PoliTO eduGateway

PoliTO eduGateway – Edvance Privacy Policy

Privacy Notice for the Processing of Personal Data for Access to Edvance Project MOOC Courses Offered by Politecnico di Torino
(Article 13 of EU Regulation 2016/679)

As required by the General Data Protection Regulation (EU Regulation 2016/679 – also known as "GDPR"), we provide the following information regarding the processing of your personal data. Specifically, Edvance is a project funded by the European Union – Next Generation EU under the PNRR call, Mission 4, Component 1, Investment 3.4 "Advanced University Teaching and Skills" and involves the participation of 17 Italian universities and AFAM institutions.

Contact Details

The Data Controller is Politecnico di Torino, headquartered at Corso Duca degli Abruzzi, 24, 10129 – Torino, represented by the Rector pro tempore as the legal representative.
The Data Controller can be contacted at PEC: politecnicoditorino@pec.polito.it
For further information and clarifications: privacy@polito.it
The Data Protection Officer ("DPO") of Politecnico di Torino, whom data subjects may contact regarding matters related to the processing of their personal data and the exercise of their rights, can be reached at: dpo@polito.it; PEC: dpo@pec.polito.it.

Principles, legal basis, and purpose of processing

In compliance with the principles of lawfulness, fairness, transparency, adequacy, relevance, and necessity set forth in Article 5, paragraph 1, of the GDPR, Politecnico di Torino, as the Data Controller, will process the personal data provided at the time of access: Surname, Name, Email, schacHomeOrganization, eduPersonPrincipalName, schacPersonalUniqueID (mandatory data) for the following purposes:

Description	Legal Basis
Enrollment and participation in online courses and educational activities;	Article 6, paragraph 1, letter: b) [“Processing is necessary for the performance of a contract to which the data subject is party”] of the GDPR; e) [“Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”] of the GDPR
Statistical, storage, and archiving purposes;	Article 6, paragraph 1, letter: e) [“see above”] of the GDPR

The processing for the purposes mentioned above is carried out digitally, manually, and/or using electronic or automated tools.

Authorized processing parties, potential recipients or categories of recipients, and data processors

The data processed for the purposes outlined above will be communicated to or otherwise accessible by employees and collaborators assigned to the relevant offices at Politecnico di Torino, who will be adequately instructed by the Data Controller.
Politecnico di Torino may also communicate the personal data it holds to other public administrations if necessary for their institutional proceedings. Additionally, data may be shared with entities required by EU regulations, national laws, or public security authorities for defense, security, or crime investigation purposes.
The management and storage of personal data collected by Politecnico di Torino take place on systems located within the university and/or with external service providers necessary for administrative and technical management. These providers may become aware of personal data solely for the requested service and will be duly appointed as Data Processors under Article 28 of the GDPR.

Data transfer

The collected data will not be transferred to a country outside the European Union ("third country") unless covered by a European Commission adequacy decision or carried out with appropriate and suitable guarantees under Articles 46, 47, or 49 of the GDPR.

Data retention period

Considering the archiving obligations imposed by current regulations, personal data will be retained for the period strictly necessary to achieve the above-mentioned purposes. Specifically:

Data related to online courses available on the Edvance platform will be retained for a period of three years from the end of the individual MOOC;
General Edvance user data will be deleted after 10 years of user inactivity.

Data provision

Providing personal data is mandatory. Refusal to provide the requested data will result in the inability to execute the specified purposes.

Data subject rights

As a data subject, you have the right to request from the Data Controller, in accordance with Articles 15 and following of the GDPR:

Access to your personal data and all information under Article 15 of the GDPR.
Correction of inaccurate personal data and completion of incomplete data.
Deletion of personal data, except for data contained in records that must be legally retained by the university, and unless there is a prevailing legitimate reason for processing.
Restriction of processing in the cases specified under Article 18 of the GDPR.

You also have the right:

To object to the processing of personal data, subject to the necessity and mandatory nature of data processing for accessing the offered services.

If you wish to exercise any of your rights, you can contact the Data Controller.

Complaint

You have the right to lodge a complaint with the Data Protection Authority following the instructions available at the following link: Complaint template – Garante Privacy.

This notice was last updated on April 3, 2025.