Difference between revisions of "Data Management Privacy"
| Line 3: | Line 3: | ||
Pursuant to Articles 13 and 14 of Regulation (EU) 679/2016 (General Data Protection Regulation), we provide you with the following information regarding the personal data we process as part of the activities of: | Pursuant to Articles 13 and 14 of Regulation (EU) 679/2016 (General Data Protection Regulation), we provide you with the following information regarding the personal data we process as part of the activities of: | ||
| − | + | Students data entry in ESSE3 software. | |
'''My Data in Summary''' | '''My Data in Summary''' | ||
'''Who processes my personal data?''' | '''Who processes my personal data?''' | ||
| + | |||
Data Controller: Scuola Internazionale Superiore di Studi Avanzati | Data Controller: Scuola Internazionale Superiore di Studi Avanzati | ||
LEGAL SEAT OF THE CONTROLLER: via Bonomea, 265 - 34136 Trieste | LEGAL SEAT OF THE CONTROLLER: via Bonomea, 265 - 34136 Trieste | ||
| Line 15: | Line 16: | ||
'''Contact points of the Controller:''' | '''Contact points of the Controller:''' | ||
| − | Through the forms available on the site: [https://gdpr.unityfvg.it/aiuto-contatti | + | |
| + | Through the forms available on the site: [https://gdpr.unityfvg.it/aiuto-contatti https://gdpr.unityfvg.it/aiuto-contatti] | ||
Or | Or | ||
Internal Manager/Procedural Manager: | Internal Manager/Procedural Manager: | ||
PHONE: 040 3787111 | PHONE: 040 3787111 | ||
EMAIL: info@sissa.it | EMAIL: info@sissa.it | ||
| − | INTERNAL OFFICE: Interdisciplinary Laboratory for Natural and Human Sciences and | + | INTERNAL OFFICE: Interdisciplinary Laboratory for Natural and Human Sciences and Students' Secretariat |
'''Data Protection Officer''' | '''Data Protection Officer''' | ||
| Line 26: | Line 28: | ||
'''Why are my personal data processed?''' | '''Why are my personal data processed?''' | ||
| + | |||
We process your data to fulfill the following activities: | We process your data to fulfill the following activities: | ||
| − | Enrollment in | + | Enrollment in Master and PhD Courses |
'''What are my rights?''' | '''What are my rights?''' | ||
| + | |||
If the processing is based on consent, you can withdraw it at any time. Additionally, you always have the right to request access, rectification, deletion (subject to the retention obligations of the controller), and portability of your data; you can request the restriction of processing and have the right to object to it as well as to lodge a complaint with the Data Protection Authority. | If the processing is based on consent, you can withdraw it at any time. Additionally, you always have the right to request access, rectification, deletion (subject to the retention obligations of the controller), and portability of your data; you can request the restriction of processing and have the right to object to it as well as to lodge a complaint with the Data Protection Authority. | ||
'''Why are my data processed?''' | '''Why are my data processed?''' | ||
| + | |||
We process your personal data according to the purposes stated and based on specific conditions of the lawfulness of processing as indicated below: | We process your personal data according to the purposes stated and based on specific conditions of the lawfulness of processing as indicated below: | ||
| − | + | Enrollment in Degree Courses: The subject has given consent to the processing of their personal data for one or more specific purposes | |
| − | + | ||
| − | + | ||
If you refuse to provide your data, when the processing is based on a contract or a legal obligation, the failure to provide it prevents the provision of the service. | If you refuse to provide your data, when the processing is based on a contract or a legal obligation, the failure to provide it prevents the provision of the service. | ||
| Line 46: | Line 49: | ||
'''How are my data processed?''' | '''How are my data processed?''' | ||
| + | |||
The processing may be carried out with the support of paper documents or IT tools. | The processing may be carried out with the support of paper documents or IT tools. | ||
| − | The Controller uses authorized personnel for the processing of personal data, trained and instructed on the precautions to be taken to ensure the confidentiality, integrity, and availability of personal data. Some figures have specific tasks to ensure information security and personal data protection, as internal managers. | + | The Controller (SISSA) uses authorized personnel for the processing of personal data, trained and instructed on the precautions to be taken to ensure the confidentiality, integrity, and availability of personal data. Some figures have specific tasks to ensure information security and personal data protection, as internal managers. |
'''Automated decision-making''' | '''Automated decision-making''' | ||
| + | |||
No automated decision-making processes are applied. | No automated decision-making processes are applied. | ||
'''Profiling''' | '''Profiling''' | ||
| + | |||
No profiling of the data subjects is carried out. | No profiling of the data subjects is carried out. | ||
'''For how long are my data stored?''' | '''For how long are my data stored?''' | ||
| + | |||
Personal data will be processed for the time required by law and/or for the execution of contractual obligations. | Personal data will be processed for the time required by law and/or for the execution of contractual obligations. | ||
| − | + | Enrollment in Degree Courses: Student records and career data are stored indefinitely by the University. | |
| − | + | ||
| − | + | ||
'''Who can process my data?''' | '''Who can process my data?''' | ||
| Line 67: | Line 73: | ||
'''Communication to third-party controllers''' | '''Communication to third-party controllers''' | ||
| + | |||
Personal data will not be communicated to third parties. | Personal data will not be communicated to third parties. | ||
'''Joint Controllers''' | '''Joint Controllers''' | ||
| + | |||
There are no joint controllers. | There are no joint controllers. | ||
'''Data Processors''' | '''Data Processors''' | ||
| − | The Data Controller uses data processors who are required to comply with security measures provided in an agreement stipulated under Article 28 GDPR. | + | |
| + | The Data Controller (SISSA) uses data processors who are required to comply with security measures provided in an agreement stipulated under Article 28 GDPR. | ||
Data processors provide technological services, carry out activities on behalf of the Controller, access data for maintenance or data processing, for example, for the provision of services related to teaching or other activities necessary to fulfill the services offered by the University or comply with contractual obligations. | Data processors provide technological services, carry out activities on behalf of the Controller, access data for maintenance or data processing, for example, for the provision of services related to teaching or other activities necessary to fulfill the services offered by the University or comply with contractual obligations. | ||
| Line 80: | Line 89: | ||
'''Disclosure''' | '''Disclosure''' | ||
| + | |||
Personal data will not be disclosed. | Personal data will not be disclosed. | ||
'''Where are my data processed?''' | '''Where are my data processed?''' | ||
| + | |||
The processing is carried out within the EU. | The processing is carried out within the EU. | ||
'''From whom did you obtain my data?''' | '''From whom did you obtain my data?''' | ||
| + | |||
Personal data were provided by the data subject. | Personal data were provided by the data subject. | ||
'''What are my rights?''' | '''What are my rights?''' | ||
| + | |||
Under Articles 15-22 GDPR, the data subject has the right to: | Under Articles 15-22 GDPR, the data subject has the right to: | ||
* '''Right to access data''' | * '''Right to access data''' | ||
| + | |||
* You can obtain confirmation and information on the processing. | * You can obtain confirmation and information on the processing. | ||
* '''Right to rectification''' | * '''Right to rectification''' | ||
| + | |||
* You can rectify inaccurate data or integrate them. | * You can rectify inaccurate data or integrate them. | ||
* '''Right to erasure''' | * '''Right to erasure''' | ||
| + | |||
* In cases provided by law, you can request to be forgotten. | * In cases provided by law, you can request to be forgotten. | ||
* '''Right to data portability''' | * '''Right to data portability''' | ||
| + | |||
* You can receive the data in a structured, commonly used, machine-readable, and interoperable format when the data you provided are processed by automated means and are processed based on your consent or a contract. | * You can receive the data in a structured, commonly used, machine-readable, and interoperable format when the data you provided are processed by automated means and are processed based on your consent or a contract. | ||
* You do not have the right to data portability when the processing is necessary for performing a task carried out in the public interest or in the exercise of official authority or fulfilling legal obligations. | * You do not have the right to data portability when the processing is necessary for performing a task carried out in the public interest or in the exercise of official authority or fulfilling legal obligations. | ||
* '''Right to object to processing''' | * '''Right to object to processing''' | ||
| + | |||
* For particular reasons, you can object to processing for the performance of a task carried out in the public interest or in the exercise of official authority. | * For particular reasons, you can object to processing for the performance of a task carried out in the public interest or in the exercise of official authority. | ||
| Line 112: | Line 130: | ||
'''How can I exercise my rights?''' | '''How can I exercise my rights?''' | ||
| + | |||
To exercise your rights, you can contact the Data Controller through the forms available on the site: | To exercise your rights, you can contact the Data Controller through the forms available on the site: | ||
Revision as of 11:00, 20 June 2024
Information on the Processing of Personal Data
Pursuant to Articles 13 and 14 of Regulation (EU) 679/2016 (General Data Protection Regulation), we provide you with the following information regarding the personal data we process as part of the activities of:
Students data entry in ESSE3 software.
My Data in Summary
Who processes my personal data?
Data Controller: Scuola Internazionale Superiore di Studi Avanzati LEGAL SEAT OF THE CONTROLLER: via Bonomea, 265 - 34136 Trieste CONTROLLER'S PHONE: 040 3787111 CONTROLLER'S EMAIL: info@sissa.it CONTROLLER'S PEC: protocollo@pec.sissa.it
Contact points of the Controller:
Through the forms available on the site: https://gdpr.unityfvg.it/aiuto-contatti Or Internal Manager/Procedural Manager: PHONE: 040 3787111 EMAIL: info@sissa.it INTERNAL OFFICE: Interdisciplinary Laboratory for Natural and Human Sciences and Students' Secretariat
Data Protection Officer You can contact the DPO at the following email address: dpo@sissa.it
Why are my personal data processed?
We process your data to fulfill the following activities: Enrollment in Master and PhD Courses
What are my rights?
If the processing is based on consent, you can withdraw it at any time. Additionally, you always have the right to request access, rectification, deletion (subject to the retention obligations of the controller), and portability of your data; you can request the restriction of processing and have the right to object to it as well as to lodge a complaint with the Data Protection Authority.
Why are my data processed?
We process your personal data according to the purposes stated and based on specific conditions of the lawfulness of processing as indicated below:
Enrollment in Degree Courses: The subject has given consent to the processing of their personal data for one or more specific purposes
If you refuse to provide your data, when the processing is based on a contract or a legal obligation, the failure to provide it prevents the provision of the service.
When consent is requested for processing, you will not suffer any consequences in case of refusal.
In paper or online forms, the categories of data for which provision is mandatory or optional are indicated.
How are my data processed?
The processing may be carried out with the support of paper documents or IT tools.
The Controller (SISSA) uses authorized personnel for the processing of personal data, trained and instructed on the precautions to be taken to ensure the confidentiality, integrity, and availability of personal data. Some figures have specific tasks to ensure information security and personal data protection, as internal managers.
Automated decision-making
No automated decision-making processes are applied.
Profiling
No profiling of the data subjects is carried out.
For how long are my data stored?
Personal data will be processed for the time required by law and/or for the execution of contractual obligations.
Enrollment in Degree Courses: Student records and career data are stored indefinitely by the University.
Who can process my data?
The data may be communicated, made available, and shared under the law or in fulfillment of specific requests of the data subject, also with third-party data controllers. There are cases where the University may also disclose, i.e., communicate, make available, or consult with undefined subjects. In some cases, the University may conclude co-ownership agreements with other subjects concerning specific processing. Additionally, the University operates, for its functioning, through subjects bound to the University by responsibility agreements. In this section, we provide an overview of who can be informed about your data as recipients of such communications. At any time, you can make a specific request to know to whom your data has been communicated.
Communication to third-party controllers
Personal data will not be communicated to third parties.
Joint Controllers
There are no joint controllers.
Data Processors
The Data Controller (SISSA) uses data processors who are required to comply with security measures provided in an agreement stipulated under Article 28 GDPR.
Data processors provide technological services, carry out activities on behalf of the Controller, access data for maintenance or data processing, for example, for the provision of services related to teaching or other activities necessary to fulfill the services offered by the University or comply with contractual obligations.
The list can always be requested from the University.
Disclosure
Personal data will not be disclosed.
Where are my data processed?
The processing is carried out within the EU.
From whom did you obtain my data?
Personal data were provided by the data subject.
What are my rights?
Under Articles 15-22 GDPR, the data subject has the right to:
- Right to access data
* You can obtain confirmation and information on the processing.
- Right to rectification
* You can rectify inaccurate data or integrate them.
- Right to erasure
* In cases provided by law, you can request to be forgotten.
- Right to data portability
* You can receive the data in a structured, commonly used, machine-readable, and interoperable format when the data you provided are processed by automated means and are processed based on your consent or a contract. * You do not have the right to data portability when the processing is necessary for performing a task carried out in the public interest or in the exercise of official authority or fulfilling legal obligations.
- Right to object to processing
* For particular reasons, you can object to processing for the performance of a task carried out in the public interest or in the exercise of official authority.
When processing is based on consent, you have the right to withdraw consent at any time.
You have the right to lodge a complaint with the Data Protection Authority or the supervisory authority of the Member State where you reside or usually work.
How can I exercise my rights?
To exercise your rights, you can contact the Data Controller through the forms available on the site:
To file a complaint, you can follow the information on the site:
Version: 2.1.19
