Privacy Policy

PRIVACY POLICY FOR CLIENT PERSONAL DATA PROCESSING FOR RESEARCH PURPOSES PURSUANT TO ART. 13 OF THE (EU) 2016/679 REGULATION ("GDPR")


DATA CONTROLLER DATA CONTROLLER Politecnico di Milano - General Management
General Manager on instructions from the pro-tempore Rector.
Address: Piazza Leonardo Da Vinci, 32, 20133, Milano
dirgen@polimi.it; (“Organization”).
DATA PROTECTION OFFICER (DPO) DATA PROTECTION OFFICER (DPO) Address (Piazza Leonardo Da Vinci, 32, 20133, Milano), e-mail (privacy@polimi.it).

LAWFUL BASIS FOR PROCESSING

DATA STORAGE PERIOD DATA STORAGE PERIOD

Involvement in Digital Innovation Observatories of the Department of Management, Economics and Industrial Engineering of the Politecnico di Milano (hereinafter: "Observatories") Research activities (i.e. surveys, telephone interviews, etc.).

The processing covers the following categories of data: personal informations and contact details. The answers collected during the Survey will be processed statistically and treated in an anonymous and aggregate form.



The term of lawful processing is consent (voluntary and revocable at any time).

For 10 years since the consent was given or until consent is revoked or contact details are withdrawn. In case of judicial dispute, for its entire duration, until all appeal action terms have been exhausted.

Complying to the legislative requirements and applicable National and international regulations. Complying with legislative requirements to make data processing legitimate.

If necessary, to verify, exercise or defend the Data subject’s rights in a court of law. Data processing is legitimate when the data subject expresses an interest.

Upon expiry of the storage periods indicated above the Data will be destroyed, deleted, or depersonalised, according to technical erasure and backup procedures.

DATA RECIPIENTS

Personal data can be processed by third parties operating as processors or controllers such as, by way of example, supervisory and control authorities and in general, private or public entities authorised to request such information. The information may also be processed, on behalf of the Organization, by external parties designated as controllers that have received adequate operating instructions. The aforementioned subjects are essentially included in the following categories:

  • Entities providing e-mail delivery services;
  • Entities providing web site IT maintenance and management services;
  • Companies providing support for the development of market studies;
  • Companies providing data storage and rescue services.

AUTHORIZED DATA PROCESSORS

The information may be processed by employees or collaborators of the company roles in charge, as described above, that have been explicitly designated and have received adequate operating instructions.

PERSONAL DATA TRASFER TO COUNTRIES OUTSIDE THE EUROPEAN UNION

Personal data can be transferred abroad, in compliance with the Regulation, also to Countries that are not part of the European Union when required by one of the intents of this notification. Transfer to Countries outside the EU is performed in ways that ensure appropriate and adequate safeguarding, pursuant to articles 46 or 47 or 49 of the Regulation.

RIGHTS OF DATA SUBJECT – COMPLAINT WITH THE SUPERVISORY AUTHORITY

Data subjects can make a request by email (privacy@polimi.it) to the data controller or processor (Data Protection Officer) to have his or her personal information deleted, corrected, integrated if incomplete, to restrict processing in the cases pursuant to art. 18 GDPR, object to their processing, for specific personal reasons, in the event of legitimate interest of the data controller concerned.
Consent given for research purposes may be revoked by data subjects at any time. Furthermore, in the event that processing is based on consent and performed by automated means, data subjects have the right to receive personal data concerning them in a structured, commonly used, machine-readable format and, if technically possible, to transmit it to another controller unhindered.
Data subjects have the right to lodge a complaints to the Supervisory authority of the member State in which they habitually reside or work, or of the State where the violation presumably occurred.