Information on Personal Data Processing for Events

Article 13 of the European Union General Data Protection Regulations – EU 2016/679

This information is provided under art 13 of EU Regulation 2016/679 - General Data Protection Regulation (hereinafter EU Regulation) concerning personal data that comes into possession of the University of Padua (hereinafter the University) as a result of the registration and participation of cultural, educational, and research based events.  The information provided relates to the processing of the personal data collected through photographs and the audiovisual field of the interested parties.

Founded on principles of correctness, lawfulness, transparency, and protection of confidentiality, the processing of personal data based on the rights of the interested parties, as specified in the following information.

  1. Identity of the data controller

The Data Controller is the University of Padua, with a registered office at via VIII February n. 2, 35122 - Padua (certified e-mail

  2. Contact details of the data protection officer

The Data Protection Officer of the Controller is appointed under Art. 37 of the EU Regulation and can be contacted by e-mail at

  3. Sources and types of data

Joint controllers may process personal data exclusively for the purposes indicated in point 4.

a)     Personal data is provided directly by the interested party. Common data, such as personal identification details (Driving license / C.I. / Passport), and contact details (e-mail, phone number)

b)    Images collected from photos, audiovisual recording of the participants, upon notification with specific information displayed near the event (see

  4. Purpose for processing

Data is processed for the purposed of registering for events related only to the performance and disclosure of the University activities.

Data is processed for the following purposes:
a) To register for an event
b) To participate in the activities planned the event
c) For the release of information and sharing of data for cultural, educational, research, and third mission activities

  5. Data processing methods

Data processing is carried out in such a way as to guarantee maximum security and confidentiality implemented by manual, IT, and telematics tools used for storing, managing, and transmitting data.

The University does not resort to using automated individual decision-making tools, including profiling processes, related to the personal data rights of the interested party and remains in compliance with the guarantees provided for in Art. 22 of the EU Regulation.

Images contained in photos, videos or other audiovisual materials may be published on the official communication channels of the University subject to the conditions indicated in point 7 (with release or for interests and public events).

In combination with standard icons easily visible and identifiable at events, information is available where images of interested parties are obtained through photographs, videos or other audiovisual tools. (See

  6. Purposes of processing and legal basis of processing

The legal basis of the processing provided in compliance with art. 6, paragraph 1(e) of the EU Regulation protects intuitional activities related to research, teaching, and the so-called ‘third mission.’

The legal basis of the processing provided in compliance with art. 6, paragraph 1(a) of the EU Regulations in relation to the personal data of minors states that consent rests expressly by the parent or legal representative of the concerned party.

Submitting personal data, including images, is required to register and participate in events.

  7. Publication of images

Images within photos, videos or other audiovisual material taken during events published on the official communication channels of the University may do so under one of the following conditions:

a) The signing of a specific release by the interested party or, in the case of minors, by the parent / legal representative
b) Images linked to facts, events, and ceremonies of interest to the community or held in public, respecting the honour, reputation and decorum of the interested parties, guaranteed in compliance with the principles and relevance with the exclusion of close-ups, blur, pixelated images etc.

  8. Data recipients

The data may be disclosed for the purposes indicated in point 4 to University staff and independent collaborators, professionals, and consultants who provide support for the creation and management of events.

The University may also communicate the personal data acquired to other public administrations, if necessary for any proceedings within its institutional competence, as well as to all those public subjects to whom, in the presence of the relative conditions, the communication is required by community provisions under rules of law or regulations.

Collected data is not normally transferred to countries outside the European Union. In any case, the University ensures compliance with the safety rules for the protection of the privacy of the interested parties.

  9. Data retention

Determining the retention period of personal data relates to the principle of the necessity of treatment for the entire period needed to carry out the purposes set out in point 4.

  10. Rights of the interested party

Interested parties are subject to the following rights

a) right to access personal data (Art. 15 of the EU Regulations)
b) right to modify or integrate their data (Art. 16 of the EU Regulations)
c) right to cancel (right to be forgotten), pursuant to (Art. 17 of the EU Regulations)
d) right to limit the processing under the conditions set out in (Art. 18 of the EU Regulations)
e) right to data portability, as governed by (Art. 20 of the EU Regulations)
f) right to object to the processing at any time (Article 21 of the EU Regulations)
g) right to lodge a complaint with the Guarantor for the protection of personal data

  11. How to exercise rights

Interested parties can exercise their rights by contacting the Data Controller by certified e-mail at or e-mail, or write to them at:

Data Controller
Università degli Studi di Padova
via VIII Febbraio n. 2
Padua, Italy 35122

The Data Controller is obligated to respond within one month of the request but may extend this to three months in case of particular complexity of the request.

  12. Changes to the information

Any changes and additions to this information are published in the Privacy section of the institutional website at