INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 (“GDPR”) AND D. LGS. 196/03

Within the framework of its organisational structure, the holder of the treatment has appointed a Data protection Officer (data protection officers or “DPO”), to which the interested parties may contact “for all matters relating to Treatment of their personal data and the exercise of their rights. ” The contact details are as follows:

Data Protection Officer
c/o MIP Politecnico di Milano – Graduate School of Business
Telefono +39 02 23992820
Fax: +39 02 23992844
Email: dpo@mip.polimi.it

 

The personal data of which the owner of the treatment is in possession are exclusively those provided by you during the download of a Brochure and/or other informative material. Your data will be processed exclusively:

a) To enable it to obtain information on the promotional initiatives for which it has expressed interest;

b) If you expressly agree to receive advertising material and/or communications of an informative, commercial and direct marketing nature on the services offered by the data controller, its offers, discounts and any other initiatives Promotional and loyalty scheme adopted by the MIP.

In the coming contacts, it will be possible to operate both through traditional and fully automated contact systems, such as, for example, through the use of its residence and/or e-mail address, or even through the sending of SMS or MMS messages Sent directly to your mobile phone number.

The data will be collected by the MIP directly from its person and will be kept for the period of time necessary for the pursuit of the purposes for which they were collected and used.

The personal data are processed with manual and electronic instruments and are stored in the electronic data-base. The personal data contained in the aforementioned automated information system, as well as those stored in the owner’s electronic archives, shall be treated in accordance with the provisions of the current legislation and, in particular, in the constant and Essential respect for the security measures identified in accordance with art. 32 to minimise the risk of destruction, loss, modification, unauthorized disclosure or access, either accidentally or illegally, or of treatment not complying with the purposes of the collection.

The data controller will treat some of your personal information, such as, but not limited to, your name and surname, your date of birth, your contact details and some of your professional details, as well as an e-mail address (hereinafter “data“).
These contact details will be retained until you have a cancellation request.

The conferral of personal data for the download of the MIP brochure is of an optional nature and requires its consent (of art. 6, par. 1, lit. b), of the GDPR) but its refusal to provide any of the requested data, or their incomplete contribution or untruthful, it could entail for the MIP the impossibility of contacting it further in relation to the formative course of its interest.

The conferral of personal data for the purposes of commercial communication and direct marketing is also optional and requires its consent (art. 6, par. 1, paragraph b) of the GDPR) but the failure to authorize their treatment may not Allow us to inform you correctly and in a direct way with respect to further communications and information of an advertising, commercial and direct marketing nature, as well as the additional and promotional services that the MIP intends to offer to you.

It is indicated to the user that, in accordance with the law, where he receives promotional communications from third parties, they will have to release their information – of which MIP is not responsible – containing, in addition to the elements provided for in art 13 of the GDPR, also the origin of Personal data communicated to them and that is the indication that they come from MIP, so that the user can also contact MIP in order to oppose the treatment under art. 21 of GDPR. Third parties shall also provide the user with a suitable delivery (e.g. an e-mail address) to which he/she may exercise usefully and quickly, economically and effectively, the rights of the GDPR.

The data processed will not be subject to diffusion. They may still be aware of their data in relation to the previously exposed treatment purposes:

• Those persons who can access the data by virtue of the provision of law, regulation or internal and/or Community legislation, within the limits laid down by those rules;
• Partners that contribute to the creation of training courses, qualified as distinct holders of the treatment;
• Employees and collaborators operating under the direct authority of the rightholder, provided that it is previously instructed and authorized to treat under art. 29 of GDPR, also as system administrator;
• Persons acting as an external person in charge (pursuant to art. 4.8 and 28 of the GDPR) explicitly appointed by the MIP, ancillary purposes to the activities and services provided, i.e. companies offering information and consultancy services, as well as Design and implementation of software and/or Internet sites, debt collection companies, brokerage firms, forwarding and home delivery agencies, agents and business partners, companies offering advertising and marketing services, law firms and Notarial companies or consultants responsible for providing specific services to the data controller, always within the limits of the purposes for which the information has been collected.

In addition, any transmission or communication of such data will be performed in compliance with the legal provisions relating to the protection of personal data, including those relating to minimum security measures.

The data may be transferred to a third country, mainly for Cloud services, only in countries with a high standard of protection of personal data subject to adequacy decisions by the authorities. In more detail, it is:

• United States: The reports are governed by Privacy Shield, a self-certification mechanism, valid from 01/08/2016, for companies established in the USA wishing to receive personal data from the European Union, respecting the principles contained therein and the commitment to provide To the European stakeholders, appropriate protection tools, under penalty of elimination from the “Privacy Shield List” (available at www.privacyshield.gov) by the U.S. Department of Commerce and possible sanctions by the Federal trade Commission.
• Third countries for which there is an adequacy decision: Andorra, Argentina, Australia, Canada, Faer Oer, Guernsey, Isola di Man, Israele, Jersey, Nuova Zelanda, Svizzera, Uruguay

L’interessato ha il diritto di ottenere dal titolare del trattamento la conferma che sia o meno in corso un trattamento di dati personali che lo riguardano ed, eventualmente, di chiedere l’accesso ai dati personali e la rettifica o la cancellazione degli stessi o la limitazione del trattamento che lo riguardano o di opporsi al loro trattamento – se non obbligatorio per Legge – oltre al diritto alla portabilità dei dati.

In ogni momento, l’interessato ha diritto di revocare il consenso, senza pregiudicare la liceità del trattamento basata sul consenso prestato prima della revoca. I diritti di cui sopra potranno essere esercitati con semplice richiesta al DPO.

L’interessato ha anche il diritto di proporre reclamo a un’Autorità di controllo.

Il MIP Politecnico di Milano – Graduate School of Business ScpA e Politecnico di Milano  è dotati di un sistema di CRM per migliorare la proposta di coinvolgimento degli utenti.