Privacy organisational chart and instructions

By means of Resolution No. 202/2020 of the Board of Directors, the University, as part of its organisational structure, has assigned specific tasks and functions to staff holding managerial, organisational, administrative or scientific roles, pursuant to article 2-quaterdecies, d.lgs. (legislative decree) No. 196/2003 (Personal Data Protection Code).
Persons appointed to process personal data and their tasks.

  Legal representation for privacy purposes

They sign agreements and any other act referring to the University in their capacity as data controller or data processor as part of the tasks assigned by law and University regulations

At University level: Rector and Director General

At division level: Privacy Delegates

  Privacy delegates

For the Central Administration: Managers

For decentralised divisions: Division Heads
- Department Directors
- Centre Directors or Chairmen 

Privacy delegates, within the limits of their management competences:
1. Sign agreements and any other act referring to the University in their capacity as data controller or data processor;
2. Guarantee, in collaboration with the organisational contact persons for privacy, the adoption of the technical and organisational measures necessary for the protection of personal data processed in the context of the activities managed by their respective divisions, in compliance with the principles set out in Articles 5 and 25 of the GDPR and the University's privacy policy;
3. Ensure that the provisions on the protection of personal data are complied with by the staff and other authorised persons working in the division for which they are responsible;
4. Ensure that staff and other authorised persons working in the division for which they are responsible receive appropriate training on protection of personal data;
5. Prepare the necessary security measures for the information systems managed independently by the divisions for which they are responsible, in accordance with the indications given by the Digital Transition Manager (RTD);
6. Identify one or more "privacy experts" from among the persons who, by virtue of their experience, skills and reliability, provide a suitable guarantee of full compliance with the provisions in force on the protection of personal data, with the task of supporting the delegate, the organisational privacy contact persons and the system administrators of the division;
7. Prepare and update the information and the register of processing operations managed autonomously by the division for which they are responsible, indicating in particular: a) the purposes and methods of processing, b) the nature of the data, the place where they are stored, the categories of data subjects to whom the data refer, c) the scope of communication of the data, d) the security measures adopted;
8. Ensure the exercise of the rights of the data subjects;
9. Ensure compliance with the data breach notification procedure.

  Organisational contact persons for privacy matters

Central Administration:
- Office directors
- Sector managers

For the decentralised divisions
Management and administration:
- Departmental Secretaries
- Technical staff and managers;
- Sector managers

Training area:
- Chairpersons of the University Schools
- Chairpersons of Degree Courses
- Coordinators of PhD Schools
- Directors of Specialisation Schools
- Master's Directors

Research and third mission:
- Research project leaders
- Technical and scientific coordinators

Within the framework of the procedures, activities or projects for which they are responsible, the organisational contact persons:
1. Adopt the technical and organisational measures necessary to ensure compliance with the privacy policy of the University and the relevant division;
2. Ensure that the provisions on the protection of personal data are complied with by the persons authorised to process them;
3. Ensure that, upon data collection, data subjects are provided with information in accordance with Articles 13 and 14 of the GDPR;
4. Inform the delegate of the division concerned of any need to update the information and the register of processing operations;
5. Cooperate to ensure the exercise of data subjects' rights;
6. They notify the delegate of the relevant division of any personal data breach, even if only presumed.

  Persons authorised to process personal data

Within the limits of the institutional activities carried out under the authority of the University, the following are authorised to process personal data:

Employees
- Graduate students, grant holders and graduates
- External collaborators, including occasional ones
- Undergraduates, interns and students in any way authorised

Persons authorised to process personal data:
1. Comply with the instructions given by the University for the correct processing of personal data in the performance of their official activities;
2. Participate in the training courses planned by the University on data protection;
3. Cooperate in the proper handling of requests to exercise the rights of data subjects;
4. Promptly report to the Organisational Privacy Contact Person any anomalies, incidents, theft, loss of data or any personal data breaches.

 


Privacy organisational chart

Instructions for persons authorised to process personal data

Data Protection Officer (DPO):  Giorgio Valandro

email: privacy@unipd.it