Assumption

Effective date: Jan 09, 2022


According to art. 13 of Regulation (EU) 2016/679 (General Regulation on Data Protection or GRDP) of the European Parliament and of the Council concerning the protection of individuals with regard to the processing of personal data, as well as the free movement of such data and repealing Directive 95/46 / EC, as well as of Legislative Decree 196/2003 and subsequent amendments mm. ii., the University of Milan (herein also referred to as “University”) in the person of the Rector pro tempore, informs users about the use of personal data concerning them by the website https://sites.unimi.it/ClaudiaLBianchi (herein also “site”). This information is given on the management of the site, in relation to the processing of personal data of users who consult it, who choose to register and/or who use online services offered. The observance by the University of Milan of the current legislation on transparency and mandatory publication of data and documents remains valid. This information is limited to the https://sites.unimi.it/ClaudiaLBianchi site only and does not have any value for external sites, even if accessible from links on https://sites.unimi.it/ClaudiaLBianchi.

1. Data Controller and Data Protection Officer (DPO)

The data controller is the University of Milan, in the person of the Rector pro tempore, Via Festa del Perdono n. 7, 20122 Milan, e-mail infoprivacy@unimi.it. According to articles 37 and following of the 2016/679 EU Regulation, the University has appointed the Data Protection Officer (DPO) that can be contacted at the e-mail address dpo@unimi.it. For information or details on the use of data Personal from the site, contact Ing. Carlo Manassero, Department of Chemistry, V. Golgi, 19 Milan Tel. +39 02 503 4469 carlo.manassero@unimi.it.

2. Purpose and legal basis of the processing

The personal data that could be processed are:

  • IP address;
  • type of browser and device parameters used to connect to the site;
  • name of the Internet service provider (ISP);
  • date and time of visit;
  • web page of origin of the visitor (referral) and exit;
  • any number of clicks;
  • voluntarily provided by the user in using online services offered on the site;
  • the data provided from time to time by users in relation to the specific service requested;

The aforementioned information is processed in an automated form and collected in aggregate form in order to verify the correct functioning of the site and for security reasons. This information will be processed according to the legitimate interest of the owner. For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly include personal data such as the IP address, which could be used, in accordance with the law in force, in order to block attempts to damage the site or to damage other users, or in any case harmful activities or constituting a crime. In any case, these data will never be used for the purpose of profiling the users of the site but only for the purposes of protection of the site and its users. The legal bases of the processing are therefore compliance with legal and contractual obligations, the fulfillment of specific requests of the interested part, before the conclusion of the contract and the processing of data related to the management of any complaints or disputes and for the prevention and repression of frauds and any illegal activity.

3. Types of data processed

Personal data are collected for the following purposes and using the following services. The IT systems and the application procedures used to operate the site acquire, during their normal operation, some data whose transmission is implicit in the use of communication protocols on the Internet. This information is used to obtain anonymous statistical information on the use of the site and to check its correct functioning and are not associated with identified users; however, by their nature and through associations with data held by third parties, they could allow identification of data subjects. This category includes, for example, the IP address of the system used to connect to the portal. These data are removed from the systems after the statistics processing and are kept off-line exclusively for assessments of liability in the case of computer crimes and only accessible at the request of the Judicial Authority. For the use of online services that provide for the authentication, registration or sending of e-mail personal data are freely provided by users in different ways. The optional, explicit and voluntary sending of e-mails to the addresses indicated on the site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message by the user.

4. Optional nature of the provision of data

Some requested data (eg registration data) are mandatory and failure to provide it will make it impossible to provide the requested service. Similarly, failure to communicate certain data required for the subscription of online services may make it impossible to use the selected service. Registration and subscription data are voluntarily provided. The person making the registration freely gives consent to the processing of data, aware that in the absence of such consent registration and subscription of services can not take place. The treatments carried out before the revocation of the consent by the interested party will remain valid.

5. Methods of processing

Data collection takes place in compliance with the principles of relevance, completeness and non-excess in relation to the purposes for which they are processed. The personal data provided are processed in compliance with the principles of lawfulness, fairness and transparency, as set out in article 5 of the GRDP, also with the aid of IT and telematic tools for storing and managing the data, and in any case in such a way as to guarantee security and protect the privacy of the data subject. The data may be processed anonymously for statistical activities aimed at improving the services offered.

6. Use of cookies

Cookies are small text strings sent by the applications visited by the User to his terminal (usually the browser), where they are stored to be retransmitted to the same applications at the following visit of the same User.
The word Cookie relates both to the same cookies as well as to all similar technologies. Cookies are used in order to faster access to online services and to improve the activity of browsing of the User through session tracking, storage of information, faster uploading of contents, etc…

6.1 Type of cookies

Cookies are classified as follows:

  • First-Party Cookies: proprietary cookies used by the Site in order to enable the User to browse more efficiently and/or monitor the actions he exercises;
  • Third-Party Cookies: cookies that are set from a Site other than the one the User is currently visiting in order to allow him to browse more efficiently and/or to monitor the actions exercised by him.

Furthermore, there are different types of cookies:

  • Technical and Analytics Cookies: cookies regarding activities strictly necessary for the operation and provision of the service (ex. session cookies to log in), cookies related to the activity of saving preferences and of optimization (ex. cookies to save the cart or language choices/currency, etc.), analytical cookies for the collection of information in an anonymous and aggregate form.

Technical cookies include:

  • Session or Browsing Cookies: used to keep track of the activity of User in the internet. They guarantee normal browsing and use of the Site, allowing for example to rapidly browsing and make a purchase or to authenticate for accessing to restricted areas, and are actually necessary for its proper functioning;
  • Functional Cookies: allow the User to browse in accordance to a set of selected criteria (for example, language, products selected for the purchase, etc.) in order to improve the service offered to the User;
  • Analytics Cookies: used to collect information regarding the use of the Site. The Data Controller uses this information for statistical analysis and to improve the Site and to simplify its use, as well as to monitor its correct functioning. This type of cookie collects anonymous information regarding the activity of Users in the Site and regarding the modalities in which they reached the visited Site and the pages. Cookies in this category are sent from the site itself or from third-party domains.

Analytical cookies may be:

  • First-Party Analytics Cookies: assimilated in terms of regulation to technical cookies whether used by the Data Controller of the Site without profiling the User, but exclusively to collect information, in an aggregate and anonymous form, regarding the number of Users and how they visit the Site for statistical purposes and to improve the performance of the site;
  • Third-Party Analytics Cookies: are made available by third parties and are assimilated to technical cookies if third parties do not make User profiling by using appropriate tools to reduce the identification potential of cookies (for example, by masking significant portions of the IP address) and without integrating gathered information with other information already made available.

With regard to technical cookies, it is required to exclusively release the Cookie Policy without requesting the consent. Disabling or deleting the relevant cookies by accessing to the functions of the browser of the User, may compromise the optimal browsing on this Site.
Profiling Cookies: used to track User browsing on the internet and to create a profile of his habits:

  • First-Party Profiling Cookies: installed by the Data Controller to create User profiles in order to send advertising messages in line with the preferences displayed in the browsing in the internet. Given their particular invasiveness in the private sphere of Users, the applicable law requires that Users, prior adequate notice regarding the use of the relevant cookies, must give their consent;
  • Third-Party Profiling Cookies: used by third parties accessing to the information, therefore not in anonymous and aggregated modality, and crossed with other data already in their possession. The Site does not have direct control of third-parties cookies. The User is therefore encouraged to check the Cookie Policy on website of the third party.

The use of these cookies requires the acquisition of prior consent of the User.

6.2 Cookies installed on the site

  • cerber_groove e cerber_groove_x_[hash]: A security cookie used to validate the user session. These have duration of 14 days.
  • {random alphanumeric code}: A security cookie automatically generated, both name and value. No personal o sensitive data are stored. These have duration of 1 day.
  • wp-settings-[UID] e wp-settings-time-[UID]: Technical cookies used to persist a user’s wp-admin configuration. The ID is the user’s ID. This is used to customize the view of admin interface, and possibly also the main site interface. These have duration of 1 year.
  • wordpress_[hash]: A session cookie used to store the authentication details on login. The authentication details include the username and double hashed copy of the password. However, this usage of the cookie is limited to the admin console area, the backend dashboard of the website.
  • wordpress_logged_in_[hash]: A session cookie used to indicate when you are logged in, and who you are. This cookie is maintained on the front-end of the website as well when logged in.
  • wordPress_test_cookie: A session cookie to check if the cookies are enabled on the browser to provide appropriate user experience to the users. This cookie is used on the front-end, even if you are not logged in.
  • cookie_consent: Technical cookie that save the consent provided by the user.
  • _lscache_vary: Technical cookie used to prevent that page of private area are saved on cache.
  • pll_language: Technical cookie used to store user settings about site language.

6.3 How to disable cookies (opt-out)

The User can manage preferences relating to cookies directly in his browser and prevent third parties from installing cookies. Further, it is also possible to delete cookies that have been installed in the past, including the cookie in which the expression of consent to the installation of cookies has been saved by this Site. By disabling all cookies, the operation of this Site may be compromised.

The User can find information and exercise his right to object the tracking of cookies in his browser at the following addresses:

If your browser was not mentioned here, please visits: aboutcookies.org oppure cookiecentral.com. More information about cookies:

7. Categories of parties authorized to process and to whom data can be communicated

The personal data of the users will be known and treated, in compliance with current legislation on the subject, by the personnel of the Department (identified as Authorized to the treatment) involved in the maintenance of the site. The data can be communicated:

a) to the University structures that request it, for the institutional purposes of the University or in compliance with legislative obligations; b) to non-economic public entities or consortiums owned by the University (eg MIUR) when the communication is necessary for the performance of institutional functions of the requesting body; c) to some external subjects, identified as Data Processors pursuant to art. 28 GRDP.

In any case, the communication or dissemination of data requested, in compliance with the law, by the Public Security Authority, by the Judicial Authority or by other public entities for the purposes of defense, state security and the ascertainment of crimes, is reserved; as well as the communication to the Judicial Authorities in compliance with legal obligations, where they are considered hypotheses of crime. Finally, personal data will not be transferred to third countries or international organizations unless this is strictly connected to specific requests from the user or to needs related to the finalization of the intervention, for which consent will be acquired.

8. Data retention

The data will be kept by the University of Milan for the time strictly necessary for the pursuit of the purposes indicated and in compliance with legal obligations.

9. Rights of the interested part

The interested part can lodge a complaint with a supervisory authority and exercise pursuant to art. from 15 to 22 of the GRDP the right to: propose a complaint to a controlling authority; ask the data controllers to access their personal data, correct or delete them, limit the processing; oppose the treatment; ask for data portability, addressing the following contacts: Data Protection Officer – e-mail: dpo@pec.unimi.it.

10. Changes to Information

This information may change over time. It is therefore advisable to check that the version to which it refers is the most up-to-date.