Versione italiana

art. 13 EU Regulation 2016/679 - General Data Protection Regulation

This Policy is provided pursuant to art. 13 of EU Regulation 2016/679 (General Data Protection Regulation, hereinafter GDPR), in relation to the personal data that the University of Padua (hereinafter the University), as the Data Controller, acquires through the video surveillance systems operating at the University's premises, in accordance with its Video Surveillance Regulations.

The processing of Personal data are processed fairly, lawfully and transparently in a manner that safeguards the privacy and rights of all Data Subjects as specified below.

1. Identity and Contact Details of the Data Controller

The Data Controller is the University of Padua, legally represented by the Rector pro tempore, with registered office in via VIII Febbraio no. 2, Padova - 35122.
In order to exercise their rights, the Data Subject may contact the Data Controller writing indicated in point 11 or sending an email to the certified email address amministrazione.centrale@pec.unipd.it or to the email address urp@unipd.it.

2. Contact Details of the Data Protection Officer

The University has designated its own Data Protection Officer pursuant to art. 37 of EU Regulation 2016/679.
The Data Protection Officer may be contacted at the following email address: privacy@unipd.it.

3. Sources and Types of Data

Within the scope of this policy, the Data Subject is any natural person whose personal data are processed when accessing the video-surveilled area.
The personal data that may be processed exclusively for the purposes indicated in point 4 are images captured by the cameras located at the University premises, which may be viewed in real-time or recorded and stored.
Access to the video-surveilled areas entails the collection, recording, storage, and deletion of the images of the data subjects.

4. Purposes of Data Processing

The University processes personal data in the execution of video surveillance activities at its facilities. Specifically, the processing is carried out for the following purposes:

• Ensuring the safety and security of university staff, students, and visitors to university premises;
• Protecting the University's movable and immovable property;
• Monitoring and controlling access to areas not open to the public and reserved for staff use only;
• Preventing the commission of any unlawful acts against the University.

5. Data Processing methods

Your data will be processed using video surveillance system, which allows real-time view ("live") as well as recording of the images.
The video surveillance system operates 24 hours a day, 7 days a week.
The view and management of the images captured by the video surveillance system are reserved for the Data Controller and its formally appointed personnel. The data are stored using appropriate security measures to prevent access by unauthorised personnel and to ensure their confidentiality and integrity.
The University does not adopt automated decision-making processes relating to the rights of the Data Subject using personal data, including profiling, in accordance with the garantees provided by art. 22 of the EU Regulation.

6. Data Retention

Personal data are retained for a period not exceeding twenty-four hours after their capture, after which they are automatically deleted. Exceptions are made for special needs of further retention in relation to public holidays or university closure, as well as in the case of specific investigative requests from judicial authorities or police forces.
During scheduled closures of the University, recordings may be retained for security reasons for the entire closure period.
In the event of capturing images concerning alleged crimes or events relevant to public safety, environmental, or public heritage protection, the Data Controller shall promptly notify the competent Authority and ensure their storage.

7. Simplified Privacy Policy

The video-surveilled areas are indicated through appropriate signs, clearly visible in all lighting conditions, which also mention the pursued purposes. These signs are placed before the cameras' range of action, also in their immediate vicinity, and not necessarily in direct contact with the systems (annex A).

8. Legal Basis for Processing and Nature of Provision

The processing of personal data for the aforementioned purposes is carried out by the Data Controller based on the pursuit of a legitimate interest pursuant to art. 6, paragraph 1, letter f), of the EU Regulation 2016/679.

9. Recipients of the Data

The recipients of the data are the natural persons appointed by the University for data processing, including employees and self-employed contractors of the University of Padua and affiliated entities.

Third Parties

Personal data may, in any case, be discolosed to third parties to fulfil legal and contractual obligations, specific requests from the Data Subjects, management of any complaints or disputes, and for the prevention and repression of fraud and any illegal activities.
For the purposes indicated in point 4, personal data may be disclosed to third parties, including judicial and public security authorities.

10. Data Subject's Rights

The Data Subject may exercise the rights provided for in Articles 15 et seq. of the EU Regulation, such as the right of access, the right to rectify or supplement of their data, the right to erasure (right to be forgotten), and the right to restriction of processing, as well as the right to data portability, under the conditions and within the limits indicated by the EU Regulation.
The request for erasure of personal data cannot be accepted to the extent that the processing is necessary for the fullfillment of a legal obligation, for the performance of institutional tasks, for the establishment, exercise, or defence of a legal claim, and in any other case provided for by art. 17, paragraph 3, of the EU Regulation.
The Data Subject has the right to object at any time to the processing of their personal data, as provided for by art. 21 of the EU Regulation.
The Data Subjec may lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

11. Exercising Rights methods

In order to exercise their rights, the Data Subjects can contact the Data Controller by sending an email to the certified email addresses: vds.ateneo@unipd.it or  urp@unipd.it. Alternatively, the Data Subject can write to the University of Padua, via VIII Febbraio no. 2, 3512 Padova.

The Data Controller is required to provide a response within one month of the request, extendable up to three months in case of particular complexity of the request.

12. Any Changes to the Privacy Policy

The University may modify or supplement this Policy at any time. Changes will be published in the Privacy section of the institutional website.

Update date: 14/12/2021