Information on personal data processing
Pursuant to art. 13 of Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR), the University of Milan (hereinafter also referred to as “University”) in the person of the Rector pro tempore, hereby informs users about the processing of their personal data by the website https://www.unimontagna.it (hereinafter also the “site”).
This information is limited to the https://www.unimontagna.it website only and is not valid for external sites even if such sites are accessible from links on https://www.unimontagna.it .
The observance of current legislation on transparency and the mandatory publication of data and documents by the University of Milan are not affected by this policy.
1. Data Controller and Data Protection Officer (DPO)
The data controller is the University of Milan, in the person of the Rector pro tempore, via Festa del Perdono n. 7, 20122 Milan, e-mail firstname.lastname@example.org. Pursuant to articles 37 and according to EU Regulation 2016/679, the University has appointed a Data Protection Officer (DPO) who can be contacted at the e-mail address email@example.com. For further information on the processing of personal data by the site, please contact Anna Giorgi, director of CRC GESDIMONT – UNIMONT centre by writing to: firstname.lastname@example.org.
2. Purpose and legal basis of data processing
The data that are processed are listed below:
- navigation data. For example: IP address, type of browser and device parameters used to connect to the site, name of the Internet service provider (ISP), date and time of visit and exit, web page of origin of the visitor (referral);
- navigation data collected through Google Analytics adopting every useful measure to reduce the possibility of identifying users who connect to it. As an example: type of device used for connecting, city from which users connect, duration of the visit to a site, etc.;
- data provided voluntarily by users for utilizing online services offered on the site or data provided from time to time by users in relation to the specific service requested (e.g. subscription to the newsletter service). For further information on this, see paragraph 6 and its sub-paragraphs
- data collected through cookies during website browsing by users. For further information on the cookies used by the web portal or the sites that make up the system, see paragraph 6 and its sub-paragraphs.
The aforementioned information is processed automatically and collected in aggregate form in order to verify the correct functioning of the site and for security reasons. This information will be processed based on the legitimate interest of the data subject.
For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly include personal data such as the IP address, which could be used, in accordance with current law, in order to block attempts to damage the site or to damage other users, or in any case activities which are harmful or constitute a crime. In any case, such data will never be used for profiling site users but only for the purpose of protecting the site and its users.
The legal bases of the data processing are therefore the compliance with legal and contractual obligations, the fulfillment of specific requests by the data subject before the conclusion of the contract and the processing of data connected to the management of any complaints or disputes and for the prevention and repression of fraud and any illegal activity.
Pursuant to art. 6 paragraph 1 GDPR, the legal basis of the processing may also be the express consent of the data subject.
Please note that for users under 14 years of age consent to the use of personal data must be collected through the authorization of a parent or guardian.
3. Types of data processed
Personal data are collected for the following purposes and using the following services.
During their normal operation, the IT systems and application procedures used to operate the site acquire some data, the transmission of which is implicit in the use of Internet communication protocols.
This information is used to obtain anonymous statistical information on the use of the portal and to check its correct functioning and is not associated with identified users; however by its nature and through associations with data held by third parties, it could allow the identification of interested parties. This includes, for example, the IP address of the system used to connect to the portal.
These data are removed from the systems after statistical processing and are stored off-line exclusively for the ascertainment of responsibility in the event of computer crimes and can only be consulted at the request of a judicial authority.
Personal data provided freely by users in different ways are used for the provision of online services that provide for authentication, registration or sending e-mails.
The optional, explicit and voluntary sending of e-mails to the addresses indicated on the site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
The website uses the following third-party services:
For further information, see paragraph 6 and its sub-paragraphs.
4. Optional provision of data
Some data requested (e.g. those for registration) are mandatory and failure to provide such data makes it impossible to provide the requested service. In a similar way, the failure to communicate some data that may be required for the subscription of online services may make it impossible to use the chosen service.
Registration and subscription data are voluntarily provided.Users who register freely consent to the processing of their personal data, aware that in the absence of such consent, registration and subscription to services cannot take place. Processing carried out before the withdrawal of consent by the interested party will still remain valid.
5. Processing methods
Data collection takes place in compliance with the principles of relevance, completeness and non-excess in relation to the purposes for which they are processed. The personal data provided are processed in compliance with the principles of correctness, lawfulness and transparency, provided for in Article 5 of the GDPR, also with the aid of IT and telematic tools designed to store and manage such data, and in any case in such a way as to guarantee its security and protect the maximum confidentiality of the data subject.
The data could be processed anonymously for statistical activities aimed at improving the services offered.
Cookies are text files that are stored on web users’ computers to allow safe and efficient exploration of the site and to monitor its use.
The site https://www.unimontagna.it uses technical cookies, monitoring cookies converted into technical cookies and third-party cookies.
Cookies are not used with explicit profiling purposes or for purposes other than those stated herein.
However, profiling cookies may be installed or with purposes other than those declared herein as a consequence of the possible use of the third-party services listed in par. 6.3.
6.1 Technical cookies
This website uses technical or assimilated cookies (navigation or functionality, session and / or persistent) to function and to ensure correct visualization, to allow any authentication to restricted areas or to improve the browsing experience (e.g. by storing the preferences entered or avoiding users having to re-enter the username and password several times).
Since consent is not required for their installation, these cookies will always be used and sent to the browser in use, unless the user changes the settings (thus affecting the correct use of the services available or the contents of the site).
Cookie tecnici utilizzati:
6.2 Monitoring cookies
This website is the subject of a web traffic analysis service called “Google Analytics” aimed at generating statistics relating to its use, collecting data in aggregate form connected to browsing on the site and analyzing user behaviour.
The use of the service involves the use of third-party analytical cookies through which the company Google will obtain anonymous information such as those listed below. As an example and not limited to:
- IP address assigned to the device in use;
- browser used for navigation on the portal;
- geographical area, preferred language, date and time of access to a certain section of the website;
- information relating to the website of origin or the landing web page.
The information obtained regarding the use of the internet portal will be processed by Google in compliance with the information made available by the company on https://marketingplatform.google.com/about/analytics/terms/gb/ and https://policies.google.com/privacy?hl=en-GB .
By browsing this site, you consent to the processing of your data by Google for the methods and purposes indicated above or declared by the service provider.
The service described in this paragraph is used by the University of Milan following the adoption of every useful measure to reduce the identification power of the cookies involved through:
- anonymization of the IP addresses associated with the devices connected to the web portal (IP anonymization);
- avoiding the intersection of data collected with other information.
Therefore, Google Analytics tracking cookies must be considered as technical cookies for the use of which user consent is not necessary.
In any case, please note that users can selectively disable the action of Google Analytics on their browsers by installing the opt-out component provided by Google.
To disable the action of Google Analytics, please refer to the link below:
Analytical cookies used:
6.3 Third-party cookies (capable of profiling)
This site does not use third party cookies.
6.4 How to disable cookies (opt-out)
Cookie preferences can be managed directly within your browser to prevent, for example, third parties from collecting data indiscriminately.
Installed cookies can be deleted through browser preferences, including those in which the consent to the installation of cookies by this site is saved.
Information on how to manage cookies with some of the most widely used browsers can be found by visiting the following web pages:
Third-party cookies can also be disabled:
a. through the methods described in the various information policies and/or made available directly by third-party companies as per the following list of useful links:
b. intervening on the settings of the plugin, if installed, that produces the cookie notification banner (so-called short information).
7. Categories of subjects authorized to process data and to whom the data can be communicated
Users’ personal data will be known and processed, in compliance with current legislation, by the Unimont – centre staff of the University of Milan (identified as Authorized to process data) involved in the maintenance of the site. The data may be communicated:
a) to the University structures that request it, for the institutional purposes of the University or in compliance with legislative obligations;
b) to non-economic public subjects or consortia in which the University participates (e.g. MIUR) when communication is necessary for the performance of institutional functions of the body requesting such data;
c) to some external subjects, identified as Data Processors pursuant to art. 28 GDPR;
In any case, the communication or dissemination of data may be requested, in accordance with the law, by the Public Security Authority, by the Judicial Authority or by other public subjects for defense, state security and crime detection purposes, as well as any communication to the Judicial Authority in compliance with legal obligations, when crimes have been identified. Finally, personal data will not be transferred to third countries or international organizations unless this is strictly connected to specific requests from the user or needs related to the finalization of the intervention, for which specific consent will be acquired.
8. Data retention
In relation to the various objectives and purposes for which they were collected, data will be stored for the time required by specific legislation or for that strictly necessary for the pursuit of purposes. Specifically:
- browsing data will be kept for a maximum of 6 months;
- browsing data collected through Google Analytics will be kept for a maximum of 26 months;
- data voluntarily provided by users will be kept for a maximum of 26 months, unless users explicitly request they be deleted.
- data collected through cookies will be kept for a period of time not exceeding that indicated in the extended information attached to this document.
In any case, the data will not be kept for more than 5 years from the date of the last contact.
9. Rights of data subjects
Data subjects can make a complaint to a Supervisory Authority and exercise, pursuant to art. from 15 to 22 of the GDPR, the right to:
– make a complaint to a Supervisory Authority;
– ask data controllers for access to personal data, rectification or cancellation of the same, limitation of processing;
– object to the processing;
– ask for portability of data,
by contacting: Data Protection Officer – e-mail: email@example.com.
10. Changes to this Policy
This information may change over time. We therefore recommend that you consult the Privacy section of the website https://www.unimontagna.it, for the most updated version.