Difference between revisions of "Data Management Privacy"

From Students@SISSA wiki
Jump to: navigation, search
(Created page with "**Information on the Processing of Personal Data** Pursuant to Articles 13 and 14 of Regulation (EU) 679/2016 (General Data Protection Regulation), we provide you with the fo...")
 
 
(21 intermediate revisions by the same user not shown)
Line 1: Line 1:
**Information on the Processing of Personal Data**
+
'''Information on the Processing of Personal Data'''
  
 
Pursuant to Articles 13 and 14 of Regulation (EU) 679/2016 (General Data Protection Regulation), we provide you with the following information regarding the personal data we process as part of the activities of:
 
Pursuant to Articles 13 and 14 of Regulation (EU) 679/2016 (General Data Protection Regulation), we provide you with the following information regarding the personal data we process as part of the activities of:
  
Students_data entry in ESSE3
+
* Students data entry in ESSE3 software.
  
**My Data in Summary**
 
  
**Who processes my personal data?**
 
Data Controller: Scuola Internazionale Superiore di Studi Avanzati 
 
LEGAL SEAT OF THE CONTROLLER: via Bonomea, 265 - 34136 Trieste 
 
CONTROLLER'S PHONE: 040 3787111 
 
CONTROLLER'S EMAIL: info@sissa.it 
 
CONTROLLER'S PEC: protocollo@pec.sissa.it 
 
  
**Contact points of the Controller:**
+
* '''Who processes my personal data?'''
Through the forms available on the site: [https://gdpr.unityfvg.it/aiuto-contatti](https://gdpr.unityfvg.it/aiuto-contatti) 
+
Or 
+
Internal Manager/Procedural Manager: 
+
PHONE: 040 3787111 
+
EMAIL: info@sissa.it 
+
INTERNAL OFFICE: Interdisciplinary Laboratory for Natural and Human Sciences and Student Secretariat 
+
  
**Data Protection Officer**
+
Data Controller: SISSA (Scuola Internazionale Superiore di Studi Avanzati)
You can contact the DPO at the following email address: dpo@sissa.it   
+
LEGAL SEAT OF THE CONTROLLER: via Bonomea, 265 - 34136 Trieste 
 +
CONTROLLER'S PHONE: 040 3787111 
 +
CONTROLLER'S EMAIL: info@sissa.it 
 +
CONTROLLER'S PEC: protocollo@pec.sissa.it   
  
**Why are my personal data processed?**
+
'''Contact points of the Controller:'''
We process your data to fulfill the following activities:
+
Enrollment in Degree Courses 
+
  
**What are my rights?**
+
Through the forms available on the site: [https://gdpr.unityfvg.it/aiuto-contatti https://gdpr.unityfvg.it/aiuto-contatti]
If the processing is based on consent, you can withdraw it at any time. Additionally, you always have the right to request access, rectification, deletion (subject to the retention obligations of the controller), and portability of your data; you can request the restriction of processing and have the right to object to it as well as to lodge a complaint with the Data Protection Authority.
+
Or 
 +
Internal Manager/Procedural Manager:
 +
PHONE: 040 3787111 
 +
EMAIL: info@sissa.it
 +
INTERNAL OFFICE: Interdisciplinary Laboratory for Natural and Human Sciences and Students' Secretariat 
  
**Why are my data processed?**
+
'''Data Protection Officer'''
We process your personal data according to the purposes stated and based on specific conditions of the lawfulness of processing as indicated below:   
+
You can contact the DPO at the following email address: dpo@sissa.it  
  
| Processing  | Legal Basis |
+
'''Why are my personal data processed?'''
|-------------|-------------|
+
| Enrollment in Degree Courses | The data subject has given consent to the processing of their personal data for one or more specific purposes |
+
  
If you refuse to provide your data, when the processing is based on a contract or a legal obligation, the failure to provide it prevents the provision of the service.
+
We process your data to fulfill the following activities: Enrollment in Masters and PhD Courses 
  
When consent is requested for processing, you will not suffer any consequences in case of refusal.
+
'''What are my rights?'''
  
In paper or online forms, the categories of data for which provision is mandatory or optional are indicated.
+
If the processing is based on consent, you can withdraw it at any time. Additionally, you always have the right to request access,
 +
rectification, deletion (subject to the retention obligations of the controller), and portability of your data; you can request the
 +
restriction of processing and have the right to object to it as well as to lodge a complaint with the Data Protection Authority.
  
**How are my data processed?**
+
'''Why are my data processed?'''
The processing may be carried out with the support of paper documents or IT tools.
+
  
The Controller uses authorized personnel for the processing of personal data, trained and instructed on the precautions to be taken to ensure the confidentiality, integrity, and availability of personal data. Some figures have specific tasks to ensure information security and personal data protection, as internal managers.
+
We process your personal data according to the purposes stated and based on specific conditions of the lawfulness of processing as
 +
indicated below: 
 +
TREATMENT: Enrollment in Degree Courses;
 +
LEGAL BASES: The subject has given consent to the processing of their personal data for one or more specific
 +
purposes.
 +
If you refuse to provide your data, when the processing is based on a contract or a legal obligation, the failure to provide it
 +
prevents the provision of the service.
 +
When consent is requested for processing, you will not suffer any consequences in case of refusal.
 +
In paper or online forms, the categories of data for which provision is mandatory or optional are indicated.
  
**Automated decision-making**
+
'''How are my data processed?'''
No automated decision-making processes are applied.
+
  
**Profiling**
+
The processing may be carried out with the support of paper documents or IT tools.
No profiling of the data subjects is carried out.
+
The Controller (SISSA) uses authorized personnel for the processing of personal data, trained and instructed on the precautions to
 +
be taken to ensure the confidentiality, integrity, and availability of personal data. Some figures have specific tasks to ensure
 +
information security and personal data protection, as internal managers.
  
**For how long are my data stored?**
+
'''Automated decision-making'''
Personal data will be processed for the time required by law and/or for the execution of contractual obligations.
+
  
| Processing | Duration |
+
  No automated decision-making processes are applied.
|-------------|-------------|
+
| Enrollment in Degree Courses | Student records and career data are stored indefinitely by the University |
+
  
**Who can process my data?**
+
'''Profiling'''
The data may be communicated, made available, and shared under the law or in fulfillment of specific requests of the data subject, also with third-party data controllers. There are cases where the University may also disclose, i.e., communicate, make available, or consult with undefined subjects. In some cases, the University may conclude co-ownership agreements with other subjects concerning specific processing. Additionally, the University operates, for its functioning, through subjects bound to the University by responsibility agreements. In this section, we provide an overview of who can be informed about your data as recipients of such communications. At any time, you can make a specific request to know to whom your data has been communicated.
+
  
**Communication to third-party controllers**
+
No profiling of the data subjects is carried out.
Personal data will not be communicated to third parties.
+
  
**Joint Controllers**
+
'''For how long are my data stored?'''
There are no joint controllers.
+
  
**Data Processors**
+
Personal data will be processed for the time required by law and/or for the execution of contractual obligations.
The Data Controller uses data processors who are required to comply with security measures provided in an agreement stipulated under Article 28 GDPR.
+
TREATMENT: Enrollment in Degree Courses;
 +
DURATION: Student records and career data are stored indefinitely by the University.
  
Data processors provide technological services, carry out activities on behalf of the Controller, access data for maintenance or data processing, for example, for the provision of services related to teaching or other activities necessary to fulfill the services offered by the University or comply with contractual obligations.
+
'''Who can process my data?'''
 +
 +
The data may be communicated, made available, and shared under the law or in fulfillment of specific requests of the data subject,  
 +
also with third-party data controllers. There are cases where the SISSA may also disclose, i.e., communicate, make available,
 +
or consult with undefined subjects. In some cases, SISSA may conclude co-ownership agreements with other subjects
 +
concerning specific processing. Additionally, the SISSA operates, for its functioning, through subjects bound to the School
 +
by responsibility agreements. In this section, we provide an overview of who can be informed about your data as recipients of such
 +
communications. At any time, you can make a specific request to know to whom your data has been communicated.
  
The list can always be requested from the University.
+
'''Communication to third-party controllers'''
  
**Disclosure**
+
Personal data will not be communicated to third parties.
Personal data will not be disclosed.
+
  
**Where are my data processed?**
+
'''Joint Controllers'''
The processing is carried out within the EU.
+
  
**From whom did you obtain my data?**
+
There are no joint controllers.
Personal data were provided by the data subject.
+
  
**What are my rights?**
+
'''Data Processors'''
Under Articles 15-22 GDPR, the data subject has the right to:
+
  
- **Right to access data**  
+
The Data Controller (SISSA) uses data processors who are required to comply with security measures provided in an agreement
  - You can obtain confirmation and information on the processing.
+
stipulated under Article 28 GDPR.
 +
Data processors provide technological services, carry out activities on behalf of the Controller, access data for maintenance or
 +
  data processing, for example, for the provision of services related to teaching or other activities necessary to fulfill the
 +
services offered by SISSA or comply with contractual obligations.
 +
The list can always be requested from the University.
  
- **Right to rectification** 
+
'''Disclosure'''
  - You can rectify inaccurate data or integrate them.
+
  
- **Right to erasure**  
+
  Personal data will not be disclosed.
  - In cases provided by law, you can request to be forgotten.
+
  
- **Right to data portability** 
+
'''Where are my data processed?'''
  - You can receive the data in a structured, commonly used, machine-readable, and interoperable format when the data you provided are processed by automated means and are processed based on your consent or a contract. 
+
  - You do not have the right to data portability when the processing is necessary for performing a task carried out in the public interest or in the exercise of official authority or fulfilling legal obligations.
+
  
- **Right to object to processing**  
+
  The processing is carried out within the EU.
  - For particular reasons, you can object to processing for the performance of a task carried out in the public interest or in the exercise of official authority.
+
  
When processing is based on consent, you have the right to withdraw consent at any time.
+
'''From whom did you obtain my data?'''
  
You have the right to lodge a complaint with the Data Protection Authority or the supervisory authority of the Member State where you reside or usually work.
+
Personal data were provided by the data subject.
  
**How can I exercise my rights?**
+
'''What are my rights?'''
To exercise your rights, you can contact the Data Controller through the forms available on the site:
+
  
To file a complaint, you can follow the information on the site:
+
Under Articles 15-22 GDPR, the data subject has the right to:
 +
 
 +
- Right to access data - You can obtain confirmation and information on the processing.
 +
- Right to rectification - You can rectify inaccurate data or integrate them.
 +
- Right to erasure - In cases provided by law, you can request to be forgotten.
 +
- Right to data portability  You can receive the data in a structured, commonly used, machine-readable, and interoperable format when the data you provided are
 +
processed by automated means and are processed based on your consent or a contract. 
 +
You do not have the right to data portability when the processing is necessary for performing a task carried out in the public
 +
interest or in the exercise of official authority or fulfilling legal obligations.
 +
- Right to object to processing - For particular reasons, you can object to processing for the performance of a task carried out in the public interest or in the
 +
exercise of official authority. When processing is based on consent, you have the right to withdraw consent at any time.
 +
You have the right to lodge a complaint with the Data Protection Authority or the supervisory authority of the Member State where
 +
you reside or usually work.
 +
 
 +
'''How can I exercise my rights?'''
 +
 
 +
To exercise your rights, you can contact the Data Controller through the forms available on the site: [[https://gdpr.unityfvg.it/aiuto-contatti]]
 +
To file a complaint, you can follow the information on the site: [[https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali]]
  
 
Version: 2.1.19
 
Version: 2.1.19

Latest revision as of 14:25, 20 June 2024

Information on the Processing of Personal Data

Pursuant to Articles 13 and 14 of Regulation (EU) 679/2016 (General Data Protection Regulation), we provide you with the following information regarding the personal data we process as part of the activities of:

  • Students data entry in ESSE3 software.


  • Who processes my personal data? 
Data Controller: SISSA (Scuola Internazionale Superiore di Studi Avanzati)
LEGAL SEAT OF THE CONTROLLER: via Bonomea, 265 - 34136 Trieste  
CONTROLLER'S PHONE: 040 3787111  
CONTROLLER'S EMAIL: info@sissa.it  
CONTROLLER'S PEC: protocollo@pec.sissa.it

Contact points of the Controller: 

Through the forms available on the site: https://gdpr.unityfvg.it/aiuto-contatti 
Or  
Internal Manager/Procedural Manager:
PHONE: 040 3787111  
EMAIL: info@sissa.it
INTERNAL OFFICE: Interdisciplinary Laboratory for Natural and Human Sciences and Students' Secretariat

Data Protection Officer 

You can contact the DPO at the following email address: dpo@sissa.it

Why are my personal data processed? 

We process your data to fulfill the following activities: Enrollment in Masters and PhD Courses

What are my rights? 

If the processing is based on consent, you can withdraw it at any time. Additionally, you always have the right to request access, 
rectification, deletion (subject to the retention obligations of the controller), and portability of your data; you can request the 
restriction of processing and have the right to object to it as well as to lodge a complaint with the Data Protection Authority.

Why are my data processed? 

We process your personal data according to the purposes stated and based on specific conditions of the lawfulness of processing as 
indicated below:  
TREATMENT: Enrollment in Degree Courses; 
LEGAL BASES: The subject has given consent to the processing of their personal data for one or more specific 
purposes.
If you refuse to provide your data, when the processing is based on a contract or a legal obligation, the failure to provide it 
prevents the provision of the service.
When consent is requested for processing, you will not suffer any consequences in case of refusal.
In paper or online forms, the categories of data for which provision is mandatory or optional are indicated.

How are my data processed? 

The processing may be carried out with the support of paper documents or IT tools.
The Controller (SISSA) uses authorized personnel for the processing of personal data, trained and instructed on the precautions to 
be taken to ensure the confidentiality, integrity, and availability of personal data. Some figures have specific tasks to ensure 
information security and personal data protection, as internal managers.

Automated decision-making 

No automated decision-making processes are applied.

Profiling 

No profiling of the data subjects is carried out.

For how long are my data stored? 

Personal data will be processed for the time required by law and/or for the execution of contractual obligations.
TREATMENT: Enrollment in Degree Courses; 
DURATION: Student records and career data are stored indefinitely by the University.

Who can process my data? 

The data may be communicated, made available, and shared under the law or in fulfillment of specific requests of the data subject, 
also with third-party data controllers. There are cases where the SISSA may also disclose, i.e., communicate, make available, 
or consult with undefined subjects. In some cases, SISSA may conclude co-ownership agreements with other subjects 
concerning specific processing. Additionally, the SISSA operates, for its functioning, through subjects bound to the School 
by responsibility agreements. In this section, we provide an overview of who can be informed about your data as recipients of such 
communications. At any time, you can make a specific request to know to whom your data has been communicated.

Communication to third-party controllers 

Personal data will not be communicated to third parties.

Joint Controllers 

There are no joint controllers.

Data Processors 

The Data Controller (SISSA) uses data processors who are required to comply with security measures provided in an agreement 
stipulated under Article 28 GDPR.
Data processors provide technological services, carry out activities on behalf of the Controller, access data for maintenance or 
data processing, for example, for the provision of services related to teaching or other activities necessary to fulfill the 
services offered by SISSA or comply with contractual obligations.
The list can always be requested from the University.

Disclosure 

Personal data will not be disclosed.

Where are my data processed? 

The processing is carried out within the EU.

From whom did you obtain my data? 

Personal data were provided by the data subject.

What are my rights? 

Under Articles 15-22 GDPR, the data subject has the right to:

- Right to access data - You can obtain confirmation and information on the processing.
- Right to rectification - You can rectify inaccurate data or integrate them.
- Right to erasure - In cases provided by law, you can request to be forgotten.
- Right to data portability  You can receive the data in a structured, commonly used, machine-readable, and interoperable format when the data you provided are 
processed by automated means and are processed based on your consent or a contract.  
You do not have the right to data portability when the processing is necessary for performing a task carried out in the public 
interest or in the exercise of official authority or fulfilling legal obligations.
- Right to object to processing - For particular reasons, you can object to processing for the performance of a task carried out in the public interest or in the 
exercise of official authority. When processing is based on consent, you have the right to withdraw consent at any time.
You have the right to lodge a complaint with the Data Protection Authority or the supervisory authority of the Member State where 
you reside or usually work.

How can I exercise my rights? 

To exercise your rights, you can contact the Data Controller through the forms available on the site: [[1]]
To file a complaint, you can follow the information on the site: [[2]]

Version: 2.1.19

Retrieved from "https://wiki.sissa.it/students/index.php?title=Data_Management_Privacy&oldid=3512"