The Head of Data Protection (RPD) is Dott.sa Daniela Prestipino.
The RGPD went into full effect as of May 25, 2018 thereby repealing all references to Directive 95/46 / EC .
Information regarding the processing of personal data is being updated, which – regardless of the specific treatment – will share the following protection requirements for the data subject, i.e. the person to whom the data refers.
It is generally necessary to process the personal data associated with a purpose related to the institutional mission of the University (teaching, research and third mission) because it is necessary for the performance of the institutional tasks and activities.
The legal basis of the treatment, that is the legal requirement that configures it as lawful, can generally be identified in art. 6 paragraph 1 letter e) of the RGPD: ” processing is necessary for the execution of a task in the public interest or connected to the exercise of public authority in which the data controller is invested”.
The Data Controller ensures that personal data is processed in accordance with the provisions of art. 5 of the PD: lawful, correct and transparent; for specific, explicit and legitimate purposes; in compliance with the principles of data quality (minimization, accuracy and limitation of conservation), and of the security requirements set forth in art. 32 of the RGPD (integrity and confidentiality, availability and resilience of the systems).
The interested party may exercise control over his / her information by exercising the rights declared in CHAPTER III of the RGPD: information and access (article 12-15) to obtain the origin, purpose, copy, destination of the data and legal basis; to request correction (article 16.19) and / or cancellation (article 17, 19 ) of the data, to limit treatment (articles 18, 19) or eliminate an automated decision-making process (Article 22).
The interested party at any time can oppose the treatment (Article 21), revoke consent (however, without prejudicing the lawfulness of the treatment based on the consent given prior to the revocation, Article 7); moreover, he can lodge a complaint with the Control Authority (art.15).
The Italian National Control Authority for the protection of personal data is the Guarantor for the protection of personal data (Privacy Guarantor).
To exercise his/her rights, the interested party may contact the Data Controller or Data Protection Officer.
We recommend periodic consultation of this section of the portal to get information updates and University initiatives on the subject.