PRIVACY POLICY

Tech 4 Global Health

Premise

This Privacy Policy has been drawn up, pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter also referred to as the “Regulation” or “GDPR”), in order to inform those who interact with the website “Tech 4 Global Health” https://tech4globalhealth.com/ (hereinafter referred to as the “Website”) regarding the ways in which personal data will be processed both through simple consultation and through the use of specific services made available through the Website.

The information is provided exclusively for the above-mentioned Website and not for other websites or sections/pages/spaces owned by third parties that may be consulted by the user through specific links for which reference is made to the respective privacy policies.

1. CONTROLLER AND DATA PROTECTION OFFICER

The Data Controller is the Campus Bio-Medico University of Rome (hereinafter, “UCBM”, “University” or “Data Controller”), Tax Code 97087620585 with registered office in Rome, Via Álvaro del Portillo n. 21.

The Data Protection Officer (hereinafter referred to as the “Data Protection Officer” or “DPO”) can be contacted at the following addresses:

• by e-mail, to the address: [email protected];
• by ordinary mail, to the address of the Campus Bio Medico University, based in Rome (RM) at via Alvaro del Portillo, n. 21, ZIP Code 00128, at the attention of the Data Protection Officer.

2. PERSONAL DATA SUBJECT TO PROCESSINGWe inform you that by using the Website, the Data Controller may collect and process information and personal data relating to you. These may include an identifier such as your name, an identification number, location data, an online identifier, or one or more elements characteristic of your physical, physiological, psychological, economic, cultural, or social identity, which may allow your identification or make you identifiable, depending on the type of services you request (hereinafter referred to as “Personal Data”).

In particular, the Data Controller will process the following categories of Personal Data:

1. Browsing data

The Data Controller will process the Personal Data collected during your navigation on the Website. These Personal Data include, for example, your IP address, location (country), domain names of the computer or device you use, URI (Uniform Resource Identifier) addresses of the resources requested on the Website, the request time, the method used to submit the request to the server, the size of the file obtained in response to a request, the numerical code indicating the status of the server’s response (successful, error, etc.), and so on.

The operation of the Website involves the use of IT systems and software procedures that collect information about users as part of their normal functioning. Although the Data Controller does not collect such information to associate it with specific users, it is still possible to identify users either directly through this information or by using other collected data. As such, this information is also considered personal data.

b. Common data voluntarily provided

The Data Controller will process any Personal Data you may provide when submitting requests through the contact form “Would you like to participate in the research of this observatory?” available on the Website in the “Contact Us” section. In particular, the Personal Data that may be provided through the contact form includes: identification data (first and last name), contact details (email address), and information regarding your current profession.

When submitting requests to the Data Controller, we kindly ask you to provide only the Personal Data strictly necessary to handle your request, excluding any excessive Personal Data.

c. Cookies

The Data Controller will process the Personal Data collected through cookies and other tracking tools. For more information on the Personal Data processed through cookies and other tracking tools, you can consult the relevant Cookie Policy.

3. PURPOSE OF THE PROCESSING AND LEGAL BASIS OF THE PROCESSING
   
   Your data will be processed for the following purposes:a) To allow navigation of the Website and interaction with the contents contained therein, including the management of the security of the Website

   The Data Controller will process, pursuant to Article 6.1, letter b) of the Regulation (legal basis: performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), the Personal Data referred to in paragraph 2, letter a), in order to allow access to and navigation of the Website, as well as to ensure its proper functioning.
   
   b) To respond to requests received through the contact form available on the Website, in the “Contact Us” section.

   The Data Controller will process, pursuant to Article 6.1, letter b) of the Regulation (legal basis: performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), the common Personal Data referred to in paragraph 2, letter b), in order to respond to requests received through the contact form “Would you like to participate in the research of this observatory?” available on the Website in the “Contact Us” section.

   Providing Personal Data for this purpose is optional, but failure to do so would prevent the request from being submitted and, consequently, the possibility of receiving a response from the Data Controller.

Once provided, your Personal Data may also be processed for the following purposes.

c) To comply with any obligations provided for by applicable laws, regulations or EU legislation, or to satisfy requests from the authorities

The Data Controller will process, pursuant to Article 6.1, letter c) of the Regulation (legal basis: legal obligation), the Personal Data referred to in paragraph 2 above in order to comply with a regulatory obligation incumbent on the same.

d) To meet any defensive needs, possibly related to the detection, prevention, mitigation and detection of fraudulent or illegal activities in relation to the services provided on the Website

The Data Controller will process, pursuant to Articles 6.1, letter f) and 9.2, letter a) of the Regulation (legal basis: legitimate interest), the Personal Data referred to in paragraph 2 above in order to defend its right and/or legitimate interest in and out of court.

4. RECIPIENTS OF PERSONAL DATAYour Personal Data may be shared, for the purposes referred to in paragraph 3 of this Privacy Policy, with the following subjects, collectively referred to as “Recipients”:

   – persons authorized by the Data Controller, pursuant to art. 29 and 32 of the Regulation and 2-quaterdecies of Legislative Decree 196/2003 (so-called “Privacy Code”), to the processing of personal data necessary to carry out activities strictly related to the provision of services, who have committed themselves to confidentiality or have an adequate legal obligation of confidentiality;

   – subjects who typically act as data processors pursuant to Article 28 of the Regulation on behalf of the Data Controller, in particular subjects in charge of providing services necessary for the use of the Website (e.g., hosting providers, suppliers of technical maintenance services, etc.).

   The complete list of data processors is available upon written request to the DPO at the contact details provided in paragraph 1 of this Privacy Policy;

   – in addition, the Data Controller may communicate your Personal Data to subjects, bodies or authorities whose communication is mandatory by virtue of legal provisions or orders of the authorities. These parties will process Personal Data as independent data controllers.

   
   5. TRANSFERS OF PERSONAL DATA

   Some of your personal data may be shared with Recipients located outside the European Economic Area. The Data Controller ensures that in such cases, the processing of personal data by the Recipients takes place in compliance with the legislation or according to one of the methods permitted by law pursuant to articles 44-49 of the Regulation, such as the consent of the data subject, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free movement of data, in compliance with the provisions of Recommendations 01/2020 adopted on 10 November 2020 by the European Data Protection Board.

   It is possible to request more information regarding the data transfers carried out and the guarantees adopted for this purpose, by writing to the Data Controller or DPO at the addresses indicated in paragraph 1 above.

   6. RETENTION OF PERSONAL DATA

   The Personal Data processed for the purposes referred to in paragraph 3, letters a) and b) of this Privacy Policy will be processed for the time strictly necessary to achieve those same purposes in compliance with the principles of minimization and limitation of storage pursuant to art. 5, par. 1, letters c) and d) of the Regulation.

   Personal Data processed for the purposes referred to in paragraph 3, letter c) of this Privacy Policy will be stored for the time provided for by the specific obligation or applicable law.

   The Data Controller also reserves the right to retain Personal Data for as long as necessary to ascertain and exercise its rights and/or meet any defensive needs in court as well as in out-of-court and in the phases preceding litigation.

Further information regarding the data retention period and the criteria used to determine this period can be requested by writing to the DPO at the contact details provided in paragraph 1.

7. RIGHTS OF THE DATA SUBJECT

You, as a data subject, may, at any time, exercise the following rights:

· Right of access (Article 15 of the Regulation) – You have the right to obtain confirmation as to whether or not your personal data is being processed, as well as the right to receive any information relating to the same processing.

· Right to rectification (art. 16 of the Regulation) – you have the right to obtain the rectification of your personal data, if they are incomplete or inaccurate; it should be noted that, with respect to personal data collected through audio and video recording systems, the right to rectification cannot be exercised in consideration of the intrinsic nature of the data collected, which relate to an objective and specific fact.

· Right to erasure (art. 17 of the Regulation) – in certain circumstances, you have the right to obtain the erasure of your personal data in our archives.

· Right to restriction of processing (art. 18 of the Regulation) – under certain conditions, you have the right to obtain the restriction of the processing of your personal data.

· Right to portability (art. 20 of the Regulation) – you have the right to obtain the transfer of your personal data to a different data controller as well as the right to obtain the data concerning you in a structured, commonly used and machine-readable format.

· Right to object (Article 21 of the Regulation) – You have the right to submit a request to object to the processing of your personal data in which you provide evidence of the reasons justifying the opposition; the Data Controller reserves the right to evaluate this request, which may not be accepted if there are compelling legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms.

Furthermore, if you believe that the processing of your Personal Data violates the legislation on the protection of personal data, we inform you that you have the right, pursuant to art. 77 of the Regulation, to lodge a complaint with the Supervisory Authority of the Member State in which he/she habitually resides, works or of the place where the alleged violation occurred.

To exercise the above-mentioned rights, you may write to the DPO at the registered office address in Rome, Via Álvaro del Portillo No. 21, to the attention of the Data Protection Officer, or at the email address [email protected].

8. UPDATES TO THIS WEB POLICY

The Data Controller reserves the right to modify or simply update the content of this Privacy Policy, in part or in full, also due to changes in the applicable legislation. The Data Controller therefore invites you to visit this section regularly to become aware of the most recent and updated version of the Privacy Policy in order to be always updated on the data collected and its processing by the Data Controller.

9. HOW TO CONTACT THE DATA CONTROLLER AND EXERCISE THE RIGHTS OF THE DATA SUBJECTIn case of questions or doubts in relation to the processing of Personal Data or to exercise any other right mentioned above, the Data Subject may send a written communication by registered letter with return receipt to Campus Bio-Medico University of Rome, with registered office in Rome, Via Álvaro del Portillo n. 21 to the attention of the DPO – Data Protection Officer or by email to the address [email protected] .