Institutional portal - Municipality of Milan

The Municipality of Milan, in compliance with the principles established by EU Regulation no. 2016/679 relating to the protection of natural persons with regard to the Processing of Personal Data, as well as the free circulation of such data, offers users the possibility of interacting with its Mobile App "Fascicolo del Cittadino", available for iOS and Android platforms and downloadable from the respective Apple and Google sites, to use the services provided by it.

This information is provided exclusively for the aforementioned App and describes the methods of processing the personal data of users of the Application made available by the Municipality of Milan.

Data controller
The Data Controller is the Municipality of Milan with headquarters in Milan in Piazza della Scala, 2 – 20121 Milan.

DPO contact details
The Data Protection Officer - “DPO”) of the Municipality of Milan can be reached at the following e-mail address: dpo@Comune.Milano.it

Purpose and legal basis
Personal data are processed by the Municipality of Milan for the performance of institutional functions, for the execution of tasks of public interest and to ensure effective communication with citizens, in accordance with Legislative Decree 267/2000 and Legislative Decree. Legislative Decree 82/2005 “Digital Administration Code”. 

In this regard, the personal data provided for the services offered through the aforementioned Mobile App (e.g. infringements of the highway code) will be used in terms compatible with the purposes of the collection also for sending, via push notifications, the relevant alerts, subject to consent of the interested parties.

Types of data processed 
The personal data processed by the App concern the car license plate provided by the interested party, the tax code, the surname and navigation data.
The APP automatically acquires information from the interested party's device relating to the operating system used and its version, the duration and the functions used, with the aim of allowing developers to make its services increasingly efficient and intervene in case of anomalies.
This category of data includes the IP addresses of the smartphones used by users who use the Mobile App, the time of the request, the method used to submit the request to the server, the numerical code indicating the status of the response given by the server (good end, error, etc.) and other parameters relating to the operating system and model of the smartphone itself.

Navigation data
The navigation data do not persist for more than 30 days and are deleted immediately after their aggregation (except for any need for the investigation of crimes by the judicial authority).
Cookies and other tracking systems
No cookies are used for user profiling, nor are third-party cookies used.
Instead, technical cookies are used in a manner strictly limited to what is necessary for the efficient and safe usability of the App:

• Browsing and session cookies: login data.

The storage of session cookies in the cache and in the "App Memory" is under the control of the user, whereas on the servers, at the end of the HTTPS sessions, information relating to the cookies remains recorded in the service logs, with retention times in any case not exceeding 30 days like other navigation data.

Nature of treatment
The provision of data is optional, but failure to provide it when installing the App precludes the possibility of interacting with the "Citizen's File" and consulting or receiving information. 

Data retention
Apart from what has already been specified for navigation data and cookies, the data collected will be stored for a time not exceeding the purposes described or for a further period for the definition of any administrative activities. 
However, it is possible to uninstall the App at any time and delete the data, directly from the Options – App – Memory – DELETE DATA menu.

Categories of data recipients
The processing is carried out by authorized, educated people, committed to confidentiality and responsible for the related activities in relation to the purposes pursued. 
The recipients of the data include various companies designated as Data Processors pursuant to Article 28 of EU Regulation 2016/679, which act on behalf of the Municipality of Milan for the management of the Service. 

Transfer of data to third countries
The processing of data connected to the Mobile App takes place mainly in the Municipality of Milan. The data provided for the aforementioned purposes are not subject to transfer to third countries or international organizations, inside or outside the European Union, without prejudice to any regulatory provisions.

Communication and dissemination
The data relating to the online service are not subject to communication or dissemination, unless legal or regulatory provisions provide otherwise.

Rights of the party concerned
Interested parties can exercise the rights provided for by the articles. 15 and following of Regulation (EU) 2016/679 and in particular the right to access one's personal data, to request rectification or limitation, updating if incomplete or incorrect and cancellation if the conditions exist, as well as to oppose the their treatment. These rights can be exercised by addressing the request to the Municipality of Milan:

• to the Data Protection Officer - “DPO”)

Right of complaint
Finally, interested parties are informed that if they believe that the processing of the data relating to them violates EU Regulation 2016/679 (art. 77) they can lodge a complaint with the Italian Supervisory Authority - Guarantor for the protection of personal data - Piazza Venezia, 11 , IT-00187, Rome (www.garanteprivacy.it) or to take action in the appropriate judicial offices (art. 79 of the Regulation).

Privacy information for the use of cookies
The login and payment functions through PagoPA for infringement notices use technical components, called WebView, capable of displaying functions provided by the website of the Municipality of Milan or by third-party bodies within the Mobile App.
Cookies can be used within these "WebViews" similarly to what happens in browsers.
The same privacy policies apply to these cookies reported here.