USA, which uses cookies to collect and analyse aggregate information on user navigation. For further information on the privacy policies adopted by New Relic, Inc., please visit the Privacy Policy page. 

Analytical/monitoring cookies can be disabled without affecting the navigation of the portal: to disable cookies, please see “How to disable cookies” in the following section.

2.1.3 Other types of cookie

On some of its pages, the Portal System may include functionalities developed by third parties and/or third party profiling cookies, which may be installed during navigation. The objective of this integration is to assess the effectiveness of the University’s communication activity and divulge and give visibility to University activities and content on matters of public and social interest. These may include, but are not limited to:

  • the use of JavaScript to register and send information to Facebook, Instagram, LinkedIn or other social networks about the users who have visited specific pages in response to postings on them;
  • the use of services that allow interaction with social networks (ex.:  “social plug-ins”) or other external platforms via the pages of the Portal System (for example, view videos on YouTube and Vimeo, Google Maps);
  • the use of services that allow you to set and update scientific publications, such as the BibBase service.

In these cases, or when users access the site after logging in through their Facebook, LinkedIn, Google or Twitter account, some personal data may be acquired by the managers of the social network platforms. The information collected by third parties is processed and managed in accordance with the relevant policies, which we recommend reading. For reference and to ensure transparency, the cookies and privacy policies are listed below.

2.1.4 How to disable cookies

  • Disabling all cookies

Users can deny consent to the use of cookies by selecting the appropriate settings in their browser: nevertheless, all the functions of the Portal System websites will be available during non-authenticated navigation.  

The links below lead to information on how to disable cookies on the most popular browsers (for all other browsers, we advise users to look for this option in the help section of the software).

Internet Explorerhttp://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies#ie=ie-10  

Google Chromehttps://support.google.com/chrome/answer/95647?hl=it

Mozilla Firefox:  http://support.mozilla.org/it/kb/Gestione%20dei%20cookie?redirectlocale=en-US&redirectslug=Cookies

Operahttp://help.opera.com/Windows/10.00/it/cookies.html

Apple Safari:  http://www.apple.com/it/privacy/use-of-cookies/ 

  • Disabling third-party cookies

Third-party cookies may also be disabled following the instructions available in the relevant policies (paragraph 2.1.3) and/or made available directly by the data controlling companies.

To disable just Google Analytics cookies users may use the opt-out add-on provided by Google for the principal browsers. This way, users will be able to access all the on-line services of the Portal System websites.

  • Deleting previously stored cookies

Even if users deny consent to the use of external cookies, before doing so the cookies may already have been stored on their device. For technical reasons, it is not possible to remove these cookies, however the browser allows users to delete them using the privacy settings. Browser options include a "Delete navigation data" option, which can be used to delete cookies, website data and plug-ins. 

2.2 Remote traffic data

The information technology systems and software procedures used by the Portal System websites during normal operations acquire some personal data whose transmission is implicit in the use of Internet communication protocols and is necessary to improve the quality of the service offered.

This information is not collected to be associated with identified users, but due to its nature, when elaborated and associated, it may lead to their identification.

This category of data includes the accounts and IP addresses of the users who connect to the site, the addresses in URI (Uniform Resource Identifier) format of the resources requested, the time when the request was made, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server (successful, error, etc.) and other parameters concerning the user's operating system and computer environment. The provision of personal data is compulsory. Unless specified otherwise pursuant to current regulations, this data is retained for six months.  After the first six months, the data is rendered anonymous, by removing the last digit of the IP address, and retained for a further 36 months.

This data is used solely to obtain anonymous statistical information on how the site is used and/or to make sure it is working properly. This data could also be used to ascertain liability in the event of hypothetical cyber-crimes or in the event of damages caused to the University or to third parties. This data is processed in compliance with the requirements of attachment B, art. 14, of R.D. 271/2009 dated 23.02.2009 (consolidated text on privacy and use of the University's IT systems) and may be communicated to the Judicial Authorities in the event of investigations, inspections etc.

2.3 Data provided voluntarily by users

The optional, explicit and voluntary sending of emails, messages and any other type of communications, addresses or contact details indicated on this portal implies the subsequent acquisition of the sender's e-mail address and any other personal data used to reply to requests. Such processing is carried out in accordance with the principles embodied in the GDPR, with particular reference to the lawfulness, fairness and transparency of processing, use of the data for specified, explicit and legitimate purposes relevant to the reasons for which it was processed, and compliance with the principles requiring the minimisation of data, completeness and accuracy, limitation of the retention period and accountability (art. 5 GDPR). Specific summary information will be progressively provided or displayed on the relevant website pages for specific services.

3. Methods of processing

Personal data is processed exclusively for University purposes using automated systems, solely for the time necessary to fulfil the purposes for which it was collected.

Specific security measures are in place to prevent loss, unlawful and inappropriate use of data and unauthorised access.

4. Data retention period

Consistent with the principles established in art. 5 of Regulation (EU) 2016/679, data will be retained by Alma Mater Studiorum – University of Bologna for a period of time no longer than is necessary for the purposes of processing and with specific regard for the storage retention principle established in art. 5 (e) of Regulation (EU) 2016/679. In all cases, personal data will not be retained for a period in excess of 6 months.

5. Nature of the provision of data 

Aside from the mentioned cookies and browsing data, users are free to provide personal details by filling in the forms on the Portal System websites or when contacting the University to request information and for any other communications, or when accessing specific services.
If users do not provide this data, they may not be able to receive what they requested.

6. Rights of data subjects

The data subjects to which the personal data relates enjoy the rights specified in sections 2, 3 and 4 of Chapter III of Regulation (EU) 2016/679.
In particular, they have the following rights in relation to the data controller: right of access to their personal data and its rectification or erasure, right to restrict or object to processing that relates to them and right to data portability.

Data subjects are also entitled to:

  • withdraw consent at any time, without however prejudicing the lawfulness of processing based on consent given before its withdrawal. In that case, no further data relating to them will be collected, although any data already collected will contribute to the results of the research, without altering them, as will any data that, at source or after processing, cannot be linked with an identified or identifiable data subject;
  • complain to a supervisory authority.

Data subjects may contact the Data Processor in order to exercise these rights.