This notice provides certain required information to persons located in the European Union (“EU”), a European Economic Area (“EAA”) member state, or Switzerland. Before OBSERVATORY MAGNA CHARTA UNIVERSITATUM collects any “personal data” from you, you are entitled under Regulation (EU) 2016/679 (commonly known as the EU General Data Protection Regulation, or the “GDPR”), to the information in this notice. The GDPR does not apply to the processing of personal data from data subjects prior to May 25, 2018.
The GDPR defines (a) “personal data” as information that identifies you, or may be used to identify you, such as your name, an identification number, location data, an online identifier, or factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity, (b) “controller” as the entity that determines the purposes and means of the processing of personal data, (c) “processor” as the entity that processes personal data on behalf of the controller, and (d) “data subject” as a natural person who is identified, or can be identified, by reference to his or her personal data.
If you would like to review the GDPR Articles cited in this notice, please click here, https://www.eugdpr.org/.
The Identity and Contact Details of the Controller
Under the GDPR, OBSERVATORY MAGNA CHARTA UNIVERSITATUM will be deemed the “controller” of your personal data. If you would like to contact OBSERVATORY MAGNA CHARTA UNIVERSITATUM in its capacity as controller, please contact:
OBSERVATORY OF MAGNA CHARTA
Via Zamboni 25
40126 Bologna
Italy
Tel. +39.051.2098709
e-mail: magnacharta@unibo.it
Data Protection Officer
OBSERVATORY MAGNA CHARTA UNIVERSITATUM is not a public authority or body. At present, the Observatory’s core activities do not include the regular and systematic monitoring of data subjects on a large scale, nor does it process on a large scale either special categories of data (as described in GDPR Article 9) or personal data relating to criminal convictions and offenses (as described in GDPR Article 10). For these reasons, the GDPR does not obligate OBSERVATORY MAGNA CHARTA UNIVERSITATUM to designate a data protection officer (“DPO”). If, in the future, OBSERVATORY MAGNA CHARTA UNIVERSITATUM voluntarily designates a DPO, this notice shall be updated to identify and include contact information for the DPO.
OBSERVATORY MAGNA CHARTA UNIVERSITATUM’s Purposes and Legal Basis for Processing Personal Data
OBSERVATORY MAGNA CHARTA UNIVERSITATUM will only process your personal data for lawful purposes under the GDPR related to the MAGNA CHARTA’s charitable, educational, and scientific purposes and arising from your relationship with the OBSERVATORY as a prospective, current, or former student (or such a student’s parent or guardian), faculty or staff member, or an employee, contractor, donor, supporter, research subject, visitor to the university or its website, or attendee at a MAGNA CHARTA event.
OBSERVATORY MAGNA CHARTA UNIVERSITATUM will ordinarily collect and process your personal data because it is necessary for the performance of a contract to which you are a party or because the OBSERVATORY has another legitimate interest in doing so. When OBSERVATORY MAGNA CHARTA UNIVERSITATUM cannot rely on either of such legal grounds, it will seek your prior consent. For example, GDPR Article 9 generally requires OBSERVATORY MAGNA CHARTA UNIVERSITATUM to obtain your prior consent if it collects special categories of personal data protected under the GDPR (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic or biometric data to uniquely identify a natural person, health data, or data related to one’s sexual activities or orientation).
The purposes for which OBSERVATORY MAGNA CHARTA UNIVERSITATUM collects personal data, and the legal bases for processing such personal data, are summarized in the chart that appears below.
In the chart: each reference to (a) “necessary for the performance of a contract” shall be deemed to mean, “Necessary for the performance of a contract or agreement to which you are a party, or preliminary steps leading up to such a contract or agreement;” (b) OBSERVATORY MAGNA CHARTA UNIVERSITATUM’s “legitimate interest” shall require a prior “balancing test” determination by the OBSERVATORY that its legitimate interest in processing your personal data is not overridden by your interests or fundamental rights and freedoms in protecting such personal data; and (c) your “prior consent” shall mean your voluntarily consent, given prior to the processing of your personal data. If you would like additional information as to OBSERVATORY MAGNA CHARTA UNIVERSITATUM’s legitimate interest “balancing test” determination under clause (b), please contact the Controller at: magnacharta@unibo.it
Purpose for Processing
Legal Basis for Processing
Managing Participants and Attendees of the OBSERVATORY MAGNA CHARTA UNIVERSITATUM events
Student/Teacher/Paricipants/Attendes and Accounts: Establishing and administering accounts, issuing invoices, processing payments and refunds, preparing related correspondence, and, if necessary, pursuing collection efforts
Managing Expenses, Purchasing, and Reimbursements: Collecting, issuing, and processing expense requests, purchasing invoices, receipts, approvals, payment records, bank accounts, checks, and electronic payments
Issuing and Use of University Identification, Payment, and Transit Cards: Issuing (a) identification cards bearing faculty, staff or student photos and embedded with personal information for use in accessing university facilities, events, and resources; (b) making payments; (c) other university purposes, and monitoring all such usages
Operating Dining Halls and Other Food Service Facilities: Running cafeterias, restaurants, snack bars, and on-campus convenience stores, and administering credit, debit, and payment programs related to such services
Accomodation Mangament for Event’s attendes: manage attendee housing for meetings and events
Providing Attendees Support Services: Providing accommodations under disabilities laws
Research: Conducting educational, scientific, and other research and related statistical analysis
AdvancementCommunications: Maintaining contact information for Attendes, Members and donors in order to send correspondence, magazines, newsletters, online communications, invitations, and to seek and accept gifts and donations
Categories of Personal Data Collected
In certain instances, OBSERVATORY MAGNA CHARTA UNIVERSITATUM, in its capacity as a controller, may acquire your personal data from a third party, and not directly from you. If this occurs, then within a reasonable period of time, but not later than the earlier to occur of (a) the first time OBSERVATORY MAGNA CHARTA UNIVERSITATUM communicates with you, and (b) one month after OBSERVATORY MAGNA CHARTA UNIVERSITATUM acquires such personal data, OBSERVATORY MAGNA CHARTA UNIVERSITATUM will advise you of the categories of personal data collected, the source from which OBSERVATORY MAGNA CHARTA UNIVERSITATUM acquired such personal data, and certain additional information required under GDPR Article 14.
Recipients/Categories of Recipients Who May Receive Your Personal Data
The specific categories of recipients who will receive your information depend on whether you are a prospective, current, or former student (or such a student’s parent or guardian), faculty or staff member, or a contractor, donor, supporter, or research subject, or have some other status, and the types of personal data that you provide. The categories of recipients are likely to include one or more of the following:
If you would like more detailed information as to the specific identify of recipients receiving particular personal data, please contact the Controller at magnacharta@unibo.it
Transfer of Personal Data to the Extra UE states
Personal data that you provide while in the EU, an EAA member state, or Switzerland will not be transferred to the Extra UE states. The GDPR permits such transfer when necessary for the performance of a contract between you and OBSERVATORY MAGNA CHARTA UNIVERSITATUM, or if OBSERVATORY MAGNA CHARTA UNIVERSITATUM obtains your explicit consent to such transfer. In transferring your personal data to a processor, OBSERVATORY MAGNA CHARTA UNIVERSITATUM will employ suitable safeguards, including those described in the Information Security section below, to protect the privacy and security of your personal data so that it is only used in a manner consistent with your relationship with the university and this privacy notice.
How Long Will Your Personal Data Be Stored?
The GDPR requires that your personal data be kept no longer than necessary. The applicable time period will depend on the nature of such personal data and will also be determined by legal requirements imposed under applicable laws and regulations. If you have specific questions concerning how long a certain type of personal data will be retained, please contact the Controller at magnacharta@unibo.it
You Have Certain Rights to Control Your Personal Data
Articles 15-21 of the GDPR give you the right to control your personal data by directing OBSERVATORY MAGNA CHARTA UNIVERSITATUM, as controller, to do one or more of the following, subject to certain conditions and limitations:
(a) allow you to access your personal data to see what information Magna Charta has collected concerning you;
(b) correct (rectify) any inaccuracy in your personal data;
(c) delete (erase) your personal data, unless OBSERVATORY MAGNA CHARTA UNIVERSITATUM can demonstrate that retention is necessary or that OBSERVATORY MAGNA CHARTA UNIVERSITATUM has other overriding legitimate grounds for retention;
(d) restrict the processing of your personal data;
(e) transfer your personal data to a third party (portability); and
(f) upon your objection, stop processing personal data when OBSERVATORY MAGNA CHARTA UNIVERSITATUM is relying on a legitimate interest basis for processing such data unless OBSERVATORY MAGNA CHARTA UNIVERSITATUM can demonstrate compelling legitimate grounds for processing that override your interests in prohibiting such processing.
If You Consent to the Processing of Your Data, You Can Withdraw Such Consent
If OBSERVATORY MAGNA CHARTA UNIVERSITATUM obtains your written consent to collect and process your personal data, you can subsequently withdraw such consent as to any further processing of such data by contacting the Controller.
GDPR Remedies Include the Right to File A Complaint With The Supervisory Authority
If you believe your privacy rights under the GDPR have been violated, the GDPR gives you the rights and remedies set forth in GDPR Articles 77-82. These include the right to file a complaint with the Italian data protection supervisory authority:
Garante Per La Protezione Dei Dati Personali
Piazza di Monte Citorio, 121
00186 Roma
Tel. + 39 06 69677 1
Fax. + 39 06 69677 785
Email: garante@garanteprivacy.it
Website: http://www.garanteprivacy.it
Are You Obligated to Provide Personal Data?
As discussed above, OBSERVATORY MAGNA CHARTA UNIVERSITATUM will sometimes ask you to provide information necessary to perform contracts to which you are a party, or to satisfy certain legal requirements binding upon the university. If you do not provide such information, OBSERVATORY MAGNA CHARTA UNIVERSITATUM will not be able to process such contracts or comply with such legal requirements, and you will not be eligible to receive the benefits that may result from the processing of such contracts, or compliance with such requirements.
You Have The Right to Know If OBSERVATORY MAGNA CHARTA UNIVERSITATUM Uses Your Personal Data In Automated Decision-Making, Including Profiling
The GDPR limits OBSERVATORY MAGNA CHARTA UNIVERSITATUM’s right to use your personal data for predictive purposes as part of an automated decision-making process, including profiling. Such a process uses your personal data, such as preferences, interests, behavior, locations, and personal movement, to make an analytically-determined decision, instead of a personalized, individual decision. The GDPR limitation does not apply when such automated decision-making is necessary for the performance of a contract to which you are, or will be, a party. OBSERVATORY MAGNA CHARTA UNIVERSITATUM does not intend to use personal data in an automated decision-making process, except in the context of such a contract. However, if it does, it will seek your consent for such use.
Information Security
OBSERVATORY MAGNA CHARTA UNIVERSITATUM, by design, works to take necessary steps to protect personal data from unauthorized access, unauthorized alteration, disclosure or destruction of information. In particular, OBSERVATORY MAGNA CHARTA UNIVERSITATUM: