Institutional portal - Municipality of Milan

Information pursuant to art. 13 of EU Regulation no. 2016/679

Pursuant to art. 13 of EU Regulation no. 2016/679 (General Regulation on the Protection of Personal Data), the following information is provided.

Data controller

The Data Controller is the Municipality of Milan with headquarters in Piazza della Scala, 2 – 20121 Milan – Technological and Digital Innovation Directorate, located in via G. Vico 18 – 20123 Milan – email address: ITeD@comune.milano.it 

Data Protection Officer (DPO)

The Municipality of Milan has appointed its own Personal Data Protection Officer who can be contacted at the e-mail address: dpo@comune.milano.it 

Purpose

The data processing is aimed at:

1) allow the booking, consultation and management of appointments for the services provided by the institution and in particular by:

· Civic Services;

· Educational Services;

· Mobility Services;

· Social services;

· Administrative Sanctions Services;

· Tax Services;

· Municipal services

· Urban planning services

· Local Police Services

· Collection Services

· Youth information services

· Generic reception services

2) detect satisfaction with the online booking service for the purposes of continuous improvement.

3) detect satisfaction with the experience with registry, civil status and tax consultancy services for the purposes of continuous improvement.

Legal basis

Personal data are processed in compliance with the conditions established by EU Regulation 2016/679 and in particular:

from the art. 6 – par. 1 letter e) - and by art. 2 ter of the Legislative Decree. 196/2003 “Code regarding the protection of personal data”, for the execution of a task of public interest or connected to the exercise of public powers in accordance with the law/Regulation vested in the data controller in accordance with the functions envisaged by the Consolidated Law on the Organization of Local Authorities (Legislative Decree 267/2000).

For activities related to measuring user satisfaction:

- Directive of the President of the Council of Ministers of 27/01/1994 "principles on the provision of public services" and Directive of the Minister of Public Function of 24/03/2004 "on the measurement of the quality perceived by citizens"

- Legislative Decree 267/2000, “Consolidated law on the organization of local authorities”, art. 147, Types of internal controls, letter e)

- Legislative Decree n.82/2005 “Digital Administration Code”, art. 7, c.3 modified by Legislative Decree 179/16, art. 8, c.1 and subsequent amendments and additions and with specific sector Directives

- Legislative Decree 27 October 2009, n. 150 “Implementation of law 4 March 2009, n. 15, regarding the optimization of the productivity of public work and the efficiency and transparency of public administrations", art. 19 bis and art.28; Regulation on the internal control system of the Municipality of Milan (Deliberation of the City Council no. 7/2013 art.16).

Types of data processed

The booking service involves the collection of the following personal data, based on the type of access method:

1. Provision of the service via SPID/CIE/COMPANY ID authentication

Authentication data

2. Provision of the service with temporary authentication access

Name, surname, telephone number, postal address for 120 minutes after email validation

3. Data requested depending on the type of service in reference to the service provided (example file number, file submission date, tax code, contact telephone number, etc.)

Each request by the interested parties will involve the processing of the data connected to it in compliance with the functions provided by the institution.

The processing of data relating to points 2) and 3) is strictly related to the type of service and responds to the principle of relevance and not excess with respect to the purpose (the appointment request form is structured for each service in order to collect the necessary data)

The satisfaction questionnaire for the online appointment booking service is anonymous and can be reached by the user via the link in the email, sent as confirmation and reminder of the booking. The questionnaire can be completed up to the day before the appointment.

For the services referred to in point 2 of the purposes (experience with registry, civil status and tax consultancy services) a more in-depth evaluation of the experience with the services used is envisaged: at the end of the appointment it will be sent to the address of the user's email address, an anonymous questionnaire as the answers provided are not associated with the email address and are processed in aggregate form. The questionnaire can be completed within three days of receipt and subsequently deactivated.

The user who booked the appointment by authenticating with Spid/CIE/Id Company can unsubscribe from receiving further surveys directly from the email received.

Users who indicate that they have not resolved their situation and express the need for further assistance can access an online form via link and enter their details to ask to be contacted. The data provided are not associated with the answers to the questionnaire which therefore remains anonymous; a dedicated team of Infoline service operators will call the user back to manage the assistance.

To manage the survey, the following information is collected, acquired anonymously in the questionnaire responses:

- method of accessing the booking service (via SPID/CIE/COMPANY ID authentication or with temporary authentication) without further information that could lead to personal identification;

- day of booking and provision of the appointment

- booked service and/or the topic being consulted

- location and method of providing the appointment (only for the evaluation of the overall experience referred to in point 2 of the purposes)

- date and time of completing the questionnaire

There is also a free text question to motivate the opinion expressed and in which it is recommended not to include any information that could lead to personal identification; if detected, such data will be deleted.

The software adopted to measure user satisfaction uses technical cookies and technical session cookies to allow it to function correctly. For further information, consult the Privacy page - Municipality of Milan.

Mode of treatment

The processing takes place in compliance with fundamental rights and freedoms and is based on the principles of correctness, lawfulness, transparency and protection of confidentiality. It is also carried out with the aid of electronic instruments consistently with the operations indicated in the art. 4, point 2, of EU Regulation 2016/679.

The booking service organized through the institutional website provides the possibility of opting for one of the following appointment methods:

1) at the counter at the institution's offices indicated during the booking phase

2) telephone with a qualified operator

3) at the virtual counter via a video conference tool.

The appointment can be canceled at any time independently using the same booking service. The revocation does not affect the lawfulness of the processing carried out for the management of the appointment requested before the revocation itself.

Participation in surveys takes place on a voluntary basis and failure to participate does not affect the provision of the service but only the possibility of expressing an evaluation and, if applicable, accessing the online form to request further assistance.

Nature of treatment

The request for an appointment necessarily involves the processing of the data referred to in points n. 1 and 2 of the paragraph "Type of data processed" in both access methods.

Failure to provide the mandatory data (marked with an asterisk) precludes the possibility of proceeding with the booking of the appointment and the subsequent evaluation of the service.

Communication and dissemination

Personal data are not subject to communication or dissemination, except in cases where specific legal provisions provide for this last operation (e.g. judicial authority).

The answers provided through the satisfaction questionnaire for the booking service and management of the need are processed and published on the institutional website in anonymous and aggregate form

Categories of data recipients

The processing is carried out by authorized persons committed to confidentiality and responsible for the related activities in relation to the purposes pursued.

The data processing is also carried out by subjects external to the organization who assume the role of data controller pursuant to art. 28 of EU Regulation 2016/679:

· Enterprise Services Italia Srl, (application maintenance) registered office in Cernusco sul Naviglio (MI), Via Achille Grandi, 4

· Municipia Spa (back office management of appointments) with registered office in Trento (TN), Via Adriano Olivetti, 7,

· GPI Spa (appointment management) with registered office in Trento (TN), via Ragazzi del '99, 13

· Intellera Consulting Srl (data analysis and reporting) with registered office in Milan (MI) Via Gaetano de Castillia, 23

Data retention

The data will be kept for the time necessary to achieve the purposes for which they were collected and in any case for a maximum period of 2 years after which the data will be eliminated.

The information acquired for the management of the surveys will be automatically deleted when the link to the questionnaire expires, i.e. the day before the appointment booked for the survey referred to in point 2 of the purposes and the 3rd day following the appointment for the survey referred to in point 3 of the purposes.

The data necessary to send the questionnaire will be kept for the time necessary to achieve the purposes for which they were collected

Data transfer to third countries

The data processed for the aforementioned purposes are not transferred to third countries outside the European Union or the European Economic Area (EEA) or to international organisations, without prejudice to any regulatory provisions.

Rights of interested parties

Interested parties can exercise the rights provided for by the art. 15 and following of EU Regulation 2016/679 and in particular the right to access one's personal data, to request rectification or limitation, portability, updating if incomplete or incorrect and cancellation if the conditions exist as well as to oppose the Processing by addressing the request should be addressed to:

- Municipality of Milan as Owner, via G. Vico, n. 18 - 20123 Milan - Technological and Digital Innovation Directorate, located in via G. Vico 18 – 20123 Milan – email address: ITED@comune.milano.it 

or

- Responsible for the protection of personal data of the Municipality of Milan (Data Protection Officer - “DPO”) reachable at the following e-mail address: dpo@Comune.Milano.it 

Right of complaint

Finally, we inform you that interested parties, if they believe that the processing of personal data relating to them occurs in violation of the provisions of EU Regulation 2016/679 (art. 77) have the right to lodge a complaint with the Guarantor, (https://www.garanteprivacy.it/) or to take action in the appropriate judicial offices (art. 79 of the Regulation).

Modification

The Owner reserves the right to make to this Information, at its sole discretion and at any time, all changes deemed appropriate or made mandatory by the regulations in force from time to time, giving adequate publicity to interested parties.