Service Name | Identity Provider (IdP) of the University of Rome "Foro Italico" |
Service Description | The federated authentication service that allows the Users of the University of Rome "Foro Italico" to access federated Resources using their institutional credentials. The Resources can be provided through the Italian Identity Federation of Universities and Research Institutions (IDEM), or directly. The federated Authentication Service is responsible for authenticating the User, issuing an authentication token and, if required, releasing a minimum set of personal data to access the Resource. |
Controller | Name: University of Rome "Foro Italico"
Address: Piazza Lauro De Bosis, 15 - 00135 Roma University of Rome "Foro Italico" is the Controller of the personal data managed through the Service. |
Data Protection Officer (GDPR Section 4) | The Data Protection Officee (DPO) of the University of Rome "Foro Italico" is Eng. Ingrid Cristina Giuli Bicescu DPO contacts: |
Jurisdiction and supervisory authority | EN-EN Pursuant to art. 79 GDPR 2016/679 the interested party who believes that the rights he enjoys have been violated as a result of this processing has the right to contact the competent data protection authority. Responsible: Guarantor for the Protection of Personal Data https://www.garanteprivacy.it/ |
Categories of direct and indirect personal data processed and legal basis for processing |
The identification credentials (username/password) are kept in the information systems of the University of Rome "Foro Italico" and will never be transmitted to third parties. Based on the SAML standard protocol, the user attributes, necessary for access to the resources and released on the basis of a minimization criterion, can be transmitted to the Resource Providers (whether in EU or non-EU territory depending on the geographical location of the resources) to whom the user requests access upon presentation of an appropriate consent screen. Personal data is collected and stored in Italy on the information systems of the University of Rome "Foro Italico" in compliance with GDPR 2016/679 and subsequent amendments for the sole purposes relating to the provision of the service and access to resources requested by the interested party. Their processing is therefore necessary to provide the service. The processing of the interested party's personal data is subject to the limitations pursuant to Art.23 GDPR 2016/679. it is therefore necessary to provide the service. |
Purposes of personal data processing | To provide the federated authentication service in order to access the Resources requested by the User. To verify and monitor the proper functioning of the service and ensure its security (legitimate interest). To fulfil any legal obligations or requests from the judicial authorities. |
Third parties to whom the data are communicated | The Controller, in order to provide the service correctly, communicates to the Resources providers to which the User intends to access proof of authentication and only the personal data (attributes) requested, in full compliance with the principle of minimization. Personal data is transmitted only when the subject requests access to the Resource of the third party. For purposes related to the legitimate interest of the Controller or the fulfilment of legal obligations, some log data may be processed by third parties (e.g. CERT, CSIRT, Judicial Authority). |
Exercise of Subjects’ rights | To request access to your personal data and their correction or deletion or to object to their processing, or to exercise the right to data portability (Articles 15 to 22 of the GDPR), contact the Controller at the above mentioned contact details. |
Revocation of the consent of the interested party | The only data collected with the consent of the subject are preferences about the visualization of the attribute transmitted to the Resources. The preferences are collected at the time of the first access to the Resource and may be changed afterwards by starting over again the access procedure. |
Data Portability | The Interested Party may request the portability of their data concerning the federated authentication service, including preferences regarding the visualization of the attributes transmitted to the Resources, which will be provided in open format and in accordance with Art. 20 of the GDPR. The data portability service is free of charge. |
Duration of Data Storage | All personal data collected in order to provide the federated authentication service are retained for 6 months |
Policy update | The University of Rome "Foro Italico" may change this privacy policy to reflect changes in legal obligations or in the ways it processes personal data. Last update date: March 26, 2024 |