Privacy Policy

Introduction

The purpose of this privacy notice is to provide information on the processing of personal data by USI – Università della Svizzera Italiana – in connection with your use of the website www.codevis.org

Data Controller

This privacy policy is provided by the Università della Svizzera italiana (“USI”), with its registered office at Via G. Buffi 13, 6900 Lugano, in its capacity as Data Controller (hereinafter also referred to simply as the “Controller”). The Controller may be contacted by writing to the registered office address, by calling +41 58 666 40 00, or by sending an email to: info@usi.ch

Data subjects are also informed that USI has appointed a Data Protection Officer (“DPO”), who may be contacted at the following address: privacy@usi.ch.

Purpose of data processing, justification, categories of data and retention period

USI processes your personal data in order to enable you to use the service. The provision of personal data is therefore mandatory; if such data is not provided, USI will not be able to provide the requested service. The table below summarises the purposes, the legal grounds and the types of data processed in this context.

Purpose of data processing	Justification	Categories of personal data
Browsing this website: this refers to all activities strictly necessary for the functioning of the website and the provision of the browsing service (e.g. enabling the best possible user experience through technical/functional cookies and similar technologies).	Overriding interest of the Data Controller	The IT systems used to operate this website collect, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.
Creating a personal account and accessing your personal area on the website. You must create an account to post content on the website (best practices and/or comments), but this does not prevent you from using the website freely.	Overriding interest of the Data Controller	First name, surname, email address.
Processing of requests to publish contributions (best practices and/or comments) received via the dedicated form on the website. Providing data is mandatory in order to publish contributions on the website (best practices and/or comments) but does not prevent you from freely using the website.	Overriding interest of the Data Controller	First name, surname, email address, affiliated institution/organisation, and any other data voluntarily entered in the free text field provided to users via a dedicated form (optional). In the case of personal data relating to third parties (e.g. researchers you mention in a comment), you undertake to communicate the key points of this privacy notice to the data subject.
In the case of self-promotional events (e.g. the workshop on 21 May 2026): creation of audiovisual content that may feature participants, and its subsequent online publication. For example, posting photos of the event on LinkedIn.	Overriding interest of the Data Controller	Image of participants attending the event, along with their name, surname and the name of their institution or organisation (where applicable).

Data retention period. The data will be retained as long as the website remains online and open for users to view and interact with, in line with the objectives of the CodeVis Project; thereafter, only those data that need to be retained for scientific research purposes and/or any other applicable processing purposes will be retained.

Based on an overriding interest, USI may process the personal data required – including for periods longer than those indicated above – in order to protect its rights in the context of administrative or judicial proceedings.

Lastly, USI may process the personal data referred to above in anonymized form, to the extent necessary and in particular to meet public information needs and for statistical purposes, retaining such data in anonymous and aggregated form for a longer period than the retention periods mentioned above.

Categories of Data Recipients

In order to guarantee the above-mentioned services and in compliance with the relevant purposes, the above-mentioned personal data will be processed by the University’s administrative and academic staff, to the extent necessary for the performance of their respective tasks related to the CodeVis Project. Your data may also be disclosed:

External private entities not affiliated with USI, including: qualified entities and auxiliary parties that provide the Data Controller with services essential to achieving the purposes set out above or, in any case, relating in particular to the collection, management and storage of personal data, in support of its institutional activities; in particular, USI may disclose your data to IT service providers;

Other public or private institutions where such institutions need to process this information for purposes related to their institutional or statutory duties, where this is mandatory or permitted under applicable legislation, laws or regulations. In such cases, the aforementioned entities will act as independent data controllers and, therefore, data subjects may contact them to exercise their rights, where applicable.

The communication of personal data to third parties is done in accordance with the methods and limits set out in the applicable legislation and in the contracts entered into by the University to ensure the protection of personal data.

International data transfers

This website is hosted in Switzerland and data will be processed within the Confederation. At the same time, if a transfer of data abroad for the processing of personal data as described above is deemed necessary, USI shall have the right to proceed accordingly. In this case, the Data Controller confirms that the transfer of data within or outside the Switzerland will be carried out in compliance with the applicable regulations (in particular Art. 14a Cantonal Act on Personal Data Protection and/or, if applicable, Arts. 16 et seq. Federal Act on Data Protection, undertaking in particular, where and to the extent necessary:

to ensure that the recipient country guarantees adequate data protection;

to guarantee an adequate level of protection by entering into specific agreements that include previously approved standard contractual clauses, or, exceptionally,

to collect your specific consent for the transfer abroad.

Data subject’s rights

The Data Controller recognizes, in particular, the following rights:

Request the rectification of inaccurate or outdated personal data.

Where based on consent, withdraw consent to the processing of data previously given.

Request information in writing and free of charge regarding the personal data being processed that concerns you.

Request delivery of personal data or its transmission to third parties.

Request that unlawful data processing be stopped, that personal data collected, stored or used unlawfully be destroyed or that the consequences of unlawful processing be eliminated, or that its unlawfulness be ascertained.

Request that the transmission of your personal data to third parties be blocked.

Contact the Cantonal Data Protection Commissioner if you disagree with the management of your data by USI (https://www4.ti.ch/can/sgcds/pd/generalita).

It should be noted that USI reserves the right to assert restrictions provided by law, e.g. when it is obliged to store or process certain data, when required by overriding public or private interests. Kindly contact the address privacy@usi.ch to exercise the above rights.

Last update: 21.04.2026