Privacy & cookies

Privacy Notice

Overview

In accordance with Article 13 of Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR), in this notice the University of Milan (also referred to below as the 'University' and represented by the Rector pro tem) provides users informs users about the use of personal data concerning them by the website https:// www.mipol.unimi.it (herein also "site"). with information on how their personal data will be used
This notice only applies to the internet sites referred to above. It follows that the information in this document does not apply to websites other than those referred to above, including where accessed via links provided in the same.
This is without prejudice to compliance by the University with the legislation in force on transparency and on the compulsory disclosure of data and documents.

1. Data Controller, Data Protection Officer (DPO) and Data Processor

The data controller is the University of Milan, in the person of the Rector pro tempore, Via Festa del Perdono n. 7, 20122 Milan, e-mail infoprivacy@unimi.it.
In accordance with Article 37 et seq. of Regulation EU 2016/679 (the GDPR), the University has appointed Prof. Pierluigi Perri as DPO. c/o 'Cesare Beccaria' Dept., Via Festa del Perdono 3, 20122 Milan, e-mail dpo@unimi.it.

2. Types of data processed

During normal operation and using automated systems, the IT systems and application procedures that operate the internet sites referred could to acquire the following types of data:

  1. browsing data captured during the visit to the website, the transmission of which is implicit in the use of Internet communication protocols, examples here being: IP address for the device connected to the site, type of browser used, name of the internet service provider or ISP, date and time of the visit and the visitor's referral and exit web page, etc;
  2. browsing data captured via Google Analytics, using all appropriate mechanisms to reduce the possibility of connecting users being identified, examples here being: type of device used to connect, town connected from and duration of visit to a site, etc.;
  3. data relating to the browsing session captured via New Relic in order to monitor application performance and use of the resources. There is no user or IP profiling; the data captured stays in the form of aggregated statistical data;
  4. data captured via cookies during user browsing of the site; further information about the cookies used on the web portal or by the sites that make up its system can be found in the cookie policy in full as annexed.

3. Purposes of the processing

The data captured is only used for the University's institutional activities and in order to:

  1. allow browsing of this site;
  2. provide the user with the information and services required;
  3. gather anonymous statistical information on use of this site or the connected services, check that it is working properly, conduct monitoring to ensure its security and identify the steps to be taken to improve it (in terms of the browsing data);
  4. discharge obligations pursuant to law, comply with orders issued by public authorities, establish liability in the event of cybercrimes committed against the site or its users.

4. Legal basis for the processing

The legal bases for the processing are the following:

  • discharge of duties of public interest;
  • processing of data to prevent and put a stop to fraud and any other unlawful activity;
  • processing required in order to perform a contract that the data subject is a party to;
  • the data subject's consent in accordance with Article 6 (1) of the GDPR.
Provision of the data, and, therefore, consent to the capture and processing of the data, is optional. Users can withhold consent and can withdraw consent previously provided at any time.
Where consent is withheld, however, this may mean that certain services cannot be provided and may affect the user's experience when browsing this site.

5. Manner of processing

The personal data captured is processed in accordance with the principles of lawfulness, fairness and transparency established in Article 5 of the GDPR, including with the use of IT and telecommunications tools that can store and manage the said data and, therefore, can guarantee its security and ensure maximum confidentiality for the data subject.
As data processor, the processing by the CINECA consortium is only for the purposes set out at point (3) and is done in such a way that ensures that the personal data is kept sufficiently secure, including protection, via adequate technical and organisational means, from unauthorised or unlawful processing and from loss, destruction or accidental damage.

6. Use of cookies

Cookies are small text files that a website sends to the browser used to browse online to be stored and sent back to that site on a subsequent visit. These cookies capture information about a user visiting a website (e.g. date, time, pages visited, time spent on the site, etc.); some of this information can be classed as personal data and is therefore subject to specific provisions of the law.
The internet sites referred to above use various types of first-party and third-party cookies for the purposes set out in the full notice annexed. Please see that notice for further details.

7. Categories of parties authorised to carry out processing and to whom the data might be communicated

Users' personal data will, in accordance with the relevant legislation in force, be disclosed to and processed by the University's employees and contract staff (identified as persons authorised to carry out processing) who operate the portal and are involved in providing the services associated with it. The data will only be communicated to:

  • University departments that ask for it for the University's institutional purposes or in accordance with legislative requirements;
  • not-for-profit public bodies or consortiums that the University has an interest in (e.g. MUIR - the Ministry for Education, Universities and Research) where necessary so that the organisation requesting the data can perform its institutional duties;
  • external parties, identified as processors pursuant to Article 28 of the GDPR, with an up-to-date list of the same available to the data controller at any time;
  • the authorities responsible for public order and safety or other public bodies for the purposes of defence, State security and criminal investigations or the judicial authorities in accordance with obligations pursuant to law, where criminal offences are suspected.
For the purposes of the processing of the data required in order to carry out their duties and responsibilities, the data may come to the attention of the individuals (employees or contract staff) authorised by the CINECA Consortium, being the data processor.
Other than in the above cases, the personal data will not be communicated or circulated to third parties in any manner or for any reason.
Finally personal data will not be transferred to third countries or international organisations unless strictly relating to specific requests by the user, for which the appropriate consent will be obtained.

8. Storage period

Where the various reasons and purposes for which it is collected are concerned, the data will be stored for the period of time established by the relevant legislation or for such period of time as is strictly necessary in order to the purposes to be achieved.
More specifically:
- browsing data will be stored for no longer than 365 days;
- browsing data captures by Google Analytics will be stored for no longer than 26 months;
- data relating to the browsing session captured via New Relic will be stored for no longer than 24 hours;
- data captured via cookies will be stored for no longer than the period of time referred to in the full notice attached.

9. Rights of the Data Subject

In the appropriate cases, data subjects have the right to obtain, from the University of Milan, access to their personal data and to have that data rectified or erased or to restrict the processing data concerning them or object to such processing (Article 15 et seq. of the Regulation). Requests should be submitted to the Data Protection Officer (Data Protection Officer, Via Festa del Perdono 7, 20122 Milan - e-mail: dpo@unimi.it).

10. Right to complain

Data subjects who consider that the processing of their personal data via this site is in breach of the provisions of the Regulation are entitled to lodge a complaint to the Data Protection Authority in accordance with Article 77 of the Regulation or to bring proceedings in the appropriate courts (Article 79 of the Regulation).

11. Third parties

The site use 'third parties' content and services as a result of the incorporation of external resources or the implementation of technologies to increase functionality and improve users'browsing experience. As a result, while they are browsed, certain technical and/or profiling cookies are sent by third parties to the terminal that the users are on, without the data controller being aware or being able to intervene.
Set out below is a list of the services activated on this website plus links to the corresponding privacy notices and cookies:
Font Awesome web font - Privacy policy
Google Fonts web font - Privacy policy
Analysis of data traffic via Google Analytics (Google Tag Manager) with anonymization of IP addresses - Privacy policy, Terms of service
Incorporation of road maps hosted on the Open Street Map web platform - Privacy policy
For further information on the services listed above and to understand how to opt-out (erasure), please see the corresponding privacy policies.

12. Changes to the information

This information may be changed over time.
You should therefore check that you are looking at the latest version by going to this page.

 

Cookie Policy

Introduction

In accordance with the provisions of the data protection legislation in force, in this notice the University of Milan (represented by the Rector pro tem), as data controller, provides users with the necessary information about the cookies used by the internet site www.unimi.it and by the sites with a *.unimi.it URL.
This notice, which only applies to the websites referred to above, is an integral part of the corresponding Privacy Notice, to which reference is made for further information.

1. Data Controller, Data Protection Officer (DPO) and Data Processor

The Data Controller is the University of Milan, represented by the Rector pro tem, Via Festa del Perdono 7, 20122 Milan, e-mail infoprivacy@unimi.it.
In accordance with Article 37 et seq. of Regulation EU 2016/679, the University has appointed the following person as Data Protection Officer (DPO): Prof. Pierluigi Perri, c/o 'Cesare Beccaria' Dept., Via Festa del Perdono 3, 20122 Milan, e-mail dpo@unimi.it.
The data processor for provision of the University Portal services is the CINECA consortium, registered office Via Magnanelli 6/3, 40033 Casalecchio di Reno (BO).

2. What are cookies?

Cookies are small text files sent by a website to a user's computer or other device used for browsing (e.g. a smartphone or tablet), where they are stored and then sent back again on the user's next visit to that particular website. Cookies can be stored permanently and for different periods of duration ('persistent cookies'), but can also disappear once the browser is closed or be for a limited duration ('session cookies'). Similarly, cookies can be installed by the site visited ('first-party cookies') and by other websites ('third-party cookies') and are used to perform IT authentications, monitor sessions and store information about the activities of users who visit a certain site.

3. Use of cookies

The internet sites mentioned above use various types of cookies in order to speed up and simplify the browsing experience and make it more efficient. These cookies capture information about a user visiting a website (e.g. date and time, pages visited, time spent on the portal, etc.); some of this information can be classed as personal data and is therefore subject to specific provisions of the law. If certain cookies are disable, this website may not work correctly.

4. Cookies used by the site

The internet sites mentioned above use first-party technical cookies that enable them to operate, monitoring cookies similar to the technical cookies and third-party cookies. Cookies are not used for specific profiling purposes or for purposes other than those set out here.

4.1. Monitoring cookies

This site use a service called 'Google Analytics' to analyse the web traffic conveyed by the internet sites mentioned above in order to check that they are operating properly, provide support in terms of their security and take steps to improve the services that they provide The service is implemented via Google Tag Manager.
Using Google Analytics involves using cookies via which Google obtains information in a completely anonymous format such as that listed below. By way of example only: the IP address assigned to the device being used; the browser used to browse the portal; geographical area, preferred language, date and time of visit to a specific section of the web site; information relating to the source site or the landing page.
The information obtained relating to use of the internet portal will be processed by Google in accordance with its notice on https://www.google.com/analytics/terms/it.html and http://www.google.com/intl/it/privacy/privacy-policy.html.
By browsing this site, you consent to the processing of your data by Google in the manner and for the purposes referred to above or stated by the service provider.
Using the service described here, the University of Milan adopts any measures necessary in order to reduce the powers of identification that the cookies have by: IP anonymization avoiding the data captured being crossed with other information.
As a result, the Google Analytics monitoring cookies are to be treated as technical cookies, which do not need the user's consent in order to be used. Users of the portal can, however, disable Google Analytics by installing the opt-out provided by Google on their browser.
To disable Google Analytics, follow this link: https://tools.google.com/dlpage/gaoptout.

5. How to opt out of cookies

Preferences in relation to cookies can be managed directly within the browser used in order to prevent third parties from capturing data indiscriminately (for example).
By using browser preferences, cookies that have been installed can be deleted; this includes cookies in which consent (if granted) to the installation of cookies by this site is stored. Information on how to handle cookies with some of the more popular browsers can be found on the following web pages:

Cookies can also be deactivated as explained in the notices provided directly by the third parties listed in paragraph 11 of the Privacy Notice, which this notice is an annex to.
Additional information on the choices that can be made where cookies are concerned can be found at www.youronlinechoices.com.

6. Changes to this notice

This information may be changed over time. You should therefore check that you are looking at the latest version by going to this page.