Privacy Policy for the website www.namirial-skillup-academy.unina.it

(hereinafter referred to as the "Site")

Pursuant to Article 13 of EU Regulation No. 2016/679 (hereinafter the "Regulation"), this document describes how we process the personal data of users who visit this website, accessible online at www.namirial-skillup-academy.unina.it.

This information does not apply to other websites, pages, or online services accessible through links published on this site.

DATA CONTROLLER AND UNIVERSITY DATA PROTECTION OFFICER

• The Data Controller is the University of Naples Federico II, with registered office at Corso Umberto I 40 – 80138 Naples, represented by the Rector and the General Director, in accordance with specific regulatory and statutory provisions. For contacts regarding issues relating to the processing of personal data: Email: ateneo@unina.it PEC: ateneo@pec.unina.it

• The Data Protection Officer (DPO) can be reached at the following address: University of Naples Federico II, Corso Umberto I n. 40 – 80138 Naples. Email: rpd@unina.it PEC: rpd@pec.unina.it.

PURPOSE OF PROCESSING AND LEGAL BASIS

The personal data collected during the service use process are used exclusively for the institutional and dissemination purposes explicitly defined on this website.

The legal basis for the processing of personal data is the performance of a task carried out in the public interest or in the exercise of official authority vested in the University, pursuant to Article 6, paragraph 1, letter e) of European Regulation 2016/679.

For registration and participation in events using online platforms, the legal basis for processing personal data is the data subject's express consent to the processing of their personal data, through the voluntary use of this website and/or third-party services (e.g., EventBrite, LinkedIn, Microsoft Teams, Google Forms) pursuant to Article 6, paragraph 1, letter a) of European Regulation 2016/679.

OBJECTIVE OF THE PROCESSING AND MANDATORY NATURE OF THE PROVISION

The personal data processed are those provided by the interested party during the Academy selection process using forms on the website. Personal data voluntarily provided by users who visit the site will be processed primarily for the following purposes:

Organizing the service for which the user uses the site

Contacting the user

Site visit statistics

Where expressly requested, the provision of such personal data is a prerequisite for registration and participation in events and services offered by this site;

failure to provide personal data will preclude participation in such events and/or services. When using online platforms, the personal data collected automatically generally includes login information, such as browsing data, cookies, and web logs (see this site's Cookie Policy). In cases where the user is asked to complete an online form and personal data is collected (online contact forms, service registration, etc.), in order to ensure the data subject providing their data is aware of this, the privacy policy for the processing of personal data is always provided, with the relevant acknowledgement checkbox, along with a link to the page that indicates the purposes of the processing and specifies the use of the collected data, as well as providing all the information required by the legislation on personal data processing. Please note that, in some cases, depending on the service requested, the user may be directed to use third-party services external to this site (e.g., Microsoft Teams or Google Forms). Personal data may be processed by employees or collaborators of the Data Controller who, operating under the direct authority of the Data Controller, are appointed as authorized data processors and receive appropriate training and operating instructions.

PROCESSING METHODS

The personal data collected by the designated Federico II University departments are processed manually, on paper, and primarily electronically, and entered into paper and/or electronic archives. Processing using IT and electronic tools is designed to ensure the security and confidentiality of the data. The collection and use of personal data is carried out in compliance with the principles of:

• lawfulness, fairness, and transparency;

• purpose limitation;

• data minimization;

• accuracy;

• storage limitation;

• integrity and confidentiality, pursuant to Article 5 of EU Regulation 2016/679, in such a way as to guarantee its security and protect the privacy of the data subject.

This data will not be subject to any fully automated decision-making process or profiling. The data may be processed anonymously for statistical purposes aimed at improving the services offered. For computerized data management, the Federico II University may use third parties who ensure the adoption of adequate technical and organizational measures to meet the requirements of EU Regulation 2016/679 and the protection of the data subject's rights. These parties are appointed as Data Processors for individual processing operations pursuant to Article 28 of EU Regulation 2016/679. Personal data may be processed by employees or collaborators of the Data Controller who, operating under the direct authority of the latter, are appointed as authorized data processors and receive adequate training and operational instructions. Specifically, they will be processed by technical, administrative, and teaching staff in relation to the various activities envisaged by their respective processing operations. The University may disclose personal data in its possession when required by EU provisions, laws, or regulations. For these purposes only, personal data may also be disclosed to public bodies authorized to request such data, such as judicial authorities and/or public security agencies.

The data subject's personal data may be shared by the University of Naples Federico II with external entities and third parties, such as independent event organizers or organizations and associations affiliated with the University (e.g., individual Departments). The University may receive information about the data subject from foundations, associations, and institutions that are connected to the University's initiatives and missions. These independent third parties will only share personal data if the data subject has clearly indicated their consent to participate in the various initiatives. In this case, the processing of data subjects' data will be carried out by the third parties and external services involved.

The University may avail itself of the support of external providers for the provision of certain services necessary for technical, administrative, logistical, and organizational management. These providers may access the personal data of interested users solely for the purposes of the requested service and, in any case, would be authorized in advance as external data processors. In these cases, the data will be deleted at the end of the event for which it was used.

DATA RETENTION PERIOD

The data will be retained in both paper and electronic archives for the time strictly necessary to achieve the purposes offered by the services provided by the website and, in any case, for up to 12 months after the completion of these purposes. Regarding the deletion of any data collected by third-party services, please refer to the respective policies of their websites.

TRANSFER TO NON-EU COUNTRIES

The University does not transfer the personal data in question to third-party countries or to international organizations. Any transfer of personal data by the University will be made to a non-EU country where an adequacy decision has been adopted by the European Commission pursuant to Articles 44 and 45 of EU Regulation 2016/679. If no such adequacy decision exists, the transfer of personal data to a non-EU country will only be carried out following the explicit consent of the data subject pursuant to Article 49, paragraph 1 of EU Regulation 2016/679.

Some IT platforms used to access the services offered, particularly those relating to third-party services, may involve the transfer of personal data to a non-EU country, as in the case of the use of web and cloud services. Therefore, users are encouraged to review the individual websites of third-party services for their respective privacy and data processing policies.

DATA SUBJECT RIGHTS

The data subject has the right to request from the University of Naples Federico II, as Data Controller, pursuant to Articles 15 to 22 of EU Regulation 2016/679:

• access to their personal data and all the information referred to in Article 15 of EU Regulation 2016/679;

• the rectification of inaccurate personal data and the completion of incomplete data;

• the erasure of their data (so-called "right to be forgotten"), except for data contained in documents that must be retained by the University;

• the restriction of processing where one of the conditions set out in Article 18 of EU Regulation 2016/679 applies;

• the objection to the processing of their personal data, except as provided for in relation to the necessity and mandatory nature of the processing.

HOW TO EXERCISE YOUR RIGHTS TO PARTICIPATE IN THE ACTIVITIES DESCRIBED ON THIS SITE

To exercise your rights to the protection of your personal data, you may contact the Data Controller, the Rector, and the Data Protection Officer, using the following contact details:

• Data Controller:

Email: ateneo@unina.it Certified Email: ateneo@pec.unina.it

• Data Protection Officer (DPO): Email: rpd@unina.it; Certified Email: rpd@pec.unina.it

COMPLAINTS:

You have the right to lodge a complaint with the Italian Data Protection Authority if you believe that the processing of your data does not comply with the provisions in force pursuant to Article 77 of EU Regulation 2016/679.