Privacy & Cookie Policy

Privacy policy and cookies policy

This document details our privacy policy, in compliance with our obligations under national (Legislative Decree n. 196 of 30 June 2003, Code on the protection of personal data) and European Community law (EU General Data Protection Regulation n. 2016/679, GDPR) and subsequent amendments. The present website respects and protects the confidentiality of visitors and users, and makes all possible and proportionate efforts not to violate the rights of users. This privacy policy applies exclusively to online activities on this website, and is valid for the website’s users and visitors. The purpose of this privacy policy is to provide as much transparency as possible on the data collected by the website and the way it is used. It does not apply to data collected through channels other than this website, which is available at the following address: 

Legal basis of data processing

By using or consulting this website, visitors and users explicitly approve and consent to the processing of their personal data in the ways and for the purposes described below, including the sharing of said data with third parties if necessary to provide a service. .

Types of data collected and purposes

The personal data provided through the website shall be processed for the following purposes:

     a. Purposes of statistical research / analysis on aggregate or anonymous data, without the possibility of identifying the user, aimed at measuring the functioning of the site and assessing usability and interest;

     b. Compiling data collection forms for receiving newsletters or communications generally via e-mail;

     c. Purposes related to the online provision of University services. 

The website uses log files which store data collected in an automated manner during user visits. The data collected can include the following:

     a. Internet Protocol address (IP);

     b. Browser type and parameters of the device used to connect to the website;

     c. Date and time of the visit;

     d. The websites visited immediately prior (referral) and next to the visit.

The above-mentioned data is processed in an automated, anonymous manner to ensure the proper functioning of the website and for security reasons. The same data may be processed, in compliance with existing regulations, to block attempts to damage the website itself or other users, or to prevent any other harmful or illegal activities. 

Should the website allow user comments, or in the case of specific services requested by the user, the website automatically detects and records some of the user’s identification data, including his or her email address. This data is understood to be voluntarily provided by the user upon their request for the service in question. By adding a comment or any other information, the user confirms having read the privacy policy, and specifically provides their consent for sharing the content inserted with third parties.

The data that website users shall accept to make public through the services and the tools made available by the latter are provided by the users willingly and knowingly, exempting the present website from any liability in case of violations of the law.

The user is responsible for making sure they have the necessary permission for inserting the personal data of third parties or content protected under national and international law. The data collected by the website during its functioning are used exclusively for the above-mentioned purposes, and stored for the period of time strictly necessary for carrying out the above-mentioned activities, which normally amounts to 180* days.

[*The 180 days must be understood as the maximum lenght of time for data storage; this length shall be reduce should the user request data erasure.]

Recipients of the data

Your data is processed by the subjects belonging to the University structures authorized by the Data Controller for processing, in relation to their functions and responsibilities. Furthermore, the Data Controller may communicate his personal data to the following third parties, because their activity is necessary to achieve the aforementioned purposes, also with respect to the functions assigned to them by law: 

There is no data transfer in Extra-EU territories or "International Organizations" . In the event that the need arises, firstly, a specific disclosure will be provided and, in the event that an adequacy decision has not been issued for the country of destination, or if adequate protection guarantees are not available, it will be requested. consent to proceed with the transfer.

Use of cookies

Cookies are small text files that a website visited by a user sends to that user’s browser (e.g. Internet Explorer, Mozilla Firefox, or Google Chrome), where they are stored in order to be re-sent to the same websites during browsing or upon the user’s next visit.

The cookies sent by the portal are used exclusively for technical reasons, such as allowing authenticated access to reserved areas (since cookies save session data for each user).

Session cookies are fundamental for the proper functioning of the various components present in the portal and they make the entire web ecosystem accessible, by activating basic functions such as page navigation. The website cannot function properly without cookies. By using the website, visitors give their explicit consent to the use of cookies.

Use of cookies third parties

The site DOES NOT use cookie third parties.

Disabling cookies

Disabling all cookies:

a. It is possible to deny consent to the use of cookies by selecting the specific setting on one’s browser.

Below are the links that explain how to disable cookies on the most popular browsers (for any other browsers, we suggest you look for this option in your software’s help section)

     1. Internet Explorer

     2. Google Chrome

     3. Mozilla Firefox

     4. Opera

     5. Apple Safari

b. Disabling third-party cookies:

Disabling third-party cookies is also possible in the ways described in their respective privacy policies and/or made available directly by the third-party company serving as the data controller. Disabling Google Analytics cookies only can be done by using the additionalOpt-Out component provided by Google for all the main browsers, available at the following link

Cancelling cookies already stored on the terminal:

Even if the authorization for using third-party cookies is revoked, such cookies may have been stored on the user’s terminal prior to the revocation. For technical reasons, it is not possible to erase these cookies, but the user’s browser makes it possible to eliminate them via the browser’s privacy settings. The browser’s options include “Clear browser history”, which can be used to eliminate cookies, website data, and plug-in.

Security measures

This website processes user data in a proper and lawful manner, and adopts all necessary security measures to prevent the unauthorized access, publication, modification, or unauthorized destruction of said data.

Processing takes place through digital and/or telematic tools, with organizational modalities and approaches that are strictly related to the stated purposes of data processing. In addition to the data controller, in some cases subjects authorized by the University and involved in the organization of the website may have access to the data.

Rights of the user

Pursuant to EU Regulation 2016/679 (GDPR) and national laws, users can exert the following rights within the limits and according to the modalities established under existing laws:

     1. The right to access his or her own personal data;

     2. The right to obtain rectification or erasure of said data and limits on their processing;

     3. The right to data portability (applicable only to data in electronic format), as disciplined by art. 20 of regulation UE 2016/679;

     4. The right to object to data processing;

     5. The right to file a claim with the Italian Data Protection Authority.

Requests must be addressed to the data controller.

Existence of automated decision-making processes

“Automated” decisions are those that can be based on data supplied directly by the interested persons (e.g. though a questionnaire) or obtained through direct observation (such as location data collected by an app); automated decision-making processes cannot affect the rights or legitimate interests of persons, and cannot have a significant impact on additional and distinct individual expectations.

The site NOT makes use of automated decision-making processes.

Exercising user rights

To exert the above-mentioned rights, users may contact the data controller at the following email address: or at the following certified email address:

The data controller must reply within one month of receipt of the request, which deadline can be extended up to three months for particularly complex requests.

Data controller

Pursuant to existing laws, the data controller is l’Università degli Studi di Milano-Bicocca, in the person of its legal representative Professor Maria Cristina Messa.

Contact information:



Tel: 02.64486011 oppure 02.64488267

Data protection officer (DPO)

Dr. Maria Bramanti

Contact info:



Tel: 02.68846123


The present privacy policy was last updated on 03/06/2019