Privacy Policy

This information notice (hereinafter, the “Policy”) governs the processing of your personal data during the navigation of the website (hereinafter, the “Website”), specifically through the use of cookies. The processing is carried out by Simone Bonavita, with professional headquarters at Piazza Armando Diaz 7, 20123 – Milan, VAT No. 06264250967, email: simone.bonavita@unimi.it (hereinafter, the “Data Controller”), in compliance with personal data protection regulations, specifically Regulation (EU) 2016/679 (hereinafter, “GDPR”).

1. Identity and Contact Details of the Data Controller

The Data Controller is Simone Bonavita. The Data Controller may be contacted at the following references:

  • Postal Address: Piazza Armando Diaz 7, 20123 – Milan (MI), Italy.
  • Email: simone.bonavita@unimi.it

2. Data Protection Officer

The Data Controller has not appointed a Data Protection Officer (“DPO”) pursuant to Art. 37 of the GDPR, as it does not fall within the mandatory categories.

3. Methods of Processing: Navigation Data and Environmental Variables

The Website automatically acquires certain personal data related to your navigation. This category of data includes:

  • IP addresses of the computer used by the user;
  • Number of accesses and pages viewed;
  • Date and time of access;
  • The URL of the browser prior to viewing the Website;
  • Type of navigation browser and operating system used.

4. Cookie Policy

Cookies are small text strings that the Website sends to the user’s browser, where they are stored to be retransmitted upon a subsequent visit. The Website exclusively uses technical session cookies provided by the WordPress platform. These cookies are strictly necessary for the proper functioning and security of the Website.

4.1. Technical Cookies

The following standard WordPress cookies are used to manage the session and functional settings:

“This Website uses only technical cookies strictly necessary for its operation:

  1. wordpress_test_cookie (Session): Used to check cookie support.
  2. wordpress_logged_in_* & wordpress_sec_* (Session): Used to manage administrative access and secure the browsing session.”

The Website does not use statistical (analytics), marketing, or profiling cookies.

5. Data Provided Voluntarily

You may voluntarily provide data by sending emails to the addresses indicated on the Website. The Data Controller will acquire the sender’s address and any other personal data included in the communication solely to respond to your requests.

6. Legal Basis and Purposes of Processing

  • Navigation and Technical Cookies: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) GDPR).
  • Voluntary Communications: The legal basis is the legitimate interest of the Data Controller to respond to enquiries (Art. 6(1)(f) GDPR).

7. Recipients of Personal Data

Your personal data may be processed by entities acting as Data Processors, such as hosting service providers (e.g., Aruba S.p.A.). Data will not be disseminated to third parties for commercial purposes.

8. Data Retention Period

  • Technical Data: Retained for the duration of the navigation session.
  • Voluntary Communications: Retained for the period strictly necessary to fulfill the requests and, in any case, for a period not exceeding 12 months.

9. Rights of the Data Subject & other right

As a “Data Subject”, you have the right to exercise the following rights at any time:

  • Right to Object
  • As a “data subject”, you have the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, pursuant to point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.
  • The Data Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
  • Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • In the event of an objection to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  • You may object to the processing of your personal data for direct marketing purposes even partially—for instance, by objecting only to the sending of promotional communications through automated and/or digital means, or to the sending of hard-copy communications and/or the receipt of telephone calls.
  • Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

  • Other Rights
  • The Data Controller further informs you of the existence of the following rights:
  • Right of access: you have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed. In such a case, you have the right to access your personal data and specific information, in accordance with Article 15 of the GDPR;
  • Right to rectification: you have the right to obtain from the Data Controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement, in accordance with Article 16 of the GDPR;
  • Right to erasure: you have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay. The Data Controller shall have the obligation to erase personal data without undue delay where one of the grounds listed in Article 17 of the GDPR applies;
  • Right to restriction of processing: you have the right to obtain from the Data Controller restriction of processing where one of the grounds listed in Article 18 of the GDPR applies;
  • Right to data portability: you have the right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance from the Data Controller, under the cases and conditions specified in Article 20 of the GDPR;
  • Right to object to commercial communications: you have the right to object at any time, free of charge, to the receipt of commercial communications from the Data Controller;
  • Right to lodge a complaint with the Supervisory Authority: you have the right to lodge a complaint with the Data Protection Authority (Garante per la Protezione dei Dati Personali) to complain about a breach of personal data protection regulations, in accordance with Article 77 of the GDPR.

10. Exercise of Rights and Complaints

To exercise your rights, you may contact the Data Controller at simone.bonavita@unimi.it. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) via their official website: .