As of May 25, 2018, Regulation (EU) 2016/679 of April 27, 2016, known as the "General Data Protection Regulation" ("GDPR"), has been directly applicable in all Member States. Therefore, with Legislative Decree No. 101 of October 10, 2018, the Italian legislator has aligned the provisions of Legislative Decree No. 196 of June 30, 2003, ("Personal Data Protection Code") with the GDPR.
The University of Trento, aware of the importance of every individual's right to the protection of their personal data, is committed to processing this data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability. Based on these principles, the University aims to ensure a fair and transparent processing of personal data concerning its students, employees, researchers, professors, and any other individuals with whom it interacts.
Therefore, the following useful information is provided in compliance with the regulations on the processing of personal data.
The Data Controller is the natural or legal person, public authority, service, or other body that, alone or jointly with others, determines the purposes and means of processing personal data.
The Data Controller is the University of Trento, located at Via Calepina No. 14, 38122 Trento, represented by the Magnificent Rector.
The contact details of the Data Controller are:
Through its Internal Regulation on Personal Data Protection (Rectoral Decree of April 6, 2021, No. 281, see attachment below) and subsequent decrees, the University of Trento has defined its privacy organizational structure by defining the following roles:
- The Data Controller is the University of Trento, as it determines the purposes and means of the processing;
- The Data Controller’s Delegate (i.e., Preposto al trattamento) is the Head of each administrative and service structure (General Director and Managers), and the Head of the individual teaching and research structures (Directors) in relation to personal data processing related to their area of competence. The Scientific Responsible for research projects involving personal data processing is also designated as Data Controller’s Delegate;
- Privacy Contact Person (i.e., Referente Privacy) are individuals designated by each Data Controller’s Delegate within their respective structure to provide support in fulfilling their duties regarding personal data protection;
- Authorized Processors (i.e., Autorizzati al trattamento) are individuals trained and instructed by the Data Controller’s Delegate (within their own structure or research group) to carry out data processing operations under their authority and according to the instructions provided;
- System administrators are individuals designated by the Data Controller’s Delegate (for the respective structure or research projects) for the management and maintenance of data processing systems used in relation to personal data processing.
The Data Protection Officer (DPO) is the individual designated by the Data Controller or Data Processor to carry out support, control, consultative, training, and informational functions regarding the application of the GDPR.
The contact information for the DPO is: [email protected]
The GDPR grants certain rights to data subjects, meaning the individuals to whom the data processed by the Data Controller pertains. Each data subject has the right to exercise these rights, as outlined in Articles 15 and subsequent provisions of the GDPR, by addressing their requests to the Data Controller.
The University has prepared a form for the exercise of rights related to personal data protection, which can be used by data subjects. Requests may be submitted without specific formalities and can also include a copy of an identity document, sent to the email address [email protected], or, via PEC, to [email protected].
Data subjects also retain the right to lodge a complaint with the Data Protection Authority or to assert their claims directly through judicial proceedings, as provided by the GDPR.
The GDPR establishes the right of every individual to the protection of their personal data. Therefore, the processing of personal data must adhere to the principles and rules set forth by the GDPR.
In particular, within the context of the new regulations, transparency assumes a pivotal role, by ensuring the right of data subjects to have control over their personal data while imposing an obligation on every Data Controller to provide information regarding the processing of such data.
Pursuant to Articles 12, 13, and 14 of the GDPR, the University of Trento – in its role as the Data Controller – is required to provide clear, concise, and easily intelligible information regarding all personal data processing activities it conducts.
A “personal data breach” refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
To report security incidents that may involve a data breach, it is necessary to follow the Procedure for managing personal data breaches using the attached Form
For general issues related to data breaches, anyone can contact the Data Protection Officer at the email address [email protected] or the CERT at the email address [email protected].
The proper management of personal data collected directly or indirectly during research activities conducted within the University of Trento is of primary importance.
In light of this, a specific section of the University’s portal has been created to serve as a reference for everyone involved in research activities.
For more information, please refer to the dedicated page Privacy and Research on the University’s portal.
University staff can also access dedicated pages on the University Portal:
- Infoservizi (Protezione dei dati personali and Attività di ricerca scientifica)
- Service Desk
Regulation (EU) 2016/679 (“General Data Protection Regulation”) of April 27, 2016
Regulation on Data Protection of the University of Trento (DR 281 of April 6, 2021)
Further information is available on the official website of the Data Protection Authority. The Data Protection Authority (also known as the Privacy Authority – Garante della privacy) is an independent administrative authority established by Law No. 675 of December 31, 1996, to ensure the protection of rights and fundamental freedoms and to uphold the dignity in the processing of personal data.
The Data Protection Authority is responsible – among other things – for: monitoring compliance with the Regulation and national laws and regulations concerning personal data processing, and, where necessary, prescribing measures to Data Controllers or Processors to ensure that processing is carried out correctly while respecting the rights and freedoms of individuals; examining complaints; collaborating with other supervisory authorities, and providing mutual assistance to ensure consistent application and implementation of the Regulation; reporting, even on its own initiative, to the Parliament and other bodies and institutions on the need to adopt legislative and administrative acts concerning personal data protection issues.