Information for persons who use University services and tools in the context of institutional activities

Processing for the purposes of identifying and verifying the digital identity of a person

Purposes of processing personal dataSpecific processing purposes and methods

Personal data and any special categories of data (for example, data that may be revealed by photographs) are processed in order to establish and verify the identity of staff, students, collaborators, and third parties working at the University.

To this end, the data may be processed:

  • for digital signing purposes, to allow signatories to electronically sign documents in the performance of their institutional duties (for example, in order to maintain digital records of exams and/or for other record-keeping purposes);
  • to assign usernames and passwords in order to allow access to the University network, the related network services and IT applications (including the creation of an electronic mailbox to be used of institutional communications). The data are also processed in order to ensure the proper management of authorisations, including from an IT perspective, through the digital identity of the data subject;
  • to assign a badge to each employee, collaborator, student and third party so that they can be identified within the University. This badge also enables: 
    • access to rooms;
    • the control of physical access to the structures and rooms of the University in order to protect its assets and improve security. It should be noted that, for this purpose, the badges are equipped with radio-frequency identification (RFID), which makes it possible to identify users through the University’s “CIP” (access control) system. The personal data used (name, surname, student registration number, affiliation/type of appointment, access and exit data) are recorded when the badge is passed over the reader.

Legal basisLegal basis of the processing and nature of the provision of data

The legal basis for the data processing is found in articles 6, paragraph 1, letter e) (processing carried out in the public interest) and 9, paragraph 2, letter g) (processing for reasons of substantial public interest) of Regulation (EU) 2016/679.

The provision of personal data is compulsory. Refusal to provide the data will make it impossible to perform the work and/or make use of the University services.

Recipients of personal dataRecipients

In addition to the recipients mentioned in the general privacy policy, the data may also be sent to third parties appointed as Data Processors pursuant to art. 28 of Regulation (EU) 2016/679, who may directly assist the University in activities that entail the processing of personal data (including: printing and issuing badges, issuing certificates signed electronically and/or for authentication purposes and/or to manage the University’s information systems and services relating to digital identity management).

Data retention periodData retention period

The data processed internally with regard to the assignment and expiry of digital signatures will be retained for the entire period during which the service is active and may be retained for longer periods for statistical analysis and/or service improvement purposes.

Retention periods for usernames and passwords are defined by the regulations or through decrees issued by senior management.

Once the badge is returned to the University, it is destroyed by the relative office.

Privacy and cookie policy applicable to users of the University Portal system websites

Privacy and cookie policy applicable to users of the University Portal system websites

Privacy policy applicable to users of ACNP - Italian Periodicals Catalogue

Privacy policy applicable to users of ACNP - Italian Periodicals Catalogue (in Italian)

Privacy policy applicable to University Newsletter subscribers

Privacy policy applicable to University Newsletter subscribers