PRIVACY POLICY UNDER ART. 13 OF REGULATION EU NO. 679/2016 OF 27 APRIL 2016

 

This policy is issued under art. 13 of Regulation EU no. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and in respect of the laws on personal data processing and on the free movement of such data.

Data Controller

The Data Controller is the Politecnico di Milano - Director General delegated by the pro-tempore Rector - contact: dirgen(at)polimi.it.

Internal data processor

Dr. Andrea Papoff, Department Manager, Department of Energy, Via Lambruschini 4, Milan (MI), ph. 0223996571, e-mail: andrea.papoff(at)polimi.it

The personal data will be processed by other authorised parties who will receive instructions for that purpose under current legislation.

Data Protection Officer and contact details

Dr Vincenzo Del Core, contact: privacy(at)polimi.it - ph.: +39 0223999378.

Purposes and legal basis of processing, categories of data and storage period

In accordance with and for the purposes of the new EU General Regulation on the protection of personal data no. 679/2016, we inform you that your personal data will be used to send you communications regarding the institutional activities of the Department - PURPOSE 1 - (such as and among the others: Advertising of University services and events aimed at internal audiences; Advertising of post-graduate and specializing master courses; Communications relating to training activities; Orientation newsletters; Operational communications for open days; ...etc); if you are not interested in receiving such communications, you can check the "unsubscribe" box always present at the end of such communications.

The data may also be processed to send you non-institutional communications - PURPOSE 2 - (such as and among the others: Advertising of events not strictly connected to training activities, but of general interest; Advertising of agreements with external commercial entities; Organized events from third parties; pure marketing communications; ...etc) but only after having acquired the consent which, in this case, will be the legal basis of the data processing.

The purposes pursued as described above are summarized in the following table:

Personal data processing purposes	Legal basis of processing	Categories of personal data processed	Personal data retention period
Purpose 1 The data provided will be used to send institutional communications.	Public interest (art. 6, paragraph 1, letter e of the EU Regulation).	Personal data (name, surname); Contact details (e-mail).	The data will be stored for 4 years.
Purpose 2 The data provided will be processed for sending non institutional communications.	Personal consent (art. 6, paragraph 1, letter a of  UE Regulation).	Personal data (name, surname, gender); Contact details (Company, address, e-mail, mobile).	The data will be stored for 4 years.

 

Nature of the data

Providing data is optional. Any refusal to provide the data makes it impossible to carry out the intended purposes.

Processing methods

The processing for the purposes indicated above is carried out on digital media, using electronic tools.

Duly authorised persons are entitled to access the data acquired for the aforementioned purposes.

Categories of recipients

the data will not be disclosed to public or private entities for the listed purposes.

Transferring data to non-EU countries or international Organisations
The personal data will not be transferred in any way to countries outside the EU or any international Organisation.

Data subject rights

As the data subject, you may request from the Controller:

·     confirmation of the existence or otherwise of personal data concerning you;

·     access to your personal data and information relating to them; the rectification of inaccurate data or completion of incomplete data; the erasure of personal data relating to you (in the presence of one of the conditions indicated in Art. 17, paragraph 1 of the Regulation and in compliance with the exceptions provided for in paragraph 3 of the same article); limit the processing of your personal data (under one of the cases indicated in art. 18, paragraph 1 of the Regulation), the transformation into anonymous form or block on data processed in violation of the law, including data whose storage is no longer necessary for the purposes for which it was collected or processed.

 

As the data subject, you also have the right to object in full or in part:

·     on legitimate grounds, to the processing of personal data relating to you, even if it is relevant for the purpose for which the data were collected;

·     to the processing of personal data relating to you for the purpose of promoting initiatives.

These rights may be exercised by contacting privacy(at)polimi.it.

 

If you believe that your rights have been infringed by the Controller and/or by a third party, you are entitled to lodge a complaint with the Italian Data Protection Authority and/or other competent supervisory authority pursuant to the Regulation.