Privacy Notice for the Processing of Personal Data – PsyMe App (Last updated: July 2026)
1. Introduction
The PsyMe app is used within research projects promoted by the PsyLab Research Center of Università Cattolica del Sacro Cuore. For general information on the University's processing of personal data, please refer to the University's Privacy Policy, available at: www.unicatt.it/privacy.html
2. Identity and Contact Details of the Data Controller
The Data Controller of your personal data is Università Cattolica del Sacro Cuore (hereinafter also referred to as the “Data Controller”), with registered office at Largo Agostino Gemelli 1, 20123 Milan, Italy, tel. (+39) 02 7234.1.
3. Categories of Personal Data, Purpose of Processing, and Legal Basis
The data collected through PsyMe are used exclusively for scientific research purposes. Use of the app does not necessarily require the collection of directly identifying information such as telephone numbers, email addresses, or other personal contact details.
Each participant is assigned a unique individual code that allows questionnaire responses to be linked to the relevant research project. The code may be generated automatically by the app or, in specific research projects, assigned directly to the participant by the research team.
In all cases, participation in the research project takes place only after informed consent has been obtained and, where required, consent for the processing of personal data has also been obtained.
5. Methods of Processing
The data collected through PsyMe are stored together with the participant's unique individual code.
• When the research team does not possess information enabling the code to be linked to the participant's identity, the data are processed anonymously.
• When, for specific project requirements, the code is assigned directly to the participant and can therefore be linked to their identity, the data are processed in a pseudonymized or semi-anonymized form, in accordance with the information notice and informed consent relating to the specific research project.
6. Data Retention Period
The data are stored on the information systems of Università Cattolica del Sacro Cuore for the period necessary to conduct the research projects and the subsequent analysis, reporting, and scientific publication activities, in compliance with applicable legislation and the information provided to participants.
7. Categories of Recipients to Whom the Data May Be Disclosed
Your data may be disclosed to:
• Public and private bodies or competent authorities, in order to comply with legal or regulatory obligations and to enable the implementation of the research project;
• Companies and/or professionals providing app maintenance services;
• The University of Pavia, Department of Industrial and Information Engineering, which is responsible for the technical and scientific coordination of the design and development of the app.
Recipients belonging to the above categories will process the data either as Data Processors formally appointed by the Data Controller in accordance with applicable law or as independent Data Controllers, as appropriate. The list of appointed Data Processors is continuously updated and available at the University's premises.
8. Transfer of Personal Data Outside the European Union
Personal data may be transferred to countries outside the European Union, particularly where services are located outside the EU (e.g., cloud storage services). In such cases, the Data Controller ensures that any transfer is carried out in accordance with the applicable legal provisions.
9. Data Protection Officer (DPO)
The University has appointed a Data Protection Officer (DPO), who can be contacted at: dpo@unicatt.it.
10. Data Subject Rights
As a data subject, you have the right to:
a. Request access to your personal data, erasure of your data, rectification of inaccurate data, completion of incomplete data, and restriction of processing in the cases provided for by Article 18 of the GDPR;
b. Where the conditions for the right to data portability under Article 20 of the GDPR are met, receive the data you have provided to the Data Controller in a structured, commonly used, machine-readable format and, where technically feasible, transmit those data to another controller without hindrance;
c. Withdraw your consent at any time;
d. Lodge a complaint with the competent supervisory authority (the Italian Data Protection Authority).
Where applicable, participants may request the deletion of the data and questionnaires associated with their participation by providing the unique individual code assigned to them. This code is necessary to enable the research team to identify the relevant data and proceed with deletion.
Without the individual code, it may not be possible to identify the data to be deleted, particularly where the data were collected without directly identifying information.
Requests for deletion or clarification regarding data collected through PsyMe may be sent to: psyme@unicatt.it or to the contact details of the principal investigator responsible for the relevant research project.