Privacy policy

Overview 
In accordance with Article 13 of Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR of the European Parliament and of the Council concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data and which repeals Directive 95/46/EC, as well as Legislative Decree no. Lgs 196/2003 and ss. mm. ii., in this notice the University of Milan – also referred to below as the ‘University’ and represented by the Rector pro tempore) provides users by the sites that are part of the service (hereinafter also referred to as the “Site”). This notice is provided in relation to the management of the Site, in connection with the processing of the personal data of users who consult the Site, who choose to register and/or who use the proposed online services. This is without prejudice to compliance by the University of Milan with current legislation on transparency and the mandatory publication of data and documents. This information is limited to the sites listed here and has no value for external sites, even if they are accessible from links present on the same: https://www.nsc-reconstruct.com 

1. Data Controller, Data Protection Officer (DPO) and Data Processor 
The Data Controller is the University of Milan, represented by the Rector pro tem, Via Festa del Perdono 7, 20122 Milan, e-mail infoprivacy@unimi.it. In accordance with Article 37 et seq. of Regulation EU 2016/679 (the GDPR), the University has appointed a data protection officer (DPO), e-mail dpo@unimi.it.
The Data Processor is the NSC-Reconstruct Project Office, Laboratory of Stem Cell Biology and Pharmacology of Neurodegenerative Diseases, Department of Biosciences - University of Milan, Padiglione Invernizzi, Via Francesco Sforza 35, 20122 Milano, Tel. +39-02-50325841, email: nsc.reconstruct@unimi.it.

2. Purpose of the processing 
The personal data that may be processed are: 
•    IP address; 
•    browser type and parameters of the device used to connect to the site; 
•    name of the internet service provider (ISP); 
•    date and time of visit; 
•    the visitor’s web page of origin (referral) and exit; 
•    number of clicks, if any; 
•    provided voluntarily by the user when using online services offered on the site; 
•    data provided from time to time by users in relation to the specific service requested.
The aforementioned information is processed automatically and collected in aggregate form in order to verify the proper functioning of the site and for security reasons.
For security purposes (anti-spam filters, firewalls, virus detection), automatically recorded data may possibly include personal data such as the IP address, which could be used, in accordance with the law in force, in order to block attempts to damage the site or cause damage to other users, or in any case harmful or criminal activities. In any case, such data will never be used for the purpose of profiling the site’s users, but only for the purpose of protecting the site and its users. The legal bases of the processing are therefore compliance with legal and contractual obligations, the fulfilment of specific requests by the data subject prior to the conclusion of the contract, and the processing of data connected with the management of any complaints or disputes and for the prevention and repression of fraud and any illegal activity.

3. Type of data processed 
Personal data are collected for the following purposes and using the following services. The computer systems and application procedures used to operate the site acquire, during their normal operation, certain data whose transmission is implicit in the use of Internet communication protocols. This information is used to obtain anonymous statistical information on the use of the site and to check its correct functioning and is not associated with identified users; however, due to its nature and through association with data held by third parties, it could allow the identification of the interested parties. This category includes, for example, the IP address of the system used to connect to the portal. This data is removed from the systems after the statistics have been processed and is stored off-line exclusively for the purposes of ascertaining liability in the event of computer offences and can only be consulted at the request of the judicial authorities.
For the use of online services that require authentication, registration or the sending of e-mails, personal data freely provided by users are used in various ways. The optional, explicit and voluntary sending of e-mails to the addresses indicated on the website entails the subsequent acquisition of the sender’s address, which is necessary in order to reply to requests, as well as any other personal data included in the message by the user. 
For more information and to find out which sites use this service, please consult sections no. 5.

4. Manner of processing 
The personal data captured is processed in accordance with the principles of lawfulness, fairness and transparency established in Article 5 of the GDPR, including with the use of IT and telecommunications tools that can store and manage the said data and, therefore, can guarantee its security and ensure maximum confidentiality for the data subject.

5. Use of cookies
Cookies are small text files that a website sends to the browser used to browse online to be stored and sent back to that site on a subsequent visit.
The sites listed above use technical cookies and tracking cookies. No profiling cookies are used for purposes other than those stated here. However, there may be other profiling cookies or cookies with purposes different from those stated here that are used by third-party services.

5.1 Technical, session cookies (essential for the use of online services and access to restricted areas of the portal) 
The sites listed above use several http session cookies to manage authentication to restricted areas. The use of session cookies (which are not stored persistently on the user’s computer and are deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow secure and efficient exploration of the site. Disabling session cookies does not allow you to fully enjoy the resources made available on the site.
Tracking cookies can be disabled without any consequence on portal navigation: to disable them, see the next section.

5.2 Monitoring cookies
The site uses the Google Analytics service of the company Google, Inc. (hereinafter "Google") for the purposes of generation of statistics on the use of the web portal; Google Analytics uses cookies (not third parties) which do not store personal data. The information obtainable from cookies on the use of the website by of users (including IP addresses) will be transmitted by the user's browser to Google and stored on the company's servers itself.
According to the existing terms of service, Google will use this information, as an independent owner of the processing, for the purpose of tracking and examining the use of the website, compiling reports on the activities of the site for use by the site operators and provide other services relating to the activities of the website, the methods of connection (mobile, PC, browser used, etc.) and how to search and reach the pages of the portal. Google may also transfer this information to third parties where this is required by law or where such
third parties process the aforementioned information on behalf of Google. Google states it will not associate IP addresses with anyone other data held by Google.
To consult the privacy policy of the Google company relating to the Google Analytics service, please visit the website: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008&sjid=16892832323867785955-EU.
To find out about Google's privacy policies, we invite you to visit the website
https://policies.google.com/technologies/partner-sites.
By using the site, you consent to the processing of your data by Google in the manner and for the purposes set out above indicated and in the manner declared by the service provider.

5.3 Third-party cookies
This site does not use third-party cookies.

5.4 How to opt out cookies 
Preferences in relation to cookies can be managed directly within the browser used in order to prevent third parties from capturing data indiscriminately (for example).
By using browser preferences, cookies that have been installed can be deleted; this includes cookies in which consent (if granted) to the installation of cookies by this site is stored.
Information on how to handle cookies with some of the more popular browsers can be found on the following web pages:  
Microsoft Edge: https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d 
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en&co=GENIE.Platform%3DAndroid 
Mozilla Firefox:  https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox 
Apple Safari:  https://www.apple.com/legal/privacy/en-ww/cookies/ 

6. Categories of subjects authorized to process personal data and to whom personal data can be communicated
Personal data of the users will be processed in compliance with current legislation by the staff of the Department of Biosciences, University of Milan (identified as Authorized to process) involved in the maintenance of the site.
Personal data may be communicated: 
a) to University structures that request it, for the University's institutional purposes or in compliance with legislative obligations; 
b) to non-economic public entities or consortia participated by the University (e.g. MIUR) when communication is necessary for the performance of institutional functions of the requesting body; 
c) to external subjects, identified as Data Controllers pursuant to art. 28 GDPR; 

This is without prejudice, in any case, to the communication or dissemination of data requested, in accordance with the law, by the Public Security Authority, the Judicial Authority or other public entities for the purposes of defense, state security and detection of crimes, as well as communication to the Judicial Authority in compliance with legal obligations, where a crime is identified. Finally, personal data will not be transferred to third countries or international organizations unless this is strictly connected to specific requests from the user or needs related to the finalization of the intervention, for which specific consent will be acquired.

7. Conservazione dei dati
The data will be stored by the University of Milan for the time strictly necessary to pursue the purposes indicated and in compliance with legal obligations.

8. Rights of the data subject
In the appropriate cases, data subjects have the right to obtain, from the University of Milan, access to their personal data and to have that data rectified or erased or to restrict the processing data concerning them or object to such processing (Article 15 et seq. of the Regulation), such as:
- lodge a complaint with a Supervisory Authority;
- ask data controllers for access, rectification, cancellation of personal data of for limitation of processing;
- object to the processing;
- request data portability,

Requests should be submitted to the Data Protection Officer (Data Protection Officer, Via Festa del Perdono 7, 20122 Milan – e-mail: dpo@unimi.it).

9. Changes to this notice
This information may be changed over time. You should therefore check that you are looking at the latest version by visiting this web page. This information may change over time. You are therefore advised to check, in the Privacy section of the website, that the version you are referring to is the most up-to-date.