In accordance with EU Regulation No. 2016/679 –General Data Protection Regulation (GDPR) and with the national legislation, hereinafter referred to collectively as the “Applicable Law”, this policy statement addresses the subject of privacy with regard to the processing of personal data of users of the online web services http://lter.eurac.edu.
This policy is also in conformity with Recommendation n. 2/2001 related to the minimum requirements for online data collection in the European Union, adopted by the European Data Protection Authorities - Working Party of Article 29, Directive No. 95/46/EU on 17 May 2001.
The policy described herein applies solely to the websites of http://lter.eurac.edu and excludes all other websites that can be accessed via links that appear on the http://lter.eurac.edu websites. Eurac Research is not responsible for the content or any external links to other websites.
Pursuant to legal provisions, Eurac Research guarantees that the processing of personal data will be performed in consideration of fundamental rights and freedoms as well as the dignity of the data subject, and in accordance with the legislative provisions of the Applicable Law and the confidentiality clauses included therein. In particular, the processing of personal data will be carried out in accordance with the principles of lawfulness, fairness, transparency, accuracy, purpose and storage limitations, data minimisation, integrity and confidentiality.
Precise data protection information about specific services or data processing procedures may be displayed on the corresponding webpages of this website or transmitted directly to the data user.
1. Data Controller and Data Protection Officer
Data Controller: Eurac Research, with headquarters at Viale Druso 1, 39100 Bolzano, in the person of the legal representative pro tempore.
2. Types of Personal Data Subject to Processing
“Personal data” means any information relating to an identified or identifiable natural person (the “Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.
The personal data that may be processed includes browsing data, data provided voluntarily by the data subject and cookies.
A. Browsing Data
The computer systems and software used to run this website during normal operations acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in relationship to the users, but due to its inherent nature, such information could enable the users to be identified via processing and associations with data held by third parties. This category of data includes, for example, the IP addresses or domain names of the users’ computers connecting to the website.
The data is used for the sole purpose of obtaining anonymous statistical information concerning the website's use and to monitor the website's proper operation. In certain cases, the data may be used to ascertain liability in a suspected computer crime directed against the website. Other than the aforementioned cases, data on web contacts will not be held beyond the time required to meet requests made of the website. Personal data will not be disclosed to third parties; if requested, however, such data must be made available to the Italian Postal and Communication Police Service, legal authorities and criminal investigation police.
B. Data Provided Voluntarily by Users
The optional, explicit and voluntary sending or transmission of e-mail and/or personal data to the addresses given on the website will entail the subsequent acquisition of the sender’s email address (which is required to respond to requests), as well as any other personal data present in the e-mail. The provision of the information is voluntary, but refusal of such renders the user’s request impossible. This data will only be transmitted to third parties if necessary to the process of responding to the inquiry. The data will not be shared with third parties for marketing or profiling purposes.
C. Cookies and Similar Technologies
Cookies and similar technologies are information stored on websites and apps on the users devices during their first visit to the site. Cookies and related technologies allow websites and apps to remember user actions and preferences (such as login data, the default language, display settings, etc.) so that they will be available in the user’s subsequent visits. These technologies are used to perform IT authentications, session monitoring and to store information about the activities of users who access a service.
The website http://lter.eurac.edu uses “persistent cookies” (small text files that the website temporarily saves directly on the computer) that allow the website to remember, for example, the user’s preferred language or to show other possible versions of the website.
The website may also use third-party cookies, which are cookies from sites or web servers other than this website that are used for purposes of such third parties. For example, “social plugins” such as Facebook, Twitter or Google+ may be present on webpages and are generated and integrated into the host’s page by these sites. The most common use of social plugins is for sharing content on social networks. These plugins transmit cookies to and from all third-party sites. This information from “third parties” is governed by the corresponding regulations, which must be observed. For more information and details about the various types of cookies, their operation and features, see the website www.allaboutcookies.org.
Below are links to webpages that describe the different uses of cookies:
· Facebook configuration: access account, click on 'Privacy'
Eurac Research does not deliberately gather or request special categories of personal data, sensitive data or judicial data through the website. All users are encouraged to refrain from supplying these types of data via the Internet.
3. Purpose and Legal Basis for the Data Processing
The personal data provided will be processed for the following purposes:
The lawful basis for processing Personal Data: a) it does not imply the processing of Personal Data, b) consent, c) performance of a contract, d) and e) legal obligation.
4. Mandatory or voluntary communication of data and possible consequences of a failure to provide it
The provision of personal data is voluntary, but refusal could interfere with the correct use of the services and its legal obligations, thus limiting the full functionality of the website.
5. Recipients of the Data Processed
The recipients of the data are the employees of Eurac Research or persons who have access to personal data and who are in charge of the data processing activities and authorised and instructed to carry out data processing activities by the data controller.
Personal data may be communicated to external service providers (e.g. sending e-mails and analysing the functional capability of the website), which typically process Personal Data on behalf of Eurac Research as data processors. When required, your personal data will be forwarded to public administrative bodies and agencies, as provided by law.
6. Transfer of Data
The personal data collected via the services of this website are collected by employees of Eurac Research who have been specifically assigned this role. Alternatively it will be processed by persons who carry out occasional maintenance work on the website and who have also been appointed for this purpose and are bound by confidentiality. To this end, Eurac Research may, in the context of assigning this task, and whilst adhering to the best possible security measures, utilise the help of external companies, consultants, associations, software suppliers and service providers. Some personal data could be transmitted to third countries outside of the EU but only if the transmission of personal data is connected to the performance of the institutional activities of Eurac Research. Eurac Research guarantees that in any case, the electronic or analogue processing of personal data by the recipient shall be in accordance with statutory provisions.
7. Retention Period of Personal Data
Personal data will be stored for the time necessary to carry out the purposes for which it was collected or as long as the service (section 3 b) is available and/or you remain subscribed to it. Apart from the above, your personal data will be retained for a period of time necessary or permitted to comply with the Applicable Law (Artt.2946 and following Italian Civil Code); when this period has been reached, the data shall be deleted or made anonymous.
8. The Data Subject’s Rights
At any time the data subject has the right to request access to their personal data, and to correct or delete that data, or to limit its processing. In addition, the data subject has the right to data portability, as well as the right to lodge a complaint with a supervisory authority. When the data processing is based on consent, the data subject has the right to withdraw that consent at any time. The data subject may also exercise all other rights pursuant to current data protection regulations (art. 15 et seq. GDPR) by writing to the email: firstname.lastname@example.org.