MEMBERS AREA
Go to Main Website
SOCIETà ITALIANA DI DIRITTO ED ECONOMIA
IT | EN

Privacy Policy

Last Updated: February 2, 2026

1. Data Controller

SIDE - Società Italiana di Diritto ed Economia Via Vigilio Inama n.5 At the Department of Economics and Management (DEM) University of Trento Tax Code: 97898440587

Contact: segreteria@side-isle.it

2. Types of Data Collected

This extranet platform for managing SIDE conferences collects and processes the following categories of personal data:

User registration data:

  • First and last name
  • Email address
  • Password (encrypted with bcrypt)
  • University affiliation
  • Country
  • Profile photo (optional)

Conference registration data:

  • Dietary preferences
  • Special dietary requirements
  • Guest names
  • Badge preferences

Paper submission data:

  • Paper titles
  • Abstracts
  • Author information
  • PDF files of contributions

Technical data:

  • IP address (for security and audit purposes)
  • Session data (encrypted, stored for 120 minutes)
  • CSRF tokens for security

Payment data:

  • Order ID
  • PayPal payer ID
  • PayPal payer email
  • Amount and currency
  • Payment status

Important note: SIDE does not directly store credit card data. Payments are processed exclusively by PayPal as an external service.

3. Purposes of Processing

Personal data are processed for the following purposes:

  1. Conference registration management - participant registration, badges, logistics organization
  2. Scientific contribution management - collection, evaluation, and publication of papers
  3. Payment processing - processing registration fees via PayPal
  4. Communications - sending information related to conferences and SIDE activities
  5. Security - protection against unauthorized access and fraud
  6. Legal compliance - compliance with Italian tax and accounting obligations

4. Legal Basis for Processing

Data processing is based on:

  • Art. 6(1)(b) GDPR - Performance of a contract (conference registration and participation)
  • Art. 6(1)(c) GDPR - Compliance with legal obligations (tax and accounting obligations)
  • Art. 6(1)(f) GDPR - Legitimate interest (system security, fraud prevention)

5. Data Recipients

Personal data may be shared with:

Hosting providers:

  • AlwaysData SAS (France) - extranet hosting
  • EU-based, GDPR compliant
  • Legal information: alwaysdata.com/legal

Payment processors:

  • PayPal - for payment processing
  • Data shared: order ID, amount, currency
  • Data received: payer ID, payer email, payment status
  • PayPal privacy policy: paypal.com/privacy

Competent authorities:

  • When required by law (e.g., Italian tax authorities)

6. Retention Period

  • User accounts: Retained while the account is active; users can delete their account at any time
  • Conference registrations: Historical data retained per conference year
  • Scientific contributions: Retained per conference year
  • Payment data: Retained according to Italian tax regulations
  • Session data: 120 minutes, then automatically deleted
  • System logs: Maximum 12 months

7. Data Subject Rights

In accordance with Articles 15-22 of the GDPR, users have the right to:

  • Access (Art. 15) - obtain confirmation of processing and a copy of data
  • Rectification (Art. 16) - correct inaccurate or incomplete data
  • Erasure (Art. 17) - request deletion of data ("right to be forgotten")
  • Data portability (Art. 20) - receive data in a structured format
  • Object (Art. 21) - object to processing for legitimate reasons
  • Restriction (Art. 18) - restrict processing in certain circumstances

How to exercise rights: Send a request to segreteria@side-isle.it Response time: Within 30 days of the request

8. Security Measures

SIDE adopts technical and organizational measures to protect personal data:

  • HTTPS/SSL encryption for all communications
  • Password hashing with bcrypt
  • CSRF protection against cross-site attacks
  • Session encryption in the database
  • Database access controls
  • Regular security updates
  • File upload validation

9. Cookies Used

Necessary technical cookies (always active):

  • laravel_session

    • Purpose: User authentication and session management
    • Duration: 120 minutes
    • Type: Encrypted session cookie

  • XSRF-TOKEN

    • Purpose: Protection against CSRF attacks
    • Duration: Session
    • Type: Security cookie

These cookies are strictly necessary for the operation of the service and do not require consent under Art. 5(3) of the ePrivacy Directive.

10. International Transfers

Data is hosted on servers located in France (AlwaysData) within the European Union. No data transfers are made to third countries, except for PayPal (USA) which operates based on adequate safeguards for international transfers.

11. Changes to the Privacy Policy

SIDE reserves the right to modify this policy. Substantial changes will be communicated to registered users via email. The "Last Updated" date at the top of the document indicates the current version.

12. Contact

For questions about this policy or to exercise your rights:

Email: segreteria@side-isle.it

Address: SIDE - Società Italiana di Diritto ed Economia Via Vigilio Inama n.5 At the Department of Economics and Management (DEM) University of Trento Italy

13. Supervisory Authority

In case of violations of data protection regulations, users have the right to lodge a complaint with the competent supervisory authority:

Garante per la Protezione dei Dati Personali Piazza Venezia n. 11 00187 Rome, Italy Website: garanteprivacy.it Email: garante@gpdp.it