1. Introduction

Pursuant to Article 13 of the Regulation (EU) 2016/679 on the “protection of natural persons with regard to the processing of personal data” (hereinafter also “GDPR”), we are providing the information required on the processing of your personal data (“Data”) performed by Università Cattolica del Sacro Cuore (hereinafter also the “University”).

2. Identity and contact details of the Data controller

The Controller of the processing of your Data is Università Cattolica del Sacro Cuore, with registered office in Largo Agostino Gemelli 1, 20123 Milan, telephone (+39) 027234.1.

3. Categories of personal Data

The Data processed by the University include:

Identification number and degree course of enrolment, date (time) and place (building and classroom) of attendance confirmation and information on the mobile application’s frequency of use. This data can be traced back to you as individual user by association with a unique code.

Please note that attendance is recorded once for each lesson.

4. Purposes of the processing and legal basis

Data provided by you will be processed for the following purpose: performing the obligations related to the student/user position, with reference to recordings via mobile application of courses, lectures and frontal teaching activities attendance.

The legal basis of processing is constituted by the execution of the contract that you are a part of.

It is not mandatory to provide your Data, an eventual refusal to do so will entail the impossibility to proceed with the detection of your presence through the mobile application.

5. Processing methods

Personal Data are processed manually, digitally and electronically applying logics strictly connected to the purposes and, in any case, to guarantee the security and confidentiality of the Data pursuant to laws in force.

More specifically, you will be asked to confirm your presence by logging in to the mobile application and activating Data transmission via Bluetooth from your personal device.

6. Data storage period

The University will process the Data for the time strictly needed to achieve the abovementioned purposes; with no prejudice to any storage terms established by law or regulations.

7. Subject categories that the Data can be communicated to

Your Data can be communicated to external Companies/Entities to comply with legal obligations or internal University regulations and/or to enable the service/supply of the service you requested; in particular:

  • Public and private entities or competent Authorities.

Subjects belonging to the categories that Data can be communicated to, will process the Data, based on the case, as Processors specifically appointed by the Controller pursuant to law, or as autonomous Controllers.

The list of Data Processors appointed is updated continuously and available from the University offices.

8. Transfer of personal data to countries extra EU

Personal Data can be transferred to non-EU Countries, in particular for services located outside the European Union (e.g. cloud storage). In that case, the Controller hereto assures that the transfer of Data outside the EU will take place pursuant to laws applicable, for example after stipulating the standard contractual clauses adopted by the European Union.

9. Data Protection Officer, D.P.O.

The University has appointed a Data Protection Officer (D.P.O.) reachable by email at:

10. Rights of the Data subject

As Data subject you have the right to:

  1. Ask the Controller to access, cancel, rectify if inaccurate, integrated if incomplete your Data, and to restrict processing in cases set forth in Art. 18 of the GDPR;
  2. Object, at any time, in full or partially, to processing of Data needed for pursuance of the legitimate interest of the Controller;
  3. commonly used and readable with an automatic device the Data supplied to the Controller and, if technically feasible, transmit it to another Controller without hindrance;
  4. Withdraw any consent given at any time;
  5. Lodge a complaint with a supervisory Authority.

Those rights may be exercised by registered mail, addressed to Università Cattolica del Sacro Cuore, Direzione  Generale (General Manager Office) – Privacy, Largo Agostino Gemelli 1, 20123, Milan, or by email at

Updated on: 04 march 2024