Information regarding the processing of personal data
Premise
Pursuant to Article 13 of Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR), the University of Milan (hereinafter also referred to as the “University”), in the person of the Rector pro tempore, informs users of the humanhall.unimi.it website (hereinafter also referred to as “the site”) about the use of personal data concerning them.
Please note that the following information relates exclusively to the humanhall.unimi.it website and not to other websites that may be consulted via links contained therein.
Â
Data Controller
The Data Controller is the University of Milan, in the person of the Rector pro tempore, with registered office in Via Festa del Perdono, n. 7 -20122 Milan (MI), who can be contacted at the e-mail address supportodpo@unimi.it
Â
Data Protection Officer
Pursuant to Articles 37 et seq. of EU Regulation 2016/679, the University has appointed the Data Protection Officer (DPO) identified as Prof. Pierluigi Perri, e-mail: dpo@unimi.it
Â
Types of data processed
1) Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.
This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (“Uniform Resource Identifier“) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, successful, error, etc.) and other parameters related to the user’s operating system and computer environment.Â
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this eventuality, at present the data on web contacts do not persist for more than fifteen days.Â
2)Data acquired through cookies
Cookies are small text files that the site sends to the terminal used for navigation (computer, smartphone, tablet, smartTV, etc.), where they are stored, and then sent back to the same on the next visit.
It is specified that a cookie cannot retrieve any other data from the user’s device, nor transmit viruses or acquire email addresses.
“First-party” cookies are sent to the terminal by the site you are browsing, while those defined as “third-party” cookies are set by a third-party website.
Cookies are essentially divided into two types: “technical” cookies and so-called “profiling” cookies.
The former is used to carry out fast computer authentications while maintaining user identification within the session, as well as to allow secure browsing. For these purposes, this type of cookie is not stored permanently on the user’s PC, but rather disappears when the browser is closed.
Based on the Guidelines of the Guarantor for the protection of personal data of 10 June 2021, these cookies can be used without the consent of the data subject.
“Profiling” cookies, on the other hand, are aimed at collecting information about the user in order to create a profile based on browsing preferences; this processing and monitoring is then exploited in order to send advertising messages in line with the preferences expressed.
The University wishes to inform you that this site uses first-party technical cookies but also profiling cookies from third parties.
For further information, including on how to exclude “profiling” cookies, we recommend that you read the dedicated information by clicking here.
Â
3) Data provided by the data subject
If the user, where applicable, decides to enter and send personal data (for example: name, surname, e-mail address) to access certain services, or to make requests via e-mail, the University will process such data to respond to the request, or to provide the requested service in accordance with this information and the specific privacy policies provided when subscribing to the individual services.
The data will be stored for the time necessary to provide the requested service and to manage any disputes.
Purpose and legal basis of the processing
The University of Milan processes the navigation data referred to in point 1) and the data obtained from technical cookies in order to monitor the purely technical functioning and performance of the site, to understand how to improve the services and make them evolve.
The legal basis for the processing of such data is the performance of tasks in the public interest by the Data Controller (Art. 6 para. 1 letter e) GDPR).
The data related to profiling cookies – which are not consulted by the University, but are immediately transmitted to the third party – are acquired exclusively with the explicit consent of the user.
For these types of information owned by third parties, in fact, the obligations of information and consent are incumbent on the owner of the site, as a technical intermediary between them and the users.
On the other hand, with regard to the data referred to in point 3), the University invites you to read the specific information at the bottom of the individual services.
Â
Processing methods
The data are collected in compliance with the principles of relevance, completeness and non-excessiveness and are processed in compliance with the principles of lawfulness, fairness and transparency, provided for in Article 5 GDPR.
The data are processed with the support of computer and telematic means and are protected through adequate security measures suitable to guarantee their confidentiality and integrity.
In particular, the University has adopted and adopts appropriate organizational, procedural and technical measures to protect data against loss, theft, as well as unauthorized use, disclosure or modification.
The personal data collected may be subject to simple communication, as far as their specific competence is concerned, to public and private entities in order to fulfil:
– reasoned requests from competent authorities;
– laws, regulations and/or EU legislation;
– comply with the requests of the users themselves.
Apart from the aforementioned cases, personal data are not communicated in any way and for any reason to third parties or disseminated.
Your rights
Pursuant to art. 15 to 22 of the GDPR, data subjects may exercise, if the conditions are met, the right to request from the Data Controller access to personal data concerning them, rectification, erasure of the same, limitation of processing by contacting the Data Controller or the Data Protection Officer.
In particular, pursuant to Article 21(1) of the GDPR, the data subject may, on grounds relating to his or her particular situation, exercise the right to object to the processing of personal data concerning him or her if such processing is carried out for the performance of a task carried out in the public interest, pursuant to Article 6(1)(e) of the GDPR, by contacting the Data Protection Officer by e-mail:Â dpo@unimi.it
Finally, data subjects who believe that the processing of personal data relating to them, carried out through this site, is in violation of the provisions of the GDPR, have the right to lodge a complaint with the Guarantor, as provided for by art. 77 of the GDPR itself, or to bring the appropriate case before the courts (Art. 79 of the GDPR).
