Regulation (EU) 2016/679 – General Data Protection Regulation (hereinafter “GDPR”) establishes the right of every individual to the protection of personal data concerning them.
Pursuant to Article 13 of the GDPR, ANVUR intends to provide users (hereinafter “data subjects”) who access the Agency’s portal at https://www.anvur.it/ (corresponding to the homepage of the Agency’s official portal) and use the services offered through the portal with the following information.
The Data controller is the National Agency for the Evaluation of Universities and Research Institutes (ANVUR), located at Via Ippolito Nievo no. 35, 00125 Rome (RM), Italy; email: [email protected] – [email protected]
The Data Protection Officer (DPO), who can be contacted for information regarding personal data, may be reached at the following email address: [email protected]
ANVUR processes personal data in the performance of its public interest tasks related to education, scientific research, and administration pursuant to Article 6(1)(e) of the GDPR, and in particular for the purpose of providing and improving the web services offered.
Personal Data Collected Through the Portal
Browsing Data
While navigating the Portal, certain personal data are acquired, the transmission of which is implicit in the use of Internet communication protocols.
This category includes IP addresses or domain names of the computers used by users connecting to the Portal, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server’s response (success, error, etc.), and other parameters related to the user’s operating system and IT environment.
These data are used to obtain anonymous statistical information on the use of the Portal and to ensure its correct functioning. They may also be used to ascertain any cybercrimes committed against the Portal or other Agency IT systems.
These data are not collected with the intention of identifying data subjects, but due to their nature, they could, through processing and association with data held by third parties, make it possible to identify them.
Data Voluntarily Provided by the User
As part of a data subject’s request for information through the web services connected to the site, the Controller acquires the personal data voluntarily provided in the request, including the email address, which will be processed solely for the purpose of responding to the request.
What are Cookies
- Cookies are small strings of text that websites visited by the user may send to the user’s browsing device, where they are stored and then retransmitted to the same websites upon the user’s next visit.
- While browsing the internet, users may receive two different types of cookies: those from the website they are visiting (so-called “first-party cookies”) and those from different websites or web servers (so-called “third-party cookies”).
Which Cookies the Portal Uses
- The Portal exclusively uses the following types of first-party technical cookies, for which no user consent is required:
| Name | Purpose | Expiry |
|---|---|---|
| cookie-agreed-version | System cookies necessary for the website’s normal operation | 180 days |
| cookie-agreed | System cookies necessary for the website’s normal operation | 180 days |
Third-Party Analytics / Statistical Cookies
Web Analytics Italia (WAI): a platform that provides real-time visitor statistics for Public Administration websites. The data are collected and processed by the centralized Web Analytics Italia (WAI) platform, which hosts statistical data for Italian public websites that participate in the project.
These third-party analytics cookies are considered equivalent to technical cookies because:
- they are used exclusively to generate aggregated statistics and are related to a single website or mobile application;
- at least the fourth component of the IP address is masked;
- third parties do not combine these analytics cookies with other processing (e.g. customer files or traffic statistics from other websites), nor do they transmit them to third parties.
As such, no user consent is required for their installation.
| Name | Purpose | Expiry |
|---|---|---|
| _pk_id.xxxxxxxxxx.xxxx | WAI | 30 days |
| _pk_ses.xxxxxxxxxx.xxxx | WAI | 30 minutes |
| _pk_ref.xxxxxxxxxx.xxxx | WAI | 6 months |
How to disable Cookies
Users can refuse consent to the use of cookies by selecting the appropriate settings in their browser.
Third-Party Cookies
This web application uses certain functionalities provided by other organisations (“Third Parties”) to enhance user experience.
As a result of installing specific extensions (modules, plugins, widgets) or embedding content hosted on external platforms, third-party cookies may be transmitted to and from sites not owned by the Agency.
The use of this type of cookie requires prior user consent, which can be withdrawn at any time.
Please note that information collected by “third parties” is not accessible to the Data Controller and is managed according to their own privacy policies, which should be consulted.
How to Disable Third-Party Cookies
Disabling third-party cookies is also possible via the methods described in the respective privacy policies and/or as made available directly by the third-party data controllers.
How to delete Cookies already stored on the device
Even if consent for the use of third-party cookies is withdrawn, such cookies may have already been stored on the user’s device. For technical reasons, it is not possible to delete them automatically; however, the user’s browser allows their removal through privacy settings. Browser options generally include the "Clear browsing data" function, which can be used to delete cookies, site data, and plugins.
The provision of personal data is essential for the use of all functionalities of the web services offered by the Portal. Failure to provide such data may result in the inability to fully use the Portal’s functionalities and/or to process a request submitted by the data subject.
Personal data are processed using computerized methods by personnel authorized to process data in accordance with their assigned duties and responsibilities, and in compliance with the principles of lawfulness, fairness, transparency, adequacy, relevance, accuracy, data minimization, integrity, and confidentiality (Art. 5(1) of the GDPR). No profiling or automated decision-making is carried out.
Personal data will be processed by personnel authorized to pursue the aforementioned purpose; they may also be disclosed to third parties in the event of a legal obligation and/or a provision issued by the judicial authority.
The data collected will be retained for the period necessary to achieve the aforementioned purposes and, in any case, for a maximum period of six months.
At any time, data subjects may exercise the rights provided for in Articles 15 et seq. of the GDPR by contacting the Data Controller at the email addresses indicated above:
- Access to their personal data and to the information referred to in Article 15 of the GDPR;
- Rectification of their personal data if inaccurate and/or completion of the data if incomplete;
- Erasure of their personal data, except in cases where the Agency is required to retain them pursuant to Article 17(3)(b) of the GDPR;
- Restriction of processing in the cases provided for by Article 18 of the GDPR;
- Objection to the processing of their personal data, in the cases permitted under Article 21 of the GDPR.
To exercise these rights, data subjects may use the appropriate form available on the “Privacy and Personal Data Protection” page of the Agency’s portal and submit it to the Data Controller via the contact details provided above.
Data subjects who believe that their personal data are being processed in violation of the GDPR have the right to lodge a complaint with the Data Protection Authority pursuant to Article 77 of the GDPR or to seek remedy through appropriate judicial channels.