GDPR Privacy Notice

This notice provides certain required information to persons located in the European Union (“EU”), a European Economic Area (“EAA”) member state, or Switzerland. Before OBSERVATORY MAGNA CHARTA UNIVERSITATUM collects any “personal data” from you, you are entitled under Regulation (EU) 2016/679 (commonly known as the EU General Data Protection Regulation, or the “GDPR”), to the information in this notice. The GDPR does not apply to the processing of personal data from data subjects prior to May 25, 2018.

The GDPR defines (a) “personal data” as information that identifies you, or may be used to identify you, such as your name, an identification number, location data, an online identifier, or factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity, (b) “controller” as the entity that determines the purposes and means of the processing of personal data, (c) “processor” as the entity that processes personal data on behalf of the controller, and (d) “data subject” as a natural person who is identified, or can be identified, by reference to his or her personal data.

If you would like to review the GDPR Articles cited in this notice, please click here, https://www.eugdpr.org/.

 

The Identity and Contact Details of the Controller

Under the GDPR, OBSERVATORY MAGNA CHARTA UNIVERSITATUM will be deemed the “controller” of your personal data. If you would like to contact OBSERVATORY MAGNA CHARTA UNIVERSITATUM in its capacity as controller, please contact:

OBSERVATORY OF MAGNA CHARTA

 Via Zamboni 25

40126 Bologna

Italy

Tel. +39.051.2098709

e-mail: magnacharta@unibo.it

 

Data Protection Officer

 OBSERVATORY MAGNA CHARTA UNIVERSITATUM is not a public authority or body. At present, the Observatory’s core activities do not include the regular and systematic monitoring of data subjects on a large scale, nor does it process on a large scale either special categories of data (as described in GDPR Article 9) or personal data relating to criminal convictions and offenses (as described in GDPR Article 10). For these reasons, the GDPR does not obligate OBSERVATORY MAGNA CHARTA UNIVERSITATUM to designate a data protection officer (“DPO”). If, in the future, OBSERVATORY MAGNA CHARTA UNIVERSITATUM voluntarily designates a DPO, this notice shall be updated to identify and include contact information for the DPO.

 

OBSERVATORY MAGNA CHARTA UNIVERSITATUM’s Purposes and Legal Basis for Processing Personal Data

 OBSERVATORY MAGNA CHARTA UNIVERSITATUM will only process your personal data for lawful purposes under the GDPR related to the MAGNA CHARTA’s charitable, educational, and scientific purposes and arising from your relationship with the OBSERVATORY as a prospective, current, or former student (or such a student’s parent or guardian), faculty or staff member, or an employee, contractor, donor, supporter, research subject, visitor to the university or its website, or attendee at a MAGNA CHARTA event.  

OBSERVATORY MAGNA CHARTA UNIVERSITATUM will ordinarily collect and process your personal data because it is necessary for the performance of a contract to which you are a party or because the OBSERVATORY has another legitimate interest in doing so. When OBSERVATORY MAGNA CHARTA UNIVERSITATUM cannot rely on either of such legal grounds, it will seek your prior consent. For example, GDPR Article 9 generally requires OBSERVATORY MAGNA CHARTA UNIVERSITATUM to obtain your prior consent if it collects special categories of personal data protected under the GDPR (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic or biometric data to uniquely identify a natural person, health data, or data related to one’s sexual activities or orientation).

The purposes for which OBSERVATORY MAGNA CHARTA UNIVERSITATUM collects personal data, and the legal bases for processing such personal data, are summarized in the chart that appears below.

In the chart: each reference to (a) “necessary for the performance of a contract” shall be deemed to mean, “Necessary for the performance of a contract or agreement to which you are a party, or preliminary steps leading up to such a contract or agreement;” (b)  OBSERVATORY MAGNA CHARTA UNIVERSITATUM’s “legitimate interest” shall require a prior “balancing test” determination by the OBSERVATORY that its legitimate interest in processing your personal data is not overridden by your interests or fundamental rights and freedoms in protecting such personal data; and (c) your “prior consent” shall mean your voluntarily consent, given prior to the processing of your personal data.  If you would like additional information as to OBSERVATORY MAGNA CHARTA UNIVERSITATUM’s legitimate interest “balancing test” determination under clause (b), please contact the Controller at:  magnacharta@unibo.it

 

Purpose for Processing

Legal Basis for Processing

Managing Participants and Attendees of the OBSERVATORY MAGNA CHARTA UNIVERSITATUM events

 Student/Teacher/Paricipants/Attendes and Accounts: Establishing and administering accounts, issuing invoices, processing payments and refunds, preparing related correspondence, and, if necessary, pursuing collection efforts

  • Such processing is necessary for the performance of a contract
  •  OBSERVATORY MAGNA CHARTA UNIVERSITATUM has a legitimate interest in in collecting necessary information so that the Observatory can, in a timely and accurate manner, and in compliance with applicable laws for the event’s management.

Managing Expenses, Purchasing, and Reimbursements: Collecting, issuing, and processing expense requests, purchasing invoices, receipts, approvals, payment records, bank accounts, checks, and electronic payments

  • Such processing is necessary for the performance of a contract
  •  OBSERVATORY MAGNA CHARTA UNIVERSITATUM has a legitimate interest in collecting necessary information so that the university can account for expenses, pay bills on time, recover amounts owed to the university, and otherwise administer the university’s day-to-day financial affairs

Issuing and Use of University Identification, Payment, and Transit Cards: Issuing (a) identification cards bearing faculty, staff or student photos and embedded with personal information for use in accessing university facilities, events, and resources; (b) making payments; (c) other university purposes, and monitoring all such usages

  • Such process is necessary for the performance of a contract
  •  OBSERVATORY MAGNA CHARTA UNIVERSITATUM has a legitimate interest in identifying whether an individual is a student, faculty, or staff member, or who is otherwise authorized to be on university property and to access university programs and services, in classifying persons as either university community members or trespassers, in establishing the authority of individuals to take certain actions, and in facilitating the flow of persons, information, and payments throughout the university

 

Operating Dining Halls and Other Food Service Facilities:  Running cafeterias, restaurants, snack bars, and on-campus convenience stores, and administering credit, debit, and payment programs related to such services

 

  • Such processing is necessary to the performance of a contract
  •  OBSERVATORY MAGNA CHARTA UNIVERSITATUM has a legitimate interest in confirming that only authorized persons use food service facilities, in verifying that such use conforms to meal plan and payment requirements, and in identifying personal dietary constraints and preferences in order to offer appropriate food options

Accomodation Mangament for Event’s attendes: manage attendee housing for meetings and events

  • Such processing is necessary for the performance of a contract
  •  OBSERVATORY MAGNA CHARTA UNIVERSITATUM has a legitimate interest in managing access to accomodation so that housing facilities are occupied only by eligible persons and accessed only by permitted persons at permitted times in order to safely and securely operate such facilities, and in collecting and maintaining personal information for use in cases of emergencies
  • Your prior consent

Providing Attendees Support Services:  Providing accommodations under disabilities laws

  • Such processing is necessary for the performance of a contract
  •  OBSERVATORY MAGNA CHARTA UNIVERSITATUM has a legitimate interest in promoting, assisting, and monitoring event’s attendees accessibility
  • Your prior consent

Research: Conducting educational, scientific, and other research and related statistical analysis

  •  OBSERVATORY MAGNA CHARTA UNIVERSITATUM has a legitimate interest in carrying out, interviews, , longitudinal studies and other research activities to advance knowledge and translate such research into activities and applications that benefit society
  • Your prior consent

 AdvancementCommunications:  Maintaining contact information for Attendes, Members  and donors in order to send correspondence, magazines, newsletters, online communications, invitations, and to seek and accept gifts and donations

  •  OBSERVATORY MAGNA CHARTA UNIVERSITATUM has a legitimate interest in maintaining an ongoing relationship with Attendees for informational, networking, job placement, continuing education, and fund-raising purposes, and in communicating the university’s programs and successes to the general public

 

 

 

Categories of Personal Data Collected

In certain instances, OBSERVATORY MAGNA CHARTA UNIVERSITATUM, in its capacity as a controller, may acquire your personal data from a third party, and not directly from you.  If this occurs, then within a reasonable period of time, but not later than the earlier to occur of (a) the first time  OBSERVATORY MAGNA CHARTA UNIVERSITATUM communicates with you, and (b) one month after  OBSERVATORY MAGNA CHARTA UNIVERSITATUM acquires such personal data,  OBSERVATORY MAGNA CHARTA UNIVERSITATUM will advise you of the categories of personal data collected, the source from which  OBSERVATORY MAGNA CHARTA UNIVERSITATUM acquired such personal data, and certain additional information required under GDPR Article 14.

 

Recipients/Categories of Recipients Who May Receive Your Personal Data

The specific categories of recipients who will receive your information depend on whether you are a prospective, current, or former student (or such a student’s parent or guardian), faculty or staff member, or a contractor, donor, supporter, or research subject, or have some other status, and the types of personal data that you provide.  The categories of recipients are likely to include one or more of the following:

  • As to the OBSERVATORY MAGNA CHARTA UNIVERSITATUM data collection activities described in the preceding chart, responsible faculty and staff involved in such activities may receive your personal data; such persons will generally be located in Bologna, Italy;
  •  Third party processors who host and process information in the “cloud” on servers located in the Italy may receive your personal data.

If you would like more detailed information as to the specific identify of recipients receiving particular personal data, please contact the Controller at  magnacharta@unibo.it

 

Transfer of Personal Data to the Extra UE states

Personal data that you provide while in the EU, an EAA member state, or Switzerland will not be transferred to the Extra UE states. The GDPR permits such transfer when necessary for the performance of a contract between you and OBSERVATORY MAGNA CHARTA UNIVERSITATUM, or if OBSERVATORY MAGNA CHARTA UNIVERSITATUM obtains your explicit consent to such transfer. In transferring your personal data to a processor, OBSERVATORY MAGNA CHARTA UNIVERSITATUM will employ suitable safeguards, including those described in the Information Security section below, to protect the privacy and security of your personal data so that it is only used in a manner consistent with your relationship with the university and this privacy notice.

 

How Long Will Your Personal Data Be Stored?

The GDPR requires that your personal data be kept no longer than necessary. The applicable time period will depend on the nature of such personal data and will also be determined by legal requirements imposed under applicable laws and regulations.  If you have specific questions concerning how long a certain type of personal data will be retained, please contact the Controller at magnacharta@unibo.it

 

You Have Certain Rights to Control Your Personal Data

Articles 15-21 of the GDPR give you the right to control your personal data by directing  OBSERVATORY MAGNA CHARTA UNIVERSITATUM, as controller, to do one or more of the following, subject to certain conditions and limitations:

 

(a) allow you to access your personal data to see what information Magna Charta has collected concerning you;

(b) correct (rectify) any inaccuracy in your personal data;

(c) delete (erase) your personal data, unless OBSERVATORY MAGNA CHARTA UNIVERSITATUM can demonstrate that retention is necessary or that OBSERVATORY MAGNA CHARTA UNIVERSITATUM has other overriding legitimate grounds for retention;

(d) restrict the processing of your personal data;

(e) transfer your personal data to a third party (portability); and

(f) upon your objection, stop processing personal data when OBSERVATORY MAGNA CHARTA UNIVERSITATUM is relying on a legitimate interest basis for processing such data unless OBSERVATORY MAGNA CHARTA UNIVERSITATUM can demonstrate compelling legitimate grounds for processing that override your interests in prohibiting such processing.

 

If You Consent to the Processing of Your Data, You Can Withdraw Such Consent

If OBSERVATORY MAGNA CHARTA UNIVERSITATUM obtains your written consent to collect and process your personal data, you can subsequently withdraw such consent as to any further processing of such data by contacting the Controller.

 

GDPR Remedies Include the Right to File A Complaint With The Supervisory Authority

If you believe your privacy rights under the GDPR have been violated, the GDPR gives you the rights and remedies set forth in GDPR Articles 77-82. These include the right to file a complaint with the Italian data protection supervisory authority:

 

Garante Per La Protezione Dei Dati Personali

Piazza di Monte Citorio, 121

00186 Roma

Tel. + 39 06 69677 1

Fax. + 39 06 69677 785

Email: garante@garanteprivacy.it

Website:  http://www.garanteprivacy.it

 

Are You Obligated to Provide Personal Data?

As discussed above, OBSERVATORY MAGNA CHARTA UNIVERSITATUM will sometimes ask you to provide information necessary to perform contracts to which you are a party, or to satisfy certain legal requirements binding upon the university.  If you do not provide such information, OBSERVATORY MAGNA CHARTA UNIVERSITATUM will not be able to process such contracts or comply with such legal requirements, and you will not be eligible to receive the benefits that may result from the processing of such contracts, or compliance with such requirements.

 

You Have The Right to Know If OBSERVATORY MAGNA CHARTA UNIVERSITATUM Uses Your Personal Data In Automated Decision-Making, Including Profiling

The GDPR limits OBSERVATORY MAGNA CHARTA UNIVERSITATUM’s right to use your personal data for predictive purposes as part of an automated decision-making process, including profiling. Such a process uses your personal data, such as preferences, interests, behavior, locations, and personal movement, to make an analytically-determined decision, instead of a personalized, individual decision. The GDPR limitation does not apply when such automated decision-making is necessary for the performance of a contract to which you are, or will be, a party. OBSERVATORY MAGNA CHARTA UNIVERSITATUM does not intend to use personal data in an automated decision-making process, except in the context of such a contract. However, if it does, it will seek your consent for such use. 

 

Information Security

 OBSERVATORY MAGNA CHARTA UNIVERSITATUM, by design, works to take necessary steps to protect personal data from unauthorized access, unauthorized alteration, disclosure or destruction of information. In particular, OBSERVATORY MAGNA CHARTA UNIVERSITATUM:

 

  • uses encryption both in transit and at rest to protect personal data;
  • requires log-in authentication for accessing services related to a data subject’s OBSERVATORY MAGNA CHARTA UNIVERSITATUM Account;
  • reviews its information collection, storage and processing practices, perimeter security and physical security measures, to guard against unauthorized access to systems;
  • restricts access to personal data on a “need to know” basis so that only authorized personnel and contractors have access to personal data and only for the permitted purpose
  •  OBSERVATORY MAGNA CHARTA UNIVERSITATUM employees and contractors are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations; and
  • employs technical and organizational measures, such as pseudonymization and data minimization, to structurally reduce the risk of data breaches and unauthorized disclosures of personal data.