Institutional portal - Municipality of Milan

This page describes the methods of processing the personal data of users of the "Civil Protection Alert System" application made available by the Municipality of Milan for sending information relating to hydro-weather alerts within the municipal territory.

Data controller
The Data Controller is the Municipality of Milan with headquarters in Milan in Piazza della Scala, 2 – 20121 Milan.

DPO contact details
The Data Protection Officer - “DPO”) of the Municipality of Milan can be reached at the following e-mail address: dpo@Comune.Milano.it

Purpose and legal basis 
The Municipality of Milan in accordance with Legislative Decree 2 January 2018, n. 224 “Civil Protection Code”, activated the Alert System as part of activities aimed at preventing and mitigating risks, managing emergencies and overcoming them.

The processing is therefore aimed at sending communications in the event of critical situations, expected or in progress, giving indications regarding risk scenarios, hydro-weather alerts or floods (Lambro and Seveso) in order to prevent uncomfortable and dangerous situations.

Personal data are processed in compliance with the conditions set out in the art. 6 of EU Regulation 2016/679 and in particular for:

a) the fulfillment of a legal obligation to which the owner is bound; 
b) the execution of a task of public interest and connected to the exercise of public powers in relation to the mayor's functions provided for by the Consolidated Law on the Regulation of Local Authorities (Legislative Decree 267/2000) and by the Civil Protection Code .

Types of data processed 
The personal data processed by the APP concern the telephone number provided by the interested party and navigation data.

The APP automatically acquires information from the interested party's device relating to the operating system used and its version, the duration and the functions used, with the aim of allowing developers to make its services increasingly efficient and intervene in case of anomalies.

This category of data includes the IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in the submit the request to the server, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.
The navigation data do not persist for more than 30 days and are deleted immediately after their aggregation (except for any need for the investigation of crimes by the judicial authority).

Cookies and other tracking systems
No cookies are used for user profiling, nor are third-party cookies used.

Instead, technical cookies are used in a manner strictly limited to what is necessary for the efficient and safe usability of the APP:

• Browsing and session cookies: login data.

The storage of session cookies in the cache and in the "APP Memory" is under the control of the user, whereas on the servers, at the end of the HTTPS sessions, information relating to the cookies remains recorded in the service logs, with retention times in any case not exceeding 30 days like other navigation data.

Nature of treatment
The provision of data (telephone number) is optional, but failure to enter it when installing the App precludes the possibility of receiving important communications on critical alert situations. Through the App you will receive multiple messages, even referring to the same event, in relation to the alert level, as indicated on the web page: Civil Protection Alert System

Data retention 
Apart from what has already been specified for navigation data and cookies, the data collected will be kept for the time corresponding to the functioning of the Alert system or for a further period for the definition of any administrative activities.

However, the interested party can uninstall the Alert System App at any time and delete the data, directly from the Options - App - Memory - DELETE DATA menu.

Uninstalling the app does not exclude the user from continuing to receive communications on the telephone number entered in the APP at the time of installation. To unsubscribe from the service you need to enter the APP configuration menu and click on the "unsubscribe from the service" button before uninstalling it.

Categories of data recipients 
The processing is carried out by authorized, educated people, committed to confidentiality and responsible for the related activities in relation to the purposes pursued. 
The recipients of the data include the company BT Italia SpA, designated as Data Processor pursuant to Article 28 of EU Regulation 2016/679, which acts on behalf of the Municipality of Milan for the management of the Service. 

Transfer of data to third countries 
The data provided for the aforementioned purposes are not subject to transfer to third countries or international organizations, within or outside the European Union, without prejudice to any regulatory provisions.

Rights of interested parties 
As an interested party you can exercise the rights provided for by the articles. 15 and following of Regulation (EU) 2016/679 and in particular the right to access one's personal data, to request rectification or limitation, updating if incomplete or incorrect and cancellation if the conditions exist, as well as to oppose the their treatment. These rights can be exercised by addressing the request to the Municipality of Milan:
-    to the Data Protection Officer - “DPO”).

Finally, we inform you that if you believe that the processing of personal data relating to you violates EU Regulation 2016/679 (art. 77) you can lodge a complaint with the Italian Supervisory Authority - Guarantor for the protection of personal data (www.garanteprivacy.it)  or to take action in the appropriate judicial offices (art. 79 of the Regulation).