The University of Messina undertakes to implement protective measures for the processing of personal data in order to adapt to and comply with the New Regulation (EU) 2016/679 of the European Parliament and Council, 27 April 2016 -General Data Protection Regulation (GDPR)- concerning the protection of individuals regarding the processing of personal data, as well as the free circulation of such data; and repealing Directives 95/46/EC; and the Legislative Decree n. 196/2003-Code regarding the protection of personal data-as adapted to the aforementioned Regulation by Legislative Decree no. 101/2018 of 10 August 2018.
The Data Controller is the University of Messina (Owner),
in the person of the Rector, Prof. Salvatore Cuzzocrea
with registered office at: University Central Campus, Piazza Pugliatti 1, 98122 Messina.
Telephone: +39 090 6768900
PEC (Certified E-mail): firstname.lastname@example.org
The processing of personal data – which is associated with a purpose connected to the institutional mission of the University (teaching, research and third mission – described in the University Statute) is necessary for the performance of the relative tasks and activities of an institutional nature. The processing of personal data is carried out in compliance with the regulations in force, respecting human dignity, fundamental human rights and freedom of students, University staff, users who interact with the University, stakeholders in general, according to Article 1 of the Legislative Decree 196/2003 / Legislative Decree 101/2018. The University undertakes to process personal data in a transparent manner towards the data subjects, i.e., the parties to whom the data refer.
In general, the lawfulness of the processing, i.e. the legal prerequisite configuring it as lawful, is identified in the art. 6 paragraph 1 letter (e) of the GDPR: “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller“. Further bases of lawfulness prescribed by the European Regulation (e.g., consent or legitimate interest), will be specified.
Personal data are processed in accordance with the provisions of art. 5 of the GDPR: lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’); collected for specified, explicit and legitimate purposes; in compliance with the principles of data quality (‘data minimisation’, ‘accuracy’ and ‘storage limitation’), and the security of processing is pursuant to art. 32 of the GDPR (confidentiality, integrity, availability and resilience of processing systems and services).
The data subject can control the information referring to him/her by exercising the rights declared in Chapter III of the GDPR: the right of information and access to personal data (articles 12-15), whose origin, purpose, copy, and legal basis for the processing can be obtained; the right to rectification (articles 16, 19) and/or erasure (articles 17, 19), the right to restriction of processing (articles 18, 19) or the existence of an automated individual decision-making process (article 22).
The data subject has the right to object the processing at any time (art. 21), withdraw his or her consent at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, art. 7); moreover, he/she the right to lodge a complaint with a supervisory authority (art.15). To exercise these rights, data subjects can submit the dedicated available form.
The Italian national supervisory authority for the protection of personal data is the Data Protection Authority – DPA (Garante per la protezione dei dati personali). http://www.garanteprivacy.it.
To exercise their rights, the data subjects can contact the Data Controller or the Data Protection Officer.
Periodic consultation of this section of the portal is recommended to find out about information updates and University initiatives on the subject.
Processing of personal data: informations for dtaa subjects
In order to promote and organise in a structured way the compilation of information on the data processing pursuant to articles 12-13-14 of the General Regulation for the protection of personal data, 679/2016, a specific form has been prepared, available on request, to be submitted by e-mail to the Data Controller, to the Internal Data Processor of the competent administrative department or to the University Data Protection Officer.
Documents (in Italian):
The Collegial Bodies of the University, in the session of 30 October 2018, approved the ‘Plan for the application at UniME of the European Regulation 679/2016 and of the Code regarding the personal data protection (Legislative Decree 196/2003), as amended by Legislative Decree 101/2018’.
References: Resolution of the Academic Senate, Rep. 377/2018; Resolution of the Board of Directors, Rep. 457/2018.
Seven priority actions have been included in the plan: Training; Internal functional organization; Risk management and measurement; Management and execution of data processing; Information and protection measures; Control on the assignment of data processing to (external) Managers; Internal regulation.
The plan was structured to configure actions and intervention priorities capable of responding to specific and immediate adaptation needs, and of carrying out specific and demonstrable activities, reviewed and updated with a view to continuous improvement, also considering a preventive analysis and the related protective measures.
The personal data protection training plan is part of the actions planned by the University for the implementation of the compliance process with the European Regulation and the ‘new’ Code. The main objectives are: providing the staff members involved in the personal data management and processing with the necessary knowledge; promoting, increasing and spreading awareness, attention and interest of the entire academic community on the personal data protection and its implications.
Documents (in Italian):