Privacy policy

“Information to be provided where personal data are collected from the data subject” (Art. 13 GDPR)


We wish to inform you that, pursuant to art. 13 of the EU Regulation 679/2016 (General Data Protection Regulation), you qualify as a “data subject” with reference to the personal data that the University of Udine, head offices in via Palladio 8, 33100 Udine (UD), has obtained as Data Controller regarding the NM4SAFETY course.

The aim of the NM4SAFETY project is to improve the quality of nursing working environment as the key factor capable of ensuring patient safety.

By accessing to the course you give your consent to store and process your data. The information is only used for the project’s purposes and by the partners involved. All information provided will be treated confidentially in accordance with the General Data Protection Regulation (GDPR) guidelines for secure data processing and storage (Reg. UE 679/2016).

By registering as a student on the platform, you give NM4SAFETY and its partners your consent to store and process your data.



a) The Controller

The joint Controllers of the NM4SAFETY-project are Università degli Studi di Udine (Italy), Technologiko Panepistimio Kyprou (Cyprus), Zurcher Hochschule Fur Angewandte Wissenschaften (Switzerland), Katholische Hochschule Mainz (Germany). Each entity is established in its respective legal offices.

The University of Udine may be contacted at the above address or at the following email address: .

b) The Data Protection Officer (DPO)

The Data Protection Officer (hereinafter also referred to as DPO), appointed by the University of Udine is available at the following email address .

c) Purposes and legal basis for the processing of personal data

Purpose Legal basis
Enrollment in the course Art. 6(1) lett. c), legal obligation
Enrolment in the course Art. 6(1) let. a) GDPR, consent of the data subject
Final assessment Art. 6(1) let. a) GDPR, consent of the data subject
Communication via email Art. 6(1) let. a) GDPR, consent of the data subject


d) Recipients of the personal data

The recipients of the personal data provided by the subject are the Joint Controllers and the categories of persons listed below: TECH4CARE srl.

e) Transfer abroad

Not applicable.



a) Storage period

The criteria used to determine the period during which your personal data will be stored are based on the principle of the necessity of processing. Your personal data will therefore be stored for as long as it is necessary to carry out the purposes indicated above.

Your personal data will be cancelled or destroyed as soon as they are no longer necessary for the above purposes.

b) Rights of the data subject

Using the above-mentioned addresses, you may exercise the following rights (as well as the right to data portability ex art. 20 GDPR, which is not applicable in this case):

The right to obtain access to your personal data (art. 15 GDPR):

 The right to obtain the rectification of inaccurate personal data and to have incomplete personal data completed (art. 16 GDPR);

 The right to obtain the erasure of personal data concerning you (art. 17 GDPR);

 The right to obtain the restriction of processing of personal data (art. 18 GDPR).

c) The right to withdraw consent

In those cases where the processing of personal data is based on the subject’s consent (art. 6, §. 1, lett. a) and for special categories of personal data (art. 9, §. 2, lett. a), the subject has the right to withdraw consent at any time without negating the lawfulness of the procedures which were based on consent given previously and subsequently withdrawn.

d) Right to lodge a complaint

You have the right to lodge a complaint with your National Personal Data Protection Authority (in Italy, Garante per la Protezione dei dati personali) which has been indicated as the competent Supervisory authority under your legal system (pursuant to art. 77 GDPR and art. 2 bis of Leg. Decree 196/2003 for Italy).

e) Grounds for, and consequences of processing personal data

The provision of personal data such as name and surname of the data subject is neither a legal or contractual obligation, but a necessary requirement for issuing the certificate of completion of the MOOC, hence the data subject is not under an obligation to provide personal data. In case of failure to provide such a personal data, the data cannot be shared with participant institutions and the data subject cannot receive the certificate.

f) Profiling

Personal data shall not be subject to profiling.



To exercise the above-mentioned rights, you may contact the Controller at the following email address

If you need further information about the project, have questions or experience problems accessing this Pilot Course, please contact

Please note that pursuant to art. 14 §.3 GDPR, the controller shall provide the information referred to in paragraphs 1 and 2 of art. 14 GDPR:

a) within a reasonable period of time after obtaining the personal data, but at the latest within one month, having regard to the specific circumstances in which the personal data are processed;

b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or

c) if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.



The above information was last updated on the 21st December 2021.

It has been made available to the data subject and may be consulted, together with any future upgrades, on the University of Udine website by accessing the section labelled “privacy”