1. Introduction

Pursuant to Articles 13 and 14 of the Regulation (EU) 2016/679 on the “protection of natural persons with regard to the processing of personal data” (hereinafter also “GDPR”), we are providing the information required on the processing of your personal data ("Data") performed by Università Cattolica del Sacro Cuore (hereinafter also the “University”).

2. Identity and contact details for the Data controller

The Controller of the processing of your Data is Università Cattolica del Sacro Cuore, with registered office in Largo Agostino Gemelli 1, 20123 Milan, telephone (+39) 027234.1.

3. Categories of personal data

The Data processed by the University include, including but not limited to:

  • Common Data: Personal Data, Contact details, your picture in digital format;
  • Special categories of personal Data pursuant to Art. 9 of the GDPR (e.g. Data concerning health).

4. Purposes of the processing and legal basis

Data collected will be processed for the following purposes:

a). To allow your participation in the initiative to which you intend to participate (e.g. international mobility projects, internships) and for carrying out all activities related to it;

b). Responding to your requests to the University for information;

c). Completion of administrative, accounting, fiscal and financial/economic work;

d). If necessary, to exercise and/or defend the University legal rights in civil, criminal and/or administrative litigation.


The legal basis of processing is constituted:

  • For purposes under sub a) and b):
    • In reference to common Data, by execution of the contract that you are a part of or execution of pre-contractual measures;
    • In reference to special categories of personal Data, by the explicit consent you gave;
  • For purposes under sub a), by compliance with legal obligations;
  • For purposes under sub d), by the need to establish, exercise or defend legal claims.

It is not mandatory to provide your Data, but an eventual refusal to do so and/or to give consent to the processing of special categories of personal Data, will entail the objective impossibility for the University to pursue the purposes illustrated above and, consequently, to allow your participation in the initiative to which you chose to adhere.

5. Processing methods

Personal data are processed manually, digitally and electronically applying logics strictly connected to the purposes and, in any case, to guarantee the security and confidentiality of the data pursuant to laws in force.

6. Data storage period

The University will process the Data for the time strictly needed to achieve the abovementioned purposes; with no prejudice to any storage terms established by law or regulations.

7. Subject categories that the Data can be communicated to

Your data can be communicated to:

  • Public and private Bodies or competent Authorities;
  • Organisations associated with the University;
  • Banks;
  • Universities/companies involved in the initiatives to which the interested party adheres.

Subjects belonging to the categories that data can be communicated to, will process the Data, based on the case, as Processors specifically appointed by the Controller pursuant to law, or as autonomous Controllers.

The list of Data Processors appointed is updated continuously and available from the University offices.

8. Transfer of personal Data to countries extra EU

Personal Data can be transferred to non-EU countries, particularly if you decide to participate in initiatives that are held outside the European Union.

In this case, the transfer of data will take place upon your specific consent, except in cases in which the Data is transferred to countries that the EU Commission has established will guarantee an adequate level of of personal Data protection, pursuant to art. 45 of the GDPR.

In this respect please note that, in the absence of your specific consent for the transfer of personal data outside the EU, you can only participate in initiatives that take place within the European Union or in those non- EU countries that ensure an adequate level of personal Data protection.

9. Data Protection Officer, D.P.O.

The University has appointed a Data Protection Officer, D.P.O., Mr.Ferdinando Zanatti email

10. Rights of the Data subject

As Data subject you have the right to:

a). Ask the Controller to access, cancel, rectify if inaccurate, integrated if incomplete your data, and to restrict processing in cases set forth in Art. 18 of the GDPR;
b). Object, at any time, in full or partially, to processing of Data needed for pursuance of the legitimate interest of the Controller;
c). If the conditions for the portability right pursuant to Art. 20 of the GDPR exist, receive in a structured form, commonly used and readable with an automatic device the Data supplied to the Controller and, if technically feasible, transmit it to another Controller without hindrance;
d). Revoke consent given at any time;
e). Lodge a complaint with a supervisory Authority.

Those rights may be exercised by registered mail, addressed to Università Cattolica del Sacro Cuore, Direzione Amministrativa (Office of the General Manager) – Privacy, Largo Agostino Gemelli 1, 20123, Milan, or by email to

Updated on: 23 November 2018