Personal data information for use of badge

Please note that for institutional security needs labels known as RFID tags have been applied to badges, incorporating a technology that makes it possible to read personal data stored in magnetic cards.

The Alma Mater Studiorum – Università di Bologna is updating its privacy policies pursuant to the new EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data.

In the next few days this privacy policy will be brought up to date.

In the meantime, the current privacy policy is supplemented by the information published on the Privacy Policy Update pursuant to the EU General Data Protection Regulation (2016/679)" webpage (in Italian).


Pursuant to Article 13 of Italian Legislative Decree n° 196/2003, we hereby inform you that the University is using an access control system, hereinafter referred to as “C.I.P.”, with which an accurate control of access to premises for authorised users only is possible. Authorised users are deemed as those who, when using the University badge and control systems, are allowed access to University classrooms, laboratories and libraries by the “CIP reference persons” managing the system.

1. Purpose and Methods of Data Processing

The data are processed for the purposes of protecting the University’s assets and improving security in the buildings.

The data are read by means of an RFID tag or magnetic strip in the badge.

The RFID tags or magnetic strips allow the CIP system to identify the user requesting access, using the personal data (name, surname, group/job category) in the University’s possession.

These personal data are recorded by the CIP system at the time of entry to or exit from the premises and are stored by CESIA for a period of not longer than six months.

2. Nature of Data

The supply of the data is not based on any legal obligation but is nevertheless necessary in order to be able to access university premises with the CIP system. Refusal could make it impossible to access university premises without recording your presence in a hard copy register.

3. Flow of Data

The personal data generated by the CIP system (regarding entry and exit times to and from the premises) are stored by CESIA and, according to the authorisation profiles, are viewable in aggregate or identifiable form by the “CIP reference persons” for the premises where the system is installed.

The data are then anonymized and used for statistical research into the use of certain university facilities.

If specifically requested, the data can be supplied to the judicial authorities.

4. Data Processors

The Controller of the data supplied via CIP is Alma Mater Studiorum – University of Bologna, with registered office at Via Zamboni 33, 40126 - Bologna, Italy.

The Processors of the personal data referred to in this document are:

  • heads of administration, support, teaching and scientific facilities (the campus directors/vice-deans and heads of each facility are listed on the website as regards authorisation for access to the premises for which they are responsible with the aforementioned system and, in general, for all the information displayed/viewable by appointed staff;
  • the Head of Information Systems and Applications (CeSIA), Enrico Lodolo - Viale Filopanti n. 3 - 40126 Bologna (BO), as regards the management of the infrastructure and the storage of CIP-generated log files.

The list system administrators is available from CeSIA and can be supplied on request to the person in question by writing to the address

5. Rights of The Person In Question

Data subjects shall have the right at any time to obtain confirmation as to whether or not personal data concerning them exist, to be informed of the content and source of such data, to check their accuracy and request integration, updating or rectification (Article 7 of Italian Personal Data Protection Code).

In accordance with the aforementioned Article, the data subject has the right to request the erasure, anonymization or blocking of data that have been processed unlawfully or, on legitimate grounds,their processing.

These rights may be exercised either by writing to the Controller of data at the above address or by contacting the person in charge of the specific data processing to which the exercised rights in Article 7 of Italian Legislative Decree n° 196/2003 refer.