Afya Moja

Contact Us

Privacy Policy

Introduction

This Privacy Policy is provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter also referred to as the “Regulation” or “GDPR”) in order to inform individuals who interact with the “Afya Moja” website – https://afyamoja.unicampus.it/ (hereinafter referred to as the “Website”) – about how their personal data will be processed, both through simple browsing and through the use of specific services made available via the Website.

This information is provided exclusively for the above-mentioned Website and not for other websites or sections/pages/spaces owned by third parties that may be accessed by the user through specific links, for which reference should be made to the respective privacy policies.

  1. CONTROLLER AND DATA PROTECTION OFFICER

The Data Controller is the Università Campus Bio-Medico di Roma (hereinafter, “UCBM”, “University” or “Data Controller”), Tax Code 97087620585 with registered office in Rome, Via Álvaro del Portillo n. 21.

The Data Protection Officer (hereinafter referred to as the “Data Protection Officer” or “DPO”) can be contacted at the following addresses:

  • by e-mail, to the address: [email protected];
  • by ordinary mail, to the address of the Università Campus Bio-Medico, based in Rome (RM) at Via Álvaro del Portillo, n. 21, Code 00128, at the attention of the Data Protection Officer.
  1. PERSONAL DATA SUBJECT TO PROCESSING

Please note that by using the Website, the Data Controller may collect and process information and personal data relating to you. This data may consist of an identifier such as your name, an identification number, location data, an online identifier, or one or more elements specific to your physical, physiological, psychological, economic, cultural, or social identity that are capable of identifying you or making you identifiable, depending on the type of services you request (hereinafter also referred to as “Personal Data”). 

 

In particular, the Data Controller will process the following categories of Personal Data: 

a) Browsing Data

The Data Controller will process the Personal Data collected during your navigation of the Website. Such Personal Data includes, for example, your IP address, location (country), domain names of the computer or device you use, URI (Uniform Resource Identifier) addresses of the resources requested on the Website, the time of the requests, the method used to submit the requests to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and so on.
The operation of the Website involves the use of computer systems and software procedures that collect information about users as part of their standard functioning. Although the Data Controller does not collect such information with the intention of associating it with specific users, it is still possible to identify users either directly through this information or by using other data collected — therefore, this information is also considered personal data.

b)Common Data voluntarily provided by the user

The Data Controller will process the Personal Data you may provide when submitting requests to the email addresses listed on the Website and in the “Contact Us” section accessible from the main menu, through which you can send your request to the Data Controller.

When submitting such requests, we kindly ask you to provide only the Personal Data strictly necessary to handle your request, avoiding the inclusion of excessive or unnecessary data.

c) Data provided for access to educational content

The Data Controller will also process any Personal Data you may provide for the purpose of registering and accessing the educational content available and viewable through the Website.

d) Cookie

The Data Controller will process the Personal Data collected through cookies and other tracking tools. For more information about the Personal Data processed through cookies and other tracking tools, please refer to the relevant Cookie Policy

  1. PURPOSES OF THE PROCESSING AND LEGAL BASIS

Your data will be processed for the following purposes:

a) Enabling Website Navigation, Including Website Security Management

The Data Controller will process, pursuant to Article 6.1(b) of the Regulation (legal basis: performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), the Personal Data referred to in paragraph 2, letter a), to allow access to and navigation of the Website, as well as to ensure its proper functioning.

b) Managing and Responding to Information Requests and Enabling Registration to the section of the Website dedicated to educational content

The Data Controller will process, pursuant to Article 6.1(b) of the Regulation (legal basis: performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), the common Personal Data referred to in paragraph 2, letters b) and c), in order to respond to requests sent to the email addresses provided on the Website, through the “Contact Us” section, and to allow users to register and access educational content.

Providing Personal Data for these purposes is optional, but failure to do so may result in the inability to receive a response to the request and/or to access the educational content. Once provided, your personal data may also be processed for the following purposes.

c) Compliance with obligations under laws, regulations, or EU legislation, or to respond to requests from competent authorities

The Data Controller will process the Personal Data referred to in paragraph 2 in accordance with Article 6.1(c) of the Regulation (legal basis: legal obligation), in order to comply with applicable legal and regulatory obligations

d) Fulfillment of defensive needs, including the identification, prevention, mitigation, and detection of fraudulent or unlawful activities related to the services offered on the Website

The Data Controller will process the Personal Data referred to in paragraph 2 in accordance with Articles 6.1(f) and 9.2(a) of the Regulation (legal basis: legitimate interest), in order to protect its rights and/or legitimate interests in judicial and extrajudicial proceedings.

  1. RECIPIENTS OF PERSONAL DATA

Your Personal Data may be shared, for the purposes indicated in paragraph 3 of this Privacy Policy, with the following entities, collectively referred to as “Recipients”:

  • persons authorized by the Data Controller, pursuant to Articles 29 and 32 of the Regulation and Article 2-quaterdecies of Legislative Decree 196/2003 (the so-called “Privacy Code”), to process personal data necessary to carry out activities strictly related to the provision of services, who are committed to confidentiality or are subject to an appropriate legal obligation of confidentiality;

  • entities typically acting as Data Processors, pursuant to Article 28 of the Regulation, on behalf of the Data Controller, in particular those responsible for providing services necessary for the use of the Website (e.g., hosting providers, technical maintenance service providers, training service providers, etc.), including: APRE agency, responsible for delivering the training content accessible and viewable through the Website.

The complete list of data processors is available upon written request to the DPO at the contact details provided in paragraph 1 of this Privacy Policy;

  • additionally, the Data Controller may disclose your Personal Data to entities, bodies, or authorities to whom disclosure is mandatory under legal provisions or by order of the competent authorities. These entities will process the Personal Data as independent data controllers.
  1. TRANSFERS OF PERSONAL DATA

Some of your Personal Data may be shared with Recipients located outside the European Economic Area. In such cases, the Data Controller ensures that the processing of Personal Data by the Recipients complies with applicable regulations or is carried out in accordance with one of the methods permitted by law under Articles 44–49 of the Regulation. These methods may include the data subject’s consent, the adoption of Standard Contractual Clauses approved by the European Commission, or the selection of entities adhering to international programs for the free movement of data, in compliance with the provisions set out in Recommendations 01/2020 adopted on 10 November 2020 by the European Data Protection Board (EDPB).

You may request further information regarding the data transfers carried out and the safeguards adopted for this purpose by writing to the DPO at the contact details provided in paragraph 1 of this notice.

  1. RETENTION OF PERSONAL DATA

The Personal Data processed for the purposes indicated in paragraph 3, letters a) and b) of this Privacy Policy will be processed for the time strictly necessary to achieve those purposes, in compliance with the principles of data minimization and storage limitation pursuant to Article 5, paragraph 1, letters c) and d) of the Regulation.

In particular, the data you provide for registration and access to the educational content available on the Website will be retained for the entire duration of your registration and until you delete your personal account.

The Personal Data processed for the purposes indicated in paragraph 3, letter c) of this Privacy Policy will be retained for the period required by the specific obligation or applicable legal regulation.

The Data Controller also reserves the right to retain Personal Data for the time necessary to establish and exercise its rights and/or to meet any legal defense needs in judicial or extrajudicial proceedings, including pre-litigation phases.

Further information regarding the data retention period and the criteria used to determine such period may be requested by writing to the DPO at the contact details provided in paragraph 1.

  1. DATA SUBJECT RIGHTS
    As a data subject, you have the right to exercise the following rights at any time:
  • Right of access (Article 15 of the Regulation) – You have the right to obtain confirmation as to whether or not your personal data is being processed, as well as the right to receive any information related to such processing.
  • Right to rectification (Article 16 of the Regulation) – You have the right to obtain the rectification of your personal data if it is incomplete or inaccurate. Please note that, with regard to personal data collected through audio and video recording systems, the right to rectification cannot be exercised due to the intrinsic nature of the data, which refers to an objective and specific fact.
  • Right to erasure (Article 17 of the Regulation) – Under certain circumstances, you have the right to request the deletion of your personal data from our records.
  • Right to restriction of processing (Article 18 of the Regulation) – Under certain conditions, you have the right to request the restriction of the processing of your personal data.
  • Right to data portability (Article 20 of the Regulation) – You have the right to obtain the transfer of your personal data to another data controller, as well as the right to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object (Article 21 of the Regulation) – You have the right to object to the processing of your personal data by stating the reasons justifying your objection. The Data Controller reserves the right to assess the request, which may not be accepted if there are compelling legitimate grounds that override your interests, rights, and freedoms.

Furthermore, if you believe that the processing of your personal data violates data protection regulations, you have the right, pursuant to Article 77 of the Regulation, to lodge a complaint with the supervisory Authority of the Member State where you reside or work, or where the alleged violation occurred.

To exercise the above rights, you may write to the DPO at the registered office in Rome, Via Álvaro del Portillo n. 21, to the attention of the DPO, or via email at [email protected].

  1. CHANGES

The Data Controller reserves the right to modify or simply update the content of this Privacy Policy, in whole or in part, also due to changes in the applicable legislation. Therefore, the Data Controller invites you to regularly visit this section to become aware of the most recent and updated version of the Privacy Policy in order to always be informed about the data collected and its processing by the Data Controller.

  1. HOW TO CONTACT THE DATA CONTROLLER AND EXERCISE DATA SUBJECT RIGHTS

If you have any questions or concerns regarding the processing of your personal data, or if you wish to exercise any of the rights mentioned above, you may send a written communication by registered mail with return receipt to Università Campus Bio-Medico di Roma, registered office Via Álvaro del Portillo n. 21, Roma, to the attention of the DPO – Data Protection Officer, or by email to: [email protected].

 

Quick Links
Get In Touch