This website collects some Personal Data from its Users
Università Cattolica del Sacro Cuore, with registered offices in Largo A. Gemelli, 1 - 20123 Milano, ITALY, VAT no. and Fiscal Code 02133120150 (“the Data Controller”), is committed to protecting the online privacy of the users of this website (“Website”).
In general, any information and data which you provide to the Data Controller over the Website, or which is otherwise gathered via the Website by the Data Controller, in the context of the use of Website’s services (“Services”) as better defined in Section 3 below, will be processed by the Data Controller in a lawful, fair and transparent manner. To this end, and as further described below, the Data Controller takes into consideration internationally recognised principles governing the processing of personal data, such as purpose limitation, storage limitation, data minimisation, data quality and confidentiality.
Data Controller email: PANACEA.Project@unicatt.it
Data Protection Officer email: email@example.com
When you use the Website, the Data Controller will collect and process information regarding you (as an individual) which allows you to be identified either by itself, or together with other information which has been collected. The Data Controller may also be able to collect and process information regarding other persons in this same manner, if you choose to provide it to the Data Controller, also via the Website.
This information may be classified as “Personal Data” and can be collected by the Data Controller both when you choose to provide it (e.g., when you subscribe to the newsletter or request other Services provided by the Data Controller over the Website) or simply by analysing your behaviour on the Website.
Personal Data which can be processed by the Data Controller through the Website are as follows:
a. Name, contact details and other Personal Data
In various areas of the Website – including, in particular, if you decide to create an account on the Website – you will be asked to submit information about yourself, such as your name, professional title, organisation name/type, primary (and secondary) domain of work/expertise, e-mail address, city/country of residence, address, gender, Twitter handle, LinkedIn profile, and picture. Mandatory fields will be marked as such in the online registration forms – it is not possible to process your registration if any of the mandatory fields are left incomplete.
In addition, whenever you communicate with the Data Controller by submitting a general enquiry or a support ticket via the Website, as well as whenever you participate in surveys which may be available on the Website, the Data Controller may collect additional information which you choose to provide.
Regarding any applications received, the Data Controller may assess the professional social media accounts (e.g. LinkedIn, Twitter) or professional websites of candidates, where publicly available or disclosed by the candidate, as necessary to gain insight as to a candidate’s suitability for the position/function to which the candidate applied.
When signing up for an event via the Website (such as a workshop organised or promoted by the Website), you will also be asked to provide details such as your name, your Twitter handle, the dates on which you will be attending and other information of relevance for the management of your attendance. Your payment details (including debit/credit card number and bank account details as needed) will be processed via an external payment gateway.
b. Special categories of Personal Data
When signing up for an event via the Website (such as a workshop organised or promoted by the Website), you will also be asked whether you have any special dietary/access requirements which might need accommodation. These Personal Data may potentially qualify as “health data” or “data revealing your religious/philosophical beliefs”, which are special categories of personal data under Art. 9 GDPR, and will be processed only with your explicit consent.
Certain areas of the Website may include free text fields, where you can write messages to the Data Controller or otherwise allow you to post various types of content on the Website, which may contain Personal Data. Where these fields are completely free, you may use them to disclose (inadvertently or not) more sensitive categories of Personal Data, such as data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. The content you upload in these fields may also (inadvertently or not) include other types of sensitive information relating to you, such as your genetic data, biometric data or data concerning your health, sex life or sexual orientation.
The Data Controller asks that you do not disclose any sensitive Personal Data on the Website, unless you consider this to be strictly necessary. As it is totally optional to provide this information, if you nonetheless choose to do so, please mind that the Data Controller requires your explicit consent to process this sort of Personal Data (which can be provided, e.g., by declaring that you “explicitly consent to the processing of my special categories of personal data for the purpose of assessing my candidacy”).
c. Other persons’ Personal Data
As mentioned in the previous section, certain areas of the Website include free text fields where you can write messages to the Data Controller, or otherwise allow you to post various types of content on the Website. These messages and content may (inadvertently or not) include Personal Data related to other persons.
In any situation where you decide to share Personal Data related to other persons, you will be considered as an independent data controller regarding that Personal Data and must assume all inherent legal obligations and responsibilities. This means, among other things, that you must fully indemnify the Data Controller against any complaints, claims or demands for compensation for damages which may arise from the processing of this Personal Data, brought by the third parties whose information you provide through the Website.
As the Data Controller does not collect this information directly from these third parties (but rather collects them, indirectly, from you), you must make sure that you have these third parties’ consent before providing any information regarding them to the Data Controller; if not, then you must make sure there is some other appropriate grounds on which you can rely to lawfully give the Data Controller this information.
d. Browsing data
The Website’s operation, as is standard with any websites on the Internet, involves the use of computer systems and software procedures, which collect information about the Website’s users as part of their routine operation. While the Data Controller does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information must also be considered Personal Data.
This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your device, the type of device, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.
These data are used to compile statistical information on the use of the Website, to ensure its correct operation, as well as restore backup from possible failures of the Website and identify any faults and/or abuse of the Website. Save for this last purpose, these data are not kept for more than 90 business days.
- Definitions, characteristics, and application of standards
Cookies are small text files that may be sent to and registered on your computer by the websites you visit, to then be re-sent to those same sites when you visit them again. It is thanks to these cookies that those websites can “remember” your actions and preferences (e.g., login data, language, font size, other display settings, etc.), so that you do not need to configure them again when you next visit the website, or when you change pages within a website.
When browsing a website, you may also receive cookies from websites or web servers other than the website being visited (i.e., “third-party cookies”).
There are various types of cookies, depending on their characteristics and functions, which may be stored on your computer for different periods of time: “session cookies”, which are automatically deleted when you close your browser, and “persistent cookies”, which will remain on your device until their pre-set expiration period passes.
According to the law which may be applicable to you, your consent may not always be necessary for cookies to be used on a website. In particular, “technical cookies” – i.e. cookies which are only used to send messages through an electronic communications network, or which are needed to provide services you request – typically do not require this consent. This includes browsing or session cookies (used to allow users to login) and function cookies (used to remember choices made by a user when accessing the website, such as language or products selected for purchase).
On the other hand, “profiling cookies” – i.e., cookies used to create profiles on users and to send advertising messages in line with the preferences revealed by users while browsing websites – typically require specific consent from users, although this may vary according to the applicable law.
- Types of cookies used by the Website
The Website uses the following types of cookies:
The Data Controller also uses third-party cookies – i.e. cookies from websites / web servers other than the Website, owned by third parties. These third parties will either act as independent data controllers from the Data Controller regarding their own cookies (using the data they collect for their own purposes and under terms defined by them) or as data processors for the Data Controller (processing personal data on the Data Controller’s behalf). For further information on how these third parties may use your information, please refer to their privacy policies:
- First-party cookies present on the Website
In detail, the cookies present on the Website are as follows:
|Technical name||Data Controller||Cookie Type, function and purpose||Type of cookie||Duration|
|_GA||Google Analytics cookie used to distinguish users.||third party cookie/cookie analytics||2 Years|
|_gid||Google Analytics cookie used to distinguish users.||third party cookie/cookie analytics||24 hours|
|SSESS%ID%||Università Cattolica del Sacro Cuore||Drupal cookie that stores session identification.||first party cookie/session cookies||200000 seconds (about 56 hours)|
|Drupal.tableDrag.showWeight||Università Cattolica del Sacro Cuore||Drupal cookie that helps handle the consistent navigation of tabbed pages and forms across a range of different browsers.||first party cookie/functional cookies||1 Year|
|cookie-agreed||Università Cattolica del Sacro Cuore||Cookie that records whether the cookies notification pop-up has been acknowledged by a user||first party cookie/browsing cookie||100 days|
- Cookie settings
You can block or delete cookies used on the Website via your browser options. Your cookie preferences will be reset if different browsers are used to access the Website. For more information on how to set the preferences for cookies via your browser, please refer to the following instructions:
You may also provide set your preferences on third-party cookies by using online platforms such as AdChoice.
CAUTION: If you block or delete technical and/or function cookies used by the Website, the Website may become impossible to browse, certain services or functions of the Website may become unavailable or other malfunctions may occur. In this case, you may have to modify or manually enter some information or preferences every time you visit the Website.
The Data Controller intends to use your Personal Data, collected through the Website, for the following purposes:
The Data Controller’s legal bases to process your Personal Data, according to the purposes identified in Section 3, are as follows:
Your Personal Data may be shared with the following list of entities (“Data Processors”):
Trust-IT Services Ltd (contact: firstname.lastname@example.org, located at Chase Green House, 42 - Chase Side, Enfield, Middlesex, EN2 6NF United Kingdom. VAT no. 848450895.
Trust-IT Srl (contact: email@example.com), located at Via Nino Bixio 25, 56125 Pisa, Italy. VAT no. 01870130505.
Commpla Srl (contact: firstname.lastname@example.org), located at Via Nino Bixio 25, 56125 Pisa, Italy. VAT no. 01958380501
Your Personal Data may be shared with the following list of persons / entities (“Recipients”):
Additionally, with your consent, some of your Personal Data may be published in the webpages available online at the Website. Furthermore, when you sign-up for an event, you will be listed in attendee lists made available on the Website.
More information on these transfers is available upon written request to the Website Managing Team at the following address: PANACEA.Project@unicatt.it
Personal Data processed for Service Provision and Events/Webinars will be kept by the data controller for the period deemed strictly necessary to fulfil such purposes – in any case, as these Personal Data are processed for the provision of the Services, the data controller may continue to store this Personal Data for a longer period, as may be necessary to protect the data controller’s interests related to potential liability related to the provision of the Services.
Personal Data processed for Applications will be kept by the Data Controller for up to 5 years, to allow for possible external audits, as requested by contractual provisions the Data Controller is subjected to. The Data Controller may contact applicants before the expiration of this period, in order to request an extension of the retention period.
Personal Data processed for Database Publication, Marketing and Profiling will be kept by the data controller from the moment you give consent until it is withdrawn. Where it is not withdrawn, consent will be renewed at fixed intervals. Once consent is withdrawn (or not given, following a renewal), Personal Data will no longer be used for these purposes, although it may still be kept by the data controller in particular as may be necessary to protect the data controller’s interests related to potential liability related to this processing.
Personal Data processed for Soft Opt-In will be kept by the data controller from the moment where it is provided by you to the data controller (in the context of registrations for events or Services requested via the Website) until you object to this processing. Once you have objected, Personal Data will no longer be used for these purposes, although it may still be kept by the data controller, in particular as may be necessary to protect the data controller’s interests related to potential liability related to this processing.
Personal Data processed for Compliance will be kept by the data controller for the period required by the specific legal obligation or by the applicable law.
Personal Data processed for preventing Misuse/Fraud will be kept by the data controller for as long as deemed strictly necessary to fulfil the purposes for which it was collected.
More information on applicable retention periods is available upon written request to the Website Managing Team at the following address: PANACEA.Project@unicatt.it
As a data subject, you are entitled to exercise the following rights before the data controller, at any time:
Please note that most of the Personal Data you provide to the data controller can be changed at any time, including your e-mail preferences, by accessing, where applicable, your user profile created on the Website.
You can also withdraw consent for Marketing (for communications received via e-mail) or object to Soft Opt-In by selecting the appropriate link included at the bottom of every marketing e-mail message received. The same applies to the Website’s newsletter which you may have subscribed to and receive as a Service.
Consent for Profiling carried out by cookies may be withdrawn as described in Section 2(e). Where consent for Profiling was given via a specific tick box, you may withdraw this consent by changing your preferences, at any time, within your user profile created on the Website, where applicable.
Aside from the above means, you can always exercise your rights described above by sending a written request to the Website Managing Team at the following address: PANACEA.Project@unicatt.it.
In any case, please note that, as a data subject, you are entitled to file a complaint with the competent supervisory authorities for the protection of Personal Data, if you believe that the processing of your Personal Data carried out through the Website is unlawful.