In accordance with Article 13 of Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR of the European Parliament and of the Council concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data and which repeals Directive 95/46/EC, as well as Legislative Decree no. Lgs 196/2003 and ss. mm. ii., in this notice the University of Milan – also referred to below as the ‘University’ and represented by the Rector pro tem) provides users by the sites that are part of the ReadyWeb service (hereinafter also referred to as the “Site”). https://www.sites.unimi.it/phdns. This notice is provided in relation to the management of the Site, in connection with the processing of the personal data of users who consult the Site, who choose to register and/or who use the proposed online services. This is without prejudice to compliance by the University of Milan with current legislation on transparency and the mandatory publication of data and documents. This information is limited to the sites https://www.sites.unimi.it/phdns and has no value for external sites, even if they are accessible from links present on https://www.sites.unimi.it/phdns. For users under the age of 14, it will be necessary to legitimize the consent to the use of personal data through the permission of parents or those who act on their behalf.
The Data Controller is the University of Milan, represented by the Rector pro tem, Via Festa del Perdono 7, 20122 Milan, e-mail infoprivacy@unimi.it. In accordance with Article 37 et seq. of Regulation EU 2016/679 (the GDPR), the University has appointed Prof. Pierluigi Perri as DPO c/o ‘Cesare Beccaria’ Dept. Via Festa del Perdono 3, 20122 Milan, e-mail dpo@unimi.it. For information or further information on the use of personal data by the site, please contact Professor Luciano Pinotti – luciano.pinotti@unimi.it – +39 02 5032 5032
The personal data that may be processed are:
The aforementioned information is processed automatically and collected in aggregate form in order to verify the proper functioning of the site and for security reasons. This information will be processed on the basis of the legitimate interest of the owner.
For security purposes (anti-spam filters, firewalls, virus detection), automatically recorded data may possibly include personal data such as the IP address, which could be used, in accordance with the law in force, in order to block attempts to damage the site or cause damage to other users, or in any case harmful or criminal activities. In any case, such data will never be used for the purpose of profiling the site’s users, but only for the purpose of protecting the site and its users.
The legal bases of the processing are therefore compliance with legal and contractual obligations, the fulfilment of specific requests by the data subject prior to the conclusion of the contract, and the processing of data connected with the management of any complaints or disputes and for the prevention and repression of fraud and any illegal activity.
Personal data are collected for the following purposes and using the following services.
The computer systems and application procedures used to operate the site acquire, during their normal operation, certain data whose transmission is implicit in the use of Internet communication protocols.
This information is used to obtain anonymous statistical information on the use of the site and to check its correct functioning and is not associated with identified users; however, due to its nature and through association with data held by third parties, it could allow the identification of the interested parties. This category includes, for example, the IP address of the system used to connect to the portal.
This data is removed from the systems after the statistics have been processed and is stored off-line exclusively for the purposes of ascertaining liability in the event of computer offences and can only be consulted at the request of the judicial authorities.
For the use of online services that require authentication, registration or the sending of e-mails, personal data freely provided by users are used in various ways. The optional, explicit and voluntary sending of e-mails to the addresses indicated on the website entails the subsequent acquisition of the sender’s address, which is necessary in order to reply to requests, as well as any other personal data included in the message by the user.
All the website listed above use the following services:
For further information, please refer to section 6 and it’s sub-section
The collection of data takes place in compliance with the principles of relevance, completeness and not surplus in relation to the purposes for which they are processed. The personal data captured is processed in accordance with the principles of lawfulness, fairness and transparency established in Article 5 of the GDPR, including with the use of IT and telecommunications tools that can store and manage the said data and, therefore, can guarantee its security and ensure maximum confidentiality for the data subject. The data may be processed anonymously to carry out statistical activities aimed at improving the services offered.
