Privacy Policy
Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR), the user is informed of the following regarding the processing of personal data collected through the common web portal of the ORUM and Morgana Associations.
Messina, April 21, 2026
1. Joint Data Controllers
Personal data is processed under joint controllership by the O.R.U.M. Association (C.F. 27068650833), represented by Luigi Grillo, and the Morgana Association (C.F. 97103490831), represented by Giuseppe Di Giorgio. The parties have entered into an internal agreement (ex art. 26 GDPR) to define their respective responsibilities.
2. Data Processor
Mr. Massimo Mantineo is designated as the Technical Manager, in charge of the management, maintenance, and security of the IT infrastructure and database.
3. Type of Data Collected
The portal collects the following voluntarily provided data: Personal identification data (Name, Surname, Date of Birth), Contact data (Email), Academic data (Student ID, Department, Degree Course), Logistic data (Resident/Non-resident status), and Technical navigation data.
4. Purpose and Legal Basis
Processing is aimed at: 1) Execution of the service (Legal basis: art. 6.1.b GDPR); 2) Direct Marketing and Communications (Legal basis: explicit and separate consent for ORUM and Morgana, art. 6.1.a GDPR); 3) Legitimate interest for statistical analysis (art. 6.1.f GDPR); 4) Compliance with legal obligations (art. 6.1.c GDPR).
5. Recipients and Transfer
Personal data is hosted on servers provided by Vercel Inc. located within the European Economic Area (EEA), ensuring full compliance with European data protection regulations. Personal data will never be sold to third parties for commercial purposes. It may only be communicated to technical service providers appointed as External Processors. Any transfers outside the EU take place in compliance with Chapter V of the GDPR.
6. Retention Period
Account data is kept until a deletion request is made or after 24 months of inactivity. Event registration data is kept for 10 years for administrative purposes.
7. Rights of the Data Subject
The user can exercise the rights of access, rectification, deletion, restriction, opposition, and portability by contacting segreteria@morganaorum.it. It is possible to lodge a complaint with the Privacy Authority.
8. Data Security
Data is protected through encrypted HTTPS connections and strong password hashing, ensuring a level of security commensurate with the risk.
Official Documents
Download the official and full text documents approved by the Associations for offline consultation.

