Privacy Policy

In accordance with EU Regulation No. 2016/679 – General Data Protection Regulation (GDPR) and with the national legislation, hereinafter referred to collectively as the “Applicable Law”, this policy statement addresses the subject of privacy with regard to the processing of personal data of users of the online web services www.cultural-e.eu

This policy is also in conformity with Recommendation n. 2/2001 related to the minimum requirements for online data collection in the European Union, adopted by the European Data Protection Authorities – Working Party of Article 29, Directive No. 95/46/EU on 17 May 2001.

The policy described herein applies solely to the websites of Eurac Research and of the Cultural-E project, funded under Grant Agreement n° 870072 of the Horizon 2020 programme of the European Union, and excludes all other websites that can be accessed via links that appear on the Cultural-E project and Eurac Research websites. Eurac Research is not responsible for the content or any external links to other websites or for any content uploaded by users who are not Eurac Research employees.

Pursuant to legal provisions, Eurac Research guarantees that the processing of personal data will be performed in consideration of fundamental rights and freedoms as well as the dignity of the data subject, and in accordance with the legislative provisions of the Applicable Law and the confidentiality clauses included therein. In particular, the processing of personal data will be carried out in accordance with the principles of lawfulness, fairness, transparency, accuracy, purpose and storage limitations, data minimisation, integrity and confidentiality.

Before providing any personal data or completing an electronic online form, Eurac Research invites users to carefully read this privacy policy.

The content of this privacy policy may be amended or updated to conform to legal and regulatory obligations with respect to data protection, to allow for technological advances on the webpage that could impact the modalities of processing and to reflect organisational modifications that affect the privacy structure.

Precise data protection information about specific services or data processing procedures may be displayed on the corresponding webpages of this website or transmitted directly to the data user.

1. Data Controller and Data Protection Officer

Data Controller: Eurac Research, with headquarters at Viale Druso 1, 39100 Bolzano, in the person of the legal representative pro tempore.

You can contact the DPO under the following e-mail Address: privacy@eurac.edu

2. Types of Personal Data Subject to Processing

“Personal data” means any information relating to an identified or identifiable natural person (the “Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.

The personal data that may be processed includes browsing data, data provided voluntarily by the data subject and cookies.

3. Purpose and Legal Basis for the Data Processing

The personal data provided will be processed for the following purposes:

  • Research or statistical analyses on aggregated or anonymous data (i.e. without identification of the data subject) aimed at measuring the functioning of the website, as well as its traffic, usability and interest;
  • Completion of data collection forms for the purpose of receiving communications in general via e-mail;
  • The performance of a contract to which the data subject is party, or in order to process a data subject’s requests prior to entering into a contract;
  • Compliance with a legal obligation to which the controller is subject;
  • The establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

The lawful basis for processing Personal Data: a) it does not imply the processing of Personal Data, b) consent, c) performance of a contract, d) and e) legal obligation.

4. Mandatory or voluntary communication of data and possible consequences of a failure to provide it

The provision of personal data is voluntary, but refusal could interfere with the correct use of the services and its legal obligations, thus limiting the full functionality of the website.

5. Recipients of the Data Processed

The recipients of the data are the employees of Eurac Research or persons who have access to personal data and who are in charge of the data processing activities and authorised and instructed to carry out data processing activities by the data controller.

Personal data may be communicated to external service providers (e.g. sending e-mails and analysing the functional capability of the website), which typically process Personal Data on behalf of Eurac Research as data processors. When required, your personal data will be forwarded to public administrative bodies and agencies, as provided by law.

The newsletter service will be provided by the Architects’ Council of Europe, which will act as autonomous Data Controller with regards at every personal data processing carried out.

6. Transfer of Data

The personal data collected via the services of this website are collected by employees of Eurac Research who have been specifically assigned this role. Alternatively they will be processed by persons who carry out occasional maintenance work on the website and who have also been appointed for this purpose and are bound by confidentiality. To this end, Eurac Research may, in the context of assigning this task, and whilst adhering to the best possible security measures, utilise the help of external companies, consultants, associations, software suppliers and service providers. Some personal data could be transmitted to third countries outside of the EU but only if the transmission of personal data is connected to the performance of the institutional activities of Eurac Research. Eurac Research guarantees that in any case, the electronic or analogue processing of personal data by the recipient shall be in accordance with statutory provisions.

7. Retention Period of Personal Data

Personal data will be stored for the time necessary to carry out the purposes for which it was collected. Apart from the above, your personal data will be retained for a period of time necessary or permitted to comply with the Applicable Law (Artt.2946 and following Italian Civil Code); when this period has been reached, the data shall be deleted or made anonymous.

8. The Data Subject’s Rights

At any time the data subject has the right to request access to their personal data, and to correct or delete that data, or to limit its processing. In addition, the data subject has the right to data portability, as well as the right to lodge a complaint with a supervisory authority. When the data processing is based on consent, the data subject has the right to withdraw that consent at any time. The data subject may also exercise all other rights pursuant to current data protection regulations (art. 15 et seq. GDPR) by writing to the email: privacy@eurac.edu.