Privacy and Protection of Personal Data
Since May 25, 2018, Regulation (EU) 2016/679, known as the “General Data Protection Regulation” (GDPR), has been fully operational.
The Regulation is directly applicable and binding in all Member States and does not require national implementation legislation, except for certain areas where it refers, deviates, or requires regulatory integration by individual states.
Through Legislative Decree no. 101 of October 10, 2018, the Italian legislature has aligned the provisions contained in Legislative Decree no. 196 of June 30, 2003 (Code on the protection of personal data) with the GDPR.
The University of Bari Aldo Moro, aware of the importance of adopting policies for the protection of personal data processed in the exercise of its institutional tasks, commits to carry out processing in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.
The University of Bari Aldo Moro has also initiated a series of activities to ensure the adaptation of its procedures and regulations to the new legal obligations and to ensure compliance with the GDPR.
The Data Controller is the University of Bari Aldo Moro, located at Piazza Umberto I, 1 – 70121, Bari, represented by the Rector.
The contact details of the Data Controller are:
Internal Data Controllers
Internal data controllers are identified based on the responsibilities attributed to the organizational function or institutional position they hold within the structures where personal data is managed for institutional purposes (D.R. 4314 dated 17.12.2018).
The internal data controllers are identified as follows:
For the Rectorate:
- The Rector or a specifically designated delegate for activities under the competence of the Rectorate.
For administrative and management structures:
- The General Director for activities under the competence of the General Directorate.
- The managers of the respective departments for activities under their competence.
For teaching and research activities:
- The directors of the teaching and research departments and centers.
- The presidents of the schools.
- The responsible individuals for other types of structures.
Data Protection Officer
The Data Protection Officer (DPO) is a specialized figure who supports the Data Controller and acts as a liaison with the Data Protection Authority and as a guarantor for data subjects.
The Data Protection Officer (DPO) of the University of Bari Aldo Moro is Dr. Rosa Maria Sanrocco, Head of the Institutional Services Section.
The contact details of the DPO are:
For each type of data processing, the University of Bari Aldo Moro provides data subjects with concise, transparent, easily understandable, and easily accessible information, unless the data subject already possesses the information (Article 13, paragraph 4 of the EU Regulation) or in other specific cases provided for in Article 14, paragraph 5 of the EU Regulation.
Each information notice contains the following information:
- Contact details of the Data Controller
- Contact details of the Data Protection Officer
- Purposes of the processing
- Legal basis for the processing
- Nature of the data provision
- Categories of data recipients
- Data retention period
- Rights of data subjects
- Existence of automated decision-making, including profiling
Exercise of rights regarding the protection of personal data
The University of Bari Aldo Moro guarantees the respect of the rights of data subjects as provided in Articles 12 to 22 of the EU Regulation, including access to personal data, rectification of inaccurate data, integration of incomplete data, erasure, restriction of processing, the right to object, and the right to withdraw consent without affecting the lawfulness of processing based on consent before its withdrawal.
Data subjects also have the right to lodge a complaint with the Data Protection Authority under Article 77 of the GDPR.
Data subjects can contact the Data Protection Officer at the following email address: firstname.lastname@example.org
Reporting personal data breaches
The EU Regulation defines a personal data breach or data breach as any “accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed” by the Data Controller.
In order to protect individuals, data, and information, and to document the procedures for managing personal data breaches, the University of Bari Aldo Moro, as the Data Controller, has established a procedure for managing and resolving any breaches.
This procedure applies to any activity carried out by the University, particularly with regard to all paper archives and/or documents and all information systems through which personal data is processed, even with the support of external providers.