Information for personal data processing in administrative processes

The Data Controller: Politecnico di Milano – General Management

Piazza L. da Vinci 32, 20133

Phone +39 0223992243

PEC: pecateneo@cert.polimi.it 

Data Processor: privacy@polimi.it, phone: +39 0223999378

Purposes of data processing and legal basis

The personal data processing required to the interested party is made pursuant to Article 6 letter e) of EU regulation 2016/679 (data processing for reasons of public interest), for the following purposes:

Main data processing concerning students

Data processing for guidance

Data processing with the aim to provide entry tests or assessment of access requirements

Data processing aimed at providing the education career and its management (from registration to graduation)

Data processing for internship activity

Data processing for statistical surveys and evaluation of teaching

Data processing for tutoring services

Data processing aimed at providing services and activities for diritto allo studio

See also: not-primary information

Main data processing concerning employees and/or collaborators

Data processing for carrying out competition tests/selections

Data processing for management of the employment relationship

Personal data processing for training and professional development purposes

Personal data processing necessary for management of research projects

Personal data processing in order to guarantee research monitoring and evaluation

Personal data processing for technology transfer activities

Data processing necessary for welfare policies and financial aids

Data processing for the health and safety of people in the workplace

Personal data processing for landline and mobile phone service

See also: not-primary information

Transversal data processing or related to transversal activities

Data processing for what concerns management of areas

Personal data processing for management of workstations

Data processing to manage activities of bodies and institutional profiles

Data processing for management of accidents

Data processing for libraries

Data processing in the field of protocol and document preservation services

Data processing with the aim to purchase goods and services, sign of contracts, debt collection, management of litigation

Data processing in the field of e-mail services and collaboration tools

Personal data processing in the context of joint provision of services

Recipients of personal data

Personal data may be processed by employees or collaborators of the Data Controller who, working under its direct authority, are appointed as responsible or authorized for data processing and are properly trained and receive specific operating instructions.

In particular, they will be processed by technical-administrative staff and professors, in relation to the different activities provided by the related data processing.

Personal data may also be disclosed to other public administrations, if they have to process them for any procedures within their institutional jurisdiction. 

In particular, to take advantage of the services, contributions and facilities of diritto allo studio, the data will be communicated to providers of Politecnico di Milano, appointed as external data processors. 

Personal data may also be communicated to public authorities or private subjects that could carry out education, research or internship activities related to the study programme chosen. 

The University is supported by external service providers for technical-administrative management, which could be made aware of the personal data of students, for the sole purpose of the service required and which would be previously authorized as external data processors. 

Personal data for research and teaching activities may be transferred abroad to other university and research institutions, or in the context of international mobility projects. 

Storage time of personal data

The data collected will be kept for the time established by current legislation or by the University regulations. 

In particular, it should be noted that personal data concerning the university career will be kept indefinitely, taking into account the storage obligations imposed by current legislation.

Rights of the interested parties

The interested subject has the right:

  • To ask the data controller, pursuant to Article 16, 17, 18, 19 and 21 of Regulation (EU) 2016/679, the access to their personal data and correction or their cancellation or limitation of the data processing that concern him/her or to object to their processing. Cancellation is not allowed for data included in documents that must be stored by the University;
  • To submit a complaint to a supervisory authority. 

Processing methods

The processing of personal data will be carried out through manual, computerized and telematic means, however, suitable to guarantee their security and confidentiality. 

Security measures are used, in compliance with the provisions of Article 32 of the GDPR to prevent the loss of data, illicit or incorrect use and unauthorized access and in compliance with the AgID Circular n. 2/2017 "Minimum ICT security measures for public administrations".

Types of data processed

For details on data managed in each data processing, please refer to what specified in the related processes and administrative procedures.

This information may be subject to subsequent updates and additions, so we suggest you to periodically review it. 

Not-primary information

Data processing concerning students

Data processing concerning employees and/or collaborators

Transversal data processing or related to transversal activities

Last update: November 30, 2018