1. Home
  2. Privacy

Privacy

Privacy

1. Data Controller, Data Protection Officer (DPO), Data Processor

The data controller is the University, represented by its Rector pro tempore, Via Festa del Perdono n. 7, 20122 Milan, email supportodpo@unimi.it.

Pursuant to Articles 37 et seq. of the GDPR, the University has appointed Professor Pierluigi Perri as Data Protection Officer (DPO), c/o Ufficio Protocollo, Via Festa del Perdono 7, 20122 Milan, email: dpo@unimi.it

The Data Controller has appointed a Data Processor pursuant to Art. 28 of the GDPR: VIP Italia Srl, with registered offices at Via Privata Oslavia n. 17/3 B, 20134 Milan, responsabile for website content, order management, production of merchandising products and related marketing, as well as customer care services.

2. Types of data processed, purposes of processing, and legal basis

The following data may be processed by the University:

A. Browsing data

- browsing data such as IP address, browser type and parameters of the device used to connect to the site, date and time of visit;

- data collected through cookies during user navigation on the website. For further information on the cookies used by the website, see section 4.

This data is used to obtain anonymous statistical information on the use of the site and to monitor its proper functioning. It is not associated with identified users; however, by its nature and through association with data held by third parties, it could allow data subjects to be identified. This category includes, for example, the IP address of the device used to connect to the site.

This data is removed from the systems after the statistics have been processed and is stored offline, exclusively for the purpose of determining liability in the event of computer crimes, and can only be accessed upon request by judicial authorities.

Some of the aforementioned information is processed automatically and collected in aggregate form to verify the correct functioning of the site and for security reasons.

For security purposes (spam filters, firewalls, virus detection), automatically recorded data may be used, in accordance with applicable law, to block attempts to damage the site or other users, or otherwise prevent harmful or criminal activities. In any case, this data will never be used to profile site users, but only to protect the site and its users.

The legal basis for processing browsing data is the performance of tasks carried out in the public interest by the Data Controller (letter e) of Article 6, paragraph 1, of the GDPR.

B. Data provided voluntarily by the user for the use of online services

The use of online services offered by the site involves the acquisition of users' personal data, which is processed by the University exclusively for the purpose of providing users with the individual services requested, and in particular:

- To purchase University merchandise, the user must provide their name, surname, email address, telephone number, and postal or other physical address; the legal basis for data processing is the need to perform a contract to which the data subject is a party or to take pre-contractual measures at the data subject's request (Article 6(1)(b) of the GDPR).

- To subscribe to the newsletter, in order to receive information about sales promotions and the release of new merchandise, the user must provide their email address, first and last name, country, and province. The legal basis for data processing is the express consent (point (a) of Article 6, paragraph 1, of the GDPR). The user has the right to withdraw their consent at any time; withdrawing consent does not affect the lawfulness of processing operations carried out before its withdrawal.

3. Methods of processing

Data is collected in compliance with the principles of relevance, completeness, and non-excessiveness in relation to the purposes for which it is processed. The personal data provided is processed in compliance with the principles of lawfulness, fairness, and transparency, as set forth in Article 5 of the GDPR, including with the aid of IT and electronic tools designed to store and manage the data, and in any case in a manner that guarantees its security and protects the data subject's utmost confidentiality.

4. Use of cookies
Cookie policy: https://www.unimistore.it/cookie-policy

5. Categories of subjects authorised to process data and to whom the data may be communicated

Users' personal data will be processed, in compliance with current legislation, by University staff (identified as authorized to process data) responsible for managing the University website and merchandising.

The data may be communicated:

- to the supplier VIP Italia Srl, appointed as Data Controller pursuant to Art. 28 GDPR (see details in paragraph 1);

- to Public Security Authorities or the Judicial Authority or other public bodies for the purposes of defense, state security, and crime detection and in compliance with legal obligations, where there are suspected criminal offenses.

Except for the aforementioned cases, personal data will not be communicated to third parties or disseminated in any way or for any reason.

Finally, personal data will not be transferred to third countries or international organizations.

6. Data retention period

Depending on the various purposes for which they were collected, the data will be retained for the time required by applicable legislation or for the time strictly necessary to achieve the purposes. Specifically:

- browsing data will be retained for a maxmum of 24 months from their collection, unless consent is revoked early;

- the data collected through cookies will be stored for the period of time indicated in the specific paragraph 4;

- the personal data provided to purchase University merchandise will be retained for a maximum of 24 months from their collection, unless consent is revoked early;

- the personal data provided for subscription to the newsletter service will be retained for a maximum of 24 months from their collection, unless consent is revoked early.

7. Rights of interested parties

Pursuant to Articles 15 to 22 of the GDPR, data subjects may exercise, where applicable, the right to request from the Data Controller access to their personal data, rectification, erasure, or restriction of processing, by contacting the Data Protection Officer, c/o Ufficio Protocollo, Via Festa del Perdono n. 7, 20122 Milan, email: dpo@unimi.it.

8. Right to object

Pursuant to Art. 21, paragraph 1 of the GDPR, the data subject may object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Art. 6, paragraph 1, letter e) of the GDPR, i.e., when the processing has as its legal basis the performance of a task carried out in the public interest. This objection can be made by contacting the Data Protection Officer, c/o Ufficio Protocollo, Via Festa del Perdono n. 7, 20122 Milan, email: dpo@unimi.it.

9. Right to complain

Data subjects who believe that the processing of their personal data through this site violates the GDPR have the right to lodge a complaint with the Data Protection Authority, pursuant to Article 77 of the GDPR, or to take appropriate legal action (Article 79 of the GDPR).

Email Newsletter
Subscribe to our newsletter
Socials