icona-univda

See the website univda.it

FR

Università della Valle d'Aosta
Université de la Vallée d'Aoste

icona igicona facebookicona linkedinicon youtube

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF STUDENTS AND POTENTIAL ENROLLED STUDENTS

Why this information?

This notice is provided in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR) of the European Union (EU) (Regulation EU No. 2016/679). It concerns the processing of personal data of users who intend to enroll or are already enrolled in an educational program at the University of Valle d'Aosta (UNIVDA). The processing of your personal data will adhere to the principles of fairness, lawfulness, transparency, relevance, and accountability. It will be carried out using appropriate computer tools to ensure security and confidentiality. Procedures will be implemented to prevent risks such as loss, theft, unauthorized access, improper use, unauthorized modifications, and unauthorized disclosure, in compliance with applicable laws and professional confidentiality standards.

The data controller

Icône Responsable du traitement

Who determines the purposes and means of the processing of your personal data?

, phone (+39) 0165/1875200
Pec: protocollo@pec.univda.it
Email: info@univda.it

Data Protection Officer

Icône responsable de protection

Who oversees the protection of your personal data?

NB Consulting Phone: 0802172711 - Mobile 3283607738 Email: rpd@univda.it

Purposes of the processing

Icône objectif traitement

For what purpose do we process your personal data?

LThe data you provide are processed exclusively for the purposes related to the performance of the institutional tasks of public interest that the University is entrusted with, as listed below:

  1. Purposes related to the management of academic career and legal and economic relationships:
    1. management of the admission procedures to courses with programmed number of students;
    2. participation in entrance exams for courses and procedures for assessing initial preparation
    3. Pre-enrollment and enrollment for access to study programs and registration for any type of educational activities;
    4. management of the university academic career, including the award of the degree and any other final certificate or qualification;
    5. response to information requests submitted by you to the University and sending of communications relating to administrative procedures;
    6. calculation of tuition fees due and, more generally, access to economic benefits (e.g. awards, scholarships, so-called “150-hour” student worker schemes);
    7. international mobility;
    8. management of procedures related to the election of student representatives and, where applicable, the performance of duties connected with the elective office held by the data subject within University governing bodies;
    9. management of disciplinary proceedings against students;
    10. provision of IT and telematic services supplied by the University (email, digital platforms, and distance-learning services via Microsoft Teams, etc.);
    11. issuance and management of identification tools made available to students and/or users in order to ensure control of physical access to classrooms, laboratories, and University premises;
    12. organization of teaching activities, examinations, final degree examinations, and any other final certificates or qualifications;
    13. organization of teaching activities, examinations, final degree examinations, and any other final certificates or qualifications;
    14. use of library services;
    15. activation and management of curricular and extracurricular internships, including those carried out with partner institutions;
    16. access to additional services or benefits (e.g. accommodation in student housing);
    17. management of claims related to accidents or incidents;
    18. verification of the truthfulness of self-certifications made pursuant to Presidential Decree No. 445/2000;
    19. statistical and evaluation surveys relating to teaching activities and service improvement;
    20. archiving in the public interest, as well as for scientific or historical research or statistical purposes;
    21. access to services for students with disabilities (chronic or temporary) and/or those affected by specific learning disorders;
    22. access to benefits and services aimed at protecting maternity;
    23. provision of services for students who are detained or subject to restrictions on personal liberty.
  2. Other institutional purposes:
    1. communication, activation, and management of initiatives aimed at the awarding of scholarships, prizes, honors, and events of public interest, including through the communication of Data to private and public entities and to inter-university consortia;
    2. communication of data relating to the university academic career and other relevant personal data, excluding those belonging to special categories of personal data referred to in Articles 9 and 10 of the GDPR, for statistical research promoted by other public bodies;
    3. communication and dissemination, by means of paper or electronic lists, including to private entities, of data relating to educational outcomes, both interim and final, and other relevant personal data for purposes of guidance, training, and professional placement (job placement).

Legal basis of the processing

base legale traitement

What are the lawful bases for the processing of your personal data?

Personal data may be collected either directly from the data subject (e.g. when provided by the student at the time of enrolment or during the course of their studies, or in connection with the request for specific services) or from third parties (e.g. in the event of a student’s transfer from another university or through communications from other public institutions) and are processed by the University within the limits established by law and regulations, on the basis of at least one of the following lawfulness conditions (legal bases pursuant to Article 6 of the GDPR):

  • processing is necessary for the performance of tasks carried out in the public interest vested in the University (for the purposes of managing the educational and administrative relationship with the student, including in relation to specific services requested by the student, and for any other purpose connected with the provision of education, training, guidance, and support for entry into the labour market);
  • processing is necessary for compliance with obligations arising from a contract with the student or from applicable legislation; as well as on the basis of the student’s consent, where required.

Legal bases for processing:
for purposes related to the management of the university academic career and legal and financial relationships:

  • Article 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject’s request;
  • Article 6(1)(c) GDPR: processing is necessary for compliance with a legal obligation to which the data controller is subject;
  • Article 6(1)(e) GDPR: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

for other institutional purposes referred to in point 2(a), (b), and (c): Article 6(1)(a) GDPR: the data subject has given consent to the processing of their personal data.

  • for the processing of personal data belonging to special categories (sensitive data) for the purposes referred to in point 1(f), (u), and (v):

for the processing of personal data belonging to special categories (sensitive data) for the purposes set out in paragraph 1(f), (u) and (v):

  • Article 9(2)(g) GDPR: processing is necessary for reasons of substantial public interest on the basis of Union or Member State law.

for the purposes referred to in point 1(t):

  • Article 9(2)(j) GDPR: processing is necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes.

for the processing of judicial data for the purposes referred to in point 1(w):

Article 10 GDPR, with reference to the processing of personal data relating to criminal convictions and offences.

Where required, consent to the processing of personal data is given within the user profile in the section “Edit personal data – Contact details – Privacy consents” of the Online Student Office (Segreteria on line, Web ESSE3 system) and, with regard solely to data subject to disclosure, upon the concurrent provision of consent to the dissemination of such data. Such authorization may be withdrawn at any time, without affecting the lawfulness of processing carried out prior to the withdrawal, by independently accessing the user profile in the section “Edit personal data – Contact details – Privacy consents” of the Online Student Office (Web ESSE3 system).

Personal Data Processed

Icône donnees traitees

What types of data are processed?

The personal data (meaning any information relating to an identified or identifiable natural person, directly or indirectly) processed by the University are as follows:

  • common data relating to the student or to their family members or cohabitants, such as identification data, including first name, last name, gender, title, marital status, address, country of residence, telephone/fax/mobile number, email address, date and place of birth, country of birth;
  • data relating to the academic career (exams taken, grades, etc.);
  • data relating to student mobility (e.g. participation in the Erasmus Programme or other international exchange programmes, grades obtained for exams taken abroad);
  • information contained in applications for participation in any selection procedures managed by the University (e.g. scholarships, collaborations, etc.);
  • income-related data (e.g. ISEE) and banking data (e.g. IBAN).

In addition, for the processing purposes indicated above, “special categories” of personal data (formerly “sensitive data”) pursuant to Article 9 of the GDPR may be collected and processed, subject to the identification of an appropriate legal basis or at the request of the data subject, relating to:

  • racial or ethnic origin (in cases where data subjects are non-EU citizens or have obtained or intend to obtain refugee status);
  • health status (e.g. data relating to students with disabilities or pregnant students; data relating to the use of psychological counseling and assistance services; data relating to access to benefits such as, by way of example, possible reductions in university fees reserved for certain categories of students);
  • sexual orientation and sex life (e.g. for any rectification of sex assignment and management of alias careers);
  • judicial data (e.g. in the case of users and/or students under detention, data relating to criminal convictions, the commission of offences, the application of security measures or other measures restricting personal liberty).

The processing of these special categories of personal data shall be carried out only to the extent strictly necessary for the purposes indicated above.

Data RetentionPeriod

Icône periode conservation

How long are personal data retained?

The University will process personal data for the period strictly necessary to achieve the purposes indicated above, in compliance with the University’s retention schedule, without prejudice to any retention periods provided for by laws or regulations.

Personal data relating to the student’s university career shall be retained indefinitely, in accordance with the archiving obligations imposed by applicable legislation.

Recipients

Icône beneficiaires

To whom may your personal data be disclosed?

Personal data are processed for the purposes indicated above by University staff, duly instructed and only to the extent necessary for the performance of their respective duties. This includes, for example, professors and their collaborators, employees and collaborators assigned to the relevant University offices, as well as any external parties providing services on behalf of the University.

Furthermore, the University makes use of external service providers for the delivery of specific services instrumental to the performance of its institutional activities. These parties are appointed by the University as Data Processors and may access only the data that are necessary and essential for the provision of the requested service, in accordance with the obligations imposed on them by applicable legislation and by the contractual provisions put in place by the University to ensure the protection of personal data.

In particular, the following parties process data in this capacity:

  • providers of IT services and/or products (e.g. systems for the management of student careers, in particular CINECA; provision of email services, cloud computing and distance learning services via Microsoft Teams/Office 365);
  • providers of technical and administrative services;
  • providers of insurance services;
  • third-party consultants and professionals (e.g. lawyers, accountants).
  • Personal data may also be disclosed to inter-university consortia (such as, for example, AlmaLaurea) and, at the student’s request, to companies affiliated with the University in order to facilitate entry into the labour market and professional careers, pursuant to Article 96 of Legislative Decree No. 196 of 30 June 2003.

Furthermore, the University may disclose the personal data processed to other public administrations, where such bodies are required to process the data for proceedings falling within their institutional competence, as well as to all public or private entities to whom disclosure is mandatorily required by laws or regulations, provided that the relevant legal conditions are met. These entities include, by way of example:

  • public bodies managing the provision of research funding and/or scholarships, promoting studies and research, and services for the right to education;
  • public bodies aimed at supporting access to the labour market;
  • third parties with whom the student is required to carry out internships, traineeships or other job placement activities;
  • state administrations, such as the Ministry of Education and Research (MIUR), the Ministry of Foreign Affairs, the Ministry of Labour, the Revenue Agency, the State Attorney’s Office, Police Headquarters, Embassies, Public Prosecutors’ Offices, and Penitentiary Institutions;
  • Italian and foreign universities involved in joint educational programmes;
  • the judicial authority, law enforcement agencies, and information and security bodies;
  • non-economic public bodies, such as INAIL and social security institutions;
  • Local Health Authorities;
  • associations, such as, for example, the Conference of Italian University Rectors (CRUI);
  • companies or consortia in which the University holds an interest;
  • territorial administrations, such as Regions, Municipalities, the Regional Authority for the Right to Education and Knowledge, and Employment Centres;

Outside the cases listed above, personal data are not disclosed or disseminated to third parties in any way or for any reason.

EXERCISABLE RIGHTS

Icône diritti esercitabili

What are your rights and how can you exercise them?

Right of access to your personal data– Art. 15 GDPR

Right to rectification of your personal data– Art. 16 GDPR

Right to erasure (‘right to be forgotten’) of your personal data – Art. 17 GDPR

Right to restriction of processing of your personal data – Art. 18 GDPR

Right to data portability– Art. 20 GDPR

Right to object to the processing of your personal data – Art. 21 GDPR

Right to be informed of a personal data breach– Art. 34 GDPR

Right to lodge a complaint with the supervisory authority – Art. 77. GDPR Complaints can be submitted to: Garante per la protezione dei dati personali Piazza di Montecitorio n.121 - 00186 ROMA - fax : (+39) 06.696773785 - téléphone : (+39) 06.696771 - Email: garante@gpdp.it - PEC: protocollo@pec.gpdp.it

Contact information for exercising your rights

Who should you contact to exercise your rights?

Lawyer Emanuele Florindi

email: rpd@univda.it

Automated Decision-Making – including profiling

Your data are not subject to automated decision-making processes that produce legal effects on the data subject.

Transfer of Data Outside the EU

Will your personal data be transferred to other countries?

Personal data are not transferred to countries outside the European Economic Area.

Provision of personal data

Are you required to provide your personal data?

The provision of personal data is necessary to use the authentication service.

Source of Data

Where does your data come from?

Your personal data are obtained from your home organization exclusively for authentication purposes.