Skip to main content

POK - Polimi Open Knowledge

Privacy Notice

PRIVACY NOTICE UNDER THE PROVISIONS OF ARTICLE 6 OF REGULATION (EU) No 2016/679 OF 27 APRIL 2016


The current privacy notice is granted pursuant to Article 6 of Regulation (EU) No 2016/679 of 27 April 2016 relating to the protection of natural persons as regards the processing of personal data and in compliance with the rules on the processing of personal data and on free movement of such data.

This privacy notice refers to the Polimi Open Knowledge - POK website ("POK"), offered by Politecnico di Milano ("Polimi"). This privacy policy provides information to those who interact with POK, which can be accessed electronically and pertains to the domain: pok.polimi.it.

Data Controller: Politecnico di Milano – Directorate General upon authorisation of the pro-tempore Rector dirgen@polimi.it
Piazza Leonardo da Vinci 32 – 20133 Milan Italy
Phone +39 0223992243
PEC: pecateneo@cert.polimi.it

Data Protection Officer: privacy@polimi.it - phone: +39 0223999378


Purposes and legal basis of data processing, categories of data and data storage period

Under the relevant European and national legislation (EU Reg. 679/2016, hereafter, Regulation), we inform you that your personal data will be used for the purposes in the table below.


Personal data processing purposes Legal basis for processing Personal data categories Personal data retention period
Purpose 1
Enrolment and participation in online courses and learning activities		 Public interest (Art. 6, paragraph 1, letter e) of Regulation EU).
  • Identification data
  • Personal details
  • Career data
 For the period strictly necessary to carry out these activities.
Purpose 2
Statistical purposes, retention and archiving		 Public interest (Art. 6, paragraph 1, letter e) of Regulation EU).
  • Identification data
  • Personal details
  • Career data
 For the period strictly necessary to carry out these activities.


Nature of the data

The provision of data is mandatory. Refusal to provide the data makes it impossible to carry out the intended purposes.


Processing methods

The data processing for the purposes indicated above may be carried out on digital media, manually and/or with electronic tools. Duly authorised persons are entitled to access the data acquired for the aforementioned purposes.


Categories of recipients

For the above purposes, the data may be communicated to Italian or international public or private entities, companies or persons that provide services on behalf of the Controller:

  • staff authorised to process personal data;
  • European Union;
  • organisations partnering with POK to offer MOOCs, such as organisations participating in the respective EU-funded projects;
  • employers, institutions or other entities that foster your enrollment in a MOOC for training or other educational purposes (if an entity supports your course participation, POK may share information with that entity as needed to confirm your enrollment, participation, progress, and completion status in that course);
  • subjects that provide outsourcing services or acting as technicians operating the POK equipment and service programs;
  • entities / authorities for issuing public key certificates.


Transferring data to non-EU countries or international organisations

The data controller processes data within the European Union. In general, if, for technical and/or operational reasons, it becomes necessary to use parties located outside the European Union, or to transfer some of the data collected to technical systems and services managed in the cloud and located outside the European Union, the processing will be regulated under the provisions of Chapter V of the Regulation and authorised based on specific decisions of the European Union. Precautions will be taken to ensure the most complete protection of personal data, basing such a transfer:
a) on adequacy decisions of the receiving third-party countries expressed by the European Commission;
b) on adequate safeguards expressed by the receiving third party under art. 46 of the Regulation;
c) on the adoption of so-called “corporate binding rules”.


Data subject rights

As the data subject, you may request from the Controller:

  • confirmation of the existence or otherwise of personal data concerning you;
  • access to your personal data and related information;
  • correction of inaccurate data or completion of incomplete data;
  • deletion of your personal data (under one of the conditions indicated in Art. 17, paragraph 1 of the Regulation and in respect of the exceptions envisaged by paragraph 3 of that Article);
  • the restriction of processing of your personal data (in the presence of one of the circumstances indicated in Art. 18, paragraph 1 of the Regulation);
  • the transformation into anonymous form or block on data processed in violation of the law, including data whose storage is no longer necessary for the purposes for which it was collected or processed.

As data subject, you have the right to partly or fully object:

  • on legitimate grounds, to the processing of your personal data, even if it is relevant for the purpose for which the data was collected;
  • to the processing of your personal data to promote training initiatives and Politecnico di Milano’s events.

These rights may be exercised by contacting privacy@polimi.it.

If you believe that your rights have been violated by the data controller or a third party, you can lodge a complaint with the Italian Authority for Data Protection - Garante per la protezione dei dati personali, or with another relevant supervisory authority under the Regulation.


Back to top
Contact site support
Policies