The University of Messina is committed to implementing measures to protect the processing of personal data in order to make it compliant with the new Regulation (EU) 2016/679 of the European Parliament and Council, of April 27, 2016 - General Data Protection Regulation (GDPR) - relating to the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data and which repeals Directive 95/46/EC; and Legislative Decree No. 196/2003 - Code on the protection of personal data - as adapted to the aforementioned Regulation by Legislative Decree No. 101/2018 of August 10, 2018.
The Data Controller is the University of Messina (Controller), represented by the Rector, Prof. Salvatore Cuzzocrea,
with legal headquarters at: Central Building of the University, Piazza Pugliatti 1, 98125 Messina.
The Data Protection Officer (DPO) is Dr. Daniela Prestipino.
The contact details of the DPO are:
Phone: 0906768355 Email:
The processing of personal data - which is associated with a purpose related to the institutional mission of the University (teaching, research and third mission - described in the Statute) - is necessary for the performance of the related institutional tasks and activities. The processing of personal data takes place in accordance with current regulations; in respect of human dignity, rights and fundamental freedoms of the person (students, university personnel, users who interact with the University, stakeholders in general) - art.1 of the "new" Legislative Decree 196/2003 / Legislative Decree 101/2018. The University is committed to treating personal data transparently towards the interested parties, i.e. the people to whom the data refers.
In general, the legal basis for processing, i.e. the legal assumption that makes it lawful, is identified in Art. 6 paragraph 1 letter e) of the GDPR: "processing is necessary for the performance of a task in the public interest or connected to the exercise of public powers vested in the controller". Other lawful bases prescribed by the European Regulation (such as consent or legitimate interest), will be specified.
Personal data is processed in accordance with the provisions of Art. 5 of the GDPR: in a lawful, correct and transparent manner; for specific, explicit and legitimate purposes; in accordance with the data quality principles (minimization, accuracy and limitation of retention), and the security requirements of Art. 32 of the GDPR (integrity and confidentiality; availability and resilience of systems).
The interested party can exercise control over their information by exercising the rights declared in Chapter III of the GDPR: information and access (Art.12-15) by obtaining origin, purpose, copy, destination of the data and legal basis; they can request rectification (Art.16,19) and/or deletion (Art.17, 19), limitation of processing (Art.18, 19) or the existence of an automated decision-making process (Art. 22).
At any time, the interested party may object to the processing (Art. 21), revoke consent (without prejudice to the lawfulness of processing based on consent given prior to revocation, Art. 7); they can also file a complaint with the supervisory authority (Art.15). A form is available for the exercise of these rights.
To exercise their rights, the interested party can contact the Data Controller or the Data Protection Officer.
It is recommended to periodically consult this section of the portal to know the information updates and initiatives of the university on the subject.