In accordance with EU Regulation No. 2016/679 –General Data Protection Regulation (GDPR) as well as national legislation, hereinafter collectively referred to as the “Applicable Law”, this policy statement provides information with regard to the processing of personal data of users and visitors of Eurac Research’s websites. This policy is also addressed to those who use Eurac Research's web services via the network.
The policy described herein applies solely to the websites of Eurac Research and excludes all other websites that can be accessed via links that appear on the Eurac Research websites. Eurac Research is not responsible for the content or any external links to other websites.
Pursuant to legal provisions, Eurac Research guarantees that the processing of personal data will be performed in consideration of fundamental rights and freedoms as well as the dignity of the data subject, and in accordance with the legislative provisions of the Applicable Law and the confidentiality clauses included therein. In particular, the processing of personal data will be carried out in accordance with the principles of lawfulness, fairness, transparency, accuracy, purpose and storage limitations, data minimisation, integrity and confidentiality.
Precise data protection information about specific services or data processing procedures may be displayed on the corresponding webpages of this website or transmitted directly to the data user.
1. Data Controller and Data Protection Officer
Data Controller: Eurac Research, with headquarters at Viale Druso 1, 39100 Bolzano, in the person of the legal representative pro tempore. You can contact the DPO under the following e-mail Address: email@example.com
2. Types of Personal Data Subject to Processing
“Personal data” means any information relating to an identified or identifiable natural person (the “Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person. The personal data that may be processed includes browsing data, data provided voluntarily by the data subject and cookies.
A. Browsing Data
The computer systems and software used to run this website during normal operations acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in relationship to the users, but due to its inherent nature, such information could enable the users to be identified via processing and associations with data held by third parties. This category of data includes, for example, the IP addresses or domain names of the users’ computers connecting to the website.
The data is used for the purposes of both obtaining statistical information concerning the website's use and analysing them and to monitor the website's proper operation. In certain cases, the data may be used to ascertain liability in a suspected computer crime directed against the website. Other than the aforementioned cases, data on web contacts will not be held beyond the time required to meet requests made of the website. Personal data will not be disclosed to third parties; if requested, however, such data must be made available to the Italian Postal and Communication Police Service, legal authorities and criminal investigation police.
While browsing the web user’s following information will be collected and stored in the log files of the server (hosting) of the website:
- Internet protocol address (IP);
- type of browser;
- Parameters of the device used to connect to the website;
- date and time of the visit;
- web page of origin of the visitor (referral) and exit;
- possibly the number of clicks.
B. Data Provided Voluntarily by Users
The optional, explicit and voluntary sending or transmission of e-mail and/or personal data to the addresses given on the website will entail the subsequent acquisition of the sender’s name and email address (which is required to respond to requests), as well as any other personal data present in the e-mail. The provision of the information is voluntary, but refusal of such renders the user’s request impossible. This data will only be transmitted to third parties if necessary to the process of responding to the inquiry. The data will not be shared with third parties for marketing or profiling purposes.
C. Cookies and Similar Technologies
I. Definition and purposes Cookies and similar technologies are information stored on websites and apps on the users devices during their first visit to the site. Cookies and related technologies allow websites and apps to remember user actions and preferences (such as login data, the default language, display settings, etc.) so that they will be available in the user’s subsequent visits. These technologies are used to perform IT authentications, session monitoring and to store information about the activities of users who access a service.
In contrast the prior consent is required for non-anonymized analytics cookies and for profiling cookies, e.g. those reporting statistics on the use of a website or those creating profiles of users in order to send them advertising messages in line with the preferences they have expressed while browsing. For further information: Linee Guida Cookie 10.06.2021 – Garante Priavcy https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/9677876.
II. Categories of cookies used and possibility of disable them The websites www.eurac.edu use “persistent technical cookies” (small text files that the website temporarily saves directly on the computer) that allow the website to remember, for example, the user’s preferred language or to show other possible versions of the website. For these cookies the consent is not required.
In addition, these websites use plausible, a web analytics service provided by Plausible Insights, Västriku tn 2, 50403, Tartu, Estonia. Plausible enables Eurac Research staff to analyze and, thus, improve the usage websites . The information generated about the use of these websites(including IP address, pages viewsand usage data) is transferred to and stored on a plausible server within the European Union. The data is not used for commercial purposes (further information at www.plausible.io/privacy). Plausible processes the data as a data processor according to Article 28GDPR.
Eurac Research has integrated map material from Mapbox (Mapbox Inc., 740 15th Street NW, 5th Floor, 20005 Washington D.C., USA), which collects IP addresses as well as data on the use of mapping tools. Mapbox installs a cookie on your device via your internet browser, which transmits and stores information about the use of the website. The data is processed for the purpose of displaying the site and ensuring the functionality of the Mapbox service (for more information, see www.mapbox.com/privacy/). Mapbox processes the data as a data processor according to Art. 28 GDPR.
Eurac Research uses the CMS/Content Management System of DatoCMS (Dato SRL, located at Via F. Botticini 3, 50143 Firenze (FI), Italy) (for more information see https://www.datocms.com/legal/privacy-policy). DatoCMS processes the data as a data processor in accordance with Art. 28 GDPR.
Eurac Research uses the hosting service of Vercel (Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789). The data collected are: IP address, browser type, browser version, operating system used, client host name, time of day, etc. (for more information see https://vercel.com/legal/privacy-policy). Vercel processes the data as a data processor in accordance with Article 28 GDPR.
The website may also use third-party cookies, which are cookies from sites or web servers other than this website that are used for purposes of such third parties. For example, “social plugins” such as Facebook, Twitter may be present on webpages and are generated and integrated into the host’s page by these sites. The most common use of social plugins is for sharing content on social networks. These plugins transmit cookies to and from all third-party sites. This information from “third parties” is governed by the corresponding regulations, which must be observed. For more information and details about the various types of cookies, their operation and features, see the website www.allaboutcookies.org.
Below are links to webpages that describe the different uses of cookies:
· Facebook configuration: access account, click on 'Privacy'
WordPress is a CMS (Content Management System) for creating and managing personal blogs. Blog posts are staff of Eurac Research or authorised external authors. A blog is an online journal or informational website displaying information in reverse chronological order, with latest posts appearing first. It is a platform where a writer or group of writers share their views on a subject. Posts may be commented on by other users and the comments may also include the feedback by other users, allowing interesting discussions about the post’s original content.
The data provided by the participants of the blog on registering is restricted to the e-mail address, which is required to receive notification of a post’s publication. When posting a comment, the user must submit their first and last name, which may or may not be published together with the posted comment. The e-mail address is used exclusively for sending news of the site.
The opinions and comments posted by the users and the information and data they contain are used exclusively for the purpose of publication of the blog. In particular, no aggregation or registration in a separate database has been planned. Any processing of personal data undertaken for statistical purposes at a future date would be done anonymously.
While the dissemination of user’s anagraphic data and the data visible in their posted comments may be attributable to the single user’s initiative, we guarantee that no other submission or dissemination of the data is currently foreseen. In any case, the users may exercise their rights according to art. 15 ff. GDPR.
3. Purpose and Legal Basis for the Data Processing
The personal data provided will be processed for the following purposes:
- Research or statistical analyses on aggregated or anonymous data (i.e. without identification of the data subject) aimed at measuring the functioning of the website, as well as its traffic, usability and interest;
- Completion of data collection forms for the purpose of receiving newsletters or communications in general via e-mail;
- The performance of a contract to which the data subject is party, or in order to process a data subject’s requests prior to entering into a contract;
- Compliance with a legal obligation to which the controller is subject;
- The establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- Technical and administrative purposes regarding connection set-up and stability, to guarantee the security and functioning of our website and to be able to track any illegal attacks on the website, if required;
The lawful basis for processing Personal Data:
- it does not imply the processing of Personal Data,
- performance of a contract,
- legal obligation,
- legal obligation,
- the legitimate interest concerning the security interest and the need to make our website available unhindered.
4. Mandatory or voluntary communication of data and possible consequences of a failure to provide it
The provision of personal data is voluntary, but refusal could interfere with the correct use of the services and its legal obligations, thus limiting the full functionality of the website.
5. Recipients of the Data Processed
The recipients of the data are the employees of Eurac Research or persons who have access to personal data and who are in charge of the data processing activities and authorised and instructed to carry out data processing activities by the data controller.
Personal data may be communicated to external service providers (e.g. sending e-mails and analysing the functional capability of the website), which typically process Personal Data on behalf of Eurac Research as data processors. When required, your personal data will be forwarded to public administrative bodies and agencies, as provided by law. To provide certain services Eurac Research and the Free University of Bolzano (with legal seat in Bolzano (Italy), Piazza Università 1 – 39100, manage together the scientific platform Scientific Network South Tyrol which connects their data centers. Eurac Research and the Free University of Bolzano are Joint Controllers of the personal data processed in this context and, accordingly, have entered into an agreement pursuant to art. 26 of the GDPR. The joint controllers have agreed that user’s complaints and requests to exercise their rights under the GDPR will be handled within the framework of the processing purposes set out in the joint agreement. Anyway, data subjects may exercise their rights under this Regulation in respect of and against each of the controllers according to art. 26 par. 3 of the GDPR.
Eurac Research uses "Brevo" (formerly "Sendinblue") to send our newsletter to our subscribers. As part of your subscription, your data will be communicated to and processed by Sendinblue GmbH, in its function as Data Processor. Sendinblue is a service provided by Sendinblue GmbH, Germany. The data that is collected when you register for the newsletter (i.e. email address, selected language, IP address, and time and date of registration) will be sent to a server in the European Union and stored there in accordance with the requirements of the GDPR. For further information about the data protection offered by Brevo see: https://www.brevo.com/legal/privacypolicy/
We are represented on various social media platforms with a company page. In this way, we would like to offer additional information about our research institution. Eurac Research has company pages on the following social media platforms: Facebook Instagram You Tube Twitter LinkedIn
When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a regularly used social media profile also constitutes personal data. This includes messages and statements made while using the profile. In addition, when visiting a social media profile, certain information about that profile is often automatically collected, which may also constitute personal data. Personal data is processed for statistical purposes as a joint data controller pursuant to Article 26 DSGVO together with the operator of the social media website. For more information on data processing:
• Facebook und Instagram:
Joint data controller: Facebook Ireland Limited (https://www.facebook.com/legal/terms/information_about_page_insights_data)
Cookies Policy Meta: https://www.facebook.com/privacy/policies/cookies/?entry_point=cookie_policy_redirect&entry=0
Joint data controller: Twitter International Company (https://gdpr.twitter.com/en/controller-to-controller-transfers.html)
Cookies Policy Twitter: https://help.twitter.com/en/rules-and-policies/twitter-cookies
Joint data controller: LinkedIn Ireland Limited Company (https://legal.linkedin.com/pages-joint-controller-addendum)
Cookies Policy LinkedIn: https://www.linkedin.com/legal/cookie-policy
Joint data controller: Google Ireland Limited (https://policies.google.com/privacy?hl=en-GB&gl=it)
6. Transfer of Data
The personal data collected via the services of this website are collected by employees of Eurac Research who have been specifically assigned this role. Alternatively it will be processed by persons who carry out occasional maintenance work on the website and who have also been appointed for this purpose and are bound by confidentiality. To this end, Eurac Research may, in the context of assigning this task, and whilst adhering to the best possible security measures, utilise the help of external companies, consultants, associations, software suppliers and service providers. Some personal data could be transmitted to third countries outside of the EU but only if the transmission of personal data is connected to the performance of the institutional activities of Eurac Research. Eurac Research guarantees that in any case, the electronic or analogue processing of personal data by the recipient shall be in accordance with statutory provisions. Where data is transferred to a third country, this will be done on the basis of the European Commission's standard contractual clauses (SCC) with supplementary measures and in according with the legal requirements.
7. Retention Period of Personal Data
Personal data will be stored for the time necessary to carry out the purposes for which it was collected or as long as the service (section 3 b) is available and/or you remain subscribed to it. Apart from the above, your personal data will be retained for a period of time necessary or permitted to comply with the Applicable Law (Artt.2946 and following Italian Civil Code); when this period has been reached, the data shall be deleted or made anonymous.
8. Existence of automated decision-making process
There are no automated decision-making processes
9. The Data Subject’s Rights
At any time the data subject has the right to request access to their personal data, and to correct or delete that data, or to limit its processing. In addition, the data subject has the right to data portability, as well as the right to lodge a complaint with a supervisory authority. When the data processing is based on consent, the data subject has the right to withdraw that consent at any time. The data subject may also exercise all other rights pursuant to current data protection regulations (art. 15 et seq. GDPR) by writing to the email: firstname.lastname@example.org.
Last update: 29.11.2023