Списак активних правилника

Цео правилник

Цео правилник

Цео правилник

Цео правилник

Цео правилник

Цео правилник

Who we are

The partners of the ISOTISPROJECT ('we' or 'us', listed at http://www.isotis.org/consortium/partner-institutions/) collect, use and are responsible for certain personal information about you. The data controller is the University of Milano Bicocca, Italy and the main contact person is Dr. Andrea Mangiatordi.We are regulated under the General Data protection Regulations (EU) 2016/679,which apply across the European Union (including the United Kingdom) and we are responsible as a 'controller' of that personal information for the purposes of those laws.

What personal information we collect and use

a) Personal information you provide to us

When you create your personal account on our website, or when you participate in the educational activities on the website, you provide us with following personal information :

• If you are an adult participant (a parent or a teacher): your name (non-mandatory), your email address, the country of your residence
• If you are representing a pupil (as a parent, legal guardian or other responsible figure): the country of residence of the pupil

These types of information are collected for the following reasons:

Name: for identification by us or by other users
Country: for research purposes
Email (only if you are an adult participant): for communication purposes or for the maintenance of your account (i.e., for password recovery)
Role (teacher, parent…): for research purposes and for assignment to proper groups inside the platform

We will inform you at the point of collecting information from you, whether we willneed youto provide the information to us.

Some examples of when we collect this information include:

• the creation of your personal account
• during participation in educational activities
  

b) Sensitive personal information

Sensitive personal information includes any information which relates to the following (examples of information that could be involved in the activities proposed here):

your ethnic origin
your religious beliefs
your physical or mental health or condition
your sexual orientation

No sensitive personal information will be requested directly during the registration on the website. Yet some sensitive personal informationmay be collected when you participate in the discussions or activities in the platform. This includes for instance information related to your ethnic origins, your religious beliefs or your physical or mental health and condition. We are collecting this information for research purposes only.

Examples of potential situations in which sensitive personal information could be involved in the activities:

• participants can be asked to tell about their typical day, their home environment and their families, the traditions they honor: this would allow to infer some of the above listed data;
• children can be asked to upload drawings, which could reveal states of physical or intellectual impairment.

How we use your personal information

We collect information about our users for the following purposes:

• conducting research on your activity inside the platform,to evaluate whether the proposed activities were efficient, understandable, and thought provoking;
• reporting and scientific writing, including presentations in conferences;all academic publications will belisted on the ISOTIS website.

Data will not be transferred outside the European Union, and no third-party will access your personal information. Your data will notbe used to feed automatic decision systems (i.e., there will be no recommendation of further content or services based on your behaviour).

Whether we will ask you to provide personal information, and if so why

The provision of the following information will be needed fromyou:

If you are an adult participant (a parent or a teacher): name (non-mandatory), email address, country, role (parent or teacher)

If you are representing a pupil (as a parent or other responsible figure): country of the pupil

This is to enable us to do the following:

Name: for identification by us or by other users (e.g., teacher, other pupils)
Country: for research purposes
Email (only if you are an adult participant): for communication purposes or for the maintenance of your account (i.e., for password recovery)
Role (teacher, parent…): for research purposes and for assignment to proper groups inside the platform

We will inform you at the point of collecting information from you, whether we will need youto provide the information to us.

How long your personal information will be kept

We will hold your personal information for the following periods:

Raw data, whichmeans data collected from the website users that has not been processedyet, will be stored on secure servers located at the University of Milano-Bicocca, Italy and will undergo a pseudonymization process.In this process we will remove or encrypt the personally identifiable information so that people whom the data describe remain anonymous. Theanonymizationprocess will happenas soon as possible,and raw data will be kept at the University of Milano-Bicocca, Italy for a maximum period of six months after the end of the project and then be deleted. Theanonymized research data (without any identifiable information) will be moved to secure servers located at Utrecht University, the Netherlands, and be kept there for a 10 years period.

The periods for storing the data are no longer than necessary for the research purposes.

Reasons we can collect and use your personal information

We rely on a Consent form as the lawful basis on which we collect and use your personal information.

The basis on which we process your sensitive information (i.e. special category as in the GDPR) is that processing is necessary to demonstrate the validity of research findings produced by the project.

Keeping your information secure

We haveappropriate security measuresin place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We will also use technological and organisation measures to keep your information secure. These measures may include the following examples:

User account access is controlled by a unique username and password; all data is stored on secure servers; passwords are stored in an encrypted form; users are asked to set a custom password after their first login.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Indeed, while we will use all reasonable efforts to secure your personal data, in using the site you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us using the details below.

Children and the validity of consent

Where we obtain consent from any user we will take reasonable steps to ascertain whether the user is aged 16 and over, and whether the child is sufficiently informed to give valid consent. If the user is youngerthan 16years of age, parental consent will be required to provide consent for the processing of any personal information.

Each user, including children, will possess a unique username and password. Passwords associated to usernames will be initially set by the platform administrators or randomly generated. Users will have to change them at their first access. For privacy reasons, passwords will be stored in an encrypted form in the VLE database, so that neither the researchers of the ISOTIS Project nor the platform administrators will have the possibility to read them, only to reset them upon a user’s request. The password reset procedure, which will be autonomously manageable by users, will involve sending a special link to the email address of the user. In case of the creation of multiple accounts connected to a single email address, the password reset procedure will be manageable by the person who is authorized to access that email account (typically a teacher).Note that, in case of accounts managed by a single person, we will make sure that the final account owner is the only one who actually knows both username and password. As stated above, every user, adult or child, will be asked to choose a new password right after the first authenticated access to the platform, so that previously communicated passwords will not be effective.

What rights do you have?

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

• opt-out at any time if you do not want your information to be stored on our servers any longer
• fair processing of information and transparency over how we use your use personal information
• access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
• require us to correct any mistakes in your information which we hold
• require the erasure of personal information concerning you in certain situations
• receive the personal information concerning you which you have provided to us, in a structured, commonly used and easily portable.
• object in certain other situations to our continued processing of your personal information
• otherwise restrict our processing of your personal information in certain circumstances
• claim compensation for damages caused by our breach of any data protection laws

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner's Office (ICO) on individual's rights under the General Data Protection Regulations (http://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)

If you would like to exercise any of these rights please:

• send us an email
• let us have enough information to be sure it isyou, an not someone else, making the request (username and associated email)
• let us know the information to which your request relates
  

Do you need extra help?

If you would like this policy in another format (for example: audio, large print, braille), please contact us using the e-mail address below.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

Changes to the privacy policy

This privacy policy was published on30/05/2018and last updated on 11/12/2018.

We may change this privacy policy from time to time. We will notify all users of any changes by email (if you have opted in to receive emails); by a notice on the website header; by a notice in the news section of the website.

Contacting us

If you have any questions about this policy or the information we hold about you, please contact us by:

e-mail:privacy@isotis.org

The main contact person is Dr. Andrea Mangiatordi, who is based at the University of Milano-Bicocca, piazza dell’Ateneo Nuovo 1, 20126 Milan - Italy.