Information for personal data processing in administrative processes
The Data Controller: Politecnico di Milano – General Management
Piazza L. da Vinci 32, 20133
Phone +39 0223992243
Data Processor: firstname.lastname@example.org, phone: +39 0223999378
Purposes of data processing and legal basis
The personal data processing required to the interested party is made pursuant to Article 6 letter e) of EU regulation 2016/679 (data processing for reasons of public interest), for the following purposes:
Main data processing concerning students
•Data processing for guidance
•Data processing with the aim to provide entry tests or assessment of access requirements
•Data processing aimed at providing the education career and its management (from registration to graduation)
•Data processing for internship activity
•Data processing for statistical surveys and evaluation of teaching
•Data processing for tutoring services
•Data processing aimed at providing services and activities for diritto allo studio
Main data processing concerning employees and/or collaborators
•Data processing for carrying out competition tests/selections
•Data processing for management of the employment relationship
•Personal data processing for training and professional development purposes
•Personal data processing necessary for management of research projects
•Personal data processing in order to guarantee research monitoring and evaluation
•Personal data processing for technology transfer activities
•Data processing necessary for welfare policies and financial aids
•Data processing for the health and safety of people in the workplace
•Personal data processing for landline and mobile phone service
Transversal data processing or related to transversal activities
•Data processing for what concerns management of areas
•Personal data processing for management of workstations
•Data processing to manage activities of bodies and institutional profiles
•Data processing for management of accidents
•Data processing for libraries
•Data processing in the field of protocol and document preservation services
•Data processing with the aim to purchase goods and services, sign of contracts, debt collection, management of litigation
•Data processing in the field of e-mail services and collaboration tools
•Personal data processing in the context of joint provision of services
Recipients of personal data
Personal data may be processed by employees or collaborators of the Data Controller who, working under its direct authority, are appointed as responsible or authorized for data processing and are properly trained and receive specific operating instructions.
In particular, they will be processed by technical-administrative staff and professors, in relation to the different activities provided by the related data processing.
Personal data may also be disclosed to other public administrations, if they have to process them for any procedures within their institutional jurisdiction.
In particular, to take advantage of the services, contributions and facilities of diritto allo studio, the data will be communicated to providers of Politecnico di Milano, appointed as external data processors.
Personal data may also be communicated to public authorities or private subjects that could carry out education, research or internship activities related to the study programme chosen.
The University is supported by external service providers for technical-administrative management, which could be made aware of the personal data of students, for the sole purpose of the service required and which would be previously authorized as external data processors.
Personal data for research and teaching activities may be transferred abroad to other university and research institutions, or in the context of international mobility projects.
Storage time of personal data
The data collected will be kept for the time established by current legislation or by the University regulations.
In particular, it should be noted that personal data concerning the university career will be kept indefinitely, taking into account the storage obligations imposed by current legislation.
Rights of the interested parties
The interested subject has the right:
- To ask the data controller, pursuant to Article 16, 17, 18, 19 and 21 of Regulation (EU) 2016/679, the access to their personal data and correction or their cancellation or limitation of the data processing that concern him/her or to object to their processing. Cancellation is not allowed for data included in documents that must be stored by the University;
- To submit a complaint to a supervisory authority.
The processing of personal data will be carried out through manual, computerized and telematic means, however, suitable to guarantee their security and confidentiality.
Security measures are used, in compliance with the provisions of Article 32 of the GDPR to prevent the loss of data, illicit or incorrect use and unauthorized access and in compliance with the AgID Circular n. 2/2017 "Minimum ICT security measures for public administrations".
Types of data processed
For details on data managed in each data processing, please refer to what specified in the related processes and administrative procedures.
This information may be subject to subsequent updates and additions, so we suggest you to periodically review it.