Privacy Policy YesMilano Study

#students
  1. Home
  2. Study
  3. Privacy Policy YesMilano Study

Information on the processing of personal data

 

(version updated on 28/03/2023)

 

The Associazione Milano & Partners, as Data Controller (hereinafter, "the Controller"), informs you pursuant to EU Regulation 2016/679 ("GDPR") and Italian Legislative Decree No. 196/2003, as amended and supplemented by Legislative Decree No. 101/2018, that your personal data will be processed in the following manner and for the following purposes. 

 

  1. Object of the processing 

The Controller processes personal data and non-sensitive data (hereinafter, "Personal Data" or also "Data") communicated by you - within the form on the website www.yesmilano.it (hereinafter, "Site") - for the creation of your personal account in relation to the One Stop Shop service and for the subsequent request for an appointment with the Controller included in the "Study in Milan" programme. In particular, the Controller processes the following data: 

  • name, surname, date of birth, nationality, country, gender, email address, username, telephone number, university and university student number;  

  • navigation data such as the IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. This information is collected by means of the cookies described in the Cookie Policy of the www.yesmilano.it website, to which we refer you. 

  1. Purposes and legal basis 

The Controller will process your Personal Data for the following purposes and legal bases: 

  

  • the performance of the contract and/or the fulfilment of pre-contractual commitments, i.e. to allow you to create your personal account in order to request an appointment with the Controller in the context of the One Stop Shop service reserved for international students; 

  • only with your express consent, to send you the YesMilano Students newsletter, i.e. to keep you up to date with the activities of the international student community, news, events and curiosities for a better student experience in Milan.  

  1. Modalities of the processing 

The processing of Personal Data is carried out, in electronic and paper form, by means of the operations of collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and deletion of data.  

  1. Data retention 

The Controller will process Personal Data for the time necessary to fulfil the purposes set out above and in any case, except for the different data retention indicated in the Cookie Policy in relation to processing carried out through the use of cookies, for no longer than 10 years from collection for the purposes of the service regarding the booking of the appointment with the Controller and for no longer than 2 years from collection to send the YesMilano Students newsletter. 

  1. Provision of data 

The provision of Data for service purposes is mandatory and failure to provide it will prevent you from creating your personal account in order to use the One Stop Shop booking service with the Controller. The provision of Data for the purpose of receiving the YesMilano Students newsletter is optional and, if you have not provided your consent, the Controller will not be able to process your Personal Data in order to inform you on the activities of the YesMilano Students Community, and on the news, events and curiosities for experiencing Milan at its best.  

  1. Data access 

Your Data may be made accessible for the above purposes to: 

- employees and/or collaborators of the Controller, in their role as internal data processors and/or system administrators; 

- third parties (i.e. IT providers, Municipality of Milan, Parcam S.r.l) who perform outsourcing activities on behalf of the Controller, in their role as data processors. 

  1. Data communication  
     

Except in cases where the communication takes place at your express request and consent, your data may be disclosed, even without your consent, to control bodies, law enforcement agencies, the judiciary and competent authorities, at their express request, which will treat them as independent controllers for institutional purposes and/or under the law during investigations and controls. Your Data may also be communicated, even without your consent, to third parties (i.e. Universities and entities that are part of the Study in Milan Protocol) in their capacity as autonomous controllers, for the performance of activities instrumental to the purposes set out above. 

 

  1. Data transfer 

  

Data is not transferred to countries outside the EU. Should the Controller need to transfer your personal data to countries outside the EU, appropriate safeguards are in place to adequately protect the personal data being transferred, including the Standard Contractual Clauses (SCCs) approved by the European Commission and the Data Transfer Impact Assessment (DTIA). 

  1. Data subjects’ rights 

The Controller informs you that, as a data subject, you have the right to, if the limitations provided for by law do not apply: 

 

  • obtain from the Controller confirmation of the existence of your personal data, even if not yet registered, and that such data be made available to you in an intelligible form; 

  • obtain from the Controller indications and, where appropriate, copies of a) the origin and category of your personal data; b) the logic applied in the event of processing carried out with the aid of electronic instruments; c) the purposes and methods of processing; d) the identification data of the data controller and data processors; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them, in particular if they are recipients in third countries or international organisations; f) where possible, the data retention period or the criteria used to determine such period; g) the existence of an automated decision-making process, and if so, the logic used, its importance and the consequences foreseen for the data subject; h) the existence of adequate safeguards in case of transfer of data to a non-EU country or an international organization; 

  • obtain from the Controller, without undue delay, the updating and rectification of inaccurate data or, when interested, the integration of incomplete data; 

  • evoke at any time, easily and without hindrance, the consents given, using, if possible, the same channels used to give them; 

  • obtain from the Controller the deletion, transformation into anonymous form or blocking of data: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) if the consent on which the processing is based is revoked and there is no other legal basis; d) if you object to the processing and there is no overriding legitimate reason to continue processing; e) in the event of compliance with a legal obligation; f) in the case of data relating to minors. The Controller may refuse erasure only in the event of: a) exercise of the right to freedom of expression and information; b) fulfilment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in a court of law; 

  • obtain from the Controller the restriction of processing in the event of: a) contestation of the accuracy of personal data; b) unlawful processing by the Controller to prevent their deletion; c) exercise of a right in court; d) verification of whether the Controller's legitimate reasons prevail over those of the data subject;  

In the above cases, where necessary, the Controller will inform the third parties to whom your personal data are communicated of the possible exercise of your rights, except in specific cases (i.e. when such fulfilment proves to be impossible or involves a manifestly disproportionate use of means compared to the right protected). 

  1. Procedure for exercising your rights 

You may at any time exercise these rights towards the Controller: 

  • by sending a registered letter with advice of receipt to the Controller's address; 

  • by sending an email to privacy@yesmilano.it. 

Consent to the sending of the YesMilano Students newsletter can also be revoked at any time through the unsubscribe function contained in each e-mail sent.  

  1. Data controller and Data Protection Officer  

The Data Controller is the Associazione Milano & Partners, with registered office at Piazza della Scala no. 2, 20121 - Milan (MI), VAT no. IT11016320969. The updated list of data processors is kept at the Data Controller's registered office. 

  

The Data Controller has also appointed a Data Protection Officer who will supervise the measures adopted to protect your Data and who can be contacted by writing to dpo@yesmilano.it.