This Privacy Policy has been drafted pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (of
hereinafter, the "Regulation" or "GDPR") to inform you about the personal data processing activities carried out by theUniversità Campus Bio-Medico di Roma (hereinafter also referred to as the "University") in relation to your registration on the "Alumni" platform and the related network (hereinafter the "Alumni Platform"), as well as to your use of the same. The platform is accessible both through the website, reachable at the URL https://alumni.unicampus.it, both through the mobile app called Hivebrite Community.
1. Owner and data protection officer
The Data Controller is theUniversità Campus Bio-Medico di Roma (right away, "UCBM", "University" or
"Owner"), with registered office in Rome, in Via Alvaro del Portillo n. 21.
The Data Protection Officer (hereinafter, "Data Protection Officer" or "DPO") can be contacted at
following addresses:
- by e-mail, to the address: [email protected];
- by ordinary mail, to the address of the Campus Bio Medico University, with headquarters in Rome (RM) at
via Alvaro del Portillo, n. 21, CAP 00128, address of the Data Protection Officer.
2. The personal data subject to processing and the source from which they originate
We inform you that by registering and accessing the Alumni platform and the related network, the Data Controller may collect and process information and personal data relating to you. The personal data subject to processing belong to the category of "common" data (hereinafter also referred to as "Personal Data") and, in particular, consist of:
a) Registration data on the Alumni Platform and completion of your profile
The Data Controller will process your personal data (name, surname, date of birth, gender, tax code); contact details (e-mail, mobile phone); residence data; data relating to your university career (e.g. the course of study you attended, the academic year of enrollment, the academic year of graduation and the date of the same, final degree grade,); data relating to your post-graduate career (e.g. job position held, area of specialization, main areas of interest).
b) Alumni Platform usage and navigation data
The Data Controller will also process data relating to the use of the platform, including data relating to your credentials for accessing the Alumni Platform. In particular, it is specified that the computer systems and software procedures used to operate the Alumni Platform acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Alumni Platform, the URI (Uniform Resource Identifier) addresses of the requested resources, the time
of the request, the method used in submitting the request to the server, the size of the file obtained in
response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Alumni Platform, to check its correct functioning and to identify anomalies and/or abuses; the data are generally deleted after processing, unless it is necessary to proceed with the identification of those responsible in the event of hypothetical computer crimes against the Alumni Platform or third parties.
SDK and similar tracking technologies: SDKs (Software Development Kits) and similar technologies are information that applications record and/or read on the user's device. Typically, these technologies allow those who use them to analyze the use of applications in order to avoid malfunctions and improve the user experience. The Data Controller may use SDKs and similar technologies provided by third parties who, as a rule, are used to process personal data in the name and on behalf of the Data Controller as data processors, in order to offer their services. There may be residual cases in which some services provided to the Data Controller by third parties may involve access by such third parties to personal data and other information contained in the user's device, even for purposes other than providing the services. With reference to such possible additional processing, the third parties act as independent controllers and for this reason the links to the information on the processing of personal data provided by third parties with reference to the processing of the user's data are listed below:
Google Analytics https://www.google.com/intl/it_it/analytics/learn/privacy.html
Google Play Services https://www.google.com/policies/privacy/
c) Data voluntarily provided by you
The Data Controller will process the Personal Data you may provide in the context of requests forwarded to the assistance contacts on the Alumni Platform and/or by sending an email to the following addresses:
[email protected];
[email protected].
Furthermore, the Data Controller will process any Personal Data you may provide in the context of the use of the services of
networking available on the Platform, including: messaging between Alumni, posting and interaction with posts (possibility of leaving comments on the post). With regard to the use of the posting and interaction with posts services, it is possible that your data (name, surname, alias) will be published within the section of the Platform dedicated to posting.
d) Cookies
The Owner will process the Personal Data collected through technical cookies present in the Alumni Platform. For more information on the Personal Data processed through cookies and other tracking tools, we invite you to consult the relevant Cookie Policy.
e) Personal Data of Third Parties
We ask you not to provide information about third parties that is not necessary to communicate to UCBM, Data Controller, in the context of the interaction with the Alumni Platform and its functions, in particular with reference to posting activities and interaction with posts. With respect to these hypotheses, in the event of provision, you act as an independent data controller, assuming all legal obligations and responsibilities. In this sense, you grant the broadest indemnity with respect to any dispute, claim, request for compensation for damage from processing, etc. that may be received by UCBM by third parties whose personal data have been processed through your use of the Alumni Platform functions in violation of the applicable data protection regulations. In any case, if you provide or otherwise process personal data of third parties in the use of the Platform, you hereby guarantee - assuming all related liability - that this particular hypothesis of processing is based on the consent of such interested third party or on another suitable legal basis that legitimises the processing of the information in question.
***
As part of registration and access to your personal area, personal data are provided directly by you or transmitted to the Data Controller by third parties, as independent data controllers. In particular, it is specified that, following your choice to create the Alumni Platform account by connecting to your pre-existing social network account (Google), using the appropriate log-in button on the Alumni Platform, or to create the account by connecting to a pre-existing application account and/or websites of the Data Controller's partners, these third parties, as independent data controllers, will transmit to the Data Controller the personal data strictly necessary for your identification (personal data and contact details).
3. Purpose, legal basis of the processing and nature of the provision
Your Personal Data will be processed for the following purposes:
a) allow navigation of the Alumni Platform, registration in the Alumni network and access to
all the services and activities made available on the Alumni Platform and characterising membership
to the Alumni network, including sending service communications, managing relationships
contractual and administrative and support services, and the management of the security of the Platform.
(Purpose of registration and access to the Alumni Platform and its network);
b) respond to specific requests addressed to the Data Controller, such as requests for assistance, information and/or
reports submitted by filling in the relevant forms on the Alumni Platform
and/or by writing to the contact channels on the Alumni Platform (Purpose of feedback
Required Knowledge);
c) enable the use of networking services available on the Alumni Platform, including:
Alumni messaging, posting and interaction with posts (i.e., the ability to leave your own
comments on posts) (Purpose of use of networking services);
The legal basis for the processing of your Personal Data for the purposes referred to in letters a), b) and c) is
identified in art. 6, par. (1), lett. b) of the Regulation ([ … ] processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures adopted at the request of the data subject), as the processing is necessary for registration on the Alumni Platform, for interaction and navigation in the same, including the response to specific requests addressed to the Data Controller, as well as participation in the Alumni network. The provision of Personal Data for these purposes is optional, but any failure to provide it would make it impossible to access the Alumni Platform and the related network and/or to receive a response to the request made.
d) to send promotional and marketing communications regarding current and future initiatives
promoted by the University, including the sending of newsletters and market research, relating to the offer
training of the University, to professional training and teaching activities (e.g. post-graduate courses)
degree; internships and training activities within the specialist schools), invitations to events and
initiatives, conducting market research, surveys, fact-finding inquiries, statistical surveys and
satisfaction questionnaires, through automated tools (sms, mms, e-mail, calling systems
automated without operator, use of social networks, whatsapp) and non (ordinary mail, telephone
with operator) (Direct marketing purposes);
e) to send information and promotional material on activities in the training sectors
university, biomedical and engineering research conducted by the University, including the activities of
customer satisfaction and sending newsletters, in order to promote fundraising campaigns,
through automated tools (sms, mms, e-mail, automated calling systems without
operator, use of social networks, WhatsApp) and non-ordinary mail, telephone with operator).
(Fundraising purposes);
f) for profiling purposes aimed at sending personalized communications based on the analysis of the
sectors of preference indicated by you in the context of the fundraising activity (Profiling purposes
for personalizing fundraising communications);
g) for the creation of photographs and audio-video recordings during the event organised by the Owner and
for their publication and dissemination through institutional media
of the University such as, by way of example but not limited to, institutional web channels, social media,
television, communications and/or other means of diffusion, known today or developed in the future therein
including the Internet or other telematic networks, for the pursuit of informative and promotional purposes of
institutional initiatives of the University (Purpose of taking photographs and audio-video recordings);
The legal basis for the processing of your Personal Data for the purposes referred to in letters d), e), f) and g) is
to be identified in art. 6, par (l)(a) of the Regulation, i.e. in your specific consent.
You may revoke the consents given pursuant to art. 7 of the GDPR at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.
Furthermore, with regard to the purpose referred to in letter g), it is specified that the methods of use,
publication and/or dissemination of the photographic shots and audio/video recordings will not in any way harm your honour, reputation and decorum.
It is also specified that for the purposes referred to in letters d) and e), the Data Controller collects two separate consents, one for each purpose, which include both the use of automated and non-automated tools, pursuant to the
General Provision of the Guarantor for the Protection of Personal Data "Guidelines on promotional activities and the fight against spam" of 4 July 2013, according to which, you will be able to exercise the right to object pursuant to art. 21 of the Regulation or the revocation of the consent given pursuant to art. 7 of the Regulation, even in part, that is, by objecting or revoking consent, for example, only to the sending of communications carried out with automated tools. If you wish to object to the processing of your data for the purposes indicated above, including the receipt of newsletters, you may do so at any time by contacting the DPO at the contact details indicated in paragraph 8 of this information notice.
We also inform you that you have the right to object at any time and without any justification to the
processing of personal data for the purpose indicated in letter f). The consents given may be revoked at any time, without prejudice to the lawfulness of the processing carried out prior to the revocation.
The provision of personal data for the purposes referred to in letters d), e), f) and g) above is optional and, in the event of refusal, there will be no consequences and access to the Alumni Platform made available by the University and membership in the Alumni network will not be prejudiced in any way.
Once provided, Personal Data may also be processed for the following purposes:
h) Fulfil any obligations required by applicable laws, regulations or legislation
community, or satisfy requests from the competent authorities (Compliance purposes);
i) Satisfy any defensive needs, related to the detection, prevention, mitigation and
detection of fraudulent or illegal activity in connection with the use of the Alumni Platform
(Defensive purposes);
The purpose referred to in section h) represents a legitimate processing of personal data pursuant to art. 6, par. 1, lett. c) of the Regulation ([… ] the processing is necessary to comply with a legal obligation to which the data controller is subject) as, once provided, the processing of your Personal Data may be necessary to comply with legal obligations and/or orders of the authorities to which the Data Controller is subject.
The processing carried out for the purpose referred to in letter i) is based on the legitimate interest of the Data Controller pursuant to articles 6, paragraph 1, letter f) and 9, par. 2, letter a) of the Regulation.
4. Recipients of personal data
Your Personal Data may be shared for the purposes set out in paragraph 2 of this Privacy Policy.
Policy, with:
persons authorised by the Data Controller, pursuant to articles 29 and 32 of the Regulation and 2-quaterdecies of the Legislative Decree.
Legislative Decree 196/2003 (so-called "Privacy Code"), to the processing of Personal Data necessary to carry out activities
strictly related to the use of the Alumni Platform, who have undertaken to maintain confidentiality
or have an appropriate legal obligation of confidentiality;
entities that typically act as data controllers pursuant to art. 28 of the Regulation
on behalf of the Data Controller, in particular persons responsible for providing services necessary for the
usability of the Alumni Platform (e.g., hosting providers, maintenance service providers
technique, suppliers who provide services related to the management of the Platform, such as in particular the
companies Hivebrite and Sales Cafe Srl, etc.). The complete list of data controllers is
available by sending a written request to the DPO at the contact details indicated in the previous paragraph 8;
third parties, independent data controllers, to whom the data could be transmitted in order to provide
following specific services requested by you and/or to carry out the activities referred to in this
information (e.g. social networks to follow up on your request for access and/or registration via
social log-in);
subjects, bodies or authorities whose communication is mandatory by virtue of provisions of law or
orders of the authorities. These subjects will process the Personal Data as independent data controllers
treatment.
These subjects are, hereinafter, collectively defined as "Recipients".
5. Transfers of personal data
Your Personal Data will not be shared with Recipients located outside the European Economic Area.
European. Should this eventuality occur, the Data Controller ensures that the processing of your Personal Data will take place in compliance with the legislation or according to one of the methods permitted by law pursuant to articles 44-49 of the GDPR, such as the consent of the interested party, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data, in compliance with the provisions of Recommendations 01/2020 adopted on 10 November 2020 by the European Data Protection Board. It is possible to request further information, upon request, regarding the data transfers carried out and the guarantees adopted for this purpose, from the DPO at the contacts indicated in paragraph 8 of this Privacy Policy.
6. Storage of personal data
Personal Data processed for the purposes indicated in paragraph 3, letters a), b) and c) of this Privacy Policy will be retained for the time strictly necessary to achieve these purposes, in accordance with the principles of minimization and limitation of storage provided for by art. 5, paragraph 1, letters c) and d) of the Regulation. Specifically, the data provided by you as part of registration to the Alumni Platform and membership to the related network will be retained until you decide to cancel your subscription, proceeding with the deletion of your personal account. The data relating to messages exchanged between Alumni and to posts or interactions with posts published by them, will be retained for approximately three years, in accordance with the principles of minimization and limitation of storage provided for by art. 5, paragraph 1, letters c) and d) of the Regulation, as long as there is an interest in retaining the post and the specific interaction between Alumni within the Platform, and in any case until you decide to cancel your subscription, proceeding with the deletion of your personal account.
The Personal Data, in particular the personal and contact details, processed for the purposes referred to in paragraph 3, letters d) and e) of this Privacy Policy will be processed until the consent expressed by you pursuant to art. 7 of the Regulation is revoked and/or until you object to the processing pursuant to art. 21 of the Regulation.
Personal Data relating to the sectors of preference indicated in the context of the fundraising activity and the related data
to your profile processed for the purposes referred to in paragraph 3, letter f) of this Privacy Policy will be processed for a period of 12 months from collection, without prejudice to any revocation of consent or opposition to processing if prior to the expiry of this period.
Personal Data processed for the purposes referred to in paragraph 3, letter g) of this Privacy Policy will be processed until the revocation of the consent expressed by you pursuant to art. 7 of the Regulation and in any case for the time strictly necessary to achieve the purpose, without prejudice to any revocation of consent, if prior to the expiry of such term.
The Personal Data processed for the purposes referred to in paragraph 3, letter h) of this Privacy Policy will be
retained until the time required by the specific obligation or applicable law.
The Data Controller also reserves the right to retain Personal Data for as long as necessary to ascertain and exercise one's rights and/or satisfy any defense needs in court as well as in extrajudicial matters and in the phases preceding the dispute.
Further information regarding the data retention period and the criteria used to determine this period can be requested by writing to the DPO at the contact details indicated in paragraph 8.
7. Rights of the interested party
You, as an interested party, can, at any time, exercise the following rights:
Right to withdraw any consent given (art. 7 of the GDPR) - You have the right to withdraw any consent given
any consent given at any time, without prejudice to the lawfulness of the processing carried out prior to the revocation;
Right of access (art. 15 of the GDPR) - You have the right to obtain confirmation as to whether or not personal data concerning you exist.
a processing concerning your personal data as well as the right to receive any information relating to the same processing;
Right to rectification (art. 16 of the GDPR) - You have the right to obtain the rectification of your personal data,
if the same are incomplete or inaccurate; it should be noted that, with respect to personal data collected through audio and video recording systems, the right of rectification cannot be exercised in practice in consideration of the intrinsic nature of the same data collected, which pertain to an objective and specific fact;
Right to erasure (art. 17 of the GDPR) - in certain circumstances, you have the right to obtain the
deletion of your personal data in our archives;
Right to restriction of processing (art. 18 of the GDPR) - when certain conditions occur, you have the right
right to obtain the limitation of the processing of your personal data;
Right to portability (art. 20 of the GDPR) - You have the right to obtain the transfer of your data
personal data to a different data controller as well as the right to obtain the data concerning you in a structured, commonly used and machine-readable format;
Right to object (art. 21 of the GDPR) - You have the right to make a request to object to the processing
processing of your personal data in which you provide evidence of the reasons justifying the opposition;
the Owner reserves the right to evaluate this request, which may not be accepted if there are compelling legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms. You also have the right to object at any time and without any justification to the sending of communications
promotional and communications aimed at conducting market research, surveys, inquiries
knowledge, fundraising initiatives, statistical surveys and satisfaction questionnaires through
automated and non-automated tools. With regard to this type of communication, the right remains
possibility of exercising this right even in part, that is, by opposing, for example, only the sending of
promotional communications carried out through automated tools. We also inform you that
You have the right to object at any time and without any justification to profiling.
Right to lodge a complaint with the Supervisory Authority (art. 77 of the GDPR) - in the manner indicated in the
paragraph below, in case you believe that the processing concerning you violates the legislation in force
regarding the protection of personal data, you can lodge a complaint with the State Supervisory Authority
member in which he habitually resides, works or the place where the alleged infringement occurred;
Right to bring an action before the appropriate courts (Article 79 of the GDPR).
To exercise the above rights you can write to the DPO at the registered office in Rome, in Via Alvaro
del Portillo n. 21, ca of the Data Protection Officer or to the e-mail address [email protected].
8. Changes
The Data Controller reserves the right to modify or simply update the content of this Privacy Policy,
in part or completely, also due to changes in the applicable legislation. The Data Controller invites you
so visit this section regularly to take note of the most recent and updated information
version of the Privacy Policy so as to always be updated on the data collected and the related
processing by the Data Controller.
