Data Management Privacy

From Students@SISSA wiki
Jump to: navigation, search

Information on the Processing of Personal Data

Pursuant to Articles 13 and 14 of Regulation (EU) 679/2016 (General Data Protection Regulation), we provide you with the following information regarding the personal data we process as part of the activities of:

  • Students data entry in ESSE3 software.


  • Who processes my personal data?
Data Controller: SISSA (Scuola Internazionale Superiore di Studi Avanzati)
LEGAL SEAT OF THE CONTROLLER: via Bonomea, 265 - 34136 Trieste  
CONTROLLER'S PHONE: 040 3787111  
CONTROLLER'S EMAIL: info@sissa.it  
CONTROLLER'S PEC: protocollo@pec.sissa.it  

Contact points of the Controller:

Through the forms available on the site: https://gdpr.unityfvg.it/aiuto-contatti 
Or  
Internal Manager/Procedural Manager:
PHONE: 040 3787111  
EMAIL: info@sissa.it
INTERNAL OFFICE: Interdisciplinary Laboratory for Natural and Human Sciences and Students' Secretariat  

Data Protection Officer

You can contact the DPO at the following email address: dpo@sissa.it  

Why are my personal data processed?

We process your data to fulfill the following activities: Enrollment in Masters and PhD Courses  

What are my rights?

If the processing is based on consent, you can withdraw it at any time. Additionally, you always have the right to request access, 
rectification, deletion (subject to the retention obligations of the controller), and portability of your data; you can request the 
restriction of processing and have the right to object to it as well as to lodge a complaint with the Data Protection Authority.

Why are my data processed?

We process your personal data according to the purposes stated and based on specific conditions of the lawfulness of processing as 
indicated below:  
TREATMENT: Enrollment in Degree Courses; 
LEGAL BASES: The subject has given consent to the processing of their personal data for one or more specific 
purposes.
If you refuse to provide your data, when the processing is based on a contract or a legal obligation, the failure to provide it 
prevents the provision of the service.
When consent is requested for processing, you will not suffer any consequences in case of refusal.
In paper or online forms, the categories of data for which provision is mandatory or optional are indicated.

How are my data processed?

The processing may be carried out with the support of paper documents or IT tools.
The Controller (SISSA) uses authorized personnel for the processing of personal data, trained and instructed on the precautions to 
be taken to ensure the confidentiality, integrity, and availability of personal data. Some figures have specific tasks to ensure 
information security and personal data protection, as internal managers.

Automated decision-making

No automated decision-making processes are applied.

Profiling

No profiling of the data subjects is carried out.

For how long are my data stored?

Personal data will be processed for the time required by law and/or for the execution of contractual obligations.
TREATMENT: Enrollment in Degree Courses; 
DURATION: Student records and career data are stored indefinitely by the University.

Who can process my data?

The data may be communicated, made available, and shared under the law or in fulfillment of specific requests of the data subject, 
also with third-party data controllers. There are cases where the SISSA may also disclose, i.e., communicate, make available, 
or consult with undefined subjects. In some cases, SISSA may conclude co-ownership agreements with other subjects 
concerning specific processing. Additionally, the SISSA operates, for its functioning, through subjects bound to the School 
by responsibility agreements. In this section, we provide an overview of who can be informed about your data as recipients of such 
communications. At any time, you can make a specific request to know to whom your data has been communicated.

Communication to third-party controllers

Personal data will not be communicated to third parties.

Joint Controllers

There are no joint controllers.

Data Processors

The Data Controller (SISSA) uses data processors who are required to comply with security measures provided in an agreement 
stipulated under Article 28 GDPR.
Data processors provide technological services, carry out activities on behalf of the Controller, access data for maintenance or 
data processing, for example, for the provision of services related to teaching or other activities necessary to fulfill the 
services offered by SISSA or comply with contractual obligations.
The list can always be requested from the University.

Disclosure

Personal data will not be disclosed.

Where are my data processed?

The processing is carried out within the EU.

From whom did you obtain my data?

Personal data were provided by the data subject.

What are my rights?

Under Articles 15-22 GDPR, the data subject has the right to:
- Right to access data - You can obtain confirmation and information on the processing.
- Right to rectification - You can rectify inaccurate data or integrate them.
- Right to erasure - In cases provided by law, you can request to be forgotten.
- Right to data portability  You can receive the data in a structured, commonly used, machine-readable, and interoperable format when the data you provided are 
processed by automated means and are processed based on your consent or a contract.  
You do not have the right to data portability when the processing is necessary for performing a task carried out in the public 
interest or in the exercise of official authority or fulfilling legal obligations.
- Right to object to processing - For particular reasons, you can object to processing for the performance of a task carried out in the public interest or in the 
exercise of official authority. When processing is based on consent, you have the right to withdraw consent at any time.
You have the right to lodge a complaint with the Data Protection Authority or the supervisory authority of the Member State where 
you reside or usually work.

How can I exercise my rights?

To exercise your rights, you can contact the Data Controller through the forms available on the site: [[1]]
To file a complaint, you can follow the information on the site: [[2]]

Version: 2.1.19