Overview
In accordance with Article 13 of Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR of the European Parliament and of the Council concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data and which repeals Directive 95/46/EC, as well as Legislative Decree no. Lgs 196/2003 and ss. mm. ii., in this notice the University of Milan – also referred to below as the ‘University’ and represented by the Rector pro tempore – provides users by the sites that are part of the service (hereinafter also referred to as the “Site”). This notice is provided in relation to the management of the Site, in connection with the processing of the personal data of users who consult the Site, who choose to register and/or who use the proposed online services. This is without prejudice to compliance by the University of Milan with current legislation on transparency and the mandatory publication of data and documents. This information is limited to the sites listed here and has no value for external sites, even if they are accessible from links present on the same: https://unistem.unimi.it
1. Data Controller, Data Protection Officer (DPO) and Data Processor
The Data Controller is the University of Milan, represented by the Rector pro tem, Via Festa del Perdono 7, 20122 Milan, e-mail infoprivacy@unimi.it. In accordance with Article 37 et seq. of Regulation EU 2016/679 (the GDPR), the University has appointed a data protection officer (DPO), e-mail dpo@unimi.it.
The Data Processor is Centro UniStem, Dipartimento di Bioscienze, Padiglione Invernizzi, Via Francesco Sforza 35, 20122 Milano, Italy, unistem@unimi.it, +39 02-503 25841.
2. Purpose of the processing
The personal data that may be processed are:
- IP address;
- browser type and parameters of the device used to connect to the site;
- name of the internet service provider (ISP);
- date and time of visit;
- the visitor’s web page of origin (referral) and exit;
- number of clicks, if any;
- provided voluntarily by the user when using online services offered on the site;
- data provided from time to time by users in relation to the specific service requested.
The aforementioned information is processed automatically and collected in aggregate form in order to verify the proper functioning of the site and for security reasons.
For security purposes (anti-spam filters, firewalls, virus detection), automatically recorded data may possibly include personal data such as the IP address, which could be used, in accordance with the law in force, in order to block attempts to damage the site or cause damage to other users, or in any case harmful or criminal activities. In any case, such data will never be used for the purpose of profiling the site’s users, but only for the purpose of protecting the site and its users. The legal bases of the processing are therefore compliance with legal and contractual obligations, the fulfilment of specific requests by the data subject prior to the conclusion of the contract, and the processing of data connected with the management of any complaints or disputes and for the prevention and repression of fraud and any illegal activity.
3. Type of data processed
Personal data are collected for the following purposes and using the following services. The computer systems and application procedures used to operate the site acquire, during their normal operation, certain data whose transmission is implicit in the use of Internet communication protocols. This information is used to obtain anonymous statistical information on the use of the site and to check its correct functioning and is not associated with identified users; however, due to its nature and through association with data held by third parties, it could allow the identification of the interested parties. This category includes, for example, the IP address of the system used to connect to the portal. This data is removed from the systems after the statistics have been processed and is stored off-line exclusively for the purposes of ascertaining liability in the event of computer offences and can only be consulted at the request of the judicial authorities.
For the use of online services that require authentication, registration or the sending of e-mails, personal data freely provided by users are used in various ways. The optional, explicit and voluntary sending of e-mails to the addresses indicated on the website entails the subsequent acquisition of the sender’s address, which is necessary in order to reply to requests, as well as any other personal data included in the message by the user.
For more information and to find out which sites use this service, please consult sections no. 6.
4. Optional supply of data
Some of the data requested (e.g. those for registration and/or data that may be required to subscribe to online services) are compulsory and failure to provide them will make it impossible to provide the requested service. Registration and subscription data are provided voluntarily. Processing carried out prior to the revocation of consent by the person concerned shall nevertheless remain valid.
5. Manner of processing
The personal data captured is processed in accordance with the principles of lawfulness, fairness and transparency established in Article 5 of the GDPR, including with the use of IT and telecommunications tools that can store and manage the said data and, therefore, can guarantee its security and ensure maximum confidentiality for the data subject.
6. Use of cookies
Cookies are small text files that a website sends to the browser used to browse online to be stored and sent back to that site on a subsequent visit.
The sites listed above use technical cookies and tracking cookies. No profiling cookies are used for purposes other than those stated here. However, there may be other profiling cookies or cookies with purposes different from those stated here that are used by third-party services.
6.1 Technical, session cookies (essential for the use of online services and access to restricted areas of the portal)
The sites listed above use several http session cookies to manage authentication to restricted areas. The use of session cookies (which are not stored persistently on the user’s computer and are deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow secure and efficient exploration of the site. Disabling session cookies does not allow you to fully enjoy the resources made available on the site.
Tracking cookies can be disabled without any consequence on portal navigation: to disable them, see the next section.
Technical cookies used:
| Name | Origin | Function | Expiration |
| wordpress_*, wordpress_logged_in_*, wordpress_sec_*, wordpress_test_*, wordpress_test_cookie, _wp_session | https://unistem.unimi.it/ | Improving services for users of the site, enabling or facilitating navigation (e.g. user registration, storing preferences, setting the language and keeping track of pages visited). | Session |
| Wp-settings-*, wp-settings-time-* | https://unistem.unimi.it/ | 1 year |
6.2 How to opt out cookies
Preferences in relation to cookies can be managed directly within the browser used in order to prevent third parties from capturing data indiscriminately (for example).
By using browser preferences, cookies that have been installed can be deleted; this includes cookies in which consent (if granted) to the installation of cookies by this site is stored.
Information on how to handle cookies with some of the more popular browsers can be found on the following web pages:
Microsoft Edge: https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d
Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=it-IT&answer=95647&p=cpn_cookies
Mozilla Firefox: http://support.mozilla.org/it/kb/Bloccare%20i%20cookie?redirectlocale=en-US&redirectslug=Blocking+cookies
Apple Safari: http://www.apple.com/it/privacy/use-of-cookies/
7. Categories of subjects authorized to process personal data and to whom personal data can be communicated
Personal data of the users will be processed in compliance with current legislation by the staff of Centro UniStem (identified as Authorized to process) involved in the maintenance of the site.
Personal data may be communicated:
a) to University structures that request it, for the University’s institutional purposes or in compliance with legislative obligations;
b) to non-economic public entities or consortia participated by the University (e.g. MIUR) when communication is necessary for the performance of institutional functions of the requesting body;
c) to external subjects, identified as Data Controllers pursuant to art. 28 GDPR;
This is without prejudice, in any case, to the communication or dissemination of data requested, in accordance with the law, by the Public Security Authority, the Judicial Authority or other public entities for the purposes of defense, state security and detection of crimes, as well as communication to the Judicial Authority in compliance with legal obligations, where a crime is identified. Finally, personal data will not be transferred to third countries or international organizations unless this is strictly connected to specific requests from the user or needs related to the finalization of the intervention, for which specific consent will be acquired.
8. Conservazione dei dati
The data will be stored by the University of Milan for the time strictly necessary to pursue the purposes indicated and in compliance with legal obligations.
9. Rights of the data subject
In the appropriate cases, data subjects have the right to obtain, from the University of Milan, access to their personal data and to have that data rectified or erased or to restrict the processing data concerning them or object to such processing (Article 15 et seq. of the Regulation), such as:
– lodge a complaint with a Supervisory Authority;
– ask data controllers for access, rectification, cancellation of personal data of for limitation of processing;
– object to the processing;
– request data portability,
Requests should be submitted to the Data Protection Officer (Data Protection Officer, Via Festa del Perdono 7, 20122 Milan – e-mail: dpo@unimi.it).
10. Changes to this notice
This information may be changed over time. You should therefore check that you are looking at the latest version by visiting this web page. This information may change over time. You are therefore advised to check, in the Privacy section of the website, that the version you are referring to is the most up-to-date.