1. Introduction

Pursuant to Articles 13 and 14 of the Regulation (EU) 2016/679 on the “protection of natural persons with regard to the processing of personal data” (hereinafter also “GDPR”), we are providing the information required on the processing of your personal data ("Data") performed by Università Cattolica del Sacro Cuore (hereinafter also the “University”) while connecting to the Website (the “Website”).

2. Identity and contact details for the Data controller

The Controller of the processing of your Data is Università Cattolica del Sacro Cuore, with registered office in Largo Agostino Gemelli 1, 20123 Milan, telephone (+39) 027234.1

3. Browsing data

The IT systems and programs used for the functioning of the Website collect some personal data whose transmission is implicit in the usage of the TCP/IP Internet communication protocol.

Although the information that is not collected to be associated with identified data subjects, by their nature they could, through processing and association with data held by third parties, allow identification of data subjects.

This category includes the IP addresses or domain names of computers used by users who connect to the Website, URI addresses - Uniform Resource Identifier – of the requested resources, time of the request, method used in submitting the request to the server, file size obtained in response, numerical code about the status of the response made by the server - favourable outcome, error, etc. - and other parameters related to the operating system and the user's IT environment).

4. Data provided by the user

You may be asked to provide your personal information (e.g. contact Data) to enable the University to supply the services you requested. Furthermore, the usage of some website features, as well as your voluntary e-mail sending to the addresses provided within this website, may imply the processing of additional personal Data in order to fulfil your requests for information and/or send you documents. Specific summary notices may be provided or displayed within the Website pages dedicated to particular services.

5. Cookies

Cookies are small strings of texts that a website sends to your browser. This information can be stored on your computer, smartphone or other device for accessing the internet, typically whenever you visit a website. The University uses cookies for a variety of reasons, to help provide you with a faster and safer digital experience, for example by keeping active the connection to restricted areas while browsing through the pages of the website without the need to re-enter User-Id and password.

Cookies cannot pass on computer viruses, retrieve other data from your computer’s hard drive or capture your email address. If you use different computers/devices or different browsers to access this website, you will be prompted to agree to our usage of cookies on each computer/device and browser. In general, cookies are used to improve the functional performance and the user experience of a website.

For more information, please refer to the Cookie policy:

6. Purposes of the processing and legal basis

Data collected will be processed for the following purposes:

a). Allowing you to access and navigate the Website as well as to use the University online services related to the Website itself (e.g. newsletter sign-up, online job applications);
b). Delivery and management of the access credentials, IT resources, and on-line services to potential students, events participants and users;
c). Ascertainment of the liability in the event of possible computer-related crimes against the Website or other websites connected or linked to it;
d). Discharge of obligations laid down by the European and/or national law.

The legal basis of processing is constituted:

  • For purposes under a) and b), by execution of the contract that you are a part of or execution of pre-contractual measures;
  • For purposes under c), by the legitimate interest pursued by the Controller;
  • For purposes under d), by compliance with legal obligations.

It is not mandatory to provide your Data, but an eventual refusal to do so will entail the objective impossibility for the University to pursue the purposes illustrated above.  

7. Processing methods

Personal data are processed manually, digitally and electronically applying logics strictly connected to the purposes and, in any case, to guarantee the security and confidentiality of the data pursuant to laws in force.

8. Data storage period

The University will process the Data for the time strictly needed to achieve the abovementioned purposes; with no prejudice to any storage terms established by law or regulations.

9. Subject categories that the Data can be communicated to

Your data can be communicated to:

  • Public and private Bodies or competent Authorities, to comply with legal obligations or internal University regulations;
  • Companies handling maintenance services for computer resources and on-line services made available through the Website.

Subjects belonging to the categories that data can be communicated to, will process the Data, based on the case, as Processors specifically appointed by the Controller pursuant to law, or as autonomous Controllers.

The list of Data Processors appointed is updated continuously and available from the University offices.

10. Transfer of personal Data to countries extra EU

Personal Data can be transferred to non-EU Countries, in particular for services located outside the European Union (e.g. cloud storage). In that case, the Controller hereto assures that the transfer of data outside the EU will take place pursuant to laws applicable, for example after stipulating the standard contractual clauses adopted by the European Union.

11. Data Protection Officer, D.P.O.

The University has appointed a Data Protection Officer, D.P.O., Mr.Ferdinando Zanatti email

12. Rights of the Data subject

As Data subject you have the right to:

a).Ask the Controller to access, cancel, rectify if inaccurate, integrated if incomplete your data, and to restrict processing in cases set forth in Art. 18 of the GDPR;
b). Object, at any time, in full or partially, to processing of Data needed for pursuance of the legitimate interest of the Controller;
c). If the conditions for the portability right pursuant to Art. 20 of the GDPR exist, receive in a structured form, commonly used and readable with an automatic device the Data supplied to the Controller and, if technically feasible, transmit it to another Controller without hindrance;
d). Revoke consent given at any time;
e). Lodge a complaint with a supervisory Authority.

Those rights may be exercised by registered mail, addressed to Università Cattolica del Sacro Cuore, Direzione Amministrativa (Office of the General Manager) – Privacy, Largo Agostino Gemelli 1, 20123, Milan, or by email to

Updated on: 2 August 2018