According to art. 13 of Regulation (EU) 2016/679 (General Regulation on Data Protection or GRDP) of the European Parliament and of the Council concerning the protection of individuals with regard to the processing of personal data, as well as the free movement of such data and repealing Directive 95/46 / EC, as well as of Legislative Decree 196/2003 and subsequent amendments mm. ii., the University of Milan (herein also referred to as “University”) in the person of the Rector pro tempore, informs users about the use of personal data concerning them by the website (herein also “site”). This information is given on the management of the site, in relation to the processing of personal data of users who consult it, who choose to register and / or who use online services offered. The observance by the University of Milan of the current legislation on transparency and mandatory publication of data and documents remains valid. This information is limited to the site only and does not have any value for external sites, even if accessible from links on

1. Data Controller and Data Protection Officer (DPO)

The data controller is the University of Milan, in the person of the Rector pro tempore, Via Festa del Perdono n. 7, 20122 Milan, e-mail According to articles 37 and following of the 2016/679 EU Regulation, the University has appointed the Data Protection Officer (DPO) that can be contacted at the e-mail address For information or details on the use of personal data from the site, contact Ing. Carlo Manassero, University of Milan – Department of Chemistry, via C. Golgi, 19, 20133 Milan | Phone: +39 02 503 14469 | Email:

2. Purpose and legal basis of the processing

The personal data that could be processed are:
– IP address;
– type of browser and device parameters used to connect to the site;
– name of the Internet service provider (ISP);
– date and time of visit;
– web page of origin of the visitor (referral) and exit;
– any number of clicks;
– voluntarily provided by the user in using online services offered on the site;
– the data provided from time to time by users in relation to the specific service requested.

The aforementioned information is processed in an automated form and collected in aggregate form in order to verify the correct functioning of the site and for security reasons. This information will be processed according to the legitimate interest of the owner. For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly include personal data such as the IP address, which could be used, in accordance with the law in force, in order to block attempts to damage the site or to damage other users, or in any case harmful activities or constituting a crime. In any case, these data will never be used for the purpose of profiling the users of the site but only for the purposes of protection of the site and its users. The legal bases of the processing are therefore compliance with legal and contractual obligations, the fulfillment of specific requests of the interested part, before the conclusion of the contract and the processing of data related to the management of any complaints or disputes and for the prevention and repression of frauds and any illegal activity.

3. Types of data processed

Personal data are collected for the following purposes and using the following services. The IT systems and the application procedures used to operate the site acquire, during their normal operation, some data whose transmission is implicit in the use of communication protocols on the Internet. This information is used to obtain anonymous statistical information on the use of the site and to check its correct functioning and are not associated with identified users; however, by their nature and through associations with data held by third parties, they could allow identification of data subjects. This category includes, for example, the IP address of the system used to connect to the portal. These data are removed from the systems after the statistics processing and are kept off-line exclusively for assessments of liability in the case of computer crimes and only accessible at the request of the Judicial Authority. For the use of online services that provide for the authentication, registration or sending of e-mail personal data are freely provided by users in different ways. The optional, explicit and voluntary sending of e-mails to the addresses indicated on the site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message by the user.

4. Optional nature of the provision of data

Some requested data (e.g. registration data) are mandatory and failure to provide it will make it impossible to provide the requested service. Similarly, failure to communicate certain data required for the subscription of online services may make it impossible to use the selected service. Registration and subscription data are voluntarily provided. The person making the registration freely gives consent to the processing of data, aware that in the absence of such consent registration and subscription of services can not take place. The treatments carried out before the revocation of the consent by the interested party will remain valid.

5. Methods of processing

Data collection takes place in compliance with the principles of relevance, completeness and non-excess in relation to the purposes for which they are processed. The personal data provided are processed in compliance with the principles of lawfulness, fairness and transparency, as set out in article 5 of the GRDP, also with the aid of IT and telematic tools for storing and managing the data, and in any case in such a way as to guarantee security and protect the privacy of the data subject. The data may be processed anonymously for statistical activities aimed at improving the services offered.

6. Use of cookies

We use cookies to track the activity on our Service and hold certain information. Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
Session Cookies: We use Session Cookies to operate our Service.
Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
Security Cookies: We use Security Cookies for security purposes.

7. Categories of parties authorized to process and to whom data can be communicated

The personal data of the users will be known and treated, in compliance with current legislation on the subject, by the personnel of the Department (identified as Authorized to the treatment) involved in the maintenance of the site. The data can be communicated: 
a) to the University structures that request it, for the institutional purposes of the University or in compliance with legislative obligations; 
b) to non-economic public entities or consortiums owned by the University (e.g. MIUR) when the communication is necessary for the performance of institutional functions of the requesting body; 
c) to some external subjects, identified as Data Processors pursuant to art. 28 GRDP. 
In any case, the communication or dissemination of data requested, in compliance with the law, by the Public Security Authority, by the Judicial Authority or by other public entities for the purposes of defense, state security and the ascertainment of crimes, is reserved; as well as the communication to the Judicial Authorities in compliance with legal obligations, where they are considered hypotheses of crime. Finally, personal data will not be transferred to third countries or international organizations unless this is strictly connected to specific requests from the user or to needs related to the finalization of the intervention, for which consent will be acquired.

8. Data retention

The data will be kept by the University of Milan for the time strictly necessary for the pursuit of the purposes indicated and in compliance with legal obligations.

9. Rights of the interested part

The interested part can lodge a complaint with a supervisory authority and exercise pursuant to art. from 15 to 22 of the GRDP the right to: propose a complaint to a controlling authority; ask the data controllers to access their personal data, correct or delete them, limit the processing; oppose the treatment; ask for data portability, addressing the following contacts: Data Protection Officer – e-mail:

10. Changes to Information

This information may change over time. It is therefore advisable to check that the version to which it refers is the most up-to-date.