INFORMATION RE ARTICLE 13, GENERAL DATA PROTECTION REGULATION 679/2016 (“GDPR”)
On this page, we explain what we do to protect information contained on the ARTERY website and how we handle your personal data when you visit this site or use its services. This information is provided to all our website users, also pursuant to European Regulation no. 679/2016 (hereafter “GDPR”) and Italian Legislative Decree 196/2003, subsequently amended and supplemented. The information presented here relates to this website only and not to other websites that you may visit via links in this website, and you must refer to their own specific privacy information.
When you visit this website, your personal data may be processed. Personal data is information that relates to an identified or identifiable person, as set out below. Fondazione Politecnico di Milano is the “data controller, with registered office in Piazza Leonardo Da Vinci no. 32, Milan, Italy (hereafter “Foundation” or “Data Controller”). The data controller has appointed lawyer Dr Michela Maggi as data processor/data protection officer (DPO); her contact details are: firstname.lastname@example.org and email@example.com.
WHERE PERSONAL DATA ARE PROCESSED
Personal data are stored internally at the Foundation and on servers located within the European Union, they are handled only by employees and collaborators authorised for this purpose, or by people who may be appointed to carry out occasional maintenance operations. It is always understood that, if it proves to be necessary, the data controller may transfer personal data to non-EU countries. The data controller assures henceforth that in the event that data is transferred to countries outside the European Union, the transfer will be in compliance with all applicable legal requirements. Where no adequacy decision has been adopted by the European Commission, data will be processed in non-EU countries only if the data controllers and data processors involved adduce appropriate safeguards, consisting of contractual obligations, such as binding corporate rules and standard data protection clauses. The transfer and processing of personal data outside the European Union can only take place with the data subject’s consent.
TYPE OF DATA PROCESSED AND DATA RETENTION PERIOD
The computer systems and software procedures used to run this website acquire personal data as part of their standard operations; the transmission of such data is an inherent feature of internet communication protocols.
This information is not collected in order to associate it with identified data subjects but, because of the type of information it is, it could be elaborated and combined with data held by third parties and used to identify users.
This category of data includes IP addresses and/or the domain names of computers used by users who connect to this website, URI (Uniform Resource Identifier) addresses of requested resources, time of the request, method used to submit the request to the server, size of the file received in reply, numerical code indicating the server’s response status in reply (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.
These data are used only to compute anonymous statistics about the usage of the website and to check that it is working correctly, and are deleted after being elaborated. The data could be used to ascertain liability in the event of any computer crimes against Fondazione Politecnico di Milano and/or third parties. With the exception of this possibility, data are at present retained for the period set out in current legislation or Politecnico di Milano’s regulations.
Data provided by the user voluntarily or gathered by the data controller
Data provided by you, such as your first name, surname, email address and other contacts (postal address, telephone numbers) will be used to answer your requests, or to send you useful information in newsletters, by traditional post, email, telephone or digitally.
RECIPIENTS OF PERSONAL DATA
Your personal data will never be imparted for purposes other than those for which they were gathered, but they can be communicated to:
- The data controller’s personnel, in particular the employees and collaborators assigned specific tasks within the data processing framework who have been authorised in writing to carry out the data processing operations.
- Third parties, autonomous data controllers or appointed as data processors or sub-processors who, as set out in specific agreements, have been made responsible for managing the website.
The data controller holds the complete up-to-date list of data processors and other parties authorised to be in receipt of personal data; this list can be consulted upon request.
DATA PROCESSING METHODS AND PURPOSES
Personal data will be processed by the Foundation in hard copy and via digital methods within the time strictly necessary to achieve the purposes for which the data were collected.
Apart from what has been specified for browsing data and cookies, where the relative regulations are contained in the extended information sheet, personal data provided by users are processed for these purposes:
- To browse the website.
- To answer user requests.
- To support the spreading and encouraging of scientific and educational cooperation promoted by Politecnico di Milano and the Foundation, whereby users who complete an online form will receive the Foundation’s newsletter, contributing to the fulfilment of the Foundation’s institutional and public interest purposes as per its Statute and Italian Presidential Decree no. 254 of 24 May 2001.
PROVIDING PERSONAL DATA
Apart from what has been specified for browsing data, cookies are regulated according to what is set out in the extended information sheet. While you are not required to submit your personal data when you ask for information, if you do not, the data controller will be unable to deal with your request. While you are not required to submit your personal data when asking to receive our newsletter, if you do not, the data controller will be unable to send you our newsletter or other similar communications.
LEGAL BASIS FOR PROCESSING
The legal basis for processing data, referred to at point 2) of the section on “Data processing methods and purposes” above is the data controller’s legitimate interest; data are retained as explained above in the section on “Type of data processed” and are deleted as per the terms indicated.
The legal basis for processing data for the uses referred to at point 3) of the section on “Data processing methods and purposes” is the fulfilment of the institutional and public interest purposes of Politecnico di Milano and the Foundation to spread knowledge of innovation and scientific and university research, as set out in the Foundation’s Statute and Italian Presidential Decree no. 254 of 24 May 2001; data are retained as explained above in the section on “Type of data processed” and are deleted as per the terms indicated.
DATA RETENTION PERIOD
The data you have provided relating to your request for information will be retained for the time strictly needed for us to deal with your request technically and administratively and for a subsequent three-month period, necessary to delete and handle the administrative aspects of the request. The data you have provided relating to your request to receive our newsletter and similar communications will be processed and retained for as long as the Foundation continues to provide this service; the Foundation undertakes anyway to carry out periodical checks, at least every two years, on whether data have become obsolescent. You can inform the data controller, i.e. Fondazione Politecnico, at any time if you no longer wish to receive our newsletter or similar communications as above, by clicking on the “unsubscribe” link within the newsletters sent by the data controller, or by sending an email to Fondazione Politecnico, asking us to stop sending you this material and/or to delete your data, using this address: firstname.lastname@example.org.
THE RIGHTS OF DATA SUBJECTS
With regard to the aforementioned data processing, you can exercise your rights, as referred to in Article 13 of EU Regulation no. 679/2016 (GDPR), and described in more detail in Articles 15, 16, 17, 18, 20, 21 and 22 of the GDPR. You have the right specifically to:
- Know whether or not we are holding your personal data, and to have said data transmitted in an intelligible form.
- Secure the updating, correction and, when necessary, the integration of incomplete data and the restricting of data processing in the cases provided for in Article 18 of the GDPR.
- Secure the deletion of personal data in the cases provided for in Article 17 of the GDPR.
- Object, on grounds relating to your particular situation, at any time to the processing of your personal data under Article 6, paragraph 1, letters e) or f), and to processing data for direct marketing purposes, including profiling.
- Receive the data submitted to the data controller in a structured and commonly used format and, if technically feasible, transmit them without hindrance to another data controller.
- Withdraw your consent at any time without prejudice to the lawfulness of the treatment based on the consent given before your revocation, in the cases provided for by law.
- Lodge a complaint before the competent supervisory, i.e. the Italian Guarantor for Personal Data Protection.
- Obtain a statement that the operations concerning the deleting, correcting and restricting of data, including regarding their content, have been brought to the attention of those to whom the information has been communicated or divulged, with the exception of the case where the fulfilment of such an obligation is impossible or requires the use of means clearly disproportionate to the right which is being protected.
- Not to be subjected to a decision which produces legal effects concerning you or significantly affects you and which is based solely on automated processing of data, including to evaluate certain personal aspects, such as profiling.
You will always be able to exercise your rights by sending a request to Fondazione Politecnico di Milano, head office in Piazza Leonardo Da Vinci no. 32, Milan, Italy, using this email address: email@example.com. You can unsubscribe from our newsletters and similar communications by clicking on the “unsubscribe” link contained in the newsletters.