Privacy and data protection

Regulation EU 2016/679, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation, hereinafter, GDPR), entered into force on 25 May 2018 and is directly applicable in all the Member States of the European Union. With legislative decree no. 101, of 10 October 2018, Italy updated the provisions included in legislative decree no. 196, of 30 June 2003, (Personal Data Protection Code), to the GDPR.

The University of Trento takes its responsibility for handling personal data very seriously, therefore personal data shall be processed lawfully, fairly and in a transparent manner, shall be collected for specified purposes, shall be relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation), and comply with the principles of accuracy, storage limitation, integrity, confidentiality, accountability. 

The University of Trento is committed to adapt its regulations to comply with the provisions of the GDPR. To this end, it created a work group, coordinated by the data protection officer (DPO), that will provide advice on IT, legal, organizational and technical matters to assist the departments and centres and their staff.

The DPO and the work group also established a consultation service (supporto.privacy [at] for departments and centres and their staff to meet the requirements of the GDPR.

Data controller

The data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

The data controller is the University of Trento, with main offices in via Calepina 14, 38122 Trento, in the person of its Rector, Flavio Deflorian.

The contact details of the data controller are:

  • ateneo [at]
  • ateneo [at]

Data protection officer

The data protection officer (DPO) is the natural person designated by the data controller or by the data processor to give support, perform checks, provide advice, training and information on the implementation of the GDPR.

The contact details of the data protection officer are: 

  • rpd [at]
  • dpo [at]

Data protection policies

The GDPR guarantees everyone the right to the protection of personal data concerning them. Data therefore must be processed in compliance with the provisions and principles of the GDPR. 

Transparency, in particular, is essential: the data subjects can exercise a number of rights, and data controllers have a duty to provide information on the processing of personal data. 

Under articles 12, 13 and 14 of the GDPR, the University of Trento, as data controller, is required to inform data subjects of all data processing that concern them in relation to teaching and training activities, research, administrative procedures, providing clear and simple information. 

In compliance with the GDPR, all policies include the following information: 

  • the contact details of the data controller and of the data protection officer;
  • the purpose of the processing;
  • the categories of processed data;
  • the legal basis for the processing;
  • information on how the data were acquired;
  • the source of the data;
  • the methods of the processing;
  • the recipients or categories of recipients of the personal data;
  • the data storage period;
  • the rights of the data subjects.

Below you can find the information notices on the processing of personal data by the University of Trento, including by automated means and web applications:

application/pdfInformation on the processing of student personal data(PDF | 79 KB)

Rights of the data subjects

Data subjects, that is the individuals whose data are processed by UniTrento, have rights provided by the GDPR. In particular, under article 15 et seq. of the GDPR, data subjects have the right to obtain from the data controller access to their personal data and, in particular, the right of rectification and erasure, the right of completion, the right to restriction of processing and the right to object to processing. The data subject shall maintain the right to lodge a complaint with the Italian data protection authority by virtue of article 77 of the GDPR.

To exercise the rights referred to in article 15 et seq. of the GDPR, please use the form attached (form to exercise data subject rights, Modulo esercizio diritti interessato.docx; Modulo esercizio diritti interessanto.pdf) Data subjects can contact the data protection officer (DPO) by email to rpd [at]

Privacy and research

It is of crucial importance to properly manage and process the data collected, directly or indirectly, within research activities carried out at the University of Trento. A separate section of the University website has been set up to this end, with information for everyone who is involved in research activities. 

For more information please visit the Privacy and research page

Transfer of data to third countries

In the performance of its tasks, the University can transfer data to third countries, for example to universities, research centres, research institutes, public and private organizations, within international mobility programmes, internship agreements, research projects and other activities that take place out of the European Union.

The transfer of data shall take place as provided for and in compliance with article 44 et seq. of the GDPR, that is to say in the presence of an adequacy decision by the Commission or, where that is not the case, of suitable safeguards such as the standard data protection clauses adopted by the European Commission:

Personal Data Breach Procedure

Ensuring the security of data processing and avoiding breaches are fundamental principles of the GDPR. That is why the data controller and the data processor must assess the risk of processing and implement measures aimed at limit such risks, as well as adopt a procedure to report any breaches.
A ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

To report security issues or a suspected personal data breach follow the relevant procedure (Management of personal data breaches)  by submitting the attached form.

If you need to report a suspected personal data breach please contact the DPO by email rpd [at] or the CERT cert [at]

For more information please visit the website of the Italian data protection authority.