SOCIETÀ ITALIANA DI DIRITTO ED ECONOMIA

Privacy Policy

Privacy Policy

Last Updated: February 2, 2026

SIDE - Italian Society of Law and Economics (hereinafter “SIDE” or “the Controller”) respects user privacy and is committed to protecting personal data in accordance with Regulation (EU) 2016/679 (GDPR).

1. Data Controller

SIDE - Società Italiana di Diritto ed Economia Via Vigilio Inama n.5 At the Department of Economics and Management (DEM) University of Trento Tax Code: 97898440587

Contact: segreteria@side-isle.it

2. Types of Data Collected

2.1 Public Website (side-isle.it)

The SIDE public website is currently free of tracking cookies and does not collect personal data from users during browsing. Analytics tools such as Google Analytics are not active.

In the future, subject to authorization via cookie consent banner, the following may be activated:

  • Analytics cookies (Google Analytics) to understand site usage
  • Analytics cookies will only be activated after explicit user consent

2.2 Conference Extranet (extranet.side-isle.it)

The Laravel-based extranet for managing SIDE conferences collects and processes the following categories of personal data:

User registration data:

  • First and last name
  • Email address
  • Password (encrypted with bcrypt)
  • University affiliation
  • Country
  • Profile photo (optional)

Conference registration data:

  • Dietary preferences
  • Special dietary requirements
  • Guest names
  • Badge preferences

Paper submission data:

  • Paper titles
  • Abstracts
  • Author information
  • PDF files of contributions

Technical data:

  • IP address (for security and audit purposes)
  • Session data (encrypted, stored for 120 minutes)
  • CSRF tokens for security

Payment data:

  • Order ID
  • PayPal payer ID
  • PayPal payer email
  • Amount and currency
  • Payment status

Important note: SIDE does not directly store credit card data. Payments are processed exclusively by PayPal as an external service.

3. Purposes of Processing

Personal data are processed for the following purposes:

  1. Conference registration management - participant registration, badges, logistics organization
  2. Scientific contribution management - collection, evaluation, and publication of papers
  3. Payment processing - processing registration fees via PayPal
  4. Communications - sending information related to conferences and SIDE activities
  5. Security - protection against unauthorized access and fraud
  6. Legal compliance - compliance with Italian tax and accounting obligations

4. Legal Basis for Processing

Data processing is based on:

  • Art. 6(1)(b) GDPR - Performance of a contract (conference registration and participation)
  • Art. 6(1)(c) GDPR - Compliance with legal obligations (tax and accounting obligations)
  • Art. 6(1)(f) GDPR - Legitimate interest (system security, fraud prevention)
  • Art. 6(1)(a) GDPR - Consent (for analytics cookies, when implemented)

5. Data Recipients

Personal data may be shared with:

Hosting providers:

Payment processors:

  • PayPal - for payment processing
  • Data shared: order ID, amount, currency
  • Data received: payer ID, payer email, payment status
  • PayPal privacy policy: paypal.com/privacy

Competent authorities:

  • When required by law (e.g., Italian tax authorities)

6. Retention Period

  • User accounts: Retained while the account is active; users can delete their account at any time
  • Conference registrations: Historical data retained per conference year
  • Scientific contributions: Retained per conference year
  • Payment data: Retained according to Italian tax regulations
  • Session data: 120 minutes, then automatically deleted
  • System logs: Maximum 12 months

7. Data Subject Rights

In accordance with Articles 15-22 of the GDPR, users have the right to:

  • Access (Art. 15) - obtain confirmation of processing and a copy of data
  • Rectification (Art. 16) - correct inaccurate or incomplete data
  • Erasure (Art. 17) - request deletion of data (“right to be forgotten”)
  • Data portability (Art. 20) - receive data in a structured format
  • Object (Art. 21) - object to processing for legitimate reasons
  • Restriction (Art. 18) - restrict processing in certain circumstances

How to exercise rights: Send a request to segreteria@side-isle.it Response time: Within 30 days of the request

8. Security Measures

SIDE adopts technical and organizational measures to protect personal data:

  • HTTPS/SSL encryption for all communications
  • Password hashing with bcrypt
  • CSRF protection against cross-site attacks
  • Session encryption in the database
  • Database access controls
  • Regular security updates
  • File upload validation

9. Cookies Used

9.1 Public Website (side-isle.it)

Currently, no cookies are used on the public website. In the future, with user consent:

  • Analytics cookies (Google Analytics)
    • Purpose: Understand site usage
    • Duration: Variable
    • Type: Third-party cookies
    • IP anonymization: Enabled
    • Requires explicit consent

9.2 Conference Extranet (extranet.side-isle.it)

Necessary technical cookies (always active):

  • laravel_session

    • Purpose: User authentication and session management
    • Duration: 120 minutes
    • Type: Encrypted session cookie

  • XSRF-TOKEN

    • Purpose: Protection against CSRF attacks
    • Duration: Session
    • Type: Security cookie

These cookies are strictly necessary for the operation of the service and do not require consent under Art. 5(3) of the ePrivacy Directive.

10. International Transfers

Data is hosted on servers located in France (AlwaysData) within the European Union. No data transfers are made to third countries, except for PayPal (USA) which operates based on adequate safeguards for international transfers.

11. Changes to the Privacy Policy

SIDE reserves the right to modify this policy. Substantial changes will be communicated to registered users via email. The “Last Updated” date at the top of the document indicates the current version.

12. Contact

For questions about this policy or to exercise your rights:

Email: segreteria@side-isle.it

Address: SIDE - Società Italiana di Diritto ed Economia Via Vigilio Inama n.5 At the Department of Economics and Management (DEM) University of Trento Italy

13. Supervisory Authority

In case of violations of data protection regulations, users have the right to lodge a complaint with the competent supervisory authority:

Garante per la Protezione dei Dati Personali Piazza Venezia n. 11 00187 Rome, Italy Website: garanteprivacy.it Email: garante@gpdp.it

This policy complies with Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR).