Luiss, the Libera Università Internazionale degli Studi Sociali Guido Carli (hereinafter Luiss), is an autonomous university offering an advanced educational model.

This notice describes how Luiss processes the personal data of individuals who register to participate in the event, and highlights the rights that the law guarantees to data subjects.

The policy is periodically updated to align with current legislation or new methods of processing personal data.

What personal data do we collect?

The Data Controller collects and processes the following personal data:

• the data subject’s identifying information (first name, last name);
• data related to professional status (organization, position);
• contact details (email, phone number).

For what purposes do we collect your data, and why is the processing lawful?

The Data Controller collects and processes the data subject’s personal information for the following purposes:

• to manage the data subject’s registration and enable them to participate in the event (the legal basis for the processing is found in the contractual phase of the relationship between the University and the data subject);
• to manage the services necessary for the data subject’s participation in the event (the legal basis for the processing is found in the contractual relationship between the University and the data subject);

Comunicare i dati a soggetti terzi, partner di Luiss, al fine di poter ricevere comunicazioni promozionali inerenti i prodotti e servizi di soggetti terzi con modalità di contatto automatizzate e tradizionali da parte dei terzi medesimi (la legittimazione giuridica è rinvenibile nel consenso dell’interessato).

-->

How does the Data Controller process your personal data, and for how long does it retain it?

The data subject’s personal data is processed both in paper form and electronically (servers, cloud databases, application software, etc.).

The Data Controller retains the data subject’s information for a period determined in accordance with the statute of limitations in civil law and in compliance with specific sector-specific laws, as well as for the time necessary to properly pursue the purposes identified above.

Who do we share your personal data with?

internal communication scope

Only University employees and collaborators who need access to a member’s personal data in order to provide the requested services may access it, and only the information that is instrumental and related to that purpose. Specifically:

• administrative staff;
• collaborators;
• faculty members.

Our employees and partners have been informed and trained on the importance of adhering to the principles and rules governing the processing of personal data.

external communication

The Data Controller shares the personal information of data subjects with certain providers who assist in delivering the requested services and who are specifically appointed as external Data Processors for this purpose. In particular:

third parties that the Data Controller uses to provide services essential for managing all interactions with the data subject.

If the provider accesses the data, it will do so in compliance with current data protection laws and the instructions provided by the Data Controller.

The Data Controller will not disclose personal information to other third parties without the data subject’s consent, unless required by law or by an Authority:

• when necessary for reasons of national security;
• for reasons of public interest;
• in response to a request from public authorities.

Is your data transferred abroad?

Member data is not transferred outside the European Economic Area.

What are your rights as a data subject, and how can you exercise them?

The European General Data Protection Regulation (2016/679) grants data subjects specific rights. Specifically, these include the right to access, rectify, object to processing for commercial purposes or exclusively automated processing, erase, restrict, and port the data, as well as the right to contact the Data Protection Authority.

If a data subject wishes to exercise their rights as recognized by law, they can simply send an email to privacy@luiss.it or write to the Data Controller, Luiss Guido Carli, at Viale Pola no. 12 – 00198 – Rome, outlining your request and providing the necessary information to identify the applicant.

The contact details for the Data Protection Officer (DPO) can be found on the Data Controller's website at http://www.luiss.it/contatti.

The Data Controller will respond to you within one month. If the Data Controller is unable to respond within the specified timeframe, they will provide a detailed explanation of the reasons why your request cannot be fulfilled.

The data subject is informed that participation in the event involves the capture of photo/audio/video recordings, which will be processed and stored in accordance with European regulations under Reg. EU Regulation 679/2016 (GDPR). The images may be published in promotional materials, graphics, on websites, or on social media pages associated with Luiss Guido Carli, as well as on websites or in news outlets, both digital and non-digital. In any event, any use that could damage the honor, reputation, or dignity of the person portrayed, filmed, or recorded is excluded.