Information for whistleblower

in accordance with article 13 of EU Regulation 2016/679

Ca' Foscari University of Venice, as part of its institutional aims and in fulfillment of the obligations set forth in article 13 of the EU Regulation 2016/679 ("Regulation"), gives you information regarding the processing of your personal data within the whistleblowing procedure. 

1) Data Controller

The data controller is Ca' Foscari University of Venice, with headquarters in Dorsoduro n. 3246, 30123 Venice (VE), legally represented by the Rector.

2) Data Protection Officer

The University has appointed a "Data Protection Officer", who can be contacted by writing to the email address:   dpo@unive.it or to the following address:  Ca' Foscari University, Venice, Data Protection Officer, Dorsoduro n. 3246, 30123 Venice (VE).

3) Personal data categories, purposes and legal basis of data processing

Personal data is collected only by the University’s “Responsabile della Prevenzione della Corruzione e della Trasparenza” (RPCT), who is the manager in charge of compliance with anti-bribery, corruption and transparency laws and regulations, through the whistleblowing report, which may be submitted via registered mail (raccomandata con avviso di ricevimento) or via online form. The personal data collected is: name, surname, fiscal code, professional role and data related to the alleged illegal conduct reported.
Personal data will only be processed for the investigation of the whistleblowing report in accordance with art. 54-bis of D.Lgs. n. 165/2001.
Only the RPCT will know your identity for the entire length of the internal whistleblowing procedure. After the end of this procedure, your identity will not be revealed to anyone unless you are charged with slander or libel (in accordance with the criminal code or art. 2043 of the civil code), or in the cases in which the law does not allow you to remain anonymous (for example, in criminal, tax and administrative proceedings or during investigation carried out by public authorities). Therefore, with the exception of the above mentioned cases, your identity may be revealed to those who are involved in the proceedings only with your explicit consent. If your consent is not provided, those who are receiving your report or working on the procedure must protect your confidentiality.
The legal basis of this processing of personal data is represented by art. 6.1.c) of the Regulation (‘compliance with a legal obligation’).
The processing of personal data is based on the principles of fairness, lawfulness and transparency and the protection of the privacy rights of the data subject, as well as the additional principles established by art. 5 of the Regulation.

4) Means of data processing

The processing of personal data will be carried out only by the RPCT (in compliance with the provisions of Article 29 of the Regulation and art. 2-quaterdecies of the D. lgs. 196/2003) with the use of computerised procedures with encryption functionalities in order to protect your identity and the content of the whistleblowing report. The University has adopted appropriate technical and organisational measures to protect your personal data, identity and the content of the report from unauthorised or illegal access, destruction, loss of integrity and confidentiality, even if accidental in nature.

5) Data retention

Personal data will be retained for 5 years and, in any case, for the entire length of disciplinary, criminal, legal or administrative proceedings (if any). 

6) Recipients and categories of recipients of personal data

Personal data will only be shared with the above mentioned subjects and will not be made available to anyone else.

7) Collection of personal data

The provision of your personal data is voluntary. However, failure to provide them could prejudice the preliminary investigation of the report: anonymous reports will be taken into consideration only if they are adequately detailed, which means that they must show facts and situations connected to specific contexts.

8) Data subjects rights and how to exercise them

As a data subject, you have the right to obtain from the University, in the cases provided for by the Regulation, access to personal data, rectification, integration, their cancellation or processing limitation or to object to the data processing itself (articles 15 and following of the Regulation). The request can be submitted, without any particular formal procedures, by contacting the University’s “Responsabile della Prevenzione della Corruzione e della Trasparenza” (RPCT), who is the manager in charge of compliance with anti-bribery, corruption and transparency laws and regulations, at the contact details available at  https://www.unive.it/pag/10712/ or by sending a communication to the following address: Ca' Foscari University of Venice - “Responsabile della Prevenzione della Corruzione e della Trasparenza” (RPCT), Dorsoduro 3246, 30123 Venice.
Data subjects, who believe that the processing of their personal data is in violation of the provisions of the Regulation, have the right to file a complaint to the Data Protection Authority, as provided for by art. 77 of the Regulation itself, or to take appropriate legal action (Article 79 of the Regulation).

Last updated: 22/06/2020

Last update: 15/09/2020