Personal data processing information pursuant to article 13 of EU Regulation n. 679/2016 of 27 april 2016

This document is issued pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 on protection of natural persons with regard to personal data processing and in compliance with the legislation on personal data processing, as well as on the free movement of such data.

Data Controller – Identity and Contact

The Data controller of Politecnico di Milano is the General Director upon authorization of the pro-tempore Rector – contact: dirgen(at)polimi.it

Data Protection Officer – Identity and Contact

Dr. Vincenzo Del Core - privacy(at)polmi.it tel.: 02.2399.9378

Internal data processor

The Internal data processor is Federico Colombo – Area Development and Relations with Enterprises Manager, Piazza Leonardo da Vinci 32, Milan (MI) - Phone +39 02 23993923, e-mail master(at)polimi.it .

Data will be processed by other authorized parties and, for this purpose, in compliance with current legislation.

Purposes of data processing

For the purposes of the application of European and national legislation on this matter (EU Reg. 679/2016, hereinafter Regulation), we inform you that your personal data will be used for the following purposes:

Purposes of the processing for which personal data are intendedLegal basis of data processingCategories of personal data to be processedStorage period of personal data
Management of university career and of placement and institutional communication activitiesTo fulfil the institutional activities of Politecnico di Milano (Article 6, paragraph 1, letter e of the EU Regulations).• Identification and personal data
• Personal data
• Tax data
• Banking data
Data will be stored for an indefinite period of time due to the transparency and good operation of the public administration.

Nature of data

The provision of data is optional. If you refuse to provide data, it is impossible to perform the services. The collected data are compulsory. Failure to communicate and/or refusal to reply imply that you do not have access to the confidential information as referred in the Confidentiality Agreement.

Special categories of data

Any personal data of particular categories pursuant to former Article 9 of the Regulations, such as:

  • data related to health conditions (in case of pregnancy or for students/employees/collaborators with disabilities);
  • personal data related to criminal records and crimes (Article 10);

are processed, as part of the purposes mentioned in TABLE 1 in order to allow the interested party

  • to use the Politecnico di Milano services on the basis of the declared needs;
  • to receive contributions and scholarships;
  • to manage the academic career.

Processing Method

The data processing for the purposes indicated above, or to carry out institutional activities of Politecnico di Milano (Article 6, paragraph 1, letter e of the EU Regulation) and for subsequent statistical activities, can be performed both through paper and digital means, manually and/or with electronic tools or, in any case, through automated tools. They are also stored in paper archives for the duration of the course and in digital format for an indefinite period of time due to the transparency and good operation of the public administration.

Access to data acquired for the purposes mentioned above is allowed to duly authorized staff.

Recipient categories

In relation to the mentioned purposes, data may be disclosed to the following public and/or private subjects indicated below, as to say to companies and/or persons, in Italy and abroad, that provide services, including external ones, on behalf of the Data Controller. In particular, your personal data may be communicated also to other public administrations, anonymised too, if these institutions must process them for procedures related to their institutional work, as well as to all those public entities to whom, with the same prerequisites, the communication is compulsorily provided in accordance to EU provisions, laws or regulations, as well as insurance companies for possible accident insurances. The recipient categories are identified as follows:

  • ENIC - NARIC Centres;
  • Consortia where the Data Controller is member for the administrative management of the course;
  • Public and private subjects for the verification of academic and placement credentials;
  • Partners of the Data Controller for what concerns course management.

Storage period of personal data and their return

For the purposes of storage and collection, the data necessary for a good operation of the Public Administration will be stored, in compliance with the principle of transparency and lawfulness, proportionality and minimization, for an indefinite period of time.

Data Transfer to Extra EU Country

Personal data may be transferred abroad, in accordance with the provisions of the Regulations, even in countries outside the European Union when this is necessary for one of the purposes indicated in this information document. The transfer to non-EU countries, in addition to cases where this is guaranteed by the adequacy decisions of the European Commission, is carried out in a way to provide the appropriate guarantees required by the articles 46 or 47 or 49 of the Regulations.

Right to submit a complaint

As interested party, you can ask the Data Controller, at any time:

  • confirmation of the existence or not of your personal data;
  • access to your personal data and related information; the correction of incorrect data or the addition of incomplete data; the cancellation of your personal data (if any condition indicated in Article 17, paragraph 1 of the Regulations can be applied and it is in compliance with the exceptions provided in paragraph 3 of the same article); the limitation of processing of your personal data (when one of the conditions indicated in Article 18, paragraph 1 of the Regulations can be applied), the anonymization or blocking of data processed unlawfully, including data whose storage is not required in relation to the purposes for which the data were collected or subsequently processed;

As interested party, furthermore, you have the right to wholly or partly oppose:

  • for legitimate reasons regarding the processing of his/her personal data, related to collection purposes;
  • to the processing of his/her personal data for the purpose of sending promotion of educational initiatives and cultural events of Politecnico di Milano.

These rights can be exercised by contacting privacy(at)polimi.it .

If you deem that your rights have been violated by the data controller and/or by a third party, you have the right to submit a complaint to the Data Protection Authority (for Italy, www.garanteprivacy.it) and/or to another competent supervisory authority pursuant to the Regulation.

Last update: November 28, 2018