Institutional portal - Municipality of Milan

Pursuant to art. 13 of EU Regulation no. 2016/679 (General Regulation on the Protection of Personal Data), the following information is provided.

Data controller

The Data Controller is the Municipality of Milan with headquarters in Piazza della Scala, 2 – 20121 Milan, e-mail address PCC.Direzione@comune.milano.it

Responsible for the protection of personal data

The Data Protection Officer - “DPO”) of the Municipality of Milan can be reached at the following e-mail address: dpo@Comune.Milano.it

Purpose and legal basis

The processing of data is aimed at managing the institutional activities connected to the exercise of the mandate of the municipal councillors.  

Personal data are processed in compliance with the conditions established by EU Regulation 2016/679 and in particular by art. 6 – par. 1 letter e) - and by art. 2 ter of the Legislative Decree. 196/2003 “Code regarding the protection of personal data”, for the execution of a task of public interest or connected to the exercise of public powers in accordance with Legislative Decree 267/2000.

Types of data processed

The management of institutional activities connected to the exercise of the mandate of the municipal councilors involves the processing[1] of personal data[2], including particular (sensitive) data[3] and those relating to criminal convictions or (judicial) crimes[4] .

Mode of treatment

The processing takes place in compliance with fundamental rights and freedoms and is based on the principles of correctness, lawfulness, transparency and protection of confidentiality. It is also carried out with the aid of electronic instruments consistently with the operations indicated in the art. 4, point 2, of EU Regulation 2016/679.

Nature of treatment

The provision of data is optional but failure to provide it does not allow the requests connected to the exercise of the mandate of the municipal councilors to be processed.   

Communication and dissemination

Personal data, particular and/or relating to convictions and crimes, may be communicated to third parties, public and private, in compliance with legal obligations and/or regulatory provisions.

The data may be communicated, for example, to other managements of the institution, to other public bodies, to publicly held companies of the municipal administration where required by current legislation.

Categories of data recipients

The processing is carried out by authorized natural persons, committed to confidentiality, and responsible for carrying out the relevant activities and procedures in relation to the purposes pursued.

Data retention

The data will be kept for the time necessary to achieve the purposes for which they were collected and in any case no later than the deadline for the conclusion of the ongoing consultation.

Data transfer to third countries

The data processed for the aforementioned purposes are not transferred to third countries outside the European Union or the European Economic Area (EEA) or to international organisations.

Rights of interested parties

Interested parties can exercise the rights provided for by the art. 15 and following of EU Regulation 2016/679 and in particular the right to access your personal data, to request rectification or limitation, updating if incomplete or incorrect and cancellation if the conditions exist as well as to oppose their processing. To this end they can contact:

- Municipality of Milan as Data Controller, with headquarters in Piazza della Scala, 2 - 20121 Milan - Service Area of ​​the Presidency of the City Council, e-mail address PCC.Direzione@comune.milano.it

or 

- Responsible for the protection of personal data of the Municipality of Milan (Data Protection Officer - “DPO”)

Right of complaint

Finally, we inform you that interested parties, if they believe that the processing of personal data relating to them occurs in violation of the provisions of EU Regulation 2016/679 (art. 77) have the right to lodge a complaint with the Guarantor, (www.garanteprivacy.it ) or to take action in the appropriate judicial offices (art. 79 of the Regulation).

[1] Processing (art. 4, point 2, EU Regulation): any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, deletion or destruction of data.

[2] Personal data (art. 4, point 1, EU Regulation): "any information concerning an identified or identifiable natural person (interested party), the natural person who can be identified directly or indirectly, with particular reference to an identifier such as your name, an identification number, location data, an online identifier or one or more elements characteristic of your physical, physiological, genetic, mental, economic, cultural or social identity.

[3] Special data (art. 9, par. 1, EU Regulation): personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the person's health status or sexual life or sexual orientation.

[4] Data relating to criminal convictions or crimes (art. 10 EU Regulation): personal data relating to criminal convictions and crimes or related security measures.