Personal data processing information pursuant to article 13 of EU Regulation n. 679/2016 of 27 April 2016

This document is issued pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 on protection of natural persons with regard to personal data processing and in compliance with the legislation on personal data processing, as well as on the free movement of such data.

Data Controller

The Data controller of Politecnico di Milano is the General Manager upon authorization of the pro-tempore Rector – contact: dirgen(at) .

Responsible for data protection and contact points

Dr. Vincenzo Del Core - privacy(at) tel.: 02.2399.9378

Internal data processor

The Internal data processor is Federico Colombo – Area Development and Relations with Enterprises Manager, Piazza Leonardo da Vinci 32, Milan (MI) - Phone +39 02 23993923, e-mail: booking-residenze(at); dsu-residenze(at) - Data will be processed by other authorized parties and, for this purpose, in compliance with current legislation.

Purposes of data processing, legal basis, data categories and storage period

For the purposes of the application of European and national legislation on this matter (EU Reg. 679/2016, hereinafter Regulation), we inform you that your personal data will be used for the following purposes:


Nature of Data

The provision of data is optional. If you refuse to provide data, it is not possible to carry out the purposes provided.

Special categories of data

In particular cases, personal data of particular categories pursuant to former Article 9 of the Regulations, such as:

  • data related to health conditions (in case of pregnancy or for students/employees/collaborators with disabilities);
  • personal data related to criminal records and crimes (Article 10);
  • data related to religious beliefs;
  • data related to racial or ethnic origin

are processed, as part of the purposes mentioned in the TABLE, in order to allow the interested party: - the use of the service provided by Politecnico di Milano, on the basis of the declared needs;

Processing Method

The data processing carried out for the above mentioned purposes can be performed both through paper and digital means, manually and/or with electronic tools or, in any case, through automated tools. They are also stored in paper archives and in digital format for the period of the stay and then, for the time of which Politecnico di Milano is subject to storage obligations for tax or other purposes, provided by law or Regulation; and in any case, for no more than 10 years.
Access to data acquired for the purposes mentioned above is allowed to duly authorized staff.

Recipient categories

The data processed for the aforementioned purposes will be communicated or, in any case, will be accessible to the employees and collaborators of the offices of Politecnico di Milano that, as authorized persons for data processing, will be properly trained by the data controller. In relation to the mentioned purposes, data may be disclosed to the following public and/or private subjects, as to say to companies, in Italy and abroad, that provide services, including external ones, on behalf of the Data Controller, appointed, if necessary, as data processors. In particular, your personal data may be communicated also to other public administrations, anonymised too, if these institutions must process them for procedures related to their institutional work, as well as to all those public entities to whom, with the same prerequisites, the communication is compulsorily provided in accordance to EU provisions, laws or regulations, as well as insurance companies for possible accident insurances.

In particular, the personal data processed will be forwarded to the following third parties, including but not limited to:

  • Police Headquarters
  • Residence management company
  • Company that provides reservation software

Storage period of personal data and their return

For the purposes of storage and collection, the data necessary for a good operation of the Public Administration will be stored, in compliance with the principle of transparency and lawfulness, proportionality and minimization, for a maximum period of 10 years.

Data Transfer to Extra EU Country

Personal data may be transferred abroad, in accordance with the provisions of the Regulations, even in countries outside the European Union when this is necessary for one of the purposes indicated in this information document. The transfer to non-EU countries, in addition to cases where this is guaranteed by the adequacy decisions of the European Commission, is carried out in a way to provide the appropriate guarantees required by the articles 46 or 47 or 49 of the Regulations.

Rights of the interested parties

As interested party, you can ask the Data Controller, at any time:

  • confirmation of the existence or not of your personal data;
  • access to your personal data and related information; the correction of incorrect data or the addition of incomplete data; the cancellation of your personal data (if any condition indicated in Article 17, paragraph 1 of the Regulations can be applied and it is in compliance with the exceptions provided in paragraph 3 of the same article); the limitation of processing of your personal data (when one of the conditions indicated in Article 18, paragraph 1 of the Regulations can be applied), the anonymization or blocking of data processed unlawfully, including data whose storage is not required in relation to the purposes for which the data were collected or subsequently processed;

As interested party, furthermore, you have the right to wholly or partly oppose:

  • for legitimate reasons regarding the processing of his/her personal data, related to collection purposes;
  • to the processing of his/her personal data for the purpose of sending promotion of educational initiatives and cultural events of Politecnico di Milano.

These rights can be exercised by contacting privacy(at)
If you deem that your rights have been violated by the data controller and/or by a third party, you have the right to submit a complaint to the Data Protection Authority (for Italy, and/or to another competent supervisory authority pursuant to the Regulation.

Last update: February 27, 2019