Privacy policy in accordance to article 13 of EU Regulation 2016/679

This document is issued pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 on protection of natural persons with regard to personal data processing and in compliance with the legislation on personal data processing, as well as on the free movement of such data.

Data Controller – Identity and Contact

Politecnico di Milano - General Manager upon authorization of the pro-tempore Rector – contact: dirgen(at)polimi.it 

Data Protection Officer – Identity and Contact

Dr. Vincenzo Del Core - privacy(at)polmi.it tel.: 02.2399.9378

Purposes of data processing

For the purposes of the application of European and national legislation on this matter (EU Reg. 679/2016, hereinafter Regulation), we inform you that your personal data will be used for the following purposes:

Purposes of the processing for which personal data are intendedLegal basis of data processingCategories of personal data to be processed
Identify the subjects that will have access to the confidential information related to the Confidentiality Agreement, as well as the manager of confidential information.To fulfil the institutional activities of Politecnico di Milano (Article 6, paragraph 1, letter e) of the Regulations• Identification data
• Personal data

Nature of data

The collected data are compulsory. Failure to communicate and/or refusal to reply imply that you do not have access to the confidential information as referred in the Confidentiality Agreement.

Processing Method

The data processing carried out for the above mentioned purposes can be performed both through paper and digital means, manually and/or with electronic tools or, in any case, through automated tools. They are also stored in paper archives for the duration of the processing and in digital format for an indefinite period of time due to the transparency and good operation of the public administration.

The access to the data acquired, for the purpose n. 1 is allowed to duly authorized staff.

Recipient categories

In relation to the mentioned purposes, data may be disclosed to the following public and/or private subjects, as to say to companies and/or persons, in Italy and abroad, that provide services, including external ones, on behalf of the Data Controller.

In particular, personal data may be communicated also to other public administrations, anonymised too, if these institutions must process them for procedures related to their institutional work, as well as to all those public entities to whom, with the same prerequisites, the communication is compulsorily provided in accordance to EU provisions, laws or regulations, as well as insurance companies for possible accident insurances.

Storage period of personal data and their return

The data will be stored, in accordance with the provisions of current legislation, for a period of time no longer than that one required to achieve the purposes for which they are processed. For the purposes of storage and collection, the data necessary for a good operation of the Public Administration will be stored, in compliance with the principle of transparency and lawfulness, proportionality and minimization, for an indefinite period of time. [case study of public interest]

Data Transfer to Extra EU Country

Personal data may be transferred abroad, to consular authorities and embassies in strict accordance with the provisions of the Regulation, even in countries outside the European Union when this is necessary for the management of confidentiality agreements or for the purposes indicated in this information document. The transfer to non-EU countries, in addition to cases where this is guaranteed by the adequacy decisions of the European Commission, is carried out in a way to provide the appropriate guarantees required by the articles 46 or 47 or 49 of the Regulations.

Rights of the interested parties

As interested party, you can ask the Data Controller, at any time:

  • confirmation of the existence or not of your personal data;
  • access to your personal data and related information; the correction of incorrect data or the addition of incomplete data; the cancellation of your personal data (if any condition indicated in Article 17, paragraph 1 of the Regulations can be applied and it is in compliance with the exceptions provided in paragraph 3 of the same article); the limitation of processing of your personal data (when one of the conditions indicated in Article 18, paragraph 1 of the Regulations can be applied), the anonymization or blocking of data processed unlawfully, including data whose storage is not required in relation to the purposes for which the data were collected or subsequently processed;

As interested party, furthermore, you have the right to wholly or partly oppose:

  • for legitimate reasons regarding the processing of his/her personal data, related to collection purposes;
  • to the processing of his/her personal data for the purpose of sending promotion of educational initiatives and cultural events of Politecnico di Milano.

These rights can be exercised by contacting privacy(at)polimi.it.

If you deem that your rights have been violated by the data controller and/or by a third party, you have the right to submit a complaint to the Data Protection Authority and/or to another competent supervisory authority pursuant to the Regulation.

Last update: January 25, 2019