PRIVACY POLICY AND DECLARATION OF CONSENT TO PERSONAL DATA PROCESSING UNDER ART. 13 OF EU REGULATION NO. 679/2016 OF 27 APRIL 2016

This policy is issued under art. 13 of Regulation EU 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and in respect of the regulations on personal data processing, as well as on the free movement of such data.

This policy refers to School of Management website, offered by Politecnico di Milano (“Polimi”).

The School of Management at the Politecnico di Milano opened in 2003, gathering various research, training, and consultation activities in the field of economics, management, and industrial engineering, which the Politecnico carries forward through its various internal structures and consortia.

The School encompasses the Department of Management, Economics and Industrial Engineering of the Politecnico di Milano and the POLIMI Graduate School of Management, which is focused in particular on executive training and its masters programmes.

The website is managed by the Department of Management, Economics and Industrial Engineering of the Politecnico di Milano

This privacy policy is for the https://www.som.polimi.it/ website and provides information to its users by electronic means.

Data Controller

Politecnico di Milano – Director General, delegated by the Pro-tempore Rector – e-mail: dirgen@polimi.it

Data protection Officer and contacts

Laura Catellani, Department Manager of the Department of Management, Economics and Industrial Engineering, via Lambruschini 4, Milano, mail laura.catellani@polimi.it

Purposes and legal basis of data processing, categories of data and data storage period

Under the relevant European and national legislation (EU Reg. 679/2016, hereafter, Regulation), we inform you that your personal data will be used for the following purposes:

Nature of the data

Provision of data for purposes 1 and 2 is optional.

Refusal to provide the data makes it impossible to carry out the intended purposes.

Processing methods

The data processing for the purposes indicated above may be carried out on digital media, manually and/or with electronic tools.

Duly authorised persons are entitled to access the data acquired for the aforementioned purposes.

Categories of recipients

For the above purposes, the data may be communicated to Italian or international public or private entities, companies or persons that provide services on behalf of the Controller:

  • any supplier or data processor pursuant to art. 28 of the EU Regulation.

Transferring data to non-EU countries or international Organisations

Personal data will not be transferred in any way to countries outside the EU or any international Organisation.

Data subject rights

As the data subject, you may request from the Controller:

  • confirmation of the existence or otherwise of personal data concerning you;
  • access to your personal data and related information;
  • correction of inaccurate data or completion of incomplete data;
  • deletion of your personal data (under one of the conditions indicated in Art. 17, paragraph 1 of the Regulation and in respect of the exceptions envisaged by paragraph 3 of that Article);
  • the restriction of processing of your personal data (in the presence of one of the circumstances indicated in Art. 18, paragraph 1 of the Regulation), the transformation into anonymous form or block on data processed in violation of the law, including data whose storage is no longer necessary for the purposes for which it was collected or processed.

As data subject, you have the right to partly or fully object:

  • on legitimate grounds, to the processing of your personal data, even if it is relevant for the purpose for which the data was collected;
  • to the processing of your personal data for the purposes of sending promotional material on training initiatives and Politecnico di Milano’s events.

These rights may be exercised by contacting privacy@polimi.it.

If you believe that your rights have been violated by the data controller or a third party, you can lodge a complaint with the Data Protection Authority, or another relevant supervisory authority under the Regulation.