Reasons for this annotation
In these pages the ways to approach the university site are laid down, with reference to treatment of the personal data of whoever consults the site. This informative report, in accordance with article 13, of the legislative decree no.196/2003, for protection of personal data, is aimed at anyone interacting with the CUS Palermo portal, using the address: http://www.esaprogram.eu, which refers to the home page of the official CUS portal.
This informative report pertains to all the sites in the “Sistema portale di Ateneo” as well as other web- sites consulted by the user of this link. The presence of the informative report ensures that as a user one may find oneself in the esaprogram.eu website.
The informative report also relates to Raccomandazione no. 2/2001, which the European authorities for protection of personal data (in the Group instituted following art.29 of the directive no.95/46/CE), adopted on May 17 th , 2001, in order to individuate certain minimum requisites for accumulating personal data on line, and in particular, modalities, timing and nature of information that the titleholders of the treatment have to provide to users when the latter are connected to web pages, regardless of the reasons for the connection.
Titleholder of treatment
The titleholder of treatment is the CUS Palermo, based in Palermo, via Altofonte, 80 (CAP 90129). The titleholder of treatment notifies that, following consultation of this site, data regarding identified and identifiable persons may be treated.
Places of treatment of data
Handling linked to web services of the esaprogram.eu takes place at the HOSTGATOR WEB SERVER. The list of persons responsible for the handling of data can be found on the site: www.esaprogram.eu.
Personal data provided by the user requesting the sending of informative material is only used to carry out the service requested and is only communicated to third parties when this proves necessary. Personal data may be communicated externally for reasons connected with the execution of university activity, and thus to other public bodies (e.g. ministry of Education, University and Research, Regional body for the Right to University education, Regional Observatory for the University and the Right to University education, Ministry of Finance, etc.), which handle financial operations regarding research and/or grants or which foster study and research, university development projects and services for the right to an education. Furthermore, personal data is communicated to the bank which, in a convention with the University, handles the procedure for collecting fees and university contributions. Personal data may also be communicated by the University, both during the student’s university career and after graduation, to external persons, bodies and associations, for initiatives of guidance and introduction into the world of work, in accordance with the methods laid down in the University Regulations for modality of treatment of personal data.
Types of data treated
- Surfing data
The informative systems and software procedures geared towards the functioning of Portal system sites, acquire, in the coutrse of their normal service, certain personal data, whose transfer is implicit in the use of protocols of internet communication or is used to improve the quality of services being offered. This information is not accumulated in order to be linked to identified interests, but, because of its nature could, via elaboration and association, consent identification of the user. This category of data includes IP addresses or computer domain names used by those connecting to the site, addresses in URI notation of resources requested, the time of the request, the method utilized in making the request to the server, the size of the file obtained, the numerical code indicating the state of the reply provided by the server (success, error etc.) and other parameters regarding the operative system and the user’s IT environment. This data is only used in order to gather anonymous statistical information regarding the use of the site and to check the correct functioning; the data is periodically deleted.The data could be used to ascertain responsibility in cases of hypothetical IT violations potentially harmful to the Portal system or by third parties.
- Data provided voluntarilry by the user
The student’s personal data, personal (not institutional) e-mail addresses, other addresses such as, e.g. contacts via the social network, one’s personal mobile-phone number acquired following registration (and with subsequent modalities of collecting), will be treated for the execution of one’s own institutional activity, within the limits laid down by law and the regulations, with respect for the general principles of transparency, correctness and confidentiality. The data collected from users via specific web-services/applications may be published in the Portal for the purposes and in the interests of those utilizing Palermo University services, also with the aim of enhancing the University’s institutional activity. The optional, explicit and voluntary sending of mail to the addresses indicated in this portal entails the subsequent acquisition of the sender’s address, essential for responding to requests, as well as any other possible personal data inserted in the message. Nonetheless, it is guaranteed that this treatment will be grounded in principles of correctness, lawfulness and transparency and the safeguarding of confidentiality as laid down in the legislative decree 196/03. Users are asked not to include in the contents of the e-mail any sensitive and/or judiciary data that is not strictly necessary for the implementation of the services; any sensitive data will, if necessary, be handled whilst bearing in mind the principles and measures indicated in the University regulations with regard to sensitive and judicial data in the institutional site. Specific synthetic informative reports will be progressively included or visualized in the pages of sites geared towards particular services on request.
The sites in the Portal system make use of the following set of cookies:
Anonymous visitor cookies:
- Session cookie: no personal data from the user is acquired by the site;
- Permanent cookies: no personal data from the user is acquired by the site.
Registered visitor cookies:
- Session cookie: this cookie is used for the sole aim of accessing and utilizing services offered by the Portal Reserverd Area and surfing sites whilst maintaining authentication. The use of these cookies avoids recourse to other computer techniques that may potentially prejudice the confidential surfing on the part of the user and also aims to enhance the quality of services on offer. Any treatment of acquired data will only be used for institutional purposes in an aggregated and anonymous manner.
Optional nature of dispensing data
Apart from the afore-mentioned with regard to surfing data, the user is free to provide personal data included in the forms present in the sites of the Portal system or, in any case, indicated on the occasion of contacts with the University to request the sending of informative material and other communication or in order to access specific services. The failure to provide information may lead to the impossibility of obtaining whatever has been requested. The measures by the Autorità Garante for the protection of personal data (02.03.2011) go under the title of “guidelines regarding treatment of personal data, also contained in administrative deeds and documents produced by public persons or bodies for the purpose of publication and diffusion on the web” in the sphere of inter-relationships with the University; through these measures the user may formulate specific requests geared towards ensuring that any personal data be published on the University’s institutional site.These requests may regard personal information that is already at the disposal of the administration, having been acquired as part of the application of institutional functions, or having been voluntarily provided by the user with the specific aim of consenting to their diffusion (art.13, paragraph 1, let.b; of the D.Lgs. 196/03). It is up to the administration to decide whether to examine these requests for publication, which, however, will only be received following a careful check to verify whether the operation in question is compatible with the University’s carrying out of institutional functions and that the data for eventual on-line diffusion are relevant and not disproportionate with regard to the aims being pursued.
Modality of treatment
Personal data is treated exclusively for institutional purposes, with automated instruments, for the time that is strictly necessary for achieving the goals for which it has been collected. Specific security measures are observed in order to avoid mislaying data, illegal or incorrect utilization and unauthorized access.
Sphere of communication and diffusion of data
As part of the University goals, the data can be communicated to persons responsible for the strctures dealing with instutional activity with regard to research and lecturing. Personal data will also be communicated (under art.100 of the d.lgs 196/2003) for the sole purposes of research, to lecturers and researchers who request it, with specific regard for the code of ethics and good conduct for the treatment of personal data for statistical and scientific purposes (as subscribed by the Conference of Rectors of Italian universities) with the rights of the person in question being implicit, with regard to personal data – arts. 7 and sub of d.lgs.196/2003).