INFORMATION ON THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH ARTICLE 13 OF REGULATION (EU) 2016/679 (“GDPR”) AND D.LGS. 196/03.
the EU regulation 2016/679 also known as “GDPR” and, in our country, the Legislative Decree 196/03, take care to protect the privacy of individuals. In particular, impose upon the person who treats them (identified as “processor”) certain obligations, including the obligation to provide certain information to the person to whom the data belong (the “Interested”). Through this document MIP Politecnico di Milano Graduate School of Business – Company stock Consortium, as the owner of the domain, responding to disclosure stipulated by GDPR and informs you that the data you provide on the occasion access to and surfing on the site https://www.mip.polimi.it/ will be treated as indicated.
1. data controller
The data controller for this website is the MIP Politecnico di Milano Graduate School of Business – Company stock Consortium (hereafter “MIP“), domiciled at the administrative office/legal Via Lambruschini 4 c, building 26/A-20156 Milano, Tel. + 39 02 23992820 Fax + 39 02 23992844, and email firstname.lastname@example.org .
2. Data Protection Officer (DPO).
As part of its organizational structure, the data controller, provided for the appointment of a Data Protection Officer or “DPO“, where those interested can contact “for all issues relating to the processing of their personal data and to exercise their rights”. The contact details are as follows:
Ing. Fabio Bottacin
c/o MIP Politecnico di Milano – Graduate School of Business
Phone + 39 02 23992820 Fax: + 39 02 23992844
3. Purposes and methods of processing
The personal data of the holder of the treatment is in possession are exclusively those provided by you during the navigation of the website, or using his personal account and services provided by the data controller. Your data will be processed exclusively:
a) to enable it to benefit from the services offered by the data controller via this site;
b) if must explicitly opt in to receive promotional and/or informational, commercial communications and direct marketing services offered by the data controller, about deals, discounts and on each other promotional and loyalty schemes adopted by MIP;
both through traditional contact fully automated systems, such as through the use of his home address and/or e-mail, or by sending SMS or MMS messages sent directly to its mobile telephony.
The data will be collected from MIP right from his person and will be kept for the period of time necessary to achieve the purposes for which it was collected and used.
Personal data is processed using manual and electronic instruments and are stored in the electronic database. The personal data contained in the automated information system, as well as those kept in the electronic archives of the owner, are treated in accordance with the provisions of the laws in force and, in particular, in constant and essential compliance with security measures identified under art. GDPR’s 32, so as to minimise the risk of destruction, loss, alteration, unauthorized disclosure or access, accidental or unlawful way, or treatment not consistent with the purposes of collection.
4. Type of data processed
To run its eventual purchase requisition of our training courses through this site and to manage your personal account (hereinafter “Services”), the data controller needs to know and treat some of his personal information such as, by way of example and not limited to, your full name, social security number, your date of birth, your contact details and some of his professional information as well as an e-mail address (hereinafter “Data“).
This contact information will be kept until his nomination.
For easy navigation of the site, instead, here you specify the types of data processed but more information can be found in the section of this document dealing with so-called “cookies”.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the communication protocols of the Internet.
This information is not collected to be associated to identified individuals, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
This data is used by the data controller for the sole purpose of obtaining anonymous statistical information on site usage and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: apart from this possibility, the data on the contacts to the site are not stored for more than seven days.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this website entails the subsequent acquisition of the sender’s e-mail address, necessary to reply to your requests, and any other data personnel included in the e-mail message.
Any specific summary information will be progressively reported or displayed on Web pages dedicated to particular services on request.
Credit card data
To make a payment on the site using a credit card, you must provide your confidential data of the credit card (card number, card holder, expiration date, security code). These data will be acquired by payment provider who will act as independent data controller, without transiting from the MIP. The data will be captured in an encrypted format and according to the safety requirements of PCI certification. MIP will keep track only of the last four digits that make up the credit card number and expiry date solely to prevent payment fraud online. The provider of the payment service uses Transport Layer Security (TLS).
5. provision of data and consent to data processing – consequences in case of failure.
The provision of your personal data for purposes related to the use of the services provided by the MIP is optional and requires your consent (art. 6, paragraph 1, letter b) of GDPR ) but his refusal to provide any of the requested data, or providing incomplete or false, could entail for the MIP the impossible to supply the services you have requested.
The conferment of your personal data for the purposes of direct marketing and business communication is optional and requires your consent (art. 6, paragraph 1, letter b) of GDPR ) but the failure to grant them treatment, while not impeding in any way the use of our services, you may not allow us to inform you properly and directly compared to further communication and information direct advertising, commercial and marketing, as well as on additional services and promotions that MIP aims to offer you.
Alerts you to that, by law, where he is receiving promotional communications from third parties, they must release their information – including MIP is not responsible – containing, in addition to the elements provided for in article 13 of GDPR, also the origin of the personal data communicated to them and that is an indication that they come from MIP, so that the user can apply even in MIP in order to object to the processing according to art. 21 of GDPR. Third parties should also provide the user with an appropriate address (ex: an email address) at which he can exercise effectively and quickly, cheap and effective, the rights referred to GDPR.
6. communication of data
The data will not be disclosed. Can still gain knowledge of the data in relation to the processing purposes above:
• the persons who may access data by virtue of the provisions of the law, regulations or Community legislation and/or within the limits set by these rules;
• the subjects that carry out, independently as distinct data controllers;
• employees and contributors that operate under the direct authority of the controller, as long as it is previously educated and authorized the processing according to art. 29 of GDPR, also acting as system administrator;
• those working as Data Processors (according to art 28 of 4.8 and GDPR.) explicitly appointed by MIP, auxiliary purposes the activities and services provided, that is, companies that provide support services and consulting, as well as design and implementation of software and/or websites, debt collection company, brokerage, shipping and delivery agencies, agents and business partners, companies providing advertising and marketing services, law firms and notaries, society or consultants responsible for providing specific services to the data controller, always within the limits of the purposes for which the data were collected.
Any transmission or communication of such data in accordance with the provisions of the law concerning the protection of personal data, including those relating to minimum security measures.
7. communication of data
The data may be transferred to a third country, mainly for Cloud services, only in countries with a high standard of protection of personal data the subject of adequacy decisions by the authorities. More specifically, these are:
|United States||The relationships are regulated by the Privacy Shield, a mechanism of self-certification, available from 01/08/2016, for companies established in the United States intending to receive personal data from the European Union, respect for the principles contained therein and commitment to provide adequate remedies to interested Europeans, it being deleted from “Privacy Shield List” (located at www.privacyshield.gov) from the Department of Commerce and possible sanctions from the Federal Trade Commission.|
|Countries for which there is a decision of adequacy||Andorra, Argentina, Australia, Canada, Faroe, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland, Uruguay
8. rights of interested parties (articles 15 and following of GDPR)
The interested party has the right to obtain from the holder the confirmation whether or not an ongoing processing of personal data relating to him and, if necessary, to request access to personal data and rectification or cancellation thereof or the limitation of treatment concerning him or to oppose their processing-if not required by law–in addition to the right to data portability.
At any time, the person concerned has the right to withdraw consent, without affecting the lawfulness of the processing based on consent given before withdrawing. The above rights may be exercised by making a request to the DPO.
The person concerned also has the right to claim to authority.
Cookies are small text files that websites visited by the user to his Terminal (usually the browser), where it is stored and then transmitted to the same sites the next time they visit the same user. These cookies can be divided into so-called “cookies”, strictly connected with the features of the site that sends them, which are used, for example, to perform computer authentication, session monitoring and storage of information specifications for users who log on to the server, but also in so called “profiling cookies”, which are used to create user profiles in order to post advertisements in line with the preferences expressed by the same under the browsing on the Internet. In the course of navigation on a site, finally, the user can receive on its web sites or cookie also Terminal servers (known as “third-party” cookies). This is because the site you are visiting may be present elements such as images, maps, sound, specific links to web pages in other domains, residing on servers other than the one where you find the page you requested. In other words, “third-party” cookies are those cookies that are set by a web site other than the one you are currently visiting.
Here, therefore, specifies the types of cookies used by this site and possibly the correct mode so that you can easily choose whether and how your personal information will be processed through this kind of technology.
The MIP uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Also in this case it’s third party cookies collected and handled anonymously to monitor and improve the performance of your site visitor (performance cookies). Google Analytics uses “cookies” to collect and analyze anonymous information about site usage behavior.
This information is collected by Google Analytics, which processes them in order to draw up reports for operators regarding the activities on the websites themselves. For more information, please refer to the link below: http://www.google.com/policies/privacy/ .
The user can selectively disable Google Analytics action by installing on your browser opt-out component provided by Google. To disable the action by Google Analytics, please refer to the link below: https://tools.google.com/dlpage/gaoptout
The MIP using, for this purpose, services provided by Google, Inc. (“Google”). Also in this case it’s third party cookies are used to improve the MIP proposal according to the preferences expressed by you as part of the navigation on the Internet.
In particular, it refers to:
- Information: http://www.google.com/doubleclick/index.html
- Configurations: http://www.google.com/policies/privacy/ads/
Cookies installed in order to study and improve the publicity in order to send you messages in line with their own interests. More information, including information in relation to ways in which you can disable these cookies, can be found at the following links:
Other third party cookies
In addition, some pages on our website are characterized by the presence of cd. social plugins which allow you to share our content on social media networks like Facebook, Twitter, Youtube.
- Information: https://www.facebook.com/help/cookies/
- Configurations: log into your account, privacy section
- Information: https://support.twitter.com/articles/20170514
- Configurations: https://twitter.com/settings/security0
- Information: https://www.linkedin.com/legal/cookie-policy
- Configurations: https://www.linkedin.com/settings/
Delivering all cookies is still off by acting on settings of your browser. It should be noted, however, what to do about these settings may be unusable on site in case of blocked cookies are essential to the performance of our services. However, each browser has different settings for disabling cookies and here you will find links to instructions for the most common browsers:
Notwithstanding the above, it is noted that by disabling cookies, certain services may not be usable.
More information is available at the following web site: http://www.youronlinechoices.com/it .