Privacy notice pursuant to article 13 GDPR on the processing of personal data performed by the Pontifical Athenaeum Regina Apostolorum
Pontifical Athenaeum Regina Apostolorum, with registered office in Rome, at Via degli Aldobrandeschi no. 190, in his capacity of Data Controller (hereinafter also “APRA” or “Data Controller”) pursuant to Article 13 of the Regulation (EU) no. 2016/679, bearing the so-called “General Data Protection Regulation” (“GDPR”), hereby informs You on how your personal data are processed personal data as a student/doctoral student/enrolled in one of the courses offered by APRA (hereinafter “Student”).
This information refers exclusively to the personal data provided to the Data Controller during admission, during registration for one of the courses offered by the University (hereinafter also “Course”) and/or provided in the course of use of the services offered by the University.
The provision of data, spontaneously or at the request of APRA, may also take place through the digital services made available by the Data Controller, as indicated on APRA website..
The Data Controller is, pursuant to Article 4 GDPR, Pontifical Athenaeum Regina Apostolorum, with registered office in Rome, at via degli Aldobrandeschi no. 190.
Data Protection Officer
In order to offer You an easier contact point for exercising the rights by GDPR, the Data Controller has appointed its own Data Protection Officer (“DPO”), the Attorney Elena Maggio, who can be contacted to the following email address email@example.com or by calling the telephone number +39 346.0145547, as well as writing, with a communication addressed to the head office of the Data Controller, to the attention of the DPO.
Personal Data processed
Data Controller request or spontaneously receive from You, when filling the request form in order to receive information about the Course, the following kind of personal data, and therefore processes and stores:
common data: i.e. personal data such as name, surname, date of birth, address, photo;
contact data: i.e. personal data such as telephone number and email address.
carreer data: data on the school, university and religious path, including information on participation in extra-curricular training initiatives organized by the APRA and/or other subjects, as well as data on any professional path already carried out;
health data: data contained in medical certifications presented in support of specific instances formulated, also to take advantage of benefits related to the right to study and/ or to justify absences;
payment data: data on the payment of university fees.
Purposes of the processing and legal basis of the processing
The data requested by the Data Controller for the purposes of admission and registration are only personal and contact data, as well as curricular data, limited to the previous school path, as well as, where necessary, data relating to health.
During the course will be processed personal and contact data, curriculars and data relating to economic transactions as well as, where necessary, data relating to health or property conditions, for the purpose of providing the services and/or in any case related to the right to study or for the provision of other related benefits.
In addition, it may be required to be portrait during activities and/or during conferences, seminars or parties and could be the subject of audiovisual footage. These images will be used exclusively for the Data Controller promotional purposes and will in no case be transferred to third parties.
Personal data, contact details and curricular, academic and professional data may also be processed for guidance purposes and, pursuant to Recital 47 of the GDPR, to send communications to promote further courses and to facilitate professional integration, including abroad.
Pursuant to Article 6, paragraph 1, lett. b), c) and e) GDPR, in these cases Your consent is implicit, being necessary.
Pursuant to Article 6, paragraph 1, lett. f) GDPR Data Controller will process Your common and contact data for sending communications aimed at promoting further courses and projects of Your possible interest; as well as for sending the newsletter of APRA (or its internal institutions).
Your health and payment data are processed by the Data Controller pursuant to Article 9, paragraph 2, lett. g) GDPR, and art. 2-sexies, lett. m) and bb) of Privacy Code.
You may still object to the processing of Your personal data at any time, in the manner described in the “Rights of the Data Subject“, section of this privacy notice and revoke the consent given, without prejudice to the processing performed until then by the Data Controller.
Way of processing
Data Controller processes Your personal data in compliance with the guarantees of confidentiality and adequate security measures provided by the current legislation, with and without the aid of IT tools, with logic strictly related to the purposes of the processing.
The processing with the aid of electronic or automated means is carried out by the Data Controller and/or by Data Processors, which the Data Controller may use to store, manage and transmit the data.
Disclosure of personal data to third parties
Personal data will be communicated to persons identified by the law and, where necessary, to the bodies responsible for evaluating the path of continuing formation and consecrated life.
Transfer of personal data
Your personal data will be processed within the European Union and stored on server situated inside the European Union or in countries where an adequacy decision has been taken pursuant to art. 45 GDPR.
The same data may be processed in countries outside the European Union only for administrative purposes within companies, foundations, associations, even religious, to which the APRA belongs.
Retention of personal data
All your personal data processed for the purposes mentioned above, will be stored according to the time of storage of the acts and/ or documents that contain them and, however, for a period not less than the terms that the law recognizes you to pursue any action against the Data Controller.
If, in case of passing the admission procedure, does not formalize the registration within the time indicated by the Owner in relation to the specific course of interest, the Data Controller will delete your data two years after the conclusion of the admission procedure.
Data Subject’s rights
In connection with the personal data provided by You, pursuant to Articles 15-22 GDPR, You have the right to:
- access and ask for a copy;
- ask the correction;
- ask the deletion;
- obtain the limitation of processing;
- object to the processing;
- object, in any moment, to the processing performed for purposes of direct marketing, including the profiling as far as this is connected to such direct marketing, as well as in the case of Article 21, paragraph 1, GDPR;
- receive the personal data provided to the Data Controller, in a format of common use and readable by automatic device;
- lodge a complaint with the Italian Data Protection Authority pursuant to Article 77 GDPR. To this end You can use the template made available by the Data Protection Authority at the following link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.
For exercising Your rights or for revoking Your consent, You can contact the DPO, the Attorney Elena Maggio, sending an email to the following email address firstname.lastname@example.org or by calling the following telephone number +39 346.0145547, as well as writing with a communication addressed to the head office of the Data Controller, to the attention of the DPO.
Your request will be detected as soon as possible and, however, in the terms of GDPR.
Last reviewed of this Privacy Notice was on 13th of July, 2021.