Luiss, Libera Università Internazionale degli Studi Sociali Guido Carli (hereinafter Luiss) is an independent university with an advanced education model.
This privacy notice describes the characteristics of the processing undertaken by Luiss in relation to the personal data provided by the data subjects, and highlights their statutory rights in this regard.
The privacy notice is periodically updated to take account of regulatory developments and new methods of processing personal data.
What personal data do we collect?
The Controller collects and processes the following personal data:
- identifying data (name, surname);
- contact data (e-mail address);
- data subject’s title.
Why do we collect your data and why is their processing lawful?
The Controller collects and processes the data subject’s personal information in pursuit of the following purposes:
- to send communications and newsletters relating to Luiss research activities, and to invite data subjects to events (the legal basis for the treatment lies in the consent given by the data subject).
How does the Controller process your personal data and how long are the data stored for?
The data subject’s personal data are processed both on paper and electronically (servers, cloud databases, software, etc.).
The Controller stores the data subject’s data for a period of time consistent with what the law prescribes and having regard to the time required to correctly achieve the purposes stated above.
To whom do we communicate your personal data?
The personal data of subscribers can be accessed solely by the University’s employees and other personnel so as to provide subscribers with the requested services and limited solely to the data necessary to that end. In particular:
- administrative staff;
- other personnel;
- academic staff.
Our employees and other personnel have been informed and trained regarding the importance of observing the rules and principles governing the processing of personal data.
The Controller shares the subscribers’ personal data with some suppliers that play a role in providing the requested services and that have been specifically appointed as external Processors to that end. In particular:
- third parties whose services the Controller avails of to manage the overall relationship with data subjects (e.g. newsletter service providers…).
Suppliers that access data do so in compliance with applicable data protection law and the instructions given by the Controller.
The Controller may not communicate personal data to third parties without the data subject’s consent unless communication is mandated by law or by the authorities:
- should such prove necessary on grounds of national security;
- for reasons of general interest;
- on foot of a request made by public authorities.
Are your data transferred abroad?
The data subject’s personal data may be transferred abroad for the provision of certain services: in these cases, the transfer is legitimized by the relative decisions of adequacy or on the standard clauses of the European Commission.
The data subject may receive more information on the countries of destination and the services that involve the transfer by contacting firstname.lastname@example.org.
What are your rights as a data subject and how can you exercise them?
European legislation, GDPR 2016/679, guarantees data subjects specific rights. In particular, the right to access, modify, refuse the use of data for commercial purposes, refuse decisions based exclusively on automated processes, delete data, limit processing, data portability, as well as the right to contact the Italian Data Protection Authority.
Any data subjects wishing to exercise their statutory rights may, without formality, send an e-mail to email@example.com or write to the Controller, Luiss Guido Carli, at Viale Pola 12, 00198 Rome, Italy, setting out their request and furnishing the information necessary to identify them.
The contact details of the Data Protection Officer (DPO) can be viewed on the Controller’s website at https://www.luiss.it.
The Controller will reply within one month. Should the Controller be unable to reply by the above deadline, it will give you a detailed explanation as to why your request cannot be satisfied.