Information notice for calls for applications and competitions for admission

Information notice for calls for applications and competitions for admission

1. Introduction

Pursuant to Articles 13 and 14 of the Regulation (EU) 2016/679 on the “protection of natural persons with regard to the processing of personal data” (hereinafter also “GDPR”), we are providing the information on the processing of your personal data ("Data") performed by Università Cattolica del Sacro Cuore (hereinafter also the “University”).

2. Identity and contact details for the Data controller

The Controller of the processing of your Data is Università Cattolica del Sacro Cuore (hereinafter also “Controller”), with registered office in Largo Agostino Gemelli 1, 20123 Milan, tel. (+39) 027234.1.

3. Categories of personal data

The Data processed by the University include, but are not limited to:

• Common Data: personal data, contact details, payment data, work experience, education, qualifications, publications, your picture in digital format;
• Special categories of personal data pursuant to Art. 9 of the GDPR (e.g. data related to the health status, such as legal protected status), included in the curriculum vitae or other documentation you have submitted to the University;
• Data concerning criminal convictions and offences referred to in Art. 10 of the GDPR, that can be inferred from the documentation submitted by the data subject and which will be processed only to the maximum extent permitted by applicable law.

 4. Purposes of processing and legal basis

Data provided by you will be processed for the following purposes:

a. Enable you to participate in the call for applications you have applied for and perform related activities;

b. Enforce and/or defend the rights of the University in civil, criminal and/or administrative litigation cases;

c. Application of European and/or national regulations.

The legal basis of processing is constituted:

1. For purpose under a):
   • With reference to common data, by execution of pre-contractual measures, for example participation in tests and evaluation questionnaires;
   • With reference to special categories of personal data, by your explicit consent.
2. For purpose under b), by the need to establish, exercise or defend a right in court proceedings;
3. For purpose under c), by compliance with legal and regulatory obligations.

An eventual refusal to provide your Data and/or to give your explicit consent to the processing of special categories of personal data, will entail the objective impossibility for the University to pursue the purposes illustrated above.

5. Processing methods

Data are processed by manual, digital and electronic means with logics strictly related to the purposes and, nevertheless, in such a way to guarantee the security and confidentiality of the Data pursuant to current regulations.

6. Data retention

The University will process the Data for the time strictly needed to achieve the abovementioned purposes, with no prejudice to any retention terms established by law or regulations, including internal ones.

7. Categories of recipients

Your Data can be communicated to external Companies/Entities to comply with legal or regulatory obligations, as well as to allow the performance of the service and/or the provision of the service you requested; in particular:

• Public and private Bodies or competent Authorities;
• Organisations associated with the University;
• Banking institutes.

The subjects belonging to the categories to which the Data may be communicated, will process the Data and use them, as the case may be, as Data Processors specifically appointed by the Controller pursuant to the law, or as autonomous Data Controllers.

The list of appointed Data Processors is continuously updated and available at the University offices.

8. Transfer of personal data outside the EU

Data can be transferred to non-EU countries, in particular for services located outside the territory of the European Union (e.g. cloud storage). In that case, the Controller hereto assures that the transfer of Data will take place pursuant to the applicable legal provisions.

9. Data Protection Officer, D.P.O.

The University has appointed a Data Protection Officer, D.P.O., who can be contacted by email at dpo@unicatt.it

10. Data Subject’s rights

As Data subject you have the right to:

1. Ask the Controller to access the Data, their cancellation, the rectification of inaccurate Data, the integration of incomplete Data, as well as the restriction of processing in the cases set forth in Art. 18 of the GDPR;
2. If the conditions for exercising the right to portability pursuant to Art. 20 of the GDPR are met, receive in a structured form, commonly used and machine-readable format the Data provided to the Controller and, if technically feasible, transmit it to another Data Controller without hindrance;
3. Revoke consent given at any time;
4. Lodge a complaint with a supervisory Authority (Garante per la Protezione dei dati personali).

Please note that the right to object, which Article 21 of the GDPR grants to the data subject for reasons related to his or her particular situation, in the event that the legal basis is the performance of a task in the public interest or the legitimate interest of the Controller, remains unaffected.

Those rights may be exercised by registered mail, addressed to Università Cattolica del Sacro Cuore, Direzione Generale (Office of the General Manager) – Privacy, Largo Agostino Gemelli 1, 20123, Milan, or by email to dpo@unicatt.it

Updated on: 5 February 2026