Luiss Guido Carli Privacy Notice

Submitted by segr_studenti on
Layout a due colonne
Two Column
Colore testo barra navigazione su desktop
dark
Colore testo barra navigazione su mobile
dark
Componenti colonna di sinistra
Content

Student Office

 

Viale Romania, 32

00197 Roma

T 06 8522 5270/5263

segreteria@luiss.it

Via Parenzo, 11

00198 Roma

T 06 8522 5895

studentigiurisprudenza@luiss.it

Nascondi per questa lingua
Visibile
Parent Level
3
Parent Page
Student Office
Nascondi per questa lingua
Visibile
Link
Torna a Studenti Iscritti
Nascondi per questa lingua
Visibile
Componenti colonna di destra
Content

Foreword

This privacy notice describes the characteristics of the processing undertaken by Luiss in relation to the personal data of students collected for the enrollment in degree courses and highlights the students’ statutory rights in this regard.

The privacy notice is periodically updated to take account of regulatory developments and new methods of processing personal data.

What personal data do we collect?

The Controller collects and processes the following personal data:

  • identifying data (name, surname, place and date of birth, personal tax number and citizenship);
  • picture;
  • contact data (residential address, e-mail address, telephone number);
  • data relating to academic record;
  • data relating to knowledge of foreign languages;
  • particular (sensitive) data, (e.g. health data, even partial handicap ...); 
  • data relating to income and assets situation;
  • data relating to an emergency contact (name, surname, telephone, e-mail, degree of kinship).

Why do we collect your data and why is their processing lawful?

The Controller collects and processes the data subject’s personal information in pursuit of the following purposes:

  1. to manage – including from an administrative point of view – the relationship with the 
  2. student, organizing all the training activities, teaching support, exchange programs and assessment of the acquired skills, through final exams and interim tests (the legal legitimacy of the processing can be found in the performance of a task of public interest or related to the exercise of public authority pursuant to art. 6, par. 1, lett. and EU Reg. / 2016/679);
  3. manage the relationship with the member from an administrative point of view, submit questionnaires to the data subject relating to the services offered by the University (the legal legitimacy of the processing can be found in the contract signed between the University and the data subject);
  4. to use the student's image for the purpose of creating the electronic badge (the legal legitimacy of the processing can be found in the contract signed between the University and the data subject);
  5. send to the student questionnaires aimed at collecting statistical data required by Ministry of Education and other institutional subjects and to support the University in the design and implementation of fact-finding surveys and thematic studies (the legal basis for the processing lies in the contract signed between the University and the data subject);
  6. to manage – from an accounting and tax point of view – the relationship with the  student (the legal basis for the processing lies in the contract and the relevant law);
  7. contact the person indicated as an emergency contact in extreme cases of need (the legal basis for the processing lies in the consent of the student);
  8. to manage the possible disbursement of scholarships (the legal legitimacy of the processing can be found in the pre-contractual and / or contractual phase between the University and the data subject, as well as in the fulfillment of a legal obligation pursuant to art. ex art. 6, par. 1, lett. c EU Reg. / 2016/679);
  9. to communicate the data of the student concerned to the granting body of any scholarships (the legal legitimacy of the processing can be found in the execution of the contractual obligations between the Data Controller and the Providing Body, carried out in favor of the data subject, as well as in the fulfillment of a legal obligation pursuant to art. pursuant to art. 6, par. 1, lett. c Reg. EU / 2016/679);
  10. to manage the possible allocation of affiliated accommodation (the legal basis for the processing lies in the contract signed between the University and the student);
  11. to manage the possible exemption from the payment of the university contributions for the students with verified disability and manage specific requests motivated by the student's health (the legitimacy of the processing can be found, for personal data, in the execution of a legal obligation, pursuant to art. 6 par. 1 letter c) of EU Regulation 2016/679, while for particular categories of data, in the consent of the data subject);
  12. to provide library services, making educational material for study, training and research available to the data subject (the legal legitimacy of the processing can be found in the contract signed between the University and the data subject);
  13. to offer and manage placement and internship services (the legal basis for the processing lies in the contract signed between the University and the student);
  14. to fill in the student's biography (the legal legitimacy of the processing can be found in the contract signed between the University and the data subject);
  15. to manage access and use of IT services - such as the creation of an e-mail account and the e-learning platform or services provided by voice assistance tools (Alexa) - and verify their correct use (the legal basis of the treatment can be found in the contract signed between the University and the student);
  16. to manage student participation in educational, extra-curricular activities organized by Luiss such as, but not limited to, Adoption Lab, Academyc Gym, language courses... (the legal basis of the treatment can be found in the contract signed between the University and the student);
  17. to publish the data relating to the final thesis on the online archive of the Luiss theses https://tesi.luiss.it/ (the legal basis for the processing lies in the moment of submitting the degree application);
  18. to manage the student's participation in cultural and voluntary activities organized by Luiss (the legal legitimacy of the processing can be found in the consent of the data subject, requested when applying for participation);
  19. to manage the booking of Luiss shuttles through the APP (the legal basis for the processing lies in the contract signed between the University and the student);
  20. to allow, at the request of the data subject or by third parties entitled, the certification of the qualification obtained at the University (the legal legitimacy of the processing can be found in the execution of a task of public interest or connected to the exercise of public authority pursuant to art. 6, par. 1, lett. and EU Reg. / 2016/679, as well as in the relevant legal provisions);
  21. to include the student in the Luiss Alumni community, by sending job offers, invitations to events organized by the network in collaboration with Luiss (the legal basis of the treatment can be found in the contract signed between the University and the student);
  22. send commercial communications and newsletters relating to the services offered and to the initiatives promoted, invite the data subject to events, training events or to participate in courses related to the training course (the legal legitimacy can be found in the consent of the student);
  23. to process data for profiling purposes aimed at carrying out dedicated activities based on interests, experiences, skills, knowledge (e.g. internship placement services, invitations to events based on the course of study supported ...) (the legal legitimacy can be found in the consent of the student).

How does the Controller process your personal data and how long is the data stored for?  

The data subject’s personal data are processed electronically (servers, cloud database, software, etc.). 


The Controller stores the data subject’s data for a period of time consistent with what the law prescribes and having regard to the time required to correctly achieve the purposes stated above.

To whom do we communicate your personal data?


Internally

The personal data of students can be accessed solely by the University’s employees and other personnel so as to provide the students with the requested services and limited solely to the data necessary to that end, in particular:

  • administrative staff;
  • academic staff;
  • tutors and collaborators.

Our employees and other personnel have been informed and trained regarding the importance of observing the rules and principles governing the processing of personal data.

Externally

The Controller shares the personal data of students with some suppliers that play a role in providing the requested services and that have been specifically appointed as external Processors to that end, in particular:

  • third parties whose services the Controller avails of to handle tax and accounting aspects of the relationship (for example, banks);
  • third parties whose services the Controller avails of to provide insurance;
  • third parties whose services the Controller avails of to manage the overall relationship with data subjects;
  • third parties whose services the Controller avails of for the purposes of the granting of scholarships;
  • third parties whose services the Controller avails of for the purposes of the offering and managing placement and internship services.

Suppliers that access data do so in compliance with applicable data protection law and the instructions given by the Controller.


The Controller may not communicate personal data to third parties without the data subject’s consent unless communication is mandated by law or by the authorities:

  • should such prove necessary on grounds of national security;
  • for reasons of general interest;
  • on foot of a request made by public authorities.

Are your data transferred abroad?

The personal data of the data subject are transferred abroad for the provision of some services: the transfer in these cases is based on adequacy decisions or on the standard clauses of the European Commission. Specifically, in order to provide the services of the Library by the "Alma" platform provided by Ex Libris Ltd., it is possible that the data are transferred to Israel: in this case, the transfer is based on the adequacy decision 2011/61 /EU issued by the European Commission on January 31, 2011.


If the students request to participate in international exchange programs, they will receive a specific information that will give evidence of the relative transfers of personal data abroad.

What are your rights as a data subject and how can you exercise them?

The European Union’s General Data Protection Regulation (GDPR) grants data subjects’ specific rights, in particular:

 

  • Right of access: you have the right to obtain a copy of the personal data we are in possession of and which are being processed;
  • Right to rectification: you have the right to rectify your personal data stored by the Data Controller if they are not updated or correct;
  • Right to object to the processing of personal data for commercial purposes: may request that the Data Controller stop sending commercial communications at any time;
  • Right to object to decisions based on exclusively automated processes: you can request not to be the recipient of decisions made on the basis of exclusively automated processes, including profiling activity;
  • Right to revoke a consent given: has the right to revoke the consent given for a given treatment at any time;
  • Right to contact the Guarantor for the protection of personal data: you have the right to contact the Guarantor for the protection of personal data if you have doubts about the processing of personal data by the Data Controller.

 

You can also exercise the following rights under certain circumstances:

 

  • Right to erasure: you may request that the Data Controller erase your personal data if the purposes of the processing have ceased and there are no legitimate interests or laws that require its continuation;
  • Right to object to processing: you can request that the Data Controller cease to carry out a specific processing on your personal data;
  • Right to limit the processing: you have the right to request that the Data Controller limit the processing operations on your personal data;
  • Right to data portability: you have the right to obtain a copy of your data in a structured and computerized format that can be transferred to another Data Controller.

 

Any data subjects wishing to exercise their statutory rights may, without formality, send an e-mail to privacy@luiss.it or write to the Controller Luiss Guido Carli at Viale Pola 12, 00198 Rome, Italy, setting out their request and furnishing the information necessary to identify them. 


The references of the Responsible for the protection of personal data (RPD or Data Protection Officer, DPO) can be consulted on the website of the Owner http://www.luiss.it/contatti.


The Controller will reply within one month. Should the Controller be unable to reply by the above deadline, it will give you a detailed explanation as to why your request cannot be satisfied.

Nascondi per questa lingua
Visibile