The University of Messina undertakes to implement protective measures for the processing of personal data in order to adapt to and comply with the New Regulation (EU) 2016/679 of the European Parliament and Council, 27 April 2016 -General Data Protection Regulation (GDPR)- concerning the protection of individuals regarding the processing of personal data, as well as the free circulation of such data; and repealing Directives 95/46/EC; and the Legislative Decree n. 196/2003-Code regarding the protection of personal data-as adapted to the aforementioned Regulation by Legislative Decree no. 101/2018 of 10 August 2018.
The Data Controller is the University of Messina (Owner),
in the person of the Rector, Prof. Giovanna Spatari
with registered office at: University Central Campus, Piazza Pugliatti 1, 98122 Messina.
Telephone: +39 090 6768900
PEC (Certified E-mail): firstname.lastname@example.org
The processing of personal data - which is associated with a purpose connected to the institutional mission of the University (teaching, research and third mission - described in the University Statute) is necessary for the performance of the relative tasks and activities of an institutional nature. The processing of personal data is carried out in compliance with the regulations in force, respecting human dignity, fundamental human rights and freedom of students, University staff, users who interact with the University, stakeholders in general, according to Article 1 of the Legislative Decree 196/2003 / Legislative Decree 101/2018. The University undertakes to process personal data in a transparent manner towards the data subjects, i.e., the parties to whom the data refer.
In general, the lawfulness of the processing, i.e. the legal prerequisite configuring it as lawful, is identified in the art. 6 paragraph 1 letter (e) of the GDPR: "processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller". Further bases of lawfulness prescribed by the European Regulation (e.g., consent or legitimate interest), will be specified.
Personal data are processed in accordance with the provisions of art. 5 of the GDPR: lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’); collected for specified, explicit and legitimate purposes; in compliance with the principles of data quality (‘data minimisation’, ‘accuracy’ and ‘storage limitation’), and the security of processing is pursuant to art. 32 of the GDPR (confidentiality, integrity, availability and resilience of processing systems and services).
The data subject can control the information referring to him/her by exercising the rights declared in Chapter III of the GDPR: the right of information and access to personal data (articles 12-15), whose origin, purpose, copy, and legal basis for the processing can be obtained; the right to rectification (articles 16, 19) and/or erasure (articles 17, 19), the right to restriction of processing (articles 18, 19) or the existence of an automated individual decision-making process (article 22).
The data subject has the right to object the processing at any time (art. 21), withdraw his or her consent at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, art. 7); moreover, he/she the right to lodge a complaint with a supervisory authority (art.15). To exercise these rights, data subjects can submit the dedicated available form.
The Italian national supervisory authority for the protection of personal data is the Data Protection Authority - DPA (Garante per la protezione dei dati personali). http://www.garanteprivacy.it.
To exercise their rights, the data subjects can contact the Data Controller or the Data Protection Officer.
Periodic consultation of this section of the portal is recommended to find out about information updates and University initiatives on the subject.
In order to promote and organise in a structured way the compilation of information on the data processing pursuant to articles 12-13-14 of the General Regulation for the protection of personal data, 679/2016, a specific form has been prepared, available on request, to be submitted by e-mail to the Data Controller, to the Internal Data Processor of the competent administrative department or to the University Data Protection Officer.
Documents (in Italian):
The Collegial Bodies of the University, in the session of 30 October 2018, approved the ‘Plan for the application at UniME of the European Regulation 679/2016 and of the Code regarding the personal data protection (Legislative Decree 196/2003), as amended by Legislative Decree 101/2018’.
References: Resolution of the Academic Senate, Rep. 377/2018; Resolution of the Board of Directors, Rep. 457/2018.
Seven priority actions have been included in the plan: Training; Internal functional organization; Risk management and measurement; Management and execution of data processing; Information and protection measures; Control on the assignment of data processing to (external) Managers; Internal regulation.
The plan was structured to configure actions and intervention priorities capable of responding to specific and immediate adaptation needs, and of carrying out specific and demonstrable activities, reviewed and updated with a view to continuous improvement, also considering a preventive analysis and the related protective measures.
The personal data protection training plan is part of the actions planned by the University for the implementation of the compliance process with the European Regulation and the ‘new’ Code. The main objectives are: providing the staff members involved in the personal data management and processing with the necessary knowledge; promoting, increasing and spreading awareness, attention and interest of the entire academic community on the personal data protection and its implications.
Documents (in Italian):
Cookies and other tracking tools on the websites and on the University Portal.
For more information on the Data Controller, the person in charge of personal data protection and on how to exercise the rights of the data subject, consult the privacy section of the University: https://www.unime.it/it/ateneo/privacy
Data categories and processing purposes
Personal data related to identified or identifiable persons may be processed. The University Portal and related sites can also use:
- Cookies to facilitate and make navigation of the pages more efficient.
- Cookies that make it possible to make the services presented by the portal more effective by possibly enabling specific functions.
- Cookies and other tracking tools that are sent from different sites (‘third-party cookies’), on which other information elements / media are made available (e.g., links, maps, images, sounds, videos...)
Data provided voluntarily by users (e.g., email addresses and other contact details).
The processing of the aforementioned information is necessary, in general, for the execution of tasks in the public interest or in any case connected to the exercise of public powers vested in the University, including the task of carrying out institutional information and communication activities pursuant to law no. 150/2000 and Rectoral Decree no. 271/2009. The lawful basis for the processing of profiling cookies or other similar tracking tools described above is consent as specified in art. 6 par. 1 lit. a) of the GDPR.
Recipients of the personal data processed
The recipients of the data collected by browsing the portal, pursuant to article 28 of the GDPR, as data processors, are the development suppliers and the operational management services of the technological platforms involved.
Technical cookies, necessary and essential for the functioning of the University websites and portal
- Session cookies to manage authentication for online services and restricted areas. This type of cookie allows safe and efficient exploration of the site: cookies are not stored permanently on the user's device and are deleted when the browser is closed.
- Load balancing session cookies to optimise website performance by reducing page load times.
- Cookies to save navigation preferences and preferences expressed on cookies (expiring after 6 months).
Consequences in case of deactivation: it is not possible to deactivate the necessary cookies – in any case navigation is allowed.
Analytical and tracking cookies
Third-party analytical cookies are used, i.e., only for the provision of the service, anonymously and without inference.
In this regard, the University makes use of:
Consequences in case of disabling: no consequences on the portal browsing.
Function: Recording the visitor's unique ID
Expiry time: 13 months
Function: Recording the visit date
Expiry time: 30 minutes
Profiling cookies (optional),
to evaluate the effectiveness of institutional communication activities, support the knowledge and visibility of institutional activities on contents and topics of public interest.
Since the University portal sites could integrate, within some pages, functions developed by third parties, third-party profiling cookies could consequently be installed during browsing. The site can use specific tools for tracking social channels (YouTube) or other suppliers. These cookies make it possible to acquire data relating to the visits of users who are browsing the University sites and, therefore, to cross-reference and interact with them directly on the social networks connected to them.
For completeness and transparency, it is recommendable to consult the YouTube cookie policies:
Telematic traffic data
The computer systems on which the operation of the University portal is based normally store some personal data necessary for the execution of internet communication protocols, whose registration is necessary to improve the quality and technical effectiveness of the service provided. This information is not collected to identify interested parties, even if this is possible due to the very nature of such data, which includes, by way of example: accounts and IP addresses of users connected to the site; URI (Uniform Resource Identifier) of managed resources; communication result codes and other technical parameters relating to the operating system and/or application environment used.
Unless otherwise specified by current legislation, these data are kept for six or twelve months, after which they are anonymised or cancelled.
The specific purpose of processing can be found in obtaining anonymous statistical information on the use of the site and/or to check the correct functioning of the IT systems. The data could also be re-used to ascertain responsibility in the event of any crimes or if damage occurs to the University or to third parties. These data are processed in compliance with the provisions of the Rectoral Decree 271/2009 and can be communicated to the Judicial Authority as required by law.
Disabling and deleting cookies stored on the device
The links that also explain how to disable cookies for the most popular browsers are provided below (for other browsers that may be used, we suggest looking for this option in the software help).
Google Chrome: https://support.google.com/chrome/answer/95647?hl=it
Apple Safari: http://www.apple.com/it/privacy/use-of-cookies/
Disabling profiling and/or third-party cookies
The deactivation of profiling cookies could also be possible through the methods described in the information given above, made available directly by the third-party owner company. By way of example, to disable Google Analytics cookies only, you can use the opt-out provided by Google for the main browsers.
Deleting cookies already saved on the device
Even if the authorisation to use third-party cookies is withdrawn, the cookies may have been already stored on the user's device before the withdrawal. For technical reasons, it is not possible to delete these cookies, however the user's browser allows their deletion in the privacy settings. In fact, the browser options contain the ‘Delete browsing data’ option which can be used to delete cookies, site data and plug-ins.