European Union GDPR Privacy Law
ACKNOWLEDGMENT REGARDING PROTECTION OF PERSONAL DATA AND REQUEST OF CONSENT FOR THEIR PROCESSING: STUDENTS FROM THE HOME CAMPUS ON STUDY ABROAD ITALY
Pursuant to the terms and conditions of Section 13 of D.Lgsn. 196 of 30th June, 2003 (“Codice in materia di protezione dei dati personali” – Personal Data Protection Law, hereinafter “the Law”) and to the provisions of Regulation IEU 2016/679 (“Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data”, hereinafter “the EUGDPR”), we hereby inform you that The Umbra Institute (hereinafter referred to as “THE INSTITUTE”) in its capacity as Data Controller in Italy pursuant to Section 29 of the above law, of the processing of your personal data and information is required to provide you with the following information:
1. All personal data you have provided to THE INSTITUTE as well as any entity from whom personal data are collected, and all the further data provided in order to allow the performance of the academic services to be provided to you, will be processed and handled by THE INSTITUTE in accordance with its policies and with the aforementioned Law and EU GDPR, and with the principles of fairness, lawfulness, transparency, purpose limitation, accuracy, storage limitation, integrity, confidentiality and accountability, as well as the utmost protection of your privacy; sensitive data processing will only take place in relation to data regarding your health condition (such as diseases, allergies, food intolerances) or judicial data.
2. All data shall be processed exclusively for THE INSTITUTE institutional purposes, connected or related to the activities carried out by THE INSTITUTE, such as study programs in Italy, the accomplishment of bureaucratic practices for your entry in Italy, the performance of the contractual obligations of THE INSTITUTE, in connection with your study abroad at THE INSTITUTE (Location – Italy). The data supplied or collected will be processed for the following purposes:
a) to fulfill the obligations established by any applicable law, including the regulations or the European Union Law;
b) to execute the contractual obligations with reference to your study period at the THE INSTITUTE in Perugia, Italy at THE INSTITUTE (such as, but not limited to, courses attendance certification, student health and safety protection);
c) to provide our students with immediate support and collaborate with local authorities and/or professionals (e.g., police officers, paramedics, and doctors) should any incident occur.
Sensitive data, regarding your health conditions and food habits will only be processed for the purpose of protecting your safety or fulfilling the obligations established by law, by regulations or by European Union Law; sensitive data regarding judicial measures, which may have been provided to THE INSTITUTE by public bodies will be processed only for purposes related to a health or safety emergency and complying with any applicable mandatory provision of Italian or European Union law.
3. Submittal and processing of personal data is necessary to achieve the purposes specified above.
4. Any refusal will make it impossible to carry out the necessary activities and the correct administrative and didactic management of student programs necessary to accomplish the contractual obligations of THE INSTITUTE in connection with your study abroad at THE INSTITUTE (–Perugia, Italy), as well as the obligations imposed by law.
5. Data of common nature will be collected and processed automatically and/or manually in compliance with the provisions of Art. 11 and 31 of the Italian Personal Data Protection Code and by adopting the related minimum safety measures, securing strictly monitored access; the collecting and processing of sensitive data will be carried out in compliance with the provisions of Art. 11 and 31 of the Italian Personal Data Protection Code and by adopting the related minimum safety measures.
6. Data processing will take place according to the aforementioned criteria, only within those offices of THE INSTITUTE premises, which are exclusively dedicated to THE INSTITUTE study abroad programs; the data will be only handled by the individuals in charge and responsible for the related activities and by other individuals working in the same areas as specified in internal communications; sensitive data will be handled only by those offices of THE INSTITUTE premises which are exclusively dedicated to THE INSTITUTE study abroad programs, for the purposes specified above, by persons officially appointed to this task. Your personal data you have provided, except for sensitive data, may be transferred overseas pursuant to the terms, conditions and limits specified by Title VII of Part I of Legislative Decree n. 196/2003.
7. In particular, your data may be communicated, in compliance with the rules above indicated, to public or private subjects to whom they may be necessary in order to fulfill obligations set forth by laws, regulations or EU laws; sensitive data may be communicated to public bodies and authorities (such as aziende USL or public hospitals, public safety authorities, Police offices, courts, magistrates) and to private subjects (such as private hospitals and clinics, security supervisors, insurance companies) only for health and safety-related emergencies and for the purpose of fulfilling obligations set forth by laws, regulations and EU laws.
8. The Data Controller, under the law and with reference to the safety obligations related to the automatic processing of your data, is THE INSTITUTE.
9. All data will be processed by THE INSTITUTE in its capacity as Data Controller with the supervision of Sigma Sistemi, The Data Manager, available in compliance with Art. 7 of Legislative Decree 196/2003, can be reached at the following telephone number/email: 075/5270933 /email@example.com.
10. You will be able to exercise all other rights foreseen by Art. 7 of Legislative Decree n.196/2003 reproduced hereunder in its entirety:
“1. The data subject has the right to obtain confirmation of the existence or non-existence of personal data regarding him or her, even if not yet recorded, and their communication in intelligible form.
2. The data subject has the right to obtain indication: a) of the origin of the personal data; b) of the ends and methods of its processing; c) of the logics applied in the event of processing being carried out with the aid of electronic equipment; d) of the identification data of the controller of those responsible and the appointed representative as per Art. 5 paragraph 2; e) of the organizations and categories of organizations to whom personal data can be communicated or who are likely to receive them in their capacity as designated representatives in any area of the country, of officers and appointees.
3. The data subject has the right to obtain: a) the update, the rectification, or if he/she is interested, the integration of the data; b) the cancellation, transformation in anonymous form or the blockage of any data processed unlawfully, including those whose storage is not necessary in relation to the aims for which the data was collected or later processed; c) a statement that the operations indicated in a) and b), including their content, have been made known to those to whom the data have been communicated or released, except in the case of this being found to be impossible or requiring the use of means which are clearly disproportionate to the protected right.
4. The data subject has the right to completely or partially oppose: a) for legitimate reasons, the processing of personal data regarding him/her even if relevant to the aims of their collection b) the processing of personal data regarding him/her to send publicity material, direct sales or for carrying out market research or commercial communications.”
The data subject can exercise the rights as per Art. 7 of Legislative Decree 196/2003, (updating, rectification, integration, cancellation, transformation in anonymous form, blockage of data processed illegally, opposition, request for information as per section 1 and as per letters a), b), c), d) and 2) 2nd section by contacting THE INSTITUTE, Piazza IV Novembre 23, Perugia PG 06123, Italy or sending an e-mail to the following address: firstname.lastname@example.org.
Regulation (EU) 2016/679 can be read at: http://ec.europa.eu/justice/dataprotection/reform/files/regulation_oj_en.pdf
Having read this notice provided by the Data Controller pursuant to Ar. 13 of Italian Legislative Decree n.196/03 and having taken due to the rights set forth by Art. 7 of the same decree, the undersigned:
gives consent for the use of his/her personal data (including sensitive data) for the purposes outlined in this notice if the use does not come under one of the possible cases for exemption as for Art. 24 of Italian Legislative Decree n. 196/03:
gives consent for his/her personal data, including sensitive data, to be transferred overseas pursuant to the terms, conditions and limits specified at Section 43 of the Legislative Decree n. 196/2003 as well as under the provisions of Art. 49(1) (a) of the EU GDPR, and more specifically of the United States of America, even if it is not considered a safe harbor by the EU or Italian competent authorities;
gives consent for the use of his/her personal data (including sensitive data) for the purposes outlined in this notice.
The undersigned hereby waives any right to privacy or confidentiality regarding THE INSTITUTE’s reporting to the appropriate authorities at their home school if they are seriously ill, suffer an injury, are the victim or perpetrator of harassment whether on or off campus, are the victim or the perpetrator of sexual or gender-based misconduct and/or of criminal behavior, whether on or off campus, and they grant THE INSTITUTE staff, faculty and administrators full authority to report to the appropriate authorities at the their home school any and all such incidents, under the applicable laws (including but not limited to Title IX and Clery Act), whether or not it involves disciplinary action.
Click here to read more about the EU’s GDPR laws.