The Pontifical University of the Holy Cross, located at Piazza Sant'Apollinare 49, Rome, 00186 is set up—for legal purposes pertaining to personal data protection—as a data controller. It follows the privacy regulations approved by decree of the Rector on data protection on November 26, 2019. We invite everyone to read the regulations, either on our website (www.unisantacroce.it) or by requesting a hard copy, available in the Academic Secretary.
Purposes of Data Processing
Within the scope of its lawful activities and utilizing proper safeguarding measures, the processing of data is carried out by the Pontifical University of the Holy Cross for the purpose of research and formation in the ecclesiastical sciences, at the service of the whole Church.
Pursuant to the provisions of the aforementioned regulations, we inform all students that your data, such as, identification, personal, fiscal, and possibly banking data, will be processed by the university and by additional parties appointed by the same (designated subjects, authorized processors, and system administrators) exclusively for the purposes for which they are intended.
The processing of data at the Pontifical University of the Holy Cross may be utilized for the following:
- Didactic formation
- Fundraising
- Organization of academic events and conferences
The following cross-cutting processes are also carried out for:
- Personnel management
- Suppliers and payments
- ICT systems
Legal Bases of Data Processing
According to the aforementioned regulations, the lawfulness of any data processing is ensured by one or more of the following legal bases:
- Performance of a contract with the data subject (Art. 4(4)(b) of the regulations (“Regolamento”))
- Fulfilling a legal obligation to which the data controller is subject (Art. 4(4)(c))
- To fulfill institutional activities of the data controller (art. 4(4)(e))
- For a legitimate interest, in that the data processing is necessary for the pursuit of lawful purposes of the data controller or third parties (Art. 4(4)(f))
- Consent (art. 4(4)(a))
Methods of Data Processing, Storage, and Communication to Third Parties
The processing of data will be carried out in analogue (paper) and digital form (by means of computer tools), in compliance with the security measures adopted by the data controller and in accordance with the law, purpose limitation and data minimization, pursuant to article 3 (Policy for the Protection of Personal Data) of the university's privacy regulations.
Your personal data will be processed and stored for the time necessary to achieve the purposes for which it has been given and, in any case, for the period of time required by the regulations. After that time, your data will be kept exclusively for the purposes of archiving, storage, statistics, and research, limited to the data necessary for the proper functioning of the Pontifical University of the Holy Cross. For this purpose, the data will be kept indefinitely, in accordance with the principles of transparency, lawfulness, proportionality, and minimization.
The data collected will not be disseminated and will not be subject to communication to third parties without explicit consent, with the exception of communication necessary for the transfer of data to other ecclesiastical bodies and religious institutions of the Catholic Church, for the purpose of research and formation in ecclesiastical sciences, as well as to private and public entities for the fulfillment of obligations arising from the aforementioned purposes, established by law.
Rights of Data Subjects
As a data subject, you may, at any time, request from the data controller:
- Confirmation of the existence or non-existence of your personal data;
- Access to your personal data and information related to it;
- The rectification of inaccurate data or the integration of incomplete data;
- The withdrawal of consent to the processing of personal data;
- The cancellation of personal data concerning oneself, upon the occurrence of one of the conditions indicated in article seven of the university's privacy regulations and in compliance with the exceptions provided in the same article.
These rights can be exercised by contacting [privacy [at] pusc.it].
If you believe that your rights have been violated by the data controller and/or a third party, you have the right to file a complaint with the University's Supervisory Commission (“Commissione di vigilanza”) [cdv [at] pusc.it].
