Skip to main content Skip to main navigation Skip to page footer

Privacy and cookies

Information on the processing of personal data

Introduction 

In accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR), as well as with Italian Legislative Decree no. 196/2003, as subsequently amended and supplemented, the University of Milan (hereinafter also referred to as the “University”), represented by the Rector pro tempore, hereby provides users with information regarding the use of their personal data by the website https://www.distad.unimi.it/ (hereinafter also the “website”).  

This information refers to the processing of personal data of those who visit the website and/or use online services proposed within the website, without prejudice to compliance by the University with the legislation in force on transparency and on the compulsory disclosure of data and documents.  

This information applies only to the website https://www.distad.unimi.it/ It does not apply to any other website, including those accessible via links contained in the website. 

1. Data Controller, Data Protection Officer (DPO) and Data Processor 

The Data Controller is the University of Milan, represented by the Rector pro tempore (Via Festa del Perdono 7, 20122 Milan, email address: infoprivacy@unimi.it).  

In accordance with Articles 37 et seq. of Regulation (EU) 2016/679 (GDPR), the University has appointed Pierluigi Perri (Department “Cesare Beccaria”, Via Festa del Perdono 3, 20122 Milan, email: dpo@unimi.it) as Data Protection Officer (DPO).  

The data processor for the website is the ICT Division

(via G. Colombo 46, Milan). 

2. Types of data processed 

During normal operation, the computer systems and software procedures used to operate the above mentioned website automatically acquire the following types of data: 

  • browsing data collected during the visit to the website, the transmission of which is implicit in the use of Internet communication protocols, including but not limited to: IP address of the device connected to the website; type of browser used; name of the internet service provider (ISP); date and time of the visit; the visitor’s referral and exit web page, etc.; 
  • browsing data collected via Google Analytics (GA4), including but not limited to: the type of device used, the duration of the visit to the website and the geographic location from which the website is accessed. These data are subject to IP anonymisation and all appropriate mechanisms are implemented to prevent the identification of users who connect to the website; 
  • browsing data collected by the service Web Analytics Italia via Matomo. Please note that Matomo cookies cannot be used to identify or profile users.  

For further information on the cookies used by the web portal and the related websites, please read the Extended Cookie Policy. 

3. Purposes of the processing 

The data collected are only used in the framework of the University’s institutional activities, for the following purposes: 

  • to enable users to visit the website and provide them with the information and services requested (with dedicated summary information displayed on the webpages created for particular on-demand services); 
  • to gather anonymous statistical information on use of the website and the related services, check that the website is working properly, conduct monitoring activities to ensure its security and identify possible improvement actions (with regard to browsing data); 
  • to comply with legal obligations and orders of public authorities, or to ascertain liabilities in the event of cybercrimes that could damage the website or its visitors. 

4. Legal bases for data processing 

The legal bases for data processing are the following: 

  • the performance of tasks carried out in the public interest; 
  • the prevention and suppression of frauds and any other unlawful activity; 
  • the performance of a contract to which the data subject is party; 
  • the consent of the data subject as per Article 6(1) of the GDPR.  

Users are free to decide whether to provide or not their data and to give or not their consent to data collection and processing. They can deny their consent or withdraw it at any time. 

However, denying consent may affect the user’s experience when browsing the website, or result in our inability to provide certain services. 

5. Manner of processing 

The personal data collected are processed in accordance with the principles of lawfulness, fairness and transparency established in Article 5 of the GDPR, also by using ICT tools to store and manage said data, and in any case in such a manner to guarantee the security of such data and maintain confidentiality. 

As data processor, the ICT Division processes data only for the purposes specified in point 3 herein, and in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. 

6. Use of cookies 

Cookies are small text files sent by a website to the user’s browser to be stored and sent back to the same website on the user’s next visit. 

Cookies enable the collection of information about the user who is visiting the website (e.g. date and time of the visit, pages visited, time spent on the website, etc.). Some of the information collected may fall under the definition of personal data, and is therefore subject to specific legal provisions. 

The website uses various types of first-party and third-party cookies, for the purposes specified in the Extended Cookie Policy. Please see that policy for further details. 

7. Categories of parties authorised to process data and to whom data may be disclosed 

Users’ personal data may be disclosed to and processed by the University’s employees and contract staff who operate the website and are involved in the provision of services associated with it (persons authorised to process data), in accordance with the relevant legislation in force. 

Data may only be disclosed to: 

  • offices and departments of the University that have requested such data to pursue the University’s institutional purposes or to comply with legal obligations;   
  • not-for-profit public bodies or consortia of which the University is part (e.g. the Italian Ministry of University and Research – MUR), where the disclosure of data is necessary for the requesting body to be able to perform its institutional duties; 
  • external parties identified as data processors pursuant to Article 28 of the GDPR (it being understood that the data controller has to maintain an up-to-date list of all data processors and have it available at any time); 
  • the authorities responsible for public order and safety, other public bodies for the purposes of defence, State security and criminal investigations, or judicial authorities, in compliance with legal obligations and if criminal offences are suspected. 

Data may be disclosed to individuals (employees and contract staff) authorised by the ICT Division, as well as to the data processor and the external provider in charge of developing and maintaining the website (Ariadne Digital S.r.l. Via Giovanni Perotti 4, Trivolzio – PV), where the processing of such data is necessary for said individuals and entities to perform their tasks. 

Other than in the above cases, personal data will not be communicated or circulated to third parties. Moreover, personal data will not be transferred to third countries or international organisations, unless such transfer is connected to specific requests posed by the user; in this case, the user’s consent has to be obtained. 

8. Data retention period 

Depending on the various reasons and purposes for their collection, data will be stored for the period of time established by the applicable legislation or for as long as necessary to fulfil such purposes. More specifically: 

  • browsing data will be stored for no longer than 365 days; 
  • browsing data collected via Google Analytics and WAI will be stored for no longer than 26 months; 
  • data collected via cookies will be stored for no longer than the time specified in the Extended Cookie Policy.  

9. Rights of data subjects 

Data subjects have the right to obtain from the University of Milan access to, rectification or erasure of personal data relating to them and the restriction of any processing concerning them, as well as the right to object to such processing (Articles 15 et seq. of the GDPR). 

Data subjects can exercise such rights by contacting the Data Protection Officer (via Festa del Perdono, 7, 20122 Milan – email: dpo@unimi.it). 

10. Right to lodge a complaint 

Data subjects who consider that the processing of their personal data via this website infringes the provisions of the Regulation are entitled to lodge a complaint with the Italian Data Protection Authority (Garante), as per Article 77 of the GDPR, or to take the case before the competent court (Article 79 of the GDPR). 

11. Third parties 

The website uses contents and services of third parties, as a result of the integration of external resources and the implementation of technologies to increase the functionality of the website and improve its user experience. 

Consequently, third parties may store technical and/or profiling cookies on the device with which the user is browsing the website, without the data controller being aware of that nor being able to prevent it. 

Set out below is a list of services integrated in this website, plus links to the corresponding privacy and cookie policies: 

For further information on the services listed above and how to opt out, please see the corresponding privacy policies. 

12. Amendments to this policy

  • The information contained herein may be amended in the future. Therefore, we recommend checking this webpage for any updates to the policy. 

Extended Cookie Policy

Introduction 

In accordance with applicable laws and regulations on data protection, the University of Milan, in its capacity as Data Controller and duly represented by the Rector pro tempore, hereby provides users with information about the cookies used by the website https://distad.unimi.it/ .

This policy only applies to the website referred to above and is an integral part of the corresponding privacy policy, which users are invited to check for further information. 

1. Data Controller, Data Protection Officer (DPO) and Data Processor 

The Data Controller is the University of Milan, represented by the Rector pro tempore (Via Festa del Perdono 7, 20122 Milan, email infoprivacy@unimi.it). 

In accordance with Articles 37 et seq. of Regulation (EU) 2016/679 (GDPR), the University has appointed Pierluigi Perri (Department “Cesare Beccaria”, Via Festa del Perdono 3, 20122 Milan, email: dpo@unimi.it) as Data Protection Officer (DPO). 

The data processor for the website is the ICT Division (via G. Colombo 46, Milan). 

2. What are cookies? 

Cookies are small text files sent by a website to a user’s computer or any other device used for browsing (e.g. a smartphone or tablet), where they are stored and then sent back to the same website on the user’s next visit. 

Cookies can be stored permanently or have different expiration dates (so-called “persistent cookies”), but may also have a more limited lifetime and expire once the user closes the browser (“session cookies”). 

Cookies can be installed by the website which the user is visiting (so-called “first-party cookies”) as well as by other websites (so-called “third-party cookies”). Cookies are used to enable IT authentications, monitor sessions and store information about the activities of users who visit a certain website. 

3. Use of cookies 

This website uses various types of cookies in order to speed up, simplify and improve the user’s browsing experience. 

Cookies enable the collection of information about the user who is visiting the website (e.g. date and time of the visit, pages visited, time spent on the website, etc.). Some of the information collected may fall under the definition of personal data, and is therefore subject to specific legal provisions. 

Please note that disabling cookies may result in a loss of functionality of the website. 

4. Cookies used by the website 

The website does not use profiling cookies, nor uses cookies for purposes other than those set out herein. However, profiling cookies or cookies with purposes other than those specified herein may be installed on the user’s device as a consequence of the integration of third-party services, as listed in paragraph 11 of the privacy policy. 

5. How to opt out of cookies 

Users can manage cookie preferences directly within their browser, for example to prevent third parties from collecting data indiscriminately. 

By accessing the browser cookie settings, users can delete all cookies, including the one used to store their consent to the installation of cookies by this website. 

Information on how to manage cookies within some of the more popular browsers can be found at the following links:  

Cookies can also be disabled by following the instructions contained in the policies made available by the third parties listed in paragraph 11 of the privacy policy, which this policy is an annex to. 

Additional information on the choices that can be made with regard to cookies can be found at www.youronlinechoices.com

6. Amendments to this Cookie Policy 

This policy may be amended in the future. Please check this webpage on a regular basis, to make sure that you are referring to the most updated version of the policy.