Health and Nature
Privacy Policy
Preamble
Pursuant to Article 13 of Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR), the University of Milan (hereinafter referred to as the “University”), in the person of the Acting Rector, informs users of the website Freedom – Further Exploring Environmental Determinants Of Mental Health at the link (https://freedom-research.com) (hereinafter also referred to as “the website”) regarding the use of their personal data.
1. Data Controller and Data Protection Officer (DPO)
The Data Controller is the University of Milan, in the person of the Acting Rector, Via Festa del Perdono 7, 20122 Milan, email: supportodpo@unimi.it.
Pursuant to Articles 37 et seq. of Regulation (EU) 2016/679, the University has appointed Prof. Pierluigi Perri as Data Protection Officer (DPO), c/o Department “Cesare Beccaria,” Via Festa del Perdono 3, 20122 Milan, email: dpo@unimi.it.
2. Types of Data Processed and Purposes of Processing
The following types of data may be processed by the University:
A. Browsing Data- Data collected through cookies during users’ navigation on the website. For further details on the cookies used by the website, please refer to the Cookie Policy.
Such information is used to obtain anonymous statistical information on website usage and to ensure its proper functioning. This data is not associated with identified users; however, by its nature and through association with data held by third parties, it could allow the identification of the data subjects. This category includes, for example, the IP address of the system used to connect to the website.
This data is deleted from the systems after statistical processing and is stored offline exclusively for the purpose of ascertaining liability in the event of computer crimes, and can only be accessed upon request by the judicial authorities.
Some of the aforementioned information is processed automatically and collected in aggregate form in order to verify the correct functioning of the site and for security purposes.
For security purposes (spam filters, firewalls, virus detection), automatically recorded data may be used, in accordance with applicable law, to block attempts to damage the website or cause harm to other users, or any other harmful or criminal activities. In any case, such data will never be used for user profiling, but only for protecting the website and its users.
3. Legal Basis for Processing
The legal basis for the processing of data is the performance of a task carried out in the public interest by the Data Controller (Article 6(1)(e) GDPR).
4. Methods of Processing
Data is collected in compliance with the principles of relevance, completeness, and non-excessiveness in relation to the purposes for which it is processed. Personal data provided is processed in accordance with the principles of lawfulness, fairness, and transparency established by Article 5 of the GDPR, also with the aid of electronic and IT tools suitable for storing and managing such data, and in any case in such a way as to guarantee security and the utmost confidentiality of the data subject.
5. Categories of Authorized Persons and Recipients
Personal data of users will be processed, in compliance with applicable law, by University personnel (designated as authorized processors) responsible for managing the website and performing activities related to it.
Data may be communicated:
- To non-economic public entities or consortia participated in by the University (e.g., MUR) when communication is necessary to carry out the institutional functions of the requesting entity;
- To any external entities appointed as Data Processors pursuant to Article 28 GDPR;
- To Public Security Authorities, Judicial Authorities, or other public bodies for purposes of defense, State security, crime detection, and in compliance with legal obligations, where criminal offences are suspected.
Apart from the above cases, personal data will not be disclosed or communicated to third parties for any reason.
No personal data will be transferred to third countries or international organizations.
6. Data Retention Period
Depending on the purposes for which the data is collected, it will be retained for the period established by the applicable regulations or for the time strictly necessary to achieve the purposes. Specifically:
- For information on cookie retention periods, please refer to the Cookie Policy.
7. Data Subject Rights
Pursuant to Articles 15–22 GDPR, data subjects may, where applicable, exercise the right to request from the Data Controller access to their personal data, rectification, erasure, or restriction of processing, by contacting: Prof. Pierluigi Perri, Data Protection Officer, c/o Department “Cesare Beccaria,” Via Festa del Perdono 7, 20122 Milan, email: dpo@unimi.it.
8. Right to Object
Pursuant to Article 21(1) GDPR, the data subject has the right to object at any time, for reasons related to their particular situation, to the processing of their personal data carried out pursuant to Article 6(1)(e) GDPR, i.e., where processing is based on the performance of a task carried out in the public interest, by contacting: Prof. Pierluigi Perri, Data Protection Officer, Via Festa del Perdono 7, 20122 Milan, email: dpo@unimi.it.
9. Right to Lodge a Complaint
Data subjects who believe that the processing of their personal data carried out through this website violates the GDPR have the right to lodge a complaint with the Italian Data Protection Authority (“Garante”), as provided for by Article 77 GDPR, or to seek judicial remedies (Article 79 GDPR).