Privacy and Personal Data Protection
Since 25 May 2018, the General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679 is fully effective.
Italy adapted its national legislation with Legislative Decree No. 101/2018, amending the Personal Data Protection Code (Legislative Decree No. 196/2003).
The University of Bari Aldo Moro is committed to processing personal data according to the principles of:
- Lawfulness
- Fairness
- Transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
The University has implemented specific measures to ensure full compliance with the GDPR.
Data Controller
University of Bari Aldo Moro
Piazza Umberto I, 1 – 70121 Bari, Italy
Contact details:
Internal Data Processors
Internal processors are appointed based on their organizational roles (Rectoral Decree No. 4314/2018).
They include:
- Rector or designated delegate (for Rectorate activities)
- Director-General (for the General Directorate)
- Heads of Divisions (for their areas of responsibility)
- Department and Center Directors (for educational and research activities)
- School Presidents and other structure heads
Data Protection Officer (DPO)
Dr. Rosa Maria Sanrocco
Head of the Institutional Services Section
Contact details:
The DPO supports the Controller, ensures GDPR compliance, and liaises with the Data Protection Authority.
Privacy Notices
For each data processing activity, the University provides a clear and accessible Privacy Notice including:
- Controller's and DPO's contact details
- Purposes and legal basis for processing
- Nature of data provision
- Recipients of the data
- Data retention periods
- Data subjects’ rights
- Existence of automated decision-making (if any)
Exercising Your Rights
Data subjects have the right to:
- Access their personal data
- Rectify or complete data
- Erase data
- Restrict processing
- Object to processing
- Withdraw consent at any time (without affecting prior processing lawfulness)
[Download the Exercise of Rights Form]
They may also lodge a complaint with the Italian Data Protection Authority.
Contact the DPO: rpd@uniba.it
Personal Data Breaches
A personal data breach is any security incident causing accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.
The University has adopted a Data Breach Management Procedure to protect individuals and ensure prompt response and documentation, applying to:
- Paper archives and documents
- IT systems and services
- Activities involving external providers