Institutional portal - Municipality of Milan

Information regarding the processing of personal data
The Municipality of Milan provides this information relating to the processing of personal data (directly provided and/or obtained from third parties) in compliance with the European Regulation on the protection of personal data n. 679/2016 (EU Regulation 679/2016). In relation to any personal data of third parties connected to the interested party (e.g. beneficial owners, legal representatives, delegates, attorneys, etc...) this information must be provided by the interested party to such third parties, in order to make them aware about the purposes and methods of processing their personal data.

Data controller
The data controller is the Municipality of Milan with headquarters in Piazza della Scala, n. 2 – 20121 Milan.

Responsible for the protection of personal data
The person responsible for the protection of personal data (Data Protection Officer - “DPO”) of the Municipality of Milan can be reached at the following e-mail address: dpo@comune.milano.it

Purpose and legal basis
Personal data are processed in compliance with the conditions established by EU Regulation 2016/679 and in particular by art. 6 – par. 1 letter e) - and by art. 2 ter of the Legislative Decree. 196/2003 “Code regarding the protection of personal data”, for the execution of a task of public interest and connected to the exercise of public powers vested in the Municipality; the provision of such data is also provided for by the Integrated Activity and Organization Plan (PIAO) of the Administration, according to which private entities who forward questions or requests to the Administration relating to the procedures referred to in art. 10 of Legislative Decree 231/2007 and subsequent amendments are required to communicate the name of the beneficial owner.
The identification of the beneficial owner is considered relevant, in order to guarantee transparency, legality and impartiality in the administrative action of the employees involved in the procedure in relation to their respective competences.
Pursuant to art. 13 par. 3 and art. 14, par. 4 of EU Regulation 679/2016, if the data controller intends to further process personal data for a purpose other than that for which they were collected, before such further processing it provides the interested party with information regarding this different purpose and any further relevant information.

Types of data processed and scope of processing
The Municipality of Milan processes personal data collected directly from the interested party or from third parties which include personal data, tax code and all data that can be traced back to the definition of "personal data" pursuant to art. 4, point 1 of European Regulation 2016/6791.
The processing generally concerns the management of procedures falling within the areas defined by the art. 10 of Legislative Decree 231/2007.
Purely indicative list of activities carried out:

• works contracts, supplies of goods and services, exceeding the community threshold;
• service concessions and public/private partnerships above the community threshold;
• administrative concessions of unavailable assets and state property;
• concessions for the use of real estate;
• provision of financing, a contribution, or economic advantages of any kind to organizations and businesses;
• commercial authorizations for medium and large sales structures;
• urban planning agreements and authorized permits.

Mode of treatment
The processing takes place in compliance with fundamental rights and freedoms and is based on the principles of lawfulness, correctness, proportionality, transparency and protection of confidentiality.
The processing is carried out using paper and/or computerized methods and includes the operations or set of operations necessary for the pursuit of the purposes referred to in the point "Purpose and legal basis". 

Nature of treatment
The provision of data relating to the identity of the beneficial owner is sanctioned by the obligation set out in the Integrated Activity and Organization Plan (PIAO) of the Administration. Failure to comply with this obligation, while not giving rise to any sanction, will lead to "the initiation of appropriate checks at the competent municipal management which deals with anti-money laundering, for the purposes of transmitting any reports to the competent authorities regarding the fight against money laundering." ". 

Communication and dissemination
The personal data collected may be communicated to the competent bodies in the activities in which checks are ordinarily envisaged on the data returned and/or in the event that anomalies are found within the declaration which are susceptible to subsequent checks by the municipal management which deals with anti-money laundering.
When communication is necessary for the execution of a task of significant public interest, data other than particular data and/or relating to convictions and crimes may be communicated to public entities even in the absence of legal provisions or regulations within the terms and conditions. according to the methods established by the art. 2 ter of Legislative Decree 196/2003, as amended by Legislative Decree no. 101/2018.
Personal data are disclosed exclusively to fulfill legal or regulatory obligations, in particular in compliance with the rules on transparency, participation and publication of administrative documents and provisions.

Data retention
The data will be stored pursuant to art. 31, paragraphs 1 and 2, of Legislative Decree 231/2007 and in any case for the time necessary to manage the related administrative activities with particular regard to the obligations of keeping documentation in the archives according to the criteria and regulations regarding document waste .

Categories of data recipients
The processing is carried out by authorized natural persons, committed to confidentiality and responsible for carrying out the relevant activities and procedures in relation to the purposes pursued.
In relation to the current privacy model, defined with Council Resolution no. 914/2018, which assigns specific tasks to management personnel in matters of data processing, the information may be known to the Director of the municipal Directorate who deals with anti-money laundering and by the Directorate staff in charge of processing personal data by the Director himself.

Source from which the data originates
The data were provided by the legal representative of the company from whom they were requested in compliance with the provisions of the Administration's Integrated Activity and Organization Plan (PIAO).

Tdata transfer to third countries
Personal data will not be transferred to third countries.

Automated decision-making process
The data provided will not be subjected to automated decision-making processes.

Rights of interested parties
Interested parties can exercise the rights provided for by the art. 15 and following of EU Regulation 2016/679 and in particular the right to access your personal data, to request rectification or limitation, updating if incomplete or incorrect and cancellation if the conditions exist, as well as to oppose the processing by addressing the request to: you can contact:

• Municipality of Milan as Owner, piazza della Scala n. 2, 20100 Milan to the following e-mail addresses protocol@postacert.comune.milano.it - protocol@comune.milano.it

or

• Responsible for the protection of personal data of the Municipality of Milan (Data Protection Officer - “DPO”)

Right of complaint
Based on the provisions of EU Regulation 2016/679, we inform you that if interested parties believe that the processing of personal data occurs in violation of the provisions of EU Regulation 2016/679 (art. 77) they can lodge a complaint with the Regulatory Authority. Italian control - Guarantor for the protection of personal data or to take action in the appropriate judicial offices (art. 79).