Introduction

Luiss, the Libera Università Internazionale degli Studi Sociali Guido Carli (hereinafter Luiss), is an autonomous university that offers an advanced educational model.

This notice outlines how Luiss processes the personal data of students collected when they apply to take the admission test for degree programs.

The policy is periodically updated to align with current legislation or new methods of processing personal data.

What personal data do we collect?

The Data Controller collects and processes the following personal data:

• the data subject’s identifying information (first name, last name, place and date of birth, tax code, citizenship);
• contact details (residential address, email, phone number);
• information about your educational background (high school diploma, grade earned);
• data regarding foreign language proficiency;
• accounting and tax data;
• special data, if necessary, to allow the candidate to take the admission tests.

For what purposes do we collect your data, and why is the processing lawful?

The Data Controller collects and processes the data subject’s personal information for the following purposes:  

• to manage, from an administrative standpoint, the selection of candidates through an admissions test (the legal basis for the processing lies in the pre-contractual phase between the University and the candidate);
• to manage, from an accounting and tax perspective, the relationship with the candidate in the event of a withdrawal from enrollment (the legal basis for the processing is found in the contract and in the relevant legal provisions);
• to send promotional communications and newsletters about the services offered and initiatives promoted, as well as to invite the data subject to events, training sessions, or related courses (the legal basis is found in the data subject’s consent);
• to enable the University to conduct customer relationship management activities, identifying the data subject’s profile, interests, experiences, skills, knowledge, and hobbies, and consequently offering them opportunities for professional and personal growth (the legal basis for the processing is the data subject’s consent).

How does the Data Controller process your personal data, and for how long does it retain it?

The data subject’s personal data is processed both in paper form and electronically (servers, cloud databases, application software, etc.).

The Data Controller retains the data subject’s information for a period determined in accordance with the statute of limitations for civil claims and in compliance with specific sector laws, as well as for the time necessary to properly pursue the purposes identified above.

Who do we share your personal data with?

internal communication

Only University employees and collaborators who need access to your personal data to provide the services you’ve requested may access it, and only the information that is instrumental and related to that purpose. Specifically:

• administrative staff;
• collaborators.

Our employees and partners have been informed and trained on the importance of complying with the principles and rules regarding the processing of personal data.

external communication

The Data Controller shares the personal information of data subjects with certain providers that assist in delivering the requested services and are specifically appointed as external Data Processors for this purpose. Specifically:

• third parties the Data Controller uses to manage the tax and accounting aspects of the relationship (for example, credit institutions);
• third parties the Data Controller uses to conduct admission tests;
• third parties the Data Controller uses to manage promotional information.

If the provider accesses the data, it will do so in compliance with current data protection laws and the instructions provided by the Data Controller.

The Data Controller will not disclose personal information to other third parties without the data subject’s consent, unless required by law or by an Authority:

• when necessary for reasons of national security;
• for reasons of public interest;
• in response to a request from public authorities.

Is your data transferred abroad?

Member data is not transferred abroad.

What are your rights as a data subject, and how can you exercise them?

The European General Data Protection Regulation (2016/679) grants data subjects specific rights. Specifically, these include the rights to access, rectify, object to processing for commercial purposes or exclusively automated processing, erase, restrict, and port the data, as well as the right to contact the Data Protection Authority.

If the data subject wishes to exercise their legally recognized rights, they can simply send an email to privacy@luiss.it or write to the Data Controller, Luiss Guido Carli, at Viale Pola no. 12 – 00198 – Rome, outlining your request and providing the necessary information to identify the applicant.

The contact details for the Data Protection Officer (DPO) can be found on the Data Controller's website at http://www.luiss.it/contatti.

The Data Controller will respond to you within one month. If the Data Controller is unable to respond within the specified timeframe, they will provide a detailed explanation of why your request cannot be fulfilled.