Info for
Prospective Students
Cattolica Students
International Students
Academic Staff
Alumni
Institutions, Companies and Professions
logo-unicatt
University arrow-right-grey
arrow-blue-left-icon ×
About us
Degree Programmes arrow-right-grey
arrow-blue-left-icon ×
Degree Programmes
Postgraduate
Admissions and Enrolment
International Candidates International Candidates external-link-icon
Research arrow-right-grey
arrow-blue-left-icon ×
Search in Cattolica
Faculty & Campus arrow-right-grey
arrow-blue-left-icon ×
Faculties and Facilities
Our Campuses Our Campuses
ARE YOU AN ENROLLED STUDENT?
SIGN IN TO ICATT EMAIL
YOU ARE A LECTURER OR STAFF MEMBER
SIGN IN TO CLOUDMAIL
strumenti-icon
ARE YOU AN ENROLLED STUDENT?
SIGN IN TO ICATT EMAIL
YOU ARE A LECTURER OR STAFF MEMBER
SIGN IN TO CLOUDMAIL
IT

Information notice for external collaborators

1. Introduction

Pursuant to Articles 13 and 14 of the Regulation (EU) 2016/679 on the “protection of natural persons with regard to the processing of personal data” (hereinafter also “Reg. UE 2016/679” or “GDPR”), we are providing the information on the processing of your personal data ("Data") performed by Università Cattolica del Sacro Cuore (hereinafter also the “University”).

2. Identity and contact details for the Data controller

The Controller of the processing of your Data is Università Cattolica del Sacro Cuore (hereinafter also “Controller”), with registered office in Largo Agostino Gemelli 1, 20123 Milan, telephone (+39) 027234.1.

3. Categories of personal data

The Data processed by the University include, but is not limited to:

  • Common data: personal data, contact details, information included in your CV, your picture in digital format, details of your bank account, income data (assignment or garnishment of wages request);
  • Special categories of personal data pursuant to Art. 9 of the GDPR: this includes information about your health (e.g. in case of injuries);
  • Personal data relating to criminal convictions and offences referred to in Art. 10 of the GDPR, which are reasonably inferable from the documentation submitted by the data subject and which will be processed only to the extent permitted by law.

 4. Purposes of processing and legal basis

Data collected will be processed for the following purposes:

a. Establishment and management of the work relationship with the University, including legal and economic management (calculation and payments of payroll and various emoluments, discounts and benefits granted to you);

b. Personnel management and performance review ;

c. Insurance and claims management;

d. Publication of your  Data (given name, family name, telephone no. and/or cellphone no., University email address and office) on the University intranet;

e. Sending communications and University newsletters to your University email address;

f. Management of the IT resources and devices necessary for the performance of your duties;

g. Access to services made available by the University.

The University will also process your personal Data for the following purposes:

h. Control of physical access, also through the video-surveillance systems, in order to guarantee security and safety of property and persons;

i. Budgeting and cost control;

l. University IT security management.

Your Data, including those belonging to "special categories" or “judicial data”, will also be processed for:

m. The application of European and/or national regulations, compliance with the provisions of the Authorities empowered by law and provisions issued by supervisory and control bodies (e.g. Italian Revenue Agency), Finance administration, Social and welfare institutions – also supplemental – and insurance companies.

n. Enforce and/or defend the University legal rights in civil, criminal and/or administrative litigation.

The legal basis of processing is constituted:

  1. For the purposes set forth in a) through g) above:

·         With reference to common data, by the execution of the work contract to which you are a part of;

·         With reference to special categories of personal data, by the need to comply with the rights of the Controller or of the data subject in the field of employment and social security and social protection law;

  1. For the purposes set forth in h) through l), by the legitimate interest pursued by the Controller;
  2. For the purpose under m), by observance of legal and regulatory obligations;
  3. For the purpose under n), by the need to establish, exercise or defend legal claims.

 An eventual refusal to do so could make it objectively impossible for the University to proceed with the establishment and management of your work relationship with it.

5. Processing methods

Data are processed by manual, digital and electronic means with logics strictly related to the purposes and, nevertheless, in such a way as to guarantee the security and confidentiality of the Data pursuant to current regulations.

 6. Data retention

The University will process the Data, including those collected by video surveillance circuits, for the time strictly needed to achieve the abovementioned purposes; with no prejudice to any retention terms established by law or regulations, including internal ones.

 7. Categories of recipients

Your Data can be communicated to external Companies/Entities to comply with legal or regulatory obligations and/or to enable the establishment and management of your work relationship with the University itself; in particular:

  • Public and private entities;
  • Banking institutes;
  • Subjects, and Institutions, also ecclesiastic;
  • Social security and welfare institutions;
  • Insurance companies;
  • Consulting firms (legal, tax, etc.);
  • Freelance professionals and accountancy firms;
  • Health and safety consultants;
  • Payroll service companies;
  • Companies providing IT services.

 Subjects belonging to the categories to which the Data may be communicated, will process the Data and use them, as the case may be, as Data Processors specifically appointed by the Controller pursuant to the law, or as autonomous Controllers.

The list of appointed Data Processors is continuously updated and available at the University offices.

 8. Transfer of personal data outside the EU

Data can be transferred to non-EU countries, in particular for services located outside the territory of the European Union (e.g. cloud storage). In that case, the Controller hereto assures that the transfer of Data will take place pursuant to the applicable legal provisions

 9. Data Protection Officer, D.P.O.

The University has appointed a Data Protection Officer, D.P.O., who can be contacted by email at dpo@unicatt.it

 10. Data subject’s rights

As Data subject you have the right to:

a. Ask the Controller to access the Data, their cancellation, the rectification of inaccurate Data, the integration of incomplete Data, as well as the restriction of processing in the cases set forth in Art. 18 of the GDPR;
b. If the conditions for exercising the right to portability pursuant to Art. 20 of the GDPR are met, receive in a structured form, commonly used and machine-readable format the Data provided to the Controller and, if technically feasible, transmit it to another Data Controller without hindrance;
c. Revoke consent given at any time;
d. Lodge a complaint with a supervisory Authority (Garante per la Protezione dei dati personali).

Please note that the right to object, which Article 21 of the GDPR grants to the data subject for reasons related to his or her particular situation, in the event that the legal basis is the performance of a task in the public interest or the legitimate interest of the Controller, remains unaffected.

Those rights may be exercised by registered mail, addressed to Università Cattolica del Sacro Cuore, Direzione Generale (Office of the General Manager) – Privacy, Largo Agostino Gemelli 1, 20123, Milan, or by email to dpo@unicatt.it

Updated on: 03 June 2025

 

Filename
09 Information notice for external collaborators.pdf
Size
94 KB
Format
application/pdf
Download
scroll-top-icon