Privacy Policy English

Italian version

PRIVACY POLICY, EU Regulation 2016/679 (“GDPR”)

The University of Siena, as a research center and as Data Controller of personal data, undertakes to process the data concerning you, including “the particular categories of data” indicated in art. 9 of EU Regulation 2016/679 (such as, for example, personal data relating to health, racial or ethnic origin, political opinions, trade union membership, biometrics) according to the principles established by art. 5 (lawfulness, correctness, transparency, adequacy, relevance, accuracy, minimization of treatment, limitation of conservation, etc.).
The University of Siena invites you to read the following information prepared pursuant to Articles 13 and 14 of EU Regulation 2016/679 “concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data” (hereinafter “Regulation”), also known by the acronym GDPR ( General Data Protection Regulation).

A) PROCESSING OF PERSONAL DATA

The information on the processing of personal data, drawn up according to the indications of art. 13 of EU Regulation 2016/679, is published on the University Privacy section https://www.unisi.it/ateneo/adempimenti/privacy.

We inform you that:

– the Data Controller is the University of Siena with registered office in via Banchi di Sotto, no. 55, 53100, Siena, represented by the Magnificent Rector by the Magnificent Rector Prof. Francesco Frati.

The contact details of the Data Controller are:

  • Tel. 0577 235288
  • Email: rettore@unisi.it
  • PEC (certified e-mail) rettore@pec.unisipec.it

– The data protection officer (DPO) of the University of Siena is the lawyer Giuseppe Versaci. The contact details are:

  • Email: rpd@unisi.it
  • PEC (certified electronic mail) rpd@pec.unisipec.it

– The co-data controller is the research group of the WebCrow project (https://webcrow.diism.unisi.it/) at the Department of Information Engineering and Mathematical Sciences. The contact details are:

  • Email: webcrow@unisi.it

– your data will be processed on paper and / or computer, according to the principles established by art. 5 (lawfulness, correctness, transparency, adequacy, relevance, accuracy, minimization of treatment, limitation of conservation, etc.);

– the personal data you provide will be processed by the University of Siena for purposes related to the WebCrow research project at the Department of Information Engineering and Mathematical Sciences.

– interested parties “may contact the data protection officer for all matters relating to the processing of their personal data and the exercise of their rights deriving from the […] regulation” (Article 38, paragraph 4 of the Regulation).

B) PROCESSING OF PERSONAL DATA PURPOSES

Data collected will be used for purposes related to the WebCrow research project (https://webcrow.diism.unisi.it/) and to human versus machine competitions in crosswords. Specifically, it includes:

  • the objectives of the research project indicated above;
  • dissemination of results;
  • the administrative management of the same.
  • the use of Personal Data present on the gaming platform, ie the data necessary for the creation of your account, such as your e-mail address and your name and surname
  • the use of data for solving crossword puzzles in competitions. Data used for research purposes and for comparison with the performance of the WebCrow research project.
  • the use of personal data and those present on the gaming platform, including to third parties, for the sole purpose of being able to determine the rankings and award any prizes or free subscriptions.
  • The use of the e-mail address in order to inform the user about future scientific initiatives promoted by the University of Siena and / or the WebCrow research group.

C) LEGAL BASIS OF THE PROCESSING

The processing by the University of Siena of your personal data will be carried out on the basis of at least one of the following conditions of lawfulness (or “legal bases of processing”):

  • consent expressed by the interested party for one or more processing purposes indicated in point III of this information;
  • execution of a task of public interest for one or more of the purposes indicated in point B) of this information;
  • pursuit of a legitimate interest of the owner for one or more purposes indicated in point B) of this information.

The processing of personal data belonging to “particular categories” (formerly “sensitive data”) will be carried out on the basis of at least one of the following conditions of lawfulness:

  • explicit consent of the interested party for one or more of the purposes indicated in point III of this information;
  • need to ascertain, exercise or defend a right in court;
  • archiving in the public interest, for scientific or historical research or for statistical purposes.

D) INTERNAL SUBJECTS RECIPIENTS OF THE DATA

The recipients of your data are the scientific manager of the project and his collaborators in the research activity (researchers, technicians and administrators) who will process them with automated and non-automated tools, exclusively to allow the research and all related operations and related activities to be carried out, including administrative ones.

It is specified that, on the basis of what is defined in the University Regulations on the processing of personal data in implementation of EU Regulation 2016/679 and of Legislative Decree 196/2003, the Designee of the processing is the Director of the Department, prof. Valerio Vignoli; the contact person for data processing for research is prof. Marco Gori.

We inform you that, in addition to the Scientific Responsible, the collaborators and the other subjects indicated above, the commission will be able to examine all the documentation collected during the scientific study.
University Ethics in order to check that the research is conducted correctly and in accordance with the provisions in force and the interested party will not have the right to prevent such activities.

E) EXTERNAL SUBJECTS WITH WHOM THE DATA MAY BE SHARED

The data collected may be disclosed to the following subjects:

  • expert.ai S.p.A., partner in the project,
  • Sprea S.p.A and Sudoku srl for the management of prizes and free subscriptions
  • AVCX crosswords (https://avxwords.com) for the management of free rewards and subscriptions
    and to external persons or companies acting on their behalf.

F) RIGHTS OF THE INTERESTED PARTY

In relation to the personal data processed in the research project, each interested party may exercise the rights provided for by art. 15 and ss. of the European Regulation, taking into account, however, any exceptions referred to in art. 89, par. 2 of the same Regulation.
In particular, the interested party can obtain:

  • access to their personal data and all other information indicated in art. 15;
  • the correction of data if they are inaccurate and / or their integration if they are incomplete;
  • cancellation (so-called “right to be forgotten”), except for information that must be kept for the purposes referred to in point III and unless there is a legitimate reason prevailing over that of the interested party for the continuation of the processing activity ;
  • the limitation of processing in the cases indicated in art. 18.

Based on the provisions of the European Regulation, the interested parties also have the right to:

  • withdraw the consent at any time without however prejudicing the lawfulness of the processing based on the consent given prior to the withdrawal. In this case, no further data concerning him will be collected, without prejudice to the use of any data already collected to determine, without altering them, the results of the research or those that, originally or following processing, are not attributable to a identified or identifiable person.
  • lodge a complaint with a supervisory authority.

G) METHOD OF EXERCISING RIGHTS AND CLAIM TO THE GUARANTOR AUTHORITY FOR THE PROTECTION OF PERSONAL DATA

If the interested party wishes to exercise the rights described above, he can contact the Data Controller or co-data controller using the contact details indicated in point A) of this information.
For the same purpose, as well as to report any violations of the rules on the processing of personal data, you can use the specific data breach service of the University of Siena (for data breach we mean the security breach that involves accidentally or unlawfully destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed), which can be reached at the address: rpd.breach@pec.unisipec.it; abuse@unisi.it.

The data breach service is carried out under the authority and direct control of the Data Controller.
The request will be answered as soon as possible. In this regard, the Regulation provides that the response is provided within one month of the request, which can be extended up to three months in the case of particular complexity.
The data subject also has the right to lodge a complaint with the Supervisory Authority pursuant to art. 77 of the Regulation. In Italy the function of Supervisory Authority is exercised by the Guarantor for the Protection of Personal Data (https://www.garanteprivacy.it).

In addition to the above and for simplicity, if you find yourself in a position to receive e-mail messages from the Joint Data Controller that are no longer of interest to you, it will be sufficient to send an email to webcrow@unisi.it with the text “I DO NOT WANT MORE ‘RECEIVE THE E-MAIL MESSAGES OF THE WEBCROW PROJECT ”to no longer receive any communication.

H) DATA RETENTION TIME

The data collected during the research will be recorded, processed and stored limited to what is necessary for the pursuit of the purpose referred to in Section B) of this Notice. In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, in any case a maximum of 2 years.
The data will be stored by the Data Controller through the Scientific Manager of the project: prof Marco Gori and the WebCrow team.
The management and storage of personal data collected for the purposes of the research takes place on servers located within the University and / or on external servers of suppliers (eg. CINECA) of some services necessary for the technical – administrative management which, only for the purposes of the requested service, they could become aware of the personal data of the interested parties and that they are duly appointed as Data Processors pursuant to art. 28 of the EU Regulation.

I) NATURE OF DATA CONFERENCE AND CONSEQUENCES OF ANY REFUSAL OF CONFERRAL

The provision of data for the purposes referred to in point B) is essential for carrying out the study and does not derive from a regulatory obligation. Refusal to provide them will not allow the interested party to participate in the study in question.

L) COOKIE POLICY

The gaming platform uses technical cookies to store login information and other data necessary for the gaming platform to function. There is no tracking done.