1. Introduction

Pursuant to Articles 13 and 14 of the Regulation (EU) 2016/679 on the “protection of natural persons with regard to the processing of personal data” (hereinafter also “GDPR”), we are providing the information required on the processing of your personal data ("Data") performed by Università Cattolica del Sacro Cuore (hereinafter also the “University”).

2. Identity and contact details for the Data controller

The Controller of the processing of your Data is Università Cattolica del Sacro Cuore, with registered office in Largo Agostino Gemelli 1, 20123 Milan, telephone (+39) 027234.1.

3. Categories of personal data

The Data processed by the University include Personal Data and contact details.

4. Purposes of the processing and legal basis

Data collected will be processed for the following purposes:

  1. to allow you to obtain information on the activities of Università Cattolica del Sacro Cuore and to help you liaise with the University staff that can provide feedback to the requests for information you have submitted. The channels made available by the University are:
    • Call Centre: phone service;
    • Call Back service: to book a contact with an operator;
    • Web Chat service: to start a web conversation with an operator;
    • e-mail or online form communication services;
    • Interactions through University social media profiles.
  2. Customer satisfaction survey;
  3. Fulfil obligations established by law, regulations, community legislation
  4. Security and property protection purposes.

The legal basis of processing is constituted:

  • For purposes under a) and b), by the consent you gave;
  • For purposes under c), by compliance with legal obligations;
  • For purposes under d) by the legitimate interest pursued by the Controller.

It is not mandatory to provide your Data, but an eventual refusal to do so will entail the objective impossibility to fulfil your requests.

5. Processing methods

Personal Data are processed manually, digitally and electronically applying logics strictly connected to the purposes and, in any case, to guarantee the security and confidentiality of the Data pursuant to laws in force.

6. Data storage period

The University will process the Data for the time strictly needed to achieve the abovementioned purposes; with no prejudice to any storage terms established by law or regulations.

For personal data acquired during services provision of the services referred to purposes under a), the storage time envisaged is 12 months from the first contact and / or from the exhaustion of the purposes for which such data were provided. After this period, Data will be made anonymous.

For information on the storage periods of data relating to interactions via social media, please refer to the information notices and privacy policies of the individual sites or social networks.

7. Subject categories that the Data can be communicated to

Your data can be communicated to:

  • Public and private Bodies or competent Authorities, to comply with legal obligations or internal University regulations and to enable the service/supply of the service you requested;
  • Companies in charge of the activities necessary for the provision of services, IT resources and services made available to students and/or users.

Subjects belonging to the categories that data can be communicated to, will process the Data, based on the case, as Processors specifically appointed by the Controller pursuant to law, or as autonomous Controllers.

The list of Data Processors appointed is updated continuously and available from the University offices.

8. Transfer of personal Data to countries extra EU

Personal Data can be transferred to non-EU Countries, in particular for services located outside the European Union (e.g. cloud storage). In that case, the Controller hereto assures that the transfer of data outside the EU will take place pursuant to laws applicable, for example after stipulating the standard contractual clauses adopted by the European Union.

9. Data Protection Officer, D.P.O.

The University has appointed a Data Protection Officer, D.P.O., Mr.Ferdinando Zanatti email

10. Rights of the Data subject

As Data subject you have the right to:

  1. Ask the Controller to access, cancel, rectify if inaccurate, integrated if incomplete your data, and to restrict processing in cases set forth in Art. 18 of the GDPR;
  2. Object, at any time, in full or partially, to processing of Data needed for pursuance of the legitimate interest of the Controller;
  3. If the conditions for the portability right pursuant to Art. 20 of the GDPR exist, receive in a structured form, commonly used and readable with an automatic device the Data supplied to the Controller and, if technically feasible, transmit it to another Controller without hindrance;
  4. Revoke consent given at any time;
  5. Lodge a complaint with a supervisory Authority.

Those rights may be exercised by registered mail, addressed to Università Cattolica del Sacro Cuore, Direzione Generale (Office of the General Manager) – Privacy, Largo Agostino Gemelli 1, 20123, Milan, or by email to

Updated on: 05 July 2021