Information notice on the processing of navigation Data and cookies

Website navigation

1. Introduction

In accordance with the provisions of current legislation on the protection of personal data, by means of this policy, Università Cattolica del Sacro Cuore, in its role as Data Controller (hereinafter also referred to as "University" or "Data Controller"), intends to provide users with all useful information regarding the characteristics of the processing carried out by the University in relation to navigation data on the website

The information notice is rendered for all the websites of the domain and not even for other websites possibly consulted by the user through links.

2. Identity and contact details for the Data controller

The Data Controller of the data concerning users is Università Cattolica del Sacro Cuore, with registered office in Largo Agostino Gemelli 1, 20123 Milan, tel. (+39) 027234.1

3.  Categories of personal data

Università Cattolica del Sacro Cuore, as Data Controller, collects the following data:

  • website navigation data: the computer systems and software procedures used to operate the site acquire, during their normal operations, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes user identification data, for example, IP addresses and computer domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment;
  • data relating to the use of the website by the user, through the use of technical cookies.
  • website navigation data collected through Google Analytics with IP anonymization by adopting all useful measures to reduce the possibility of identification of users who connect; for example: type of device used to connect, city from which you connect, duration of visit to a site, etc.;
  • data provided voluntarily by the user - identification information - for access to certain services offered through the website, for which please refer to the specific information in the relevant sections.

As far as the use of cookies is concerned, please refer to the specific sections of this policy.

4. Purpose of the processing and legal basis

The University processes personal data for the following purposes:

  • manage the correct use of the website and the correct functioning of the services offered;
  • obtain statistical information on the use of services (most visited pages, number of visitors per hour or per day, geographical areas of origin, etc.);
  • release and manage the credentials, IT resources and online services made available to potential students, participants in the initiatives and / or users;
  • ascertain whether users have acted unlawfully to the detriment of third parties or to the detriment of the University;
  • comply with European and national regulations, provisions of Public Administrations and/or Supervisory Authorities.

The legal basis of the processing is constituted by the consent of the interested party, expressed during the browsing experience and manifested during the consultation of the website, by the execution of the contract that data subject is possibly part.

The optional, explicit and voluntary sending of e-mails, messages or any type of communication addressed to the University's contact details indicated on the pages of the website, entails the subsequent acquisition of the sender's address or any other personal data that will be used to respond to requests. It is ensured that this treatment will be based on the principles of correctness, lawfulness, transparency, and protection of confidentiality pursuant to Article 13 of the GDPR 2016/679.

Specific summarised information is displayed on the pages of the websites set up for particular services on request.

5. Processing methods

Personal data are processed both in paper and electronic form (servers, cloud databases, application software, etc.). The University stores the user's personal information in accordance with certain fundamental criteria outlined below: referring in particular to the purposes of collection, the terms provided for processing for marketing purposes and the statute barred limitations dictated by law.

Apart from what specified for navigation data, the user is free to provide personal data contained in the forms on the University website or indicated during contacts to request information material, other communications or to access specific services. Failure to provide such data may make it impossible to obtain what has been requested.

Some pages on the University website may contain links to other websites that are not operated by Università Cattolica del Sacro Cuore. The University does not share personal information with such websites. The University is not responsible for the content, security, or privacy measures implemented by other sites and expressly refuses all liability.

6. Subject categories that the Data can be communicated to and Data tranfer

The data collected through cookies may be processed by employees and external companies that collaborate with the University, respectively as data processors and controllers. The list of designated data processors is constantly updated and available at the University's offices.

7. Data Protection Officer

The University has appointed a Data Protection Officer (D.P.O.), e-mail

8. Rights of the Data subject

As an interested party, the user has the right to:

  • Ask the Data Controller for access to the data, their cancellation, the rectification of inaccurate data, the integration of incomplete data, as well as the limitation of processing in the cases provided for by Article 18 of the GDPR;
  • Oppose, at any time, in whole or in part, the processing of Data necessary for the legitimate pursuit of the interest of the Data Controller;
  • In the event that the conditions for the exercise of the right to portability set forth in Article 20 of the GDPR are present, receive in a structured, commonly used and machine-readable format the data provided to the Data Controller, as well as, if technically feasible, transmit it to another Data Controller without hindrance;
  • Withdraw the consent given at any time;
  • Complain to the competent Supervisory Authority.

These rights may be exercised by registered mail, addressed to Università Cattolica del Sacro Cuore, General Management-Directorate - Privacy, Largo Agostino Gemelli 1, 20123, Milan, or by e-mail at


9. What are cookies

The management of the University's institutional website employs a technology called "cookies" together with other tracking tools (such as web beacons). Their use is mainly aimed at investigating how the website is used by users (most used pages, time spent, etc.), improving the website performance, facilitating and enhancing the user experience.

Cookies are small text strings that websites visited by the user send to the computer and any device used to access the Internet (such as smartphones and tablets), where they are stored and then transmitted to the same websites the next time the same user visits.

Cookies can be stored permanently and have a variable duration (the so-called persistent cookies - e.g. in order to automatically access a reserved area, users can choose to have their User-ID and password stored in one of these files), but they can also disappear when the browser is closed or have a limited duration (the so-called session cookies).

Cookies can be installed by the website you are visiting (the so-called first party cookies), but also by other websites (the so-called third-party cookies) and are used to perform computer authentication, session monitoring and storage of information regarding the activities of users who access a particular site.

The cookies, as indicated by the Guidelines cookies and other tracking tools of the Guarantor Authority, can be classified into two macro-categories:

  • technical cookies, used for the sole purpose of "carrying out the transmission of a communication on an electronic communication network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the contracting party or user to provide such service" (see article 122, paragraph 1 of the Code);
  • profiling cookies, used to trace determined, identified or identifiable subjects, specific actions or recurring behavioural patterns in the use of the functions offered (patterns) in order to group the various profiles within homogeneous clusters of different sizes, so that it is possible for the Data Controller, among other things, to modulate the provision of the service in an increasingly personalised manner beyond what is strictly necessary for the provision of the service, as well as to send targeted advertising messages, i.e. in line with the preferences expressed by the user when surfing the web.

It is not necessary to obtain the user's consent for the installation of technical cookies. Cookies can be installed directly by the operator of the website or by a different website that installs them through the first one (the so-called "third party" cookies).

Users can obtain more detailed and updated information on the duration, as well as any other relevant information in the privacy policies of the respective third-party providers (through the links provided) or by contacting the Controller.

10. First-party technical cookies

The website uses the following types of first-party technical cookies:

  • Session cookies: fundamental to allow the user to move normally within the website and correctly use the relative services. Since they are not stored on the user's computer, they disappear when the browser is closed;
  • Functionality cookies: aimed solely at improving and speeding up navigation on the website, by storing certain choices made by the user (such as language preferences).

They are therefore tools used by the Data Controller to guarantee, for example, efficient navigation, session stability, log-in permanence and pre-selection of the chosen navigation country. They also serve to remember, in an anonymous form, the choices made by the user regarding the display of certain elements of the page, such as information and communication banners.

As already stated, the use of technical cookies and the performance of processing related to them does not require the user's prior consent.

In any case, it remains possible for the latter to prevent the installation of such cookies at any time through the settings of their browser, as indicated later in this policy, knowing that such a choice could, however, complicate, slow down and sometimes block navigation on the website and, more generally, on the Internet.

11. Analytical Cookies

The Site also uses cookies for anonymous statistics. These are Google Analytics cookies through which are collected, in an aggregated and anonymous way, information on how the Site is used by users (number of visitors, pages visited, dwell time, etc.). This information is generally used to improve the functionality of the Site, allowing, for example, to record any errors detected by users and ensure, therefore, a smoother and more immediate navigation.

  • Google Analytics with anonymized IP (Google Ireland Limited)
    Google Analytics is a web analysis service provided by Google Ireland Limited ("Google"). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Website by anonymizing your IP address in accordance with the requirements of the Italian Data Protection Authority. Read further information for the protection of privacy.
    Personal data processed: Cookies and Usage Data.
    Place of processing: Ireland - Privacy Policy - Opt Out.
12. How to disable cookies

Considering that most browsers are programmed to accept cookies automatically, the user may choose not to receive them, especially when the third party involved does not give the opportunity to properly opt-out, even by accessing the browser settings and disabling their use, according to the procedures described at the following addresses:

In any case, it should be noticed that disabling cookies may complicate Internet navigation or prevent users from moving freely from one page to another, enjoying all the website functions.

For further information on cookies, please visit (limited to the services surveyed by this platform), to obtain information on how to delete or manage cookies according to the browser used and to set preferences for the use of third-party cookies.

In addition, whenever the use of Cookies is dependent on consent, the User can give or revoke such consent by setting their preferences within the cookie policy. In particular, it is possible to change consent to cookies by clicking on the "Cookie settings" link at the bottom of each page of this Website.

Users can also remove previously saved cookies and/or tracking tools using special browser or device functions.

Other tracking tools in the browser's local memory can be removed by deleting the browsing history.

With regard to third party cookies, Users may manage their preferences and revoke their consent by visiting the relevant opt out link (if available), using the tools described in the third party's privacy policy or contacting the third party directly.

Users may also manage certain cookies and tracking tools for mobile applications by turning them off through appropriate device settings, such as mobile advertising settings or tracking settings in general (Users may consult their device settings to find the relevant one).

For more information, check out the following sites:

Updated on: 3 May 2022