PRIVACY POLICY – English version
DATA CONTROLLER
Data Controller
Politecnico di Milano – Director General, delegated by the pro-tempore Rector – e-mail: dirgen@polimi.it
Data protection officer
privacy@polimi.it, tel.: +39 0223999378
Internal Data Processor for the Architecture and Urban Studies Department
the Department Manager Ms. Gloria Paoluzzi – e-mail: paoluzzi@polimi.it
PURPOSE OF PROCESSING AND LEGAL BASIS
While the University privacy policy is available at https://www.polimi.it/privacy/, this policy describes the personal data processing carried out within the Architecture and Urban Studies Department. The personal data requested from the data subject are processed under Art. 6 points (b), (c) and (e) of the Regulation (EU) 2016/679 (processing necessary for the performance of a contract, to comply with a legal obligation and for reasons of public interest), for the following purposes:
Main processing relating to employees and/or collaborators
Selection and management of the Department’s collaborators
Cross-cutting processing and processing relating to cross-cutting activities
- Communication, promotion and dissemination of the Department’s activities and resources
- Organisation and promotion of events of the Department
- Publishing contracts
- Research projects, agreements and works under contract; Research questionnaires and surveys
- Organisation of lifelong learning courses
- Management of collective bodies
- Management of access to the Department’s premises
See also the third-level policies
DATA RECIPIENTS
Personal data may be processed by employees or collaborators of the Controller under the direct supervision of the latter, who are appointed as data processors or however authorised to process data after receiving proper training and operating instructions.
Specifically, data will be processed by technical/administrative staff, professors and possibly third parties depending on the various activities and type of processing under their responsibility.
Personal data may be disclosed to other public administrations, when these latter must process them for procedures that fall under their institutional jurisdiction.
Also, personal data may be disclosed to public authorities or private persons who host institutional activities.
Lastly, persona data for research activities may be transferred to other universities, research or non-profit entities, including abroad, within the implementation or research or international mobility projects.
DATA RETENTION PERIOD
Data will be retained for the time required by the legislation in force or by the University’s regulations, save for any archiving obligations under the legislation in force.
RIGHTS OF DATA SUBJECTS
Data subjects have the right to:
- request from the controller, under Arts. 15, 16, 17, 18, 19 and 21 of the Regulation (EU) 2016/679, access to their own data and their rectification or deletion or restriction of the processing, or to object to their data being processed. Deletion is not permitted for those data that are contained in documents that the University must necessarily keep;
- lodge a complaint with a supervisory authority.
PROCESSING METHODS
Personal data will be processed manually or by computer and web tools, and in any case so as to ensure the data security and confidentiality.
Security measures have been adopted, in accordance with the provisions of art. 32 of the GDPR, to prevent any loss of data and any unlawful or improper use and unauthorised access to data, in compliance with Circular no. 2/2017 issued by AgID (Agency for Digital Italy): “Minimum ICT security measures for public administrations”.
TYPES OF DATA PROCESSED
For details regarding data processed case by case, please refer to the indications given in the relevant administrative processes and proceedings.
This policy may be subsequently updated and supplemented, you are therefore invited to view it on a regular basis.