Privacy Policy

1.1 General Conditions: the general conditions governing the relationship between the User and the University regarding Platform use and  the Services provided by the University via the platform.

1.2 Courses: these are the courses organized by the University or by a Partner of the University.

1.3 Personal Data: any information relating to a physical person, identified or identifiable, directly and indirectly, by reference to their name, identification number, location data, online identifier or elements characteristic of their physical, physiological, genetic, psychic, economic, cultural or social identity.

1.4 Form: the forms that are found on the Platform via which the data subjects interact with the Platform.

1.5 GDPR: EU Regulation N. 2016/679 of April 27th, 2016.

1.6 Policy: this policy document which details how Personal Data are processed by the Data Controller

1.7 Data Subject: the physical persons, identified or identifiable, whose Personal Data are processed pursuant to this Policy, in line with art. 4 of GDPR (e.g. Users and representatives of Partners or Third Parties)

1.8 Partner: these are project partners or commercial partners of the University.

1.9 Platform: the online learning platform “Federica Web Learning”.

1.10 Profiling: Processing of Personal Data involving evaluation of personal aspects of the Data Subjects using fully or partially automated techniques.

1.11 Profile: the profile created by Users on Platform for the Registration.

1.12 Social profile: User profiles created on third party sites (e.g. Google, Facebook or Linkedin profiles) which the Users opt to use for Registration on the Platform.

1.13 Registration: creation of a Profile by completing a Form, or by connecting using a Social Profile or a Partner authentication system.

1.14 Services: the services offered by University to the User via the Platform, as defined in the General Conditions.

1.15 Data Controller: natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data with reference to article 4 of the GDPR.

1.16 Processing: any operation or set of operations, carried out with, or without, the support of automated processes and applied to personal data or personal data sets, such as, the collection, storage, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, communication via transmission, diffusion or other means available, comparison or interconnection, limitation, cancellation and destruction.

1.17 Users: users of the Platform.

2.1 Data Controller
The Data Controller is University degli Studi di Napoli Federico II, with registered office in Corso Umberto I no. 40, 80138 – Naples, represented by the Rettore pro tempore and the General Director, in relation to the specific provisions and to the bylaws (“University”) (E-mail: rettore@unina.it PEC: rettore@pec.unina.it).

2.2 Data Protection Officer
The University Data Protection Officer (DPO) is available at the following address: Università degli Studi di Napoli Federico II – Responsabile della Protezione dei dati personali, Corso Umberto I n.40 – 80138 Napoli.  (e-mail: rpd@unina.it PEC: rpd@pec.unina.it).

2.3 Request from Data Subject
Any request from Data Subjects concerning the Processing of Personal Data performed by the University regarding their Personal Data (including the exercise of their rights as per paragraph 9 below), shall be addressed to the University, and sent by mail to the main office (Corso Umberto I no. 40, 80138 – Naples), or by e-mail to the following address: support@federica.eu.

University collects and uses Personal Data of Users for the following purposes:

a) Allow Users to create a Profile and use the Services: Processing of Personal Data for the purposes set out in point a) is necessary for the creation of a Profile and, as a consequence, to use the Services on the part of the User, any eventual refusal prevents the User from using the Services described in the General Conditions. This Processing is based on User acceptance of the General Conditions.

b) Send communications (e.g. newsletter, communications) and invitations to the Courses to the Users: the Processing of Personal Data for the purposes set out in point b) is necessary for the management of communications relating to the University, Platform and/or Services. This Processing is based on the performance of a task of public interest or related to the exercise of public authority vested in the University. Opposition to this Processing (if the requirements are met) may be exercised by the User at any time following the indications set forth in Section 9 letter f) of this Policy. 

c) Managing the contact requests received by Registered Users or Third Parties including Partners via e-mail and/or Forms: the Processing of Personal Data for the purposes set out in point c) is necessary for the management of contact requests received. This Processing is based on the performance of a task of public interest or related to the exercise of public authority vested in the University.. Opposition to this Processing (if the requirements are met) may be exercised by the User at any time following the indications set forth in Section 9 letter f) of this Policy. 

d) Perform statistical analysis, market research, improve the delivery of Services and Platform use. Where possible, for this purpose we use aggregated anonymous Personal Data. Processing of Personal Data for the purposes set out in  point d) is optional and any refusal on the part of the User prevents them from having Services which are aligned to their personal preferences, but does not compromise use of the Service. This Processing is based on the performance of a task of public interest or related to the exercise of public authority vested in the University. Opposition to this Processing (if the requirements are met) may be exercised by the User at any time following the indications set forth in Section 9 letter f) of this Policy. 

e) (Only applies if the User has been instructed to register on the Platform by another public body as part of a training project) Elaboration, management and communication of course data to other public subjects: Processing of Personal Data for the purposes set out in  point e) is necessary for the correct elaboration and management of data collected by the Data Controller once one or more courses have been followed by users on the Platform. The eventual refusal on the part of the User prevents them from benefiting from the Service. In the case of specific courses proposed in collaboration with other public subjects i.e. “Partners” (organizations or Institutions) personal data collected by the Platform can be processed - and communicated to the aforementioned Partner - thus exercising an activity of public interest (art. 9, D.L. n. 139/2021, as conv. of L. n. 205/2021). Opposition to this Processing (if the requirements are met) may be exercised by the User at any time following the indications set forth in Section 9 letter f) of this Policy. 

f) Improve the services offered, also through profiling using automated mechanisms: Processing for the purposes set out in point f) is optional and any opposition on the part of the User prevents the latter from benefiting from Services aligned to his or her preferences, but without compromising use of the Services. This Processing is based on carrying out a task of public interest or related to the exercise of public authority vested in the University. Opposition to this Processing (if the requirements are met) may be exercised by the User at any time following the indications set forth in Section 9 letter f) of this Policy.

g) Send Personalized Communications, by means of profiling using automated     mechanisms, subject to optional consent: Processing for the purposes set out in  point g) is optional and any refusal makes it impossible to receive Personalized Communications. Such Processing is based on the free, specific, informed and unequivocal consent of the Data Subject, expressed via a declaration in the Form on the Platform. Withdrawal of consent may be exercised at any time, following the directions set out in Section 9 letter a) of this Notice.

University collects Personal Data in the following ways:

a) Identifying Personal Data inserted into the Platform by Users:

• to complete registration on the Platform and use the Services; name and surname, e-mail, date of birth. 
• optionally, to support statistics, research or improve services; gender, nationality, qualifications, university, employment status, employment sector, interest in the subject.

b) Identifying Personal Data expressly communicated by the Users to the University help desk service (in case of contact request) or collected during the Courses and/or events organized by University; name and surname, e-mail;

c) Identifying Personal Data of the Users communicated by Partner representatives: name and surname, e-mail, matriculation number, degree category.

Personal Data are processed by University and/or third parties, selected for reliability and competence, and to which such Personal Data may be disclosed, if necessary or appropriate. In particular, University informs Users that Personal Data may be processed by, and/or communicated to:

a) employees and/or collaborators of University;
b) Partners of University;
c) private entities with contractual links to University;
d) third party suppliers of services necessary to guarantee the functioning of the Platform
e) third party suppliers of services necessary to guarantee the performance of the Services
f) third parties that provide consulting and assistance services;
g) third parties that provide analysis services for browsing data on the Platform and/or provide automatic services for sending communications.

Third parties are appointed as Data Processors pursuant to and in accordance with Article 28 of the GDPR.

Personal Data is stored by the University for a duration of time that is strictly necessary to achieve the purposes for which it was collected, as indicated in point 3 above. In particular, except where the right to withdraw consent,  as in section 9 point a) or the right to opposition as in section 9 point f) has been exercised, the University stores Personal Data for the following periods of time:

a) Personal Data for creation of a Profile and to use the Services: for the purposes referred to in section 3 letter a) and f), for the time period stated in the General Conditions and for an additional period of 5 years after the last interaction of the User with the Platform, though the provisions set out in section 6 letter e) prevail;

b) Persona Data for sending Course communications and invitations to the Users: for the purposes referenced in section 3 letter b) and g), for a period of 24 months from the last interaction of the User with the Platform, which showed an interest in the Services and/or Courses; 

c) Personal Data for managing the contact requests received by the University from registered Users or third parties, including Partners: for the purposes referenced in point 3 letters c) for a period of 6 months from receipt of the contact request sent by the Data subject either via e-mail or by filling in a designated form on the Platform. Once this deadline has been reached, or in the case of a complaint or a request being sent by e-mail to the support@federica.eu address, the User's Personal Data will be stored for the period referred to in letter e) below; 

d) In any case, the university is authorized to store Personal Data, completely or in part, for the maximum period of 10 years from the time of collection, limited to the information necessary to fulfill legal obligations and to allow the University itself the possible establishment, exercise and defense of its own right in court, or for a longer period if the possible establishment or court proceedings lasts more than 10 years.

Once the above terms have expired, University will automatically delete the Personal Data collected, or irreversibly transform them into anonymous data.

The Personal Data collected by the University for the purposes referred to in point 3 of this Policy, are submitted by University, pursuant to Articles 44 and following of GDPR, in accordance with appropriate safeguards to ensure the protection of Personal Data, to:

a) ActiveCampaign (ActiveCampaign Inc.) is a service for the management of the User database, and it has its registered office in 1 North Dearborn Street, 5th floor Chicago, IL 60602. The transfer of University data and user data on the part of ActiveCampaign to data centers outside the European Union or European Economic Area, for the provision of Online Services, are governed by the Contractual Clauses included in Appendix 2 of the DPA (https://www.activecampaign.com/legal/dpa).

Any transfer of personal data to a third country or an international organization is compliant with the safeguards described in article 46 of the EU regulation 2016/679.

More information about the safeguards adopted is available at the Federica Web Learning Center and can be requested  from the University via mail at  support@federica.eu.

Automated processing of Users' Personal Data designed to identify User preferences for predictive purposes.

The Profiling operated by the University has the following characteristics:

a) context: Profiling may be associated both with the improvement of the Services on the Platform, point 3 letter f), (by, for example, displaying recommended courses on the Site), and by sending personalized communications, referred to in point 3 letter g). If the User accesses the Platform exclusively to use the Services and has refused personalized communications (point 3 letter g), Profiling will only be carried out in connection with the provision of the Services.

b) content: information about Users related to age, education level, employment status, professional field, user interests (topics), course enrollments;

c) legal basis: consent expressed by positive action (flag) on the Platform;

d) rationale for processing: i) analysis and evaluation of the information collected about Users under (b) above; Identification of recurring patterns and similarities among Users enrolling in the same courses.; and (ii) classification of Users within similar categories of Users, to analyze or make predictions about their possible preferences; (iii) generation of predictions about a set of potential courses that Users might like.

(e) purpose: to make both the Services and communications more "personalized" in line with User preferences and, therefore, to improve the degree of "user satisfaction" both in terms of the Services provided on the Platform and the promotional communications they receive. Profiling is, therefore, aimed at making predictions about User preferences or future choices they might make, based on the educational content available on the platform;

f) effects for users: use of the Services on the Platform or receipt of personalized communications, in line with the preferences expressed by Users when navigating the Platform and using the Services. 

In no way does University Profiling: 

i) constitute an automated decision-making process from which legal or similarly significant effects are derived for Users; ; 

ii) affect the behavior or educational choices of Users;

iii) have a prolonged and permanent impact on Users, given that the Personal Data collected by the University can be independently updated at any time by Users and the University; 

iv) in view of the type of services offered by the University, lead to any discrimination of Users.

Pursuant to and for the purposes of the GDPR, for the period of time specified in section 6 of this Policy, each User has the right to:

a) withdraw the consent at any time, without prejudice to the lawfulness of the Processing, by sending an email to the University or by opting out from the commercial communications of Mobil Service (see Article 7 of the GDPR);

b) ask University to access to Personal Data and information regarding the Processing, and to any copy in electronic format, unless otherwise specified by the User (see Article 15 of the GDPR);

c) request the correction and/or integration of Personal Data, without undue delay (see Article 16 of the GDPR);

d) for specific reasons (for example, unlawful processing, withdrawal of consent, non-existence of the purpose of the Processing), request cancellation of Personal Data, without unjustified delay (see Article 17 of the GDPR);

e) with reference to specific cases (for example, inaccuracy of Personal Data, unlawful Processing, exercise of a right in court), request the limitation of Processing (see Article 18 of the GDPR);

f) with reference to the Processing referred to in point 3 letters b), c), d), e) and f) object at any time to Processing of Personal Data (where Personal Data are not used in anonymous form), by sending an email to the University (see Article 21 of the GDPR);

g) in case of automated Processing, receive Personal Data in a readable format, in order to allow their communication to a third party, or, where technically feasible, to request the transmission of Personal Data by University directly to such third party (so-called portability of Personal Data - see Article 20 of the GDPR);

h) be informed by University without undue delay of any violations or unauthorized access by third parties to their systems containing Personal Data (so-called data breach - see Article 34 of the GDPR);

i) propose a complaint to the supervisory authority of the EU country in which the User resides, works, or in which they believe the violation of their rights has occurred (see Article 77 of the GDPR).

For further information on the terms and conditions for the exercise of the rights granted to the User, the latter may consult the text of the GDPR published at the following link, or contact University in the forms provided for by section 2 of this Policy.The request for cancellation or any request on the part of the Data Subject in reference to this point should be sent  by e-mail to the following address: support@federica.eu.