Privacy Policy - tools.greta.eurac.edu

In accordance with EU Regulation No. 2016/679 –General Data Protection Regulation (GDPR) and with the national legislation, hereinafter referred to collectively as the “Applicable Law”, this policy statement addresses the subject of privacy with regard to the processing of personal data of users of the online web services tools.greta.eurac.edu.

This policy is also in conformity with Recommendation n. 2/2001 related to the minimum requirements for online data collection in the European Union, adopted by the European Data Protection Authorities - Working Party of Article 29, Directive No. 95/46/EU on 17 May 2001.

The policy described herein applies solely to the websites of Eurac Research and excludes all other websites that can be accessed via links that appear on the Eurac Research websites. Eurac Research is not responsible for the content or any external links to other websites.

Pursuant to legal provisions, Eurac Research guarantees that the processing of personal data will be performed in consideration of fundamental rights and freedoms as well as the dignity of the data subject, and in accordance with the legislative provisions of the Applicable Law and the confidentiality clauses included therein. In particular, the processing of personal data will be carried out in accordance with the principles of lawfulness, fairness, transparency, accuracy, purpose and storage limitations, data minimisation, integrity and confidentiality.

Before providing any personal data or completing an electronic online form, Eurac Research invites users to carefully read this privacy policy.

The content of this privacy policy may be amended or updated to conform to legal and regulatory obligations with respect to data protection, to allow for technological advances on the webpage that could impact the modalities of processing and to reflect organisational modifications that affect the privacy structure.

Precise data protection information about specific services or data processing procedures may be displayed on the corresponding webpages of this website or transmitted directly to the data user.


1. Data Controller and Data Protection Officer

Data Controller: Eurac Research, with headquarters at Viale Druso 1, 39100 Bolzano, in the person of the legal representative pro tempore. You can contact the DPO under the following e-mail Address: privacy@eurac.edu


2. Types of Personal Data Subject to Processing

“Personal data” means any information relating to an identified or identifiable natural person (the “Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person. The personal data that may be processed includes browsing data, data provided voluntarily by the data subject and cookies.

A. Browsing Data

The computer systems and software used to run this website during normal operations acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in relationship to the users, but due to its inherent nature, such information could enable the users to be identified via processing and associations with data held by third parties. This category of data includes, for example, the IP addresses or domain names of the users’ computers connecting to the website.

The data is used for the sole purpose of obtaining anonymous statistical information concerning the website's use and to monitor the website's proper operation. In certain cases, the data may be used to ascertain liability in a suspected computer crime directed against the website. Other than the aforementioned cases, data on web contacts will not be held beyond the time required to meet requests made of the website. Personal data will not be disclosed to third parties; if requested, however, such data must be made available to the Italian Postal and Communication Police Service, legal authorities and criminal investigation police.

B. Data Provided Voluntarily by Users

The optional, explicit and voluntary sending or transmission of e-mail and/or personal data to the addresses given on the website will entail the subsequent acquisition of the sender’s email address (which is required to respond to requests), as well as any other personal data present in the e-mail. The provision of the information is voluntary, but refusal of such renders the user’s request impossible. This data will only be transmitted to third parties if necessary to the process of responding to the inquiry. The data will not be shared with third parties for marketing or profiling purposes.

C. Cookies and Similar Technologies

Cookies and similar technologies are information stored on websites and apps on the users devices during their first visit to the site. Cookies and related technologies allow websites and apps to remember user actions and preferences (such as login data, the default language, display settings, etc.) so that they will be available in the user’s subsequent visits. These technologies are used to perform IT authentications, session monitoring and to store information about the activities of users who access a service.

The website tools.greta.eurac.edu uses “persistent cookies” (small text files that the website temporarily saves directly on the computer) that allow the website to remember, for example, the user’s preferred language or to show other possible versions of the website.

This website uses also Google Analytics, a web-analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies that enable the analysis of website usage for the purpose of determining the attractiveness of the website and to improve its performance and content. The information that the cookie generates about usage of this website (including the IP address) is transmitted to a Google server in the USA and stored there. On behalf of the operator of this site, Google uses this information to evaluate use of the website, compile reports about website activity and to continue to provide website-usage and internet-related services to the website operator. In addition, Google may transmit this information to third parties, and when doing so, is required by law and/or where such third parties process the information on behalf of Google and/or other web-analytics service providers. Under no circumstances, however, will the user’s IP address be associated with other data from Google and/or other web-analytics service providers.

Users may decline the use of cookies by downloading and installing Google Analytics Opt-out Browser Add on for the appropriate web browser.

The user may authorise, block or eliminate (in whole or in part) the use of cookies by selecting the relevant settings on the user’s browser. Please note that this will impede the operation of the website’s features.


3. Purpose and Legal Basis for the Data Processing

The personal data provided will be processed for the following purposes: a) Research or statistical analyses on aggregated or anonymous data (i.e. without identification of the data subject) aimed at measuring the functioning of the website, as well as its traffic, usability and interest; b) Completion of data collection forms for the purpose of receiving newsletters or communications in general via e-mail; c) The performance of a contract to which the data subject is party, or in order to process a data subject’s requests prior to entering into a contract; d) Compliance with a legal obligation to which the controller is subject; e) The establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity. The lawful basis for processing Personal Data: a) it does not imply the processing of Personal Data, b) consent, c) performance of a contract, d) and e) legal obligation.


4. Mandatory or voluntary communication of data and possible consequences of a failure to provide it

The provision of personal data is voluntary, but refusal could interfere with the correct use of the services and its legal obligations, thus limiting the full functionality of the website.


5. Recipients of the Data Processed

The recipients of the data are, in addition to the data controller, the data processor (who is formally bound by a data processing agreement), and employees of Eurac Research or persons who have access to personal data and who are in charge of the data processing activities and authorised and instructed to carry out data processing activities by the data controller.

Personal data may be communicated to third parties for the purposes of handling enquiries, including for the sending of emails, analysing the functional capability of the website, executing legal obligations or with prior consent. Eurac Research uses Newsletter2Go to send our newsletter to our subscribers. As part of your subscription, your data will be communicated to and processed by Newsletter2Go in its function as Data Processor. Newsletter2Go is a service provided by Newsletter2Go GmbH, Germany. The data that is collected when you register for the newsletter (i.e. email address, full name, IP address, and time and date of registration) will be sent to a server operated by Hetzner Online GmbH in Germany and stored there in accordance with the requirements of the GDPR. For further information about the data protection offered by Newsletter2Go see: https://www.newsletter2go.de/datenschutz/.


6. Transfer of Data

The personal data collected via the services of this website are collected by employees of Eurac Research who have been specifically assigned this role. Alternatively it will be processed by persons who carry out occasional maintenance work on the website and who have also been appointed for this purpose and are bound by confidentiality. To this end, Eurac Research may, in the context of assigning this task, and whilst adhering to the best possible security measures, utilise the help of external companies, consultants, associations, software suppliers and service providers. Some personal data could be transmitted to third countries outside of the EU but only if the transmission of personal data is connected to the performance of the institutional activities of Eurac Research. Eurac Research guarantees that in any case, the electronic or analogue processing of personal data by the recipient shall be in accordance with statutory provisions.


7. Retention Period of Personal Data

Personal data will be stored for the time necessary to carry out the purposes for which it was collected. When this period has been reached, the data shall be deleted or made anonymous.


8. Presence of Automated Decision-making Processes

There are no automated decision-making processes.


9. The Data Subject’s Rights

At any time the data subject has the right to request access to their personal data, and to correct or delete that data, or to limit its processing. In addition, the data subject has the right to data portability, as well as the right to lodge a complaint with a supervisory authority. When the data processing is based on consent, the data subject has the right to withdraw that consent at any time. The data subject may also exercise all other rights pursuant to current data protection regulations (art. 15 et seq. GDPR) by writing to the email: privacy@eurac.edu.