Privacy Policy

This Privacy Policy is provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter also referred to as the “Regulation” or “GDPR”), in order to inform individuals who interact with the “World Petunia” website https://worldpetunia2026.wixsite.com (hereinafter the “Website”) about how their personal data will be processed, both through simple browsing and through the use of specific services made available on the Website.

This notice applies exclusively to the website mentioned above and not to other websites or sections/pages/spaces owned by third parties that may be accessed by the user through specific links, for which reference should be made to the respective privacy policies.

1. DATA CONTROLLER AND DATA PROTECTION OFFICER

The Data Controller is Università Campus Bio-Medico di Roma (hereinafter “UCBM”, “University”, or “Controller”), Tax Code 97087620585, with its registered office in Roma, Via Álvaro del Portillo no. 21

The Data Protection Officer (hereinafter “DPO”) can be contacted at the following addresses:

by e-mail: dpo@unicampus.it;
by regular mail: Università Campus Bio-Medico, in Roma, Via Álvaro del Portillo no. 21, 00128 Roma (RM), Italy, to the attention of the Data Protection Officer.

2. PERSONAL DATA SUBJECT TO PROCESSING

We inform you that, by using the Website, the Controller may collect and process information and personal data relating to you. Such data may consist of identifiers such as your name, an identification number, location data, an online identifier, or one or more elements characteristic of your physical, physiological, psychological, economic, cultural, or social identity that are capable of identifying you or making you identifiable, depending on the type of services you request (hereinafter also “Personal Data”).

In particular, the Controller will process the following categories of Personal Data:

a. Browsing Data

The Controller will process the Personal Data collected during your navigation of the Website. Such Personal Data includes, for example, your IP address, location (country), the domain names of the computer or device you use, the URI (Uniform Resource Identifier) addresses of the resources requested on the Website, the time of the requests, the method used to submit the requests to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and similar information.

The operation of the Website necessarily involves the use of computer systems and software procedures that collect information about users as part of their normal functioning. Although the Controller does not collect such information in order to associate it with specific users, it may still be possible to identify users either directly through this information or by combining it with other data collected. As such, this information is also considered Personal Data.

b. Common Data Voluntarily Provided

The Controller will process the Personal Data you may provide when submitting requests to the e‑mail address available on the Website in the “Contact” section.

When sending requests to the Controller, you are invited to provide only the Personal Data strictly necessary for handling your request, excluding any excessive Personal Data.

Requests submitted to the e‑mail address provided on the Website may also include those sent by PhD or Master’s students seeking information and/or submitting applications for the awarding of scholarships. In such cases, the Personal Data processed may include, in addition to identification and contact details, further information contained in the documentation voluntarily provided by the data subject, such as, for example, the Abstract.

Furthermore, the Controller may process the Personal Data you provide when registering for the World Petunia congress through the form available on the Website. In particular, the Personal Data that may be processed include: identification data (first and last name) and contact details (e‑mail address). Additionally, with your explicit and specific consent, Personal Data belonging to special categories pursuant to Article 9 of the GDPR may be collected, such as information regarding your dietary restrictions and/or intolerances, for the purpose of properly organizing and managing the catering and/or food services provided during the congress.

c. Cookie

The Controller will process the Personal Data collected through cookies and other tracking tools. For more information on the Personal Data processed through cookies and other tracking technologies, you may consult the relevant Cookie Policy.

3. PURPOSES OF THE PROCESSING AND LEGAL BASIS FOR THE PROCESSING

Your data will be processed for the following purposes:

a. Allowing navigation of the Website and interaction with its content, including Website security management

b. Responding to requests submitted to the e‑mail address provided on the Website, and managing congress registration requests through the Website

The Controller will process, pursuant to Article 6(1)(b) of the Regulation (legal basis: performance of a contract to which the data subject is party or the execution of pre‑contractual measures taken at the data subject’s request), the common Personal Data referred to in paragraph 2, letter b), in order to manage and respond to requests submitted by users to the e‑mail address provided on the Website in the “Contact” section, including those that may be sent by PhD or Master’s students for the awarding of a scholarship and accompanied by additional documentation (such as, for example, the Abstract), as well as to manage congress registration requests submitted through the Website.

In particular, with regard to the management of registration requests, Personal Data belonging to special categories referred to in paragraph 2, letter b), will be processed only after obtaining your explicit and specific consent.

The provision of Personal Data for these purposes is optional; however, failure to provide such data would prevent the submission of the request and, consequently, the possibility of receiving a response from the Controller, as well as the ability to complete registration for the congress through the Website.

Once provided, your Personal Data may also be processed for the following purposes.

c. Complying with obligations established by laws, regulations, or EU provisions, or responding to requests from competent authorities

The Controller will process, pursuant to Article 6(1)(c) of the Regulation (legal basis: legal obligation), the Personal Data referred to in paragraph 2 in order to comply with applicable legal requirements.

d. Meeting any defensive needs, including the identification, prevention, mitigation, and detection of fraudulent or unlawful activities in connection with the services offered on the Website

The Controller will process, pursuant to Articles 6(1)(f) and 9(2)(f) of the Regulation (legal basis: legitimate interest), the Personal Data referred to in paragraph 2 in order to protect its rights and/or legitimate interests in judicial and extrajudicial proceedings.

4. RECIPIENTS OF PERSONAL DATA

Your Personal Data may be shared, for the purposes indicated in paragraph 3 of this Privacy Policy, with the following entities, collectively referred to as “Recipients”:

individuals authorized by the Controller, pursuant to Articles 29 and 32 of the Regulation and Article 2‑quaterdecies of Legislative Decree 196/2003 (the so‑called “Privacy Code”), to process Personal Data necessary for activities strictly related to the provision of services, who have committed to confidentiality or are subject to an appropriate legal obligation of confidentiality;
entities typically acting as Data Processors pursuant to Article 28 of the Regulation, on behalf of the Controller, in particular those responsible for providing services necessary for the operation of the Website (e.g., hosting providers, technical maintenance service providers, etc.).

The complete list of Data Processors is available upon written request to the DPO at the contact details indicated in paragraph 1 of this Privacy Policy;

furthermore, the Controller may disclose your Personal Data to entities, bodies, or authorities to whom communication is mandatory under legal provisions or upon order of competent authorities. These entities will process the Personal Data as independent Data Controllers.

5. TRANSFERS OF PERSONAL DATA

Some of your Personal Data may be shared with Recipients located outside the European Economic Area. In such cases, the Controller ensures that the processing of Personal Data by these Recipients is carried out in compliance with applicable legislation and according to one of the methods permitted under Articles 44–49 of the Regulation, such as the data subject’s consent, the adoption of Standard Contractual Clauses approved by the European Commission, or the selection of entities adhering to international data‑transfer frameworks, in accordance with the provisions set out in the Recommendations 01/2020 adopted on 10 November 2020 by the European Data Protection Board.

You may request further information regarding the data transfers carried out and the safeguards adopted for this purpose by writing to the DPO at the contact details indicated in paragraph 1 of this Privacy Policy.

6. RETENTION OF PERSONAL DATA

The Personal Data processed for the purposes indicated in paragraph 3, letters a) and b), of this Privacy Policy will be processed for the time strictly necessary to achieve those purposes, in compliance with the principles of data minimisation and storage limitation pursuant to Article 5(1)(c) and (d) of the Regulation.

With specific reference to the Personal Data submitted in connection with requests relating to the awarding of scholarships, including any attached documentation (such as, for example, the Abstract), such data will be retained for the time strictly necessary to manage and assess the request and will thereafter be deleted or anonymised, unless further retention is required to comply with legal obligations or to protect the Controller’s rights in judicial or extrajudicial proceedings.

The Personal Data processed for the purposes indicated in paragraph 3, letter c), of this Privacy Policy will be retained for the period required by the relevant specific obligation or by the applicable legal provisions.

The Controller also reserves the right to retain Personal Data for the time necessary to establish and exercise its rights and/or to meet any defensive needs in judicial or extrajudicial proceedings, including pre‑litigation stages.

Further information regarding the data retention period and the criteria used to determine such period may be requested by writing to the DPO at the contact details indicated in paragraph 1.

7. RIGHTS OF THE DATA SUBJECT

As a data subject, you have the right to exercise the following rights at any time:

Right to withdraw consent (Article 7 of the Regulation) – You have the right to withdraw any consent previously given at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Right of access (Article 15 of the Regulation) – You have the right to obtain confirmation as to whether or not your personal data is being processed, as well as the right to receive any information relating to such processing.

Right to rectification (Article 16 of the Regulation) – You have the right to obtain the rectification of your personal data if it is incomplete or inaccurate. Please note that, with regard to personal data collected through audio and video recording systems, the right to rectification cannot be exercised due to the intrinsic nature of the data collected, which refers to an objective and specific fact.

Right to erasure (Article 17 of the Regulation) – Under certain circumstances, you have the right to obtain the deletion of your personal data from our records.

Right to restriction of processing (Article 18 of the Regulation) – Under certain conditions, you have the right to obtain the restriction of the processing of your personal data.

Right to data portability (Article 20 of the Regulation) – You have the right to obtain the transfer of your personal data to a different data controller, as well as the right to receive your data in a structured, commonly used and machine‑readable format.

Right to object (Article 21 of the Regulation) – You have the right to object to the processing of your personal data, providing reasons related to your particular situation. The Controller reserves the right to assess the request, which may not be granted if there are compelling legitimate grounds that override your interests, rights, and freedoms.

Furthermore, if you believe that the processing of your Personal Data violates data protection legislation, you are informed that you have the right, pursuant to Article 77 of the Regulation, to lodge a complaint with the supervisory authority of the Member State where you habitually reside or work, or of the place where the alleged violation occurred.

To exercise the above rights, you may write to the DPO at the registered office in Rome, Via Álvaro del Portillo no. 21, addressed to the Data Protection Officer, or via e‑mail at: dpo@unicampus.it.

8. UPDATES TO THIS WEB NOTICE

The Controller reserves the right to modify or simply update, in whole or in part, the content of this Privacy Policy, also in light of any changes to the applicable legislation. Therefore, the Controller invites you to regularly visit this section in order to review the most recent and updated version of the Privacy Policy, so that you are always informed about the data collected and how it is processed.

9. HOW TO CONTACT THE DATA CONTROLLER AND EXERCISE THE RIGHTS OF THE DATA SUBJECT

If you have any questions or concerns regarding the processing of Personal Data, or if you wish to exercise any of the rights mentioned above, you may send a written communication by registered mail with return receipt to Università Campus Bio‑Medico di Roma, Via Álvaro del Portillo no. 21, Rome, addressed to the DPO – Data Protection Officer, or by e‑mail to: dpo@unicampus.it

Privacy Policy

World Petunia Days 2026