Privacy and data protection
Regulation EU 2016/679, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation, hereinafter, GDPR), entered into force on 25 May 2018 and is directly applicable in all the Member States of the European Union. With legislative decree no. 101, of 10 October 2018, Italy updated the provisions included in legislative decree no. 196, of 30 June 2003, (Personal Data Protection Code), to the GDPR.
The University of Trento takes its responsibility for handling personal data very seriously, therefore personal data shall be processed lawfully, fairly and in a transparent manner, shall be collected for specified purposes, shall be relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation), and comply with the principles of accuracy, storage limitation, integrity, confidentiality, accountability.
The University of Trento is committed to adapt its regulations to comply with the provisions of the GDPR. To this end, it created a work group, coordinated by the data protection officer (DPO), that will provide advice on IT, legal, organizational and technical matters to assist the departments and centres and their staff.
The DPO and the work group also established a consultation service (supporto.privacy [at] unitn.it) for departments and centres and their staff to meet the requirements of the GDPR.
The data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The data controller is the University of Trento, with main offices in via Calepina 14, 38122 Trento, in the person of its Rector, Paolo Collini.
The contact details of the data controller are:
- ateneo [at] pec.unitn.it
- ateneo [at] unitn.it
The data protection officer (DPO) is the natural person designated by the data controller or by the data processor to give support, perform checks, provide advice, training and information on the implementation of the GDPR.
The data protection officer (DPO) of the University of Trento is Nicola Zanella.
The contact details of the data protection officer are:
- rpd [at] unitn.it
- dpo [at] unitn.it
The GDPR guarantees everyone the right to the protection of personal data concerning them. Data therefore must be processed in compliance with the provisions and principles of the GDPR.
Transparency, in particular, is essential: the data subjects can exercise a number of rights, and data controllers have a duty to provide information on the processing of personal data.
Under articles 12, 13 and 14 of the GDPR, the University of Trento, as data controller, is required to inform data subjects of all data processing that concern them in relation to teaching and training activities, research, administrative procedures, providing clear and simple information.
In compliance with the GDPR, all policies include the following information:
- the contact details of the data controller and of the data protection officer;
- the purpose of the processing;
- the categories of processed data;
- the legal basis for the processing;
- information on how the data were acquired;
- the source of the data;
- the methods of the processing;
- the recipients or categories of recipients of the personal data;
- the data storage period;
- the rights of the data subjects.
Below you can find the information notices on the processing of personal data by the University of Trento, including by automated means and web applications:
Data subjects, that is the individuals whose data are processed by UniTrento, have rights provided by the GDPR. In particular, under article 15 et seq. of the GDPR, data subjects have the right to obtain from the data controller access to their personal data and, in particular, the right of rectification and erasure, the right of completion, the right to restriction of processing and the right to object to processing. The data subject shall maintain the right to lodge a complaint with the Italian data protection authority by virtue of article 77 of the GDPR.
To exercise the rights referred to in article 15 et seq. of the GDPR, please use the form attached (form to exercise data subject rights, Modulo esercizio diritti interessato.docx; Modulo esercizio diritti interessanto.pdf) Data subjects can contact the data protection officer (DPO) by email to rpd [at] unitn.it
It is of crucial importance to properly manage and process the data collected, directly or indirectly, within research activities carried out at the University of Trento. A separate section of the University website has been set up to this end, with information for everyone who is involved in research activities.
For more information please visit the Privacy and research page.
Ensuring the security of data processing and avoiding breaches are fundamental principles of the GDPR. That is why the data controller and the data processor must assess the risk of processing and implement measures aimed at limit such risks, as well as adopt a procedure to report any breaches.
A ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
To report security issues or a suspected personal data breach follow the relevant procedure (Procedura di gestione delle violazioni dati personali (Management of personal data breaches) Word 62 KB) by submitting the attached form (Modulo comunicazione violazione dati personali.docx; Modulo segnalazione violazione dati personali.pdf).
If you need to report a suspected personal data breach please contact the DPO by email rpd [at] unitn.it
or the CERT cert [at] unitn.it
For more information please visit the website of the Italian data protection authority.
Italian data protection authority
Regulation EU 2016/679, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data
Legislative decree no. 196, of 30 June 2003, as amended, Personal Data Protection Code
Legislative decree no. 101, of 10 August 2018, containing provisions for the adaptation of national legislation to the provisions of regulation EU 2016/679
Regulation implementing the rules on the protection of individuals with regard to the processing of personal data and for the adoption of minimum safety standards (in Italian)(PDF | 261 KB)