Italiano English
Vai al contenuto della pagina
Information on the processing of personal data

According to the art. 13 of the Regulation (EU) 2016/679 (General Regulation on Data Protection or GDPR) of the European Parliament and of the Council concerning the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data and repealing the Directive 95/46 / EC,as well as of Legislative Decree 196/2003 and the following mm. ii., the University of Milan (hereinafter also referred to as the "University") in the person of the Rector pro tempore, informs users about the use of personal data concerning them by the website (hereinafter also "site"). This information is given about how the site is managed, in relation to the processing of personal data of users who consult it, who choose to register and / or use online services offered. Without prejudice to the compliance by the University of Milan with the current legislation on transparency and mandatory publication of data and documents. This information is limited to the site and has no value for external sites even if accessible from links on

1. Data Controller and Data Protection Officer (DPO)
The data controller is the University of Milan, in the person of the Rector pro tempore, Via Festa del Perdono n. 7, 20122 Milan, e-mail Pursuant to the articles 37 and following of the
EU Regulation 2016/679, the University has appointed the Data Protection Officer (DPO) who can be contacted at For information or in-depth information on the use of personal data by the site, contact [add name of referent of structure / department for the site with physical address, email contact and / or telephone number]

2. Purpose and legal basis of the processing
The personal data that could be / are processed are:
- IP address;
- type of browser and device parameters used to connect to the site;
- name of the internet service provider (ISP);
- date and time of visit;
- web page of the visitor's origin (referral) and exit;
- possible number of clicks;
- voluntarily provided by the user in the use of online services offered on the site;
- the data provided by users from time to time in relation to the specific service requested;

The aforementioned information is processed in an automated manner and collected in aggregate form in order to verify the correct functioning of the site and for security reasons. This information will be treated on the legitimate interest of the owner.
For security purposes (anti-spam filters, firewalls, virus detection), automatically recorded data may possibly include personal data such as the IP address, which could be used, in accordance with the law in force, in order to block attempts to damage the site or to damage other users, or in any case harmful activities or offenses. In any case, such data will be used for profiling the users of the site but only for the purpose of protecting the site and its users.
The legal bases of the processing are therefore compliance with legal and contractual obligations, the fulfillment of specific requests of the interested party before the conclusion of the contract and the processing
of data connected to the management of any complaints or disputes and for the prevention and repression of fraud and any illegal activity.

3. Types of data processed
Personal data is collected for the following purposes and using the following services.
The computer systems and application procedures used to operate the site acquire, during their normal operation, some data whose transmission is implicit in the use of communication protocols on
This information is used to obtain anonymous statistical information on the use of the site and to check its correct functioning and is not associated with identified users; however by their nature and
through associations with data held by third parties, could allow the identification of data subjects.
This category includes, for example, the IP address of the system used to connect to the portal.
These data are removed from the systems after the statistics have been processed and are kept off-line exclusively for verification of responsibility in the case of computer crimes and can be consulted only at the request of the Judicial Authority.
For the use of online services that require authentication, registration or e-mail sending, personal data provided by users in different ways is used.
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message by the user.

Embedding of maps via Google Maps (Link to Privacy policy)

4. Optional supply of data
Some requested data (eg those for registration) are mandatory and failure to provide them will make it impossible to provide the requested service.
Similarly, failure to communicate certain data that may be required for the subscription of online services may make it impossible to use the chosen service.
Registration data and subscription data are provided voluntarily.
The person making the registration freely gives consent to the processing of the data, knowing that in the absence of such consent the registration and subscription of the services cannot take place.
The treatments carried out before the revocation of the consent by the interested party will remain valid.

5. Processing methods
Data collection takes place in compliance with the principles of relevance, completeness and non-excessiveness in relation to the purposes for which they are processed. The personal data provided are processed in compliance with the principles of lawfulness, correctness and transparency, provided for in article 5 of the GDPR, also with the aid of IT and electronic tools designed to memorize and manage the data, and in any case in such a way as to guarantee security and protecting the confidentiality of the data subject. The data can be processed anonymously for the performance of statistical activities aimed at improving the services offered.

6. Use of cookies
Cookies are text files that are stored on web users' computers to allow a safe and efficient exploration of the site and to monitor its use.
The site uses technical and session cookies and third-party cookies.
Profiling cookies are not used for purposes other than those stated here.
However, there may be other profiling cookies or cookies with purposes other than those stated here used by third-party services.

6.1 Technical and session cookies (essential for the use of online services and for access to reserved areas of the portal)
The site uses different http session cookies to manage authentication for online services and reserved areas. The use of session cookies (which are not stored permanently on the user's computer and are eliminated when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient site exploration.
Disabling session cookies does not allow you to fully enjoy the resources made available to the site.
Technical cookies used

Cookie name Purpose Time Type Domain      
PHPSESSID identifies the PHP session in progress during the site visit Session Technical cookies      
user_name @ indiologia identifies the registered user, contains the user name 4 months Technical cookies      
indiologia pass @ identifies the registered user, contains the hashed password of the user 4 months Technical cookies   

6.2 How to disable cookies (opt-out)
You can refuse consent to the use of cookies by selecting the appropriate settings on your browser: unauthenticated browsing (when requested) will still be available in all its features.
Below are the links that explain how to disable cookies for the most popular browsers (for other browsers that may be used, we suggest looking for this option in the software help normally available through the F1 key):
Internet Explorer:
Google Chrome:
Mozilla Firefox:
Apple Safari:

7. Categories of persons authorized to process data to whom the data may be communicated
The personal data of the users will be known and treated, in compliance with the legislation in force on the subject, by the personnel of the [indicate the structure of reference for example. Department] (identified as Authorized at
treatment) involved in site maintenance.
The data can be communicated:
a) to the structures of the University that request them, for the institutional purposes of the University or in compliance
of legislative obligations;
b) to non-economic public entities or consortia participated by the University (eg MIUR) when the communication is necessary for the performance of institutional functions of the requesting entity;
c) to some external subjects, identified as Data Processors pursuant to art. 28 GDPR;
In any case, the communication or dissemination of data required, in accordance with the law, by the Public Security Authority, the Judicial Authority or other public subjects for defense, state security and crime detection purposes is reserved. as well as the communication to the judicial authority in compliance with legal obligations, where hypotheses of crime are found. Finally, personal data will not be transferred to third countries or international organizations unless this is strictly connected to specific requests coming from the user or needs linked to the finalization of the intervention, for which specific consent will be obtained.

8. Data retention
The data will be kept by the University of Milan for the time strictly necessary to achieve the indicated purposes and in compliance with legal obligations.
In any case the data will not be kept for more than 2 years from the date of last contact.

9. Rights of the interested party
The interested party may lodge a complaint with a supervisory authority and exercise pursuant to articles from 15 to 22 of the GDPR the right to:
- submit a complaint to a supervisory authority;
- ask the joint controllers for access to the personal data concerning them, the correction or cancellation of the same, the limitation of the processing;
- oppose the treatment;
- ask for data portability by contacting the following contacts: Data Protection Manager - e-mail:

10. Changes to Information
This information may change over time. Therefore, it is advisable to check, in the Privacy section of the website, that the version referred to is the most up-to-date.