On this page Carlo Cattaneo University (hereinafter also “LIUC”) with registered office at Corso Matteotti 22, 21053 Castellanza (VA) provides all the necessary information on the processing of personal data collected during internet browsing on the www.liuc.it website and any other LIUC-owned website linked to it.

LIUC, as Personal Data Controller pursuant to EU Regulation 679/2016 (hereinafter also “GDPR”), operates in full compliance with national and European data protection regulations and pays particular regard to the confidentiality of its users’ data, adopting appropriate security measures to guarantee the protection of the information collected.

Data Controller

The Data Controller is LIUC, Carlo Cattaneo University, with registered office at Corso Matteotti 22, 21053 Castellanza (VA), tax code and VAT no. 02015300128.You can contact the Data Controller at: [email protected]

Data Protection Officer

Pursuant to Articles 37 ff. of the GDPR, LIUC has appointed a Data Protection Officer (DPO) who can be contacted at the following address: Università Carlo Cattaneo – LIUC, Corso Matteotti 22 – 21053 Castellanza (VA); email [email protected]

What data are processed?

1) Browsing data

The computer systems and software processes used to operate the website acquire, in the course of normal operation, certain data that are then automatically transmitted when using internet communication protocols. These include, for example, the IP address, the type of browser, the name of the provider, date and time of access to the website, etc. This data is mainly used for statistical information, to check the correct functioning of the website and to make browsing more efficient.

Other data are collected through cookies; for more details on this please refer to the relevant Cookie Policy.

2) Data provided voluntarily by users or visitors

Requests for information by users of the LIUC websites, or registration to certain areas, may entail the collection and consequent processing of personal data such as, for example, name, surname, email address, telephone number, address of residence, date of birth, profession, etc.

These data may be collected in the course of:

• registration for specific initiatives organised or sponsored by LIUC;
• sending requests via the Contacts section of the website;
• completing other online forms;
• content sharing via social networks.

In the context of the above actions, LIUC does not process data of a sensitive nature pursuant to Article 9, Paragraph 1 (“Processing of special categories of personal data”) of the GDPR (i.e. those data “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”).

LIUC invites users not to send such types of data (for example, via contact forms) unless strictly necessary in relation to the request being made.

Purpose of processing and legal basis

We process personal data for the following purposes:

• Website operation – ensuring website access and browsing; improving and/or customising the user experience; monitoring and ensuring security (legal basis: performance of a contract; a legitimate interest of the Data Controller)
• Registration on LIUC websites, when it is necessary to access restricted sections of the website itself or to provide specific services of interest to users; this includes the sending of “transactional” emails related to website registration and account maintenance (legal basis: performance of a contract or pre-contractual measures).
• Replying to user enquiries on LIUC services submitted through contact forms or by other means (legal basis: performance of a contract or pre-contractual measures)
• Statistical analysis on aggregate or anonymous data, on the use of the LIUC website or related websites (legal basis: regulatory duties; a legitimate interest of the Data Controller)
• Institutional promotion by means of communications on courses, other educational activities and LIUC initiatives (legal basis: specific consent)
• Compliance with legal requirements under laws, regulations and EU legislation, administrative, tax, accounting, etc.; compliance with contractual duties and ascertainment of any liability in the event of damage to the website or the Data Controller’s infrastructure

Further specific information may be provided, linked to individual operations involving the provision of different personal data, published from time to time on the Data Controller’s websites (for example, in the case of special events, courses, etc.). Always refer to www.liuc.it for the most complete information.

Minors

LIUC pays special attention to the protection of the personal data of minors. At present, LIUC websites do not collect personal data directly from minors, although there is content of potential interest to individuals under the age of 18 seeking information on available educational offers. LIUC has taken reasonable precautions to ensure that it does not intentionally collect, store, use or process personal information of minors who might use the LIUC website and services without the proper support of their parents or legal guardians.

Nature of provision

The provision of data may be necessary to comply with legal duties and to perform a contract or provide a certain service (for example, registration for a course, requesting information from the website, etc.). In these cases, any refusal to processing all or part of the data may make it impossible for LIUC to carry out contractual relations or in any case to provide what has been requested.

For all other purposes, users/visitors are free to provide their personal data. Failure to provide them may only result in the inability to provide certain services or to obtain the best browsing experience.

In the event of refusal or withdrawal of consent given, for those processing operations that provide for it, there are no consequences of any kind other than the cessation of communication activities; activities carried out prior to withdrawal of consent are deemed valid and lawful. Users may at any time object to processing for direct marketing and profiling purposes by contacting the Data Controller.

Data security and retention times

Processing is carried out mainly by electronic means and the data will be kept for as long as necessary to achieve the purposes for which the data were collected, in compliance with the relevant legal provisions and in any case no later than the withdrawal of consent for those purposes for which consent is required.

To protect the security and confidentiality of data, LIUC adopts (and requires its partners to adopt) technical and organisational security measures to prevent risks of loss, destruction, unauthorised access and unlawful use of data.

Finally, LIUC has developed a procedure to address and manage possible personal data breaches, as required by the GDPR. Breaches will be notified to the Italian Data Protection Authority if the breach poses a risk to the rights and freedoms of the persons concerned.

Scope of communication and dissemination

Personal data may be brought to the attention of LIUC employees or collaborators; these subjects are formally appointed and authorised to process such data and receive adequate operating instructions in this regard. Moreover, data may be processed by external legal or natural persons that LIUC may use in the management of the relationship with its users (for example, internet providers, communication agencies, individual or associated professionals, third party companies) or for organisational needs of its activity. These persons act, where applicable, as external data processors.

These recipients may operate in locations other than those where the data are collected, but always within the European Economic Area. Should it be necessary to transfer the data outside this perimeter, the Data Controller undertakes to comply with Chapter V of the GDPR and to do whatever is necessary to ensure adequate levels of protection and safeguarding of personal data, for instance by entering into the standard contractual clauses adopted by the European Union.

Personal data are not subject to dissemination.

Rights of the data subject

At any time, the data subject may exercise his or her rights with respect to the Data Controller; they are summarised below, but for exhaustive details, please consult Articles 15 to 22 of the GDPR:

• right of access;
  • confirmation as to whether or not personal data concerning the data subject are being processed;
  • communication of data transfer to a third country or international organisation;
  • obtain a copy of the personal data being processed (if and only if the rights and freedoms of others are not infringed);
• right of rectification;
• right to total erasure (right to be forgotten);
• right of restriction of processing;
• right to data portability;
• right to object (not exercisable where the data controller demonstrates legitimate grounds for processing which override the interests, rights and freedoms of the data subject or for the defence of a legal claim);
• right to object to direct marketing and/or profiling;
• right to withdraw consent.

The data subject also has the right to receive prompt notification in the event of a personal data breach that could harm his or her dignity and freedom.

Finally, the Data Subject has the right to lodge a complaint with the Italian Data Protection Authority: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Roma; [email protected]

Updates

LIUC may update and change this Privacy Policy at any time, to the fullest extent permitted by applicable law. The version published on the website is the one currently in force.

Starting from 25 May 2018, the 2016/679 EU Regulation, known as the GDPR (General Data Protection Regulation) – concerning the protection of individuals with regard to the processing and free circulation of personal data, is directly applicable in all Member States.

The GDPR arises from precise needs, as indicated by the EU Commission itself, of legal certainty, harmonisation and greater simplicity of the rules concerning the transfer of personal data from the EU to other parts of the world.

In order to fulfill the obligations established by the GDPR, Università Carlo Cattaneo – LIUC, and with this also its own division called “LIUC Business School”, has provided specific information for:

– Prospective students and students, that is to say all those who intend to enroll or are enrolled in institutional courses of different levels active at the Università; in particular those who:

1. intend to take advantage of orientation activities and/or that carry out entry tests or selections for the purpose of matriculation and/or enrollment on institutional courses;
2. are enrolled on a specific course and have not yet completed the Università pathway;

Former students are also included for which training activities, job placement or with which they may be interested in maintaining and consolidating a relationship are carried out.

– Company contacts;

– Other contacts.

Further information

This Cookie Policy is drawn up in accordance with the current legislation on the protection of personal data (European Regulation 679/2016 and relevant Guidelines) and supplements the information provided through the Privacy Policy. Its purpose is to describe the types of cookies and any other similar technologies used on the website.

Data Controller and contacts

The Data Controller is the Carlo Cattaneo University – LIUC, with registered office at Corso Matteotti 22, 21053 Castellanza (VA), tax code and VAT no. 02015300128. The Data Controller can be contacted at: [email protected]

Pursuant to Articles 37 ff. of the GDPR, LIUC has appointed a Data Protection Officer (or DPO) who can be contacted at the following address:Carlo Cattaneo University – LIUC, Corso Matteotti 22, 21053 Castellanza (VA); email: [email protected]

General information on cookies

Cookies are short text files, made up of letters and/or numbers, which enable the web server to store with the client (the user’s internet browser) information necessary for browsing the website or to be used again later, on subsequent visits. Cookies are stored by the browser on the specific device used (computer, tablet, smartphone), according to the preferences expressed by the user.

Types of cookies

Cookies may be classified according to their duration:

• session cookies – these expire at the end of a browser session, usually when the browser is closed, and serve to maintain an active browsing session on the website and the use of its features
• persistent cookies – these are stored for a longer period of time (i.e., they persist even if the session is closed) and are useful, for instance, for remembering browsing preferences (language, device, browser, etc.) or to propose customised content

Another feature concerns the origin of the cookies, which may be:

• first party – installed by the website itself
• third party – installed by a different domain (for example, if the website includes other services, such as advertising providers or analytical tool providers)

Finally, cookies can be classified according to their purpose:

• technical or necessary cookies;
• functionality or preference cookies;
• analytical, statistical and performance cookies;
• marketing or profiling cookies.

Technical cookies may be used without the user’s consent, as they are necessary to perform certain operations otherwise they would be more complex and/or less secure. First- and third-party analytical cookies also fall into this category, but only under these conditions: they are used for aggregated statistics (without identifying the user) and refer to a single website or app; in the case of third-party cookies, at least the fourth component of the IP address must be masked; the third party may not combine the minimised analytical cookies with other processing (for example,  customer files or statistics of visits to other websites), nor may it transmit them to other third parties.

Functionality or preference cookies allow the user to navigate according to a number of selected criteria (for example, language, geographic area, device used, browser type, products selected for purchase) in order to improve the service rendered to the user. These cookies are not necessary for the operation of the website, so prior and appropriate consent must be sought for their installation.

Analytical or statistical cookies are used to improve website browsing by analysing user activity in an anonymous form (for example, the number of users on a page, the number of times the page has been visited by the user, how long the user stays on the page, etc.). They are also referred to as performance cookies, and as mentioned above can be assimilated with technical cookies if they are configured with reduced identifying power (in which case they do not require prior consent and can be kept active at all times).

Marketing or profiling cookies make it possible to track browsing on the website by identified or identifiable persons in order to analyse the way users navigate, their behaviour, the purchases they make and thus create a user profile or place them in a homogeneous cluster. In this way, the Data Controller will be able to optimise its website and modulate the service in a more personalised form, as well as send targeted advertising messages in line with the preferences expressed by the user while browsing. Of course, these cookies are not necessary for the functioning of the website and specific consent is required for their installation.

Finally, there are specific cookies for social media, which allow the user to share website content on their profile. When a page contains this command, a direct link is established to the selected social media platform (for example, Facebook, Instagram, Twitter, LinkedIn, etc.).

Cookie consent rules

If the website uses cookies other than technical ones, an appropriately sized banner must immediately appear, containing:

• summary information on the use of cookies on the website;
• a link to the full privacy policy;
• a command to close the banner without giving consent;
• a command to accept all cookies;
• a link to another section to analytically choose which cookies to accept.

Cookies may also be completely deactivated at browser level by using the appropriate function provided in most browsers. It should be realised, however, that by deactivating cookies some of the features of a website may not be usable, in particular services provided by third parties such as YouTube videos (or other video sharing services), social media buttons, Google maps.

Below, you will find links to the policies of the main browsers for further information on deactivating cookies altogether:

https://support.google.com/chrome/answer/95647?hl=it (Google Chrome)

https://support.microsoft.com/it-it/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy (Microsoft Edge)

https://support.mozilla.org/it/kb/Gestione%20dei%20cookie (Mozilla Firefox)

https://support.apple.com/it-it/HT201265 (Apple Safari)

For the settings of any other web browsers not listed above, please refer to the documentation or online help of the relevant browser for further information. We would like to point out that the Data Controller acts as a technical intermediary for the links in this document and cannot assume any liability in the event of any changes.

Use of cookies on this website

This website uses technical and functionality cookies, both session-related and persistent. These are cookies used to manage the user interface (for example, to record the preferences expressed by the user such as language, page display format, connection area), to improve the usability of the website and its audio-visual content, for the correct functioning of the connection.

The website also uses third-party analytical cookies, in particular the Google Analytics service, which helps the owner to understand how visitors interact with the content of the website, obtain statistical reports on website activity, and check which pages are the most visited. Data are processed by the Controller in aggregated and minimised form. More information on Google Analytics cookies can be found here: https://support.google.com/analytics/answer/6004245

There are also cookies from the YouTube platform, owned by Google, which are necessary for sharing presentation videos placed on the website. The cookies are set when accessing the pages containing the video embed, and do not allow the user to be identified unless they are already logged in with their Google username. YouTube’s ‘enhanced privacy’ mode is also activated, so that viewing the video does not affect the viewer’s browsing experience on YouTube. More information here: https://support.google.com/youtube/answer/171780?expand=PrivacyEnhancedMode#privacy

The website also incorporates some plug-ins to enable the sharing of content on the social media used by the user (for example, Facebook, LinkedIn, Twitter, Telegram, etc.). These plugins are configured so that no cookie is installed when accessing the website but only when the user actually clicks on the ‘Share’ button to send the content to the social media platform. If the user browses the website having already logged into the platform, he or she will have thereby consented to the use of cookies by the platform. The management of content and cookies within social media platforms is governed by the privacy policies of the third-party companies, to which please refer.

The full list of cookies used by the website can be found at the bottom of this policy and is updated whenever there are any changes.

Control and management of cookies on this website

On first access, or after clearing the browser cache, a cookie banner will appear, giving options to:

• accept all types of cookies by clicking the ‘Accept All’ button;
• activate the desired cookie categories (Preferences, Statistics, Marketing) with the appropriate sliders and click on the ‘Accept Selection’ button;
• reject the use of cookies by clicking the ‘Reject’ button or the ‘X’ in the top right-hand corner; this closes the banner and only installs strictly necessary cookies and anonymous statistical cookies;
• manage your preferences for each cookie category outlined in this document by clicking on ‘Show Details’.

Thereafter, it will always be possible to change and/or revoke the consent given by clearing the cache or by calling up the cookie configuration panel by clicking here:

Provision of data

The provision of data by users via cookies is optional and is based solely on the free consent of the persons concerned, with the exception of necessary technical and anonymous statistical cookies. In case of non-acceptance of functional or marketing cookies, expressed during the first access to the website or following subsequent changes, users will still be able to browse the website.

Communication and transfer of personal data

Personal data may be brought to the attention of University employees or collaboratorss who are formally appointed and authorised to process them and receive adequate operating instructions in this regard.

Furthermore, the data may be processed by external legal or natural persons whom it may be necessary to involve for organisational needs (for example, IT service providers, consultancy companies). These persons are appointed, where applicable, as external data processors.

The Data Controller may also disclose the data to other parties who will act as autonomous data controllers, in order to fulfil duties provided for by law or assessment activities (for example: public bodies, judicial authorities, police, etc.).

Rights of data subjects

Data subjects may contact the Controller by sending an email to [email protected] to exercise their rights under Articles 15 to 22 of the GDPR. Please note in particular the right to access one’s own data, to total deletion, to restrict processing, to obtain a copy of the data, to revoke the consent given. Finally, Data Subjects have the right to lodge a complaint with the Italian Data Protection Authority: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Roma – [email protected]

Changes to this policy

This policy may change over time as a result of new legislation coming into force, updates or the provision of new services. For this reason, the user/visitor is invited to consult this page periodically.

The status of your consent

Use of the training materials, or parts thereof, implies knowledge and acceptance of the following conditions by the user.

All course content viewable in the Reserved Area, transmitted by email or delivered in the classroom is the sole property of the lecturers and/or the University.

This material cannot be photocopied or reproduced and cannot be used for activities outside the course.

Without the written consent of the lecturers and/or the University, it is categorically forbidden to elaborate, alter, adapt, transform, translate and change the originals, content, titles, authors, editors and sources of the training materials, even partially, in any form, manner or format, by any means and in any medium.

Any use of the teaching materials, or parts thereof, primarily intended or directed towards the pursuit of a commercial or financial advantage, whether direct or indirect, or private monetary compensation, or for profit and/or commercial purposes is strictly prohibited.

It is permitted to have access to the teaching materials, or parts thereof, to view, consult, download and print them only for exclusively personal and private use, without any commercial purpose and/or profit motive.

Quotations, summaries, and in any case any permitted use, are allowed on condition that they are faithful, exact, without any changes to the originals of the training materials and training courses, and that they contain mention of the titles, authors, editors and source, as well as copyright and ownership information.

Any use other than the private and personal use indicated and permitted above requires the written authorisation of the lecturers and/or the University.

No liability is assumed by LIUC Carlo Cattaneo University in relation to the use of the training materials.

LIUC Carlo Cattaneo University will under no circumstances be liable for any kind of damage, direct or indirect, resulting from any use of the training materials and/or parts thereof.

Pursuant to current legislation, regarding the protection of personal data, with particular reference to Article 13 of Regulation (EU) 2016/679, I hereby inform you in my capacity as Data Processor, that your personal data, collected exclusively for the purpose of the establishment, completion and management of your employment by the University, will be processed in full compliance with legal duties and principles, guaranteeing the full protection of your fundamental rights and freedoms, with particular regard to the principles applicable to the processing of personal data as set out in Article 5 of the Regulation.

1. Origin and type of data processed

The processing of your personal data, directly provided by you, is carried out by us for the purpose of fulfilling the duties arising from: the legal provisions applicable to your employment contract; the negotiating provisions of your employment contract; the provisions of any national collective agreement which may be applicable to your contract. This processing includes:

a) the personal and tax data and bank account details for you and of any members of your household provided by you. Those data are processed in order to fulfil legal and/or contractual duties, such as, for example, the processing and payment of your salary, recognition of family allowances and the like;

b) data that relate to your employment relationship with the University, such as feedback and checks on the fulfilment of contractual duties, such as statistics on your presence and absence from work, data on the management and updating of your professional profile, the assignment of new tasks and assignments, professional and career development, also in the form of CVs, and performance evaluation;

c) data on any trade union membership and filling of trade union positions;

d) data on the holding of elected public offices, in order to enjoy the ex officio rights provided for by law;

e) the data needed to control the expenses of employees and those treated as such, such as financial planning; the preparation of budgets and their management; the control of cost items relating to employees and those treated as such; the management of travel expenses; the management of the costs of telephone services, cars, and office automation tools provided;

f) data relating to the use of work tools, collected and processed for reasons of computer system security, for technical and/or maintenance reasons, such as, for example, updating, replacement or implementation of programmes, hardware maintenance, back-up, for the control and planning of business costs, such as, for example, checking internet connection costs, telephone traffic, or for regulatory requirements;

g) images collected and processed, at the premises where you work, by means of video surveillance systems designed to ensure the protection and safety of company property and persons, with clear respect for your rights.

This also includes data that current legislation considers as ‘special’, i.e. sensitive data, pursuant to Article 9 of the GDPR. These include, for example, those disclosing state of health, maternity, accidents, incapacity. These will be processed as per Article 9, Paragraph 2, letters a) b) c) d) e) f) g) h) i) and j), as necessary.

2. Purpose of processing

Your personal data, whether requested or acquired prior to the establishment of your employment or during or at the end thereof, will be processed by us for the following purposes:

a) to manage your employment relationship in all its contractual, social security, insurance and tax aspects;

b) to fulfil any obligation imposed by law or arising from your employment contract or the provisions of national collective labour agreements;

c) to perform any other task entrusted by law to the person acting in their capacity as employer;

d) to fulfil or require the fulfilment of specific duties, also with reference to collective agreements, as applicable from time to time;

e) the administration and organisation of your employment and professional evaluation;

f) the qualification and further training of employees and those treated as such, and the organisation of training courses;

g) the management of career and academic development plans and processes as necessary;

h) to comply with orders or measures of the judicial authorities, the financial administration, social security and welfare institutions, including supplementary ones, and insurance institutions;

i) to assert or defend a right in court, including by a third party, provided that, where the data are likely to reveal your state of health, the right to be asserted is of equal to or more important than your right to privacy;

j) to respond to any request made by you in the context of your employment;

k) the management of the company’s IT resources and equipment assigned to you, even on an exclusive basis;

l) the protection of life and limb for you and any other person;

m) to implement all necessary security measures to prevent the risk of destruction, loss, dissemination, alteration, theft, undue access and any other unauthorised activity involving personal data.

3. Legal bases for processing

Your personal data are processed by the University for the purposes specified above for the sole object of executing your contract of employment and/or fulfilling the legal duties to which the Data Controller is subject.

On the other hand, with regard to your data of a sensitive nature, as referred to in the above Article 9 of the GDPR, they will be processed by the University solely for the purpose of fulfilling the duties and exercising the rights of the Data Controller and/or Employer, in the field of employment law and social security and social protection, as well as for the purposes of preventive or occupational medicine, assessment of your capacity to work or, finally, to enable the University to ascertain, exercise or defend a right in court.

Personal data relating to you, collected from third parties, may also be processed for the same purposes as above, to the extent permitted by applicable law and the GDPR.

In addition to this, the Data Controller may process your image, possibly taken by video surveillance systems, on the basis of and within the limits of the provision issued by the Italian Data Protection Authority on 8 April 2010, as amended, as well as agreements entered into with the competent trade unions or an authorisation issued by the competent ITL (Local Labour Inspectorate), where necessary.

LIUC Carlo Cattaneo University may arrange for the publication and/or dissemination in any form, of images/videos on its website, in printed media and/or any other means of dissemination and the preservation of the photos themselves in its archives, confirming that the purposes of such publications are purely advertising and promotion of the University.

4. Communication and dissemination

Your personal data may be disclosed to third parties in order to comply with duties laid down by law or by the collective labour agreement, which may be applicable, as well as in execution of any proxies conferred by you, such as, for example: crediting your salary at banks; paying a portion of your salary to insurance companies, and the like. In relation to these purposes, your personal data will be communicated, by way of example but not limited to, to social security bodies, financial administrations, insurance and credit institutions, trade union organisations that are signatories to the applicable national collective labour agreement and the competent company doctor.

The data may also be made available to third-party service providers, outsourcers and, more generally, external companies to which you entrust the performance of duties arising from your contract of employment or other activities relating to personnel management (for example, companies entrusted with the storage and archiving of the personal data of employees and those treated as such, payroll management, the development and/or operation of information systems, companies issuing meal vouchers, travel agencies in relation to trips made by you, car rental companies, auditing and audit companies, etc.). These bodies, organisations, companies and professionals will process your data as autonomous data controllers or data processors depending on the purpose and type of processing in question. This is without prejudice to the Data Controller’s obligation to communicate the data to the competent judicial or administrative authorities, following a specific and legitimate request from the latter.

At the time of issuance of this notice, your data will be communicated to and processed by:

a) Studio Engolli Aspesi Battistuz Colombo & Associati, Busto Arsizio; tax code CLMVTR69S12L319M; [email protected]; function: employment consultant

b) Studio Dr Fabio Bianchi, Busto Arsizio, tax code BNCFGS66C09B300I; [email protected]; function: employment consultant;

c) Sabicom S.r.l. – Legnano, VAT no. 12600040153; [email protected]; function: the supply and maintenance of online attendance and payroll software;

d) Sabicom Sistemi S.r.l. – Legnano, VAT no. 05378560964; [email protected]; function: the provision and maintenance of data centre service.

5. Transfer abroad

Your data may be transferred outside the European Economic Area if this is necessary for the management of your working relationship with the University. In that case, protection and security duties equivalent to those guaranteed by the Data Controller will be imposed on the recipients of the data. In any case, only data necessary for the pursuit of the intended and described purposes will be disclosed, and the guarantees applicable to data transfers to third countries will be applied where required.

6. Processing methods and retention times

Your data are collected and recorded lawfully and fairly, in accordance with the provisions of Articles 5 and 6 of the GDPR, for the pursuit of the above-mentioned purposes and in compliance with the fundamental principles laid down in the applicable legislation. Personal data may be processed by manual, computerised or telematic means, but always under the supervision of appropriate technical and organisational measures to guarantee their security and confidentiality, especially in order to reduce the risks of destruction or loss, even accidental, of the data, of unauthorised access, or of processing that is not permitted or does not comply with the purposes of collection.

Personal data will be processed by the University for the entire duration of your contract of employment and also thereafter, within the limits granted by law and by the rules of national collective labour agreements and any applicable regulations, for administrative and accounting purposes, as well as to assert or protect the rights of the Data Controller and/or the Employer, as necessary.

7. Nature of conferment and consent to processing

As indicated above, the provision of your data is mandatory, as it is necessary for the performance of duties arising from legal or contractual provisions, as provided for in Article 6, letters a) b) c) d) e) and f) of the GDPR.

This also applies in relation to your data of a sensitive nature, as referred to in Article 9 of the GDPR, given that any refusal to provide this specific type of data would prevent the Data Controller/Employer from performing certain essential services provided for your benefit, the ineffectiveness of which, in certain cases, could make it impossible to establish or continue your employment and lead to its termination. A similar provision applies to judicial data, which may be processed by the University on the basis of express provisions of the law, regulations or collective agreements that may be applicable to you.

8. Your Rights

You may exercise your rights at any time, including:

a) to access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable retention period, the existence of automated decision-making processes;

b) to obtain without delay the rectification of inaccurate personal data concerning you;

c) to obtain, in the cases provided for, the deletion of your data;

d) to obtain restriction of processing, where possible;

e) to request the portability of the data provided to third parties specifically indicated by you, i.e. to receive them in a structured, commonly-used and machine-readable format, also for the purpose of transmitting such data to another data controller, without any hindrance, in all cases where this is required by law;

f) to lodge a complaint with the Data Protection Authority.

To exercise these rights, simply send a written request to the Data Processor at [email protected].

Address of the Data Controller: Carlo Cattaneo University – LIUC, Corso Matteotti 22, 21053 Castellanza (VA)

9. Data Controller

The data controller, pursuant to current legislation, is the Carlo Cattaneo University – LIUC.

10. Data Processor manager

The Managing Director, Dr Massimo Colli has been appointed Data Processor manager.

11. Data Protection Officer

Mauro Pelittias has been appointed Data Protection Officer and can be contacted by email at [email protected] .

The Data Processor manager,
Dr Massimo Colli