Privacy organisational chart and instructions
By means of Resolution No. 202/2020 of the Board of Directors, the University, as part of its organisational structure, has assigned specific tasks and functions to staff holding managerial, organisational, administrative or scientific roles, pursuant to article 2-quaterdecies, d.lgs. (legislative decree) No. 196/2003 (Personal Data Protection Code).
Persons appointed to process personal data and their tasks.
Legal representation for privacy purposes
They sign agreements and any other act referring to the University in their capacity as data controller or data processor as part of the tasks assigned by law and University regulations
At University level: Rector and Director General
At division level: Privacy Delegates
Privacy delegates
For the Central Administration: Managers
For decentralised divisions: Division Heads
- Department Directors
- Centre Directors or Chairmen
Privacy delegates, within the limits of their management competences:
1. Sign agreements and any other act referring to the University in their capacity as data controller or data processor;
2. Guarantee, in collaboration with the organisational contact persons for privacy, the adoption of the technical and organisational measures necessary for the protection of personal data processed in the context of the activities managed by their respective divisions, in compliance with the principles set out in Articles 5 and 25 of the GDPR and the University's privacy policy;
3. Ensure that the provisions on the protection of personal data are complied with by the staff and other authorised persons working in the division for which they are responsible;
4. Ensure that staff and other authorised persons working in the division for which they are responsible receive appropriate training on protection of personal data;
5. Prepare the necessary security measures for the information systems managed independently by the divisions for which they are responsible, in accordance with the indications given by the Digital Transition Manager (RTD);
6. Identify one or more "privacy experts" from among the persons who, by virtue of their experience, skills and reliability, provide a suitable guarantee of full compliance with the provisions in force on the protection of personal data, with the task of supporting the delegate, the organisational privacy contact persons and the system administrators of the division;
7. Prepare and update the information and the register of processing operations managed autonomously by the division for which they are responsible, indicating in particular: a) the purposes and methods of processing, b) the nature of the data, the place where they are stored, the categories of data subjects to whom the data refer, c) the scope of communication of the data, d) the security measures adopted;
8. Ensure the exercise of the rights of the data subjects;
9. Ensure compliance with the data breach notification procedure.
Organisational contact persons for privacy matters
Central Administration:
- Office directors
- Sector managers
For the decentralised divisions
Management and administration:
- Departmental Secretaries
- Technical staff and managers;
- Sector managers
Training area:
- Chairpersons of the University Schools
- Chairpersons of Degree Courses
- Coordinators of PhD Schools
- Directors of Specialisation Schools
- Master's Directors
Research and third mission:
- Research project leaders
- Technical and scientific coordinators
Within the framework of the procedures, activities or projects for which they are responsible, the organisational contact persons:
1. Adopt the technical and organisational measures necessary to ensure compliance with the privacy policy of the University and the relevant division;
2. Ensure that the provisions on the protection of personal data are complied with by the persons authorised to process them;
3. Ensure that, upon data collection, data subjects are provided with information in accordance with Articles 13 and 14 of the GDPR;
4. Inform the delegate of the division concerned of any need to update the information and the register of processing operations;
5. Cooperate to ensure the exercise of data subjects' rights;
6. They notify the delegate of the relevant division of any personal data breach, even if only presumed.
Persons authorised to process personal data
Within the limits of the institutional activities carried out under the authority of the University, the following are authorised to process personal data:
Employees
- Graduate students, grant holders and graduates
- External collaborators, including occasional ones
- Undergraduates, interns and students in any way authorised
Persons authorised to process personal data:
1. Comply with the instructions given by the University for the correct processing of personal data in the performance of their official activities;
2. Participate in the training courses planned by the University on data protection;
3. Cooperate in the proper handling of requests to exercise the rights of data subjects;
4. Promptly report to the Organisational Privacy Contact Person any anomalies, incidents, theft, loss of data or any personal data breaches.
Instructions for persons authorised to process personal data
Data Protection Officer (DPO): Giorgio Valandro
email: privacy@unipd.it