PRIVACY POLICY WEB

PRIVACY POLICY WEB
(pursuant to Articles 13 and 14 of Regulation (EU) 2016/679)

This Privacy Policy has been drawn up, pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter also referred to as the "Regulation" or "GDPR"), in order to inform those who interact with the website https://iccb2025.org/ (hereinafter referred to as the "Website") regarding the ways in which personal data will be processed both through simple consultation and through the use of specific services made available through the Site.

The information is provided exclusively for the above-mentioned site and not for other websites or sections/pages/spaces owned by third parties that may be consulted by the user through specific links for which reference is made to the respective privacy policies.

The Data Controller is the Campus Bio-Medico University of Rome (hereinafter, "UCBM", "University" or "Data Controller"), Tax Code 97087620585 with registered office in Rome, Via Álvaro del Portillo n. 21.

The Data Protection Officer (hereinafter referred to as the "Data Protection Officer" or "DPO") can be contacted at the following addresses:

• by e-mail, to the address: dpo@unicampus.it;
• by ordinary mail, to the address of the Campus Bio Medico University, based in Rome (RM) at via Alvaro del Portillo, n. 21, CAP 00128, c.a. of the Data Protection Officer.

The Data Controller will process the following categories of Personal Data:

Browsing data
The Data Controller will process the common Personal Data collected in the context of your navigation on the Site. Such Personal Data includes, for example, the IP address, the location (country), the domain names of the computer or device you use, the URI (Uniform Resource Identifier) addresses of the resources requested on the Site, the time of the requests, the method used to send requests to the server, the size of the file obtained in response to a request, the numerical code indicating the status of the response given by the server (successful, successful, successful, error, etc.), and so on.
The operation of the Site, in fact, involves the use of computer systems and software procedures that collect information on users of the Site as part of their normal operation. Although the Data Controller does not collect such information in order to link it to specific users, it is still possible to identify such users either directly through that information, or by using other information collected – as such, this information is also considered personal data.

Common data voluntarily provided
The Data Controller will process the common Personal Data provided in the context of requests submitted by filling in the contact forms on the website.

Cookies
The Data Controller will process the Personal Data collected through cookies and other tracking tools. For more information on the Personal Data processed through cookies and other tracking tools, you can consult the relevant Cookie Policy.

Your data will be processed for the following purposes:

a) to allow navigation of the Site and interaction with the contents contained therein, including the management of the security of the Site
The Data Controller will process, pursuant to Article 6.1, letter b) of the Regulation (legal basis), the Personal Data referred to in paragraph 2, letter a) above, in order to allow you to access and browse the Site as well as to ensure its proper functioning.

b) manage and respond to requests for information and registration
The Data Controller will process, pursuant to Article 6.1, letter b) of the Regulation (legal basis) the common type of Personal Data referred to in paragraph 2, letter b) above, in order to satisfy a request received through the contact forms.
The provision of Personal Data for this purpose is optional, but failure to provide it would make it impossible to forward the request and, consequently, to receive a response from UCBM.

c) to comply with any obligations provided for by applicable laws, regulations or EU legislation, or to satisfy requests from the authorities
The Data Controller will process, pursuant to Article 6.1, letter c) of the Regulation (legal basis: legal obligation), the Personal Data referred to in paragraph 2 above in order to comply with a regulatory obligation incumbent on the same.

d) to meet any defensive needs, possibly related to the detection, prevention, mitigation and detection of fraudulent or illegal activities in relation to the services provided on the site
The Data Controller will process, pursuant to Article 6.1, letter f) of the Regulation (legal basis: legitimate interest), the Personal Data referred to in paragraph 2 above in order to defend its right and/or legitimate interest in and out of court. We remind you that, pursuant to art. 21 of the Regulation, you have the right to object at any time, on the basis of your particular situation, to the processing of your Personal Data for this purpose. In the event of an objection, the Data Controller reserves the right to evaluate this request, which may not be accepted if there are compelling legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms.

Your Personal Data may be shared, for the purposes referred to in paragraph 3 of this Privacy Policy, with the following subjects, collectively referred to as "Recipients":
- persons authorised by the Data Controller, pursuant to art. 29 and 32 of the Regulation and 2-quaterdecies of Legislative Decree 196/2003 (so-called "Legislative Decree 196/2003"). "Privacy Code"), to the processing of personal data necessary to carry out activities strictly related to the provision of services, who have committed themselves to confidentiality or have an adequate legal obligation of confidentiality;
- subjects who typically act as data processors pursuant to Article 28 of the Regulation on behalf of the Data Controller, in particular subjects in charge of providing services necessary for the use of the Site (e.g., hosting providers, suppliers of technical maintenance services, etc.);
In addition, the Data Controller may communicate your Personal Data to subjects, bodies or authorities whose communication is mandatory by virtue of legal provisions or orders of the authorities. These parties will process Personal Data as independent data controllers.

Some of your personal data may be shared with Recipients located outside the European Economic Area. The Data Controller ensures that in such cases, the processing of personal data by the Recipients takes place in compliance with the legislation or according to one of the methods permitted by law pursuant to articles 44-49 of the Regulation, such as the consent of the data subject, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free movement of data, in compliance with the provisions of Recommendations 01/2020 adopted on 10 November 2020 by the European Data Protection Board.
It is possible to request more information regarding the data transfers carried out and the guarantees adopted for this purpose, by writing to the Data Controller or DPO at the addresses indicated in paragraph 1 above.

The Personal Data processed for the purposes referred to in paragraph 3, letters a) and b) of this Privacy Policy will be processed for the time strictly necessary to achieve those same purposes in compliance with the principles of minimization and limitation of storage pursuant to art. 5, par. 1, letters c) and d) of the Regulation.
And in particular, the personal data collected for the purposes referred to in paragraph 3 letter b) of this Privacy Policy will be kept no longer than one year from collection.
Personal Data processed for the purposes referred to in paragraph 3, letter c) of this Privacy Policy will be stored for the time provided for by the specific obligation or applicable law.
The Data Controller also reserves the right to retain Personal Data for as long as necessary to ascertain and exercise its rights and/or meet any defensive needs in court as well as in out-of-court and in the phases preceding litigation.
For data processed on the basis of legitimate interest, the deadline for storage is identified for as long as it is reasonably necessary to pursue the legitimate interest of the Data Controller identified in this policy, unless you object, which is always possible.

You, as a data subject, may, at any time, exercise the following rights:
• Right of access (Article 15 of the Regulation) – You have the right to obtain confirmation as to whether or not your personal data is being processed, as well as the right to receive any information relating to the same processing;
• Right to rectification (art. 16 of the Regulation) – you have the right to obtain the rectification of your personal data, if they are incomplete or inaccurate; it should be noted that, with respect to personal data collected through audio and video recording systems, the right to rectification cannot be exercised in consideration of the intrinsic nature of the data collected, which relate to an objective and specific fact;
• Right to erasure (art. 17 of the Regulation) – in certain circumstances, you have the right to obtain the erasure of your personal data in our archives;
• Right to restriction of processing (art. 18 of the Regulation) – under certain conditions, you have the right to obtain the restriction of the processing of your personal data;
• Right to portability (art. 20 of the Regulation) – you have the right to obtain the transfer of your personal data to a different data controller as well as the right to obtain the data concerning you in a structured, commonly used and machine-readable format;
• Right to object (Article 21 of the Regulation) – You have the right to submit a request to object to the processing of your personal data in which you provide evidence of the reasons justifying the opposition; the Data Controller reserves the right to evaluate this request, which may not be accepted if there are compelling legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms.

Furthermore, if you believe that the processing of your Personal Data violates the legislation on the protection of personal data, we inform you that you have the right, pursuant to art. 77 of the Regulation, to lodge a complaint with the Supervisory Authority of the Member State in which he/she habitually resides, works or of the place where the alleged violation occurred.

The Data Controller reserves the right to modify or simply update the content of this Privacy Policy, in part or in full, also due to changes in the applicable legislation. The Data Controller therefore invites you to visit this section regularly to become aware of the most recent and updated version of the Privacy Policy in order to be always updated on the data collected and its processing by the Data Controller.

In case of questions or doubts in relation to the processing of Personal Data or to exercise any other right mentioned above, the Data Subject may send a written communication by registered letter with return receipt to Campus Bio-Medico University of Rome, with registered office in Rome, Via Álvaro del Portillo n. 21 to the attention of the DPO – Data Protection Officer or by email to the address areaprivacy@unicampus.it.