Skip to main content
If you continue browsing this website, you agree to our policies:
Continue
x
English ‎(en)‎ Italiano ‎(it)‎

Formazione sulla sicurezza

Privacy policy



PRIVACY POLICY AND DECLARATION OF CONSENT TO PERSONAL DATA PROCESSING UNDER ART. 13 OF EU REGULATION NO. 679/2016 OF 27 APRIL 2016

This policy is issued under art. 13 of Regulation EU 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and in respect of the regulations on personal data processing, as well as on the free movement of such data.

This privacy notice refers to the Formazione sulla sicurezza website ("Sicurezza"), offered by Politecnico di Milano ("Polimi") to deliver online courses.

This privacy policy provides information to those who interact with Sicurezza, which can be accessed electronically and pertains to the domain: https://formazionesicurezza.polimi.it/.


Data Controller

Politecnico di Milano – Directorate General upon authorisation of the pro-tempore Rector – e-mail: dirgen@polimi.it


Data Protection Officer and contacts

privacy@polimi.it


Purposes and legal basis of data processing, categories of data and data storage period

Under the relevant European and national legislation (EU Reg. 679/2016, hereafter, Regulation), we inform you that your personal data will be used for the purposes in the table below.

Personal data processing purposes

Legal basis for processing

Personal data categories

Personal data retention period

Purpose 1

Enrolment and participation in online courses and learning activities.

Public interest (Art. 6, paragraph 1, letter e) of Regulation EU).

  • Identification data
  • Personal details
  • Career data

For a period of 3 years after the end of each course.

Purpose 2

Statistical purposes, retention and archiving.

Public interest (Art. 6, paragraph 1, letter e) of Regulation EU).

  • Identification data
  • Personal details
  • Career data
  • Platform usage data

For a period of 10 years.

Nature of the data

The provision of data is mandatory. Refusal to provide the data makes it impossible to carry out the intended purposes.


Processing methods

The data processing for the purposes indicated above may be carried out on digital media, manually and/or with electronic tools. Duly authorised persons are entitled to access the data acquired for the aforementioned purposes.

For each online course Sicurezza offers a Forum: if you post on the Forum, your name and surname will be visible also to the other course users. A discussion on the Forum can be incorporated into other course pages: in this case name and surname of participants in the discussion are visible also there.

Platform usage data can be processed by Politecnico di Milano, ensuring adequate security measures, to carry out statistical analyses and scientific research activities within the University.


Categories of recipients

For the above purposes, the data may be communicated to Italian or international public or private entities, companies or persons that provide services on behalf of the Controller:

  • staff authorised to process personal data;
  • subjects that provide outsourcing services or act as technicians operating the Sicurezza equipment and service programs;
  • entities/authorities for issuing public key certificates.


Personal data retention period

  • course data: 3 years after the end of each course
  • general records of Sicurezza: data will be cancelled after 10 years of user inactivity


Transferring data to non-EU countries or international organisations

The data controller processes data within the European Union. In general, if, for technical and/or operational reasons, it becomes necessary to use parties located outside the European Union, or to transfer some of the data collected to technical systems and services managed in the cloud and located outside the European Union, the processing will be regulated under the provisions of Chapter V of the Regulation and authorised based on specific decisions of the European Union. Precautions will be taken to ensure the most complete protection of personal data, basing such a transfer:

a) on adequacy decisions of the receiving third-party countries expressed by the European Commission;

b) on adequate safeguards expressed by the receiving third party under art. 46 of the Regulation;

c) on the adoption of so-called “corporate binding rules”.


Data subject rights

As the data subject, you may request from the Controller:

  • confirmation of the existence or otherwise of personal data concerning you;
  • access to your personal data and related information;
  • correction of inaccurate data or completion of incomplete data;
  • deletion of your personal data (under one of the conditions indicated in Art. 17, paragraph 1 of the Regulation and in respect of the exceptions envisaged by paragraph 3 of that Article);
  • the restriction of processing of your personal data (in the presence of one of the circumstances indicated in Art. 18, paragraph 1 of the Regulation);
  • the transformation into anonymous form or block on data processed in violation of the law, including data whose storage is no longer necessary for the purposes for which it was collected or processed.

As data subject, you have the right to partly or fully object:

  • on legitimate grounds, to the processing of your personal data, even if it is relevant for the purpose for which the data was collected;
  • to the processing of your personal data to promote training initiatives and Politecnico di Milano’s events.

These rights may be exercised by contacting privacy@polimi.it.

If you believe that your rights have been violated by the data controller or a third party, you can lodge a complaint with the Italian Authority for Data Protection - Garante per la protezione dei dati personali, or with another relevant supervisory authority under the Regulation.

Last updated: 25 May 2026

Back to top