Privacy Policy
Please read this privacy policy carefully so that you fully understand how we collect, use and store information about you. In case you accept this privacy policy, we assume that you understand and agree with all the details provided below. Occasionally, we may update this privacy policy, so please kindly visit our website to always find the latest version. We will contact you in case there will be important changes.
- Introduction
1.1 POLITECNICO DI TORINO, Department of Electronics and Telecommunications a public University in Italy, with registered addressed at Corso Duca degli Abruzzi 24, 10129, Torino (further as ‘the Controller’ or ‘we’) protects your information and your privacy and processes your personal data following the requirements provided by the relevant laws.1
1.2 This privacy policy (further as ‘the Privacy Policy’) describes how we process your personal data. In particular, this Privacy Policy provides details on:
1.2.1 which personal data (further as data) of yours we collect (categories);
1.2.2 who can you contact in case of any questions or complaints concerning your data (our contacts and contacts of our data protection officer);
1.2.3 why do we process your data (purposes);
1.2.4 what legal grounds do we have to process your data (legal bases and legitimate interests);
1.2.5 who else will receive your data (recipients);
1.2.6 for how long we will store your data (period);
1.2.7 your rights.
1.3 We value privacy and are therefore committed to protect the (personal) data of all our stakeholders with the greatest possible care, and to process personal data only in a fair and lawful manner.
1.4 This Privacy Statement is applicable to our customers, partners and website visitors for the personal data collected and processed by through this website and the related services. This Privacy Policy contains essential information on how, as the data controller, collects and processes personal data, for what purposes and explains your rights as a data subject.
- Which information do we collect?
2.1 We collect and can process the following data:
- Full name
- Mail address
- Date of birth
- Country you live in
- City you live in
- Gender
- Household members
- Phone number
- Income
- Job
- Education
- Location history
- Browsing history
- User interests based on your location and browsing history
In addition, we also process various documents submitted by you or concerning you and your communications to us in order to process and handle your queries, requests and complaints, and to engage into legal proceedings in case that would appear necessary.
- Why do we collect information about you?
3.1 We process your data based on three legal bases: consent (art. 6(1)(a) of the GDPR, contract (art. 6(1)(c) of the GDPR and our legitimate interests (art. 6(1)(f) of the GDPR.
3.2 The following data is used for the specified purposes and based on the specified legal basis:
Why do you collect my information? | Which information do you collect about me? | Why are you legally allowed to collect my information? | How long do you keep information about me? |
To process and handle your queries, requests and complaints, and to engage in legal proceedings in case that would appear necessary | Name, surname, contact details you contacted us through, the information included in the query, request or complaint. | Based on our legitimate interest in handling your inquiries, art 6, 1, f) GDPR | For three years after the project ended (approx. August 2025) |
To inform you about policy changes, inform you in case you win a prize, contact you to participate in surveys, and in general contact you in case of need | Name, surname and e-mail address | Based on contract when you sign-up for our platform, art. 6, 1, c) GDPR | For three years after the project ended (approx. August 2025)
|
For academic research such as data analyses, generation of participation insight (note that anonymisation and aggregation of data is applied whenever possible). | Date of birth, Country you live in, City you live in, Gender, Household members, Phone number, Income, Job, Education | Based on your consent (by voluntarily submitting it and giving granular consent to sharing it), art. 6, 1, a) GDPR
| For three years after the project ended (approx. August 2025) or unless you revoke your consent earlier
|
For advertisement on the website/platform | Date of birth, Country you live in, City you live in, Gender, Household members, Phone number, Income, Job, Education.
| Based on your consent (by voluntarily submitting it and giving granular consent to sharing it), art. 6, 1, a) GDPR
| For three years after the project ended (approx. August 2025) or unless you revoke your consent earlier
|
Creating individual profiles and showing targeted advertisements. We also share this profile and the resulting data to third parties for receiving offers from data buyers | Location history, browser history. | Based on your consent (by voluntarily uploading it), art. 6, 1, a) GDPR
| For three years after the project ended (approx. August 2025) or unless you revoke your consent earlier
|
- Which information do you have to provide and why?
You should provide us with the information that is necessary to handle your complaints, queries and requests. In case you would not provide us with such information, we would not be able to handle them.
- Is your information shared with anyone else?
5.1 The whole EasyPIMS platform is to let users to freely control which of their personal data can be shared with data buyers. Data buyers can ask to get an audience of users that satisfy certain constraints (e.g., their profile and interests match the interests of the data buyer). Only users that provided their explicit consent can be part of an audience.
5.2 EasyPIMS is part of the Project PIMCity, funded by the European Commission (EC). While we are not going to share any of your data with the EC, we will use your personal data to elaborate statistics about the users that participate in the experimental part of the project. Only users who gave their consent to use their data for research will be included in the analysis.
5.3 We may also share your data to courts and other institutions or subjects when it is required by law.
5.4 Other than as set out in this Privacy Policy, we shall not disclose your data to any third parties without obtaining your prior explicit consent unless that would be required by law.
- For how long do we keep your information?
6.1 We will not retain your personal data longer than strictly necessary for the realization of the purpose of the platform. We as a project have to commit to store data for three years after the project ends in August 2022. As such, we will store your data for three years until after the end of the project, i.e. August 2025.
- How do we secure your information?
7.1 All data are stored in a secure server running in a data centre in Fastweb premises. All data are backed up in a separate server in the same premises. We do not have physical access to the servers, and they are reachable only using a dedicated access protected by a VPN secured by a two-factor authentication. The access to the database is limited to only to a subset of our personnel, after strong authentication.
7.2 We will take appropriate administrative, technical, and organizational measures against unauthorized or unlawful processing of any data or its accidental loss, destruction or damage, access, disclosure or use.
7.3 In the event of and following discovery or notification of a breach of the security of the data, or access by an unauthorised person, we will notify you if the breach is likely to affect your privacy.
- How do we manage cookies?
8.1 We only use strictly necessary cookies for the functioning of the platform.
- What are your rights?
9.1 You can withdraw your consent given to us to process your data at any time.
9.2 You can ask us whether we process the data about you and request access to that data.
9.3 You can ask us to correct the inaccurate data about you, or you can correct this yourself in your user profile.
9.4 You can ask us to delete the data about you and we will delete it in case there are no legal basis for us to process it.
9.5 You can ask us to restrict processing of your data (i) in case you contest the accuracy of the data, (ii) in case the processing is unlawful and you oppose the erasure of it, (iii) in case we no longer need the data but your data is necessary for you for the legal claims, or (iv) in case you have objected to processing pursuant to Art. 21(1) of the GDPR pending the verification whether our legitimate grounds override those of yours.
9.6 You can object processing your data.
9.7 You can download (and transfer) your data directly from the platform.
9.8 You can complain to a supervisory authority and to seek a judicial remedy.
You can look for your country’s Data Protection Authority here.
- How can you contact us?
Data Controller
POLITECNICO DI TORINO – Department of Electronics and Telecommunications, with its registered office situated at Corso Duca degli Abruzzi 24, 10129 Torino, Italy, contact via politecnicoditorino@pec.polito.it (certified e-mail).
Data Protection Officer Team
To get directly into touch with the DPO team of PIMCity, contact dpo@pimcity-h2020.eu.