Language
ABC - Abitare Bicocca Città

Privacy Policy
This information is provided in accordance with Article 13 of EU Regulation No. 2016/679 (“General Data Protection Regulation” or GDPR). It describes how the website www.abcmilano.com is managed by La Cordata scs, regarding the processing of data of users who consult it, as well as the data processing practices of information transmitted by the data subject to the Data Controller through this site.

The legal representative of LA CORDATA SCS – Via B. Zumbini 6 – 20143 Milan – privacy@lacordata.it, as the Data Controller (hereinafter, “Controller”), informs, pursuant to Article 13 of EU Regulation No. 2016/679 (GDPR), that the data will be processed in the manner and for the purposes outlined below:

GENERAL INFORMATION
La Cordata scs safeguards your personal data and complies with applicable data protection regulations (Privacy Code and GDPR 2016/679). Your data are treated confidentially and are transferred to third parties only as provided in this Policy or with your consent. We process the data you provide during the use of the website and/or after registration on the website. Specifically, we process:

  • Data directly provided by users, through registration on the site or mailing list;
  • Data not directly provided by users – and in any case acquired within the limits of Article 14, paragraph 5, GDPR – whose transmission is connected to the use of the portal and the use of Internet communication protocols (for example, data acquired by the university for identification as a student or prospect, page accesses, amount of data transferred, status messages upon access, session ID numbers, IP addresses, URLs, etc.). These data allow reconstructing the visit path to the site and providing the requested services.

PURPOSE OF PROCESSING AND NATURE OF DATA PROVISION
Abitare Bicocca Città is a matching and housing orientation service reserved for students of the University of Milan Bicocca.
The data provided by users who register to access the services offered by the portal (whether they are property owners or students requesting housing services) or send requests for informational material (bulletins, newsletters, responses to queries, etc.) are used solely to perform the requested service or activity and are communicated to third parties only if necessary for this purpose.
Providing data for these purposes is mandatory. Without such data, it will not be possible to guarantee registration on the site or to process the requested housing solutions.

Personal data are used (see Articles 6(b) of GDPR):

  1. To enable browsing on the site and possibly to perform the requested service or activity within La Cordata scs’s normal operations, located at Via Bonaventura Zumbini 6, 20143 Milan, VAT 09906020152.
  2. For purposes related to legal obligations and directives from authorities authorized by law (Articles 6(c) and 9(b,g,h) of GDPR).
  3. For the verification, exercise, or defense of a right in judicial or extrajudicial proceedings (legitimate interest) of the organization (Articles 6(f) and 9(f) of GDPR).
  4. For direct marketing purposes based on the legitimate interest of the Controller; including cookies, advertising IDs used to display ads, email addresses for newsletters, navigation and usage logs to protect the site and service from cyber-attacks; in these cases, the data subject can always deny consent, and the Controller will refrain from processing (Articles 6(f) of GDPR).
  5. For functional purposes related to activities where the data subject can choose whether to give consent, such as subscribing to the newsletter to receive informational and promotional messages, satisfaction surveys, data sharing with third parties for communication, marketing, and sales purposes (GDPR Art.
  1. With the consent of the data subject, in the case of special categories of data (see Art. 9(a) of the GDPR)

PROFILING DATA
No profiling data regarding the habits or consumption choices of the data subject are directly collected. However, it is possible that, through links or by incorporating third-party elements, such information may be acquired by independent or separate entities. Please refer to the third-party cookies section for more details.

COOKIES
Like others, this website stores cookies in the user's browser to transmit personal information and enhance the user experience. Cookies are small text strings that websites visited by the user send to their device (usually to the browser), where they are stored—sometimes with extended persistence—so they can be retransmitted to the same websites upon subsequent visits.
As explained below, users can choose whether and which cookies to accept, bearing in mind that refusing their use may impact the ability to perform certain transactions on the site, or affect the accuracy and relevance of some customizable content or the ability to recognize the user between visits.
If no choice is made, default settings will apply, and all cookies will be enabled; however, users can communicate or change their decisions at any time. For the tracking policy, see https://www.abcmilano.com/it/cookie-policy

DATA VOLUNTARILY PROVIDED BY THE USER
The optional, explicit, and voluntary sending of emails to the addresses listed on the site entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the email. Similarly, the explicit and voluntary submission of forms on the site containing the data subject's information implies processing to fulfill pre-contractual obligations or the execution of services related to the submission of such forms.
Such information may include personal data, contact information, addresses, phone numbers, and email addresses of the data subject and any third parties identified or identifiable who are connected to the user. Specific short-form privacy notices will be progressively provided or displayed on the website pages set up for particular requested services.

NEWSLETTER AND MAILING LIST
Email contacts used to send communications from the website are sourced from voluntary subscriptions by recipients, always confirmed through an opt-in request, as well as from data acquired in the context of product or service sales by the Controller or similar transactions. These communications may include information, promotional content, and materials.
Please note that contacts are not obtained from public subscriber lists.
If the recipient is no longer interested in receiving communications, they can opt out at any time by clicking the unsubscribe link included in every message or by contacting the addresses provided below to exercise their right to unsubscribe from the newsletter.

CONSEQUENCES OF REFUSING TO PROVIDE DATA
Providing the data collected from the data subject is optional but essential for processing, especially for the purposes described in points 1 and 2. If the data subject does not provide the required data and does not allow processing, it will not be possible to deliver or implement the proposed services, nor fulfill contractual obligations. This may adversely affect compliance with legal obligations such as accounting, tax, and administrative duties.

Aside from what is specified regarding navigation data, users are free to provide personal data for cookies and specific requests via forms (e.g., regarding products and/or services). Failure to provide such data may make it impossible to fulfill those requests.
For all non-essential data, including special categories of data, providing such information is optional. In the absence of consent or in the case of incomplete or incorrect provision of certain data (including sensitive data), the resulting obligations may be incomplete to the extent that they lead to disadvantages such as penalties or loss of benefits—either because the processing cannot appropriately fulfill its intended obligations or because the outcome of the processing does not meet the requirements of applicable laws. In such cases, the organization shall not be held responsible for any resulting penalties or enforcement actions.

DATA PROCESSING METHODS
The processing of data related to the web services of this site is carried out using automated tools for the time strictly necessary to achieve the purposes for which they were collected. Processing takes place on servers located in Italy or the EU and is handled only by technical personnel authorized to process the data, or by individuals tasked with maintenance and administrative operations.
Specific security measures are observed to prevent data loss, unlawful or improper use, unauthorized access, and breaches of confidentiality. The infrastructure is equipped with anti-intrusion systems, firewalls, logging, and disaster recovery protocols. Specific mechanisms are used for data encryption, segregation, and user authentication and authorization.

Data processing refers to the collection, recording, organization, storage, processing, modification, deletion, and destruction of data, or any combination of two or more of these operations. In relation to the above purposes, personal data is processed using manual, IT, and telematic tools, following logics strictly related to the purposes themselves and in ways that ensure data security and confidentiality.
Personal data will therefore be processed in compliance with the methods set out in Article 5 of EU Regulation 2016/679, which states, among other things, that data must be processed lawfully, fairly, and in a transparent manner; collected and recorded for specific, explicit, and legitimate purposes; accurate and, where necessary, kept up to date; relevant, complete, and not excessive in relation to the purposes of the processing; and must respect the rights and fundamental freedoms as well as the dignity of the data subject, with particular regard to confidentiality and personal identity, by means of appropriate protection and security measures.
The data controller has implemented and will continue to improve its data access and storage security system.
No automated decision-making process (e.g., profiling) is carried out.
Processing takes place in non-EU and non-EEA countries only when connections to the website originate from those locations (upon the data subject's request from that location).

DATA RETENTION PERIOD
Personal data will generally be retained as long as the purposes for processing persist, depending on the category of data processed. Once the retention period has expired, the data will be destroyed or anonymized.
Student data will, in any case, be deleted at the end of the service contract with the University of Milano-Bicocca.
It is possible to request deletion from the portal by sending an email to privacy@lacordata.it, specifying the name of the portal of interest and the method by which the user registered.

DATA COMMUNICATION
Data may be communicated:

  • to internal staff within the organization and/or to external processors performing specific tasks and operations (such as website administration, navigation and traffic data analysis, management of emails and voluntarily submitted forms, order fulfillment for e-commerce, online booking);
  • in the cases and to the entities provided for by law.

CATEGORIES OF RECIPIENTS
Data will not be disclosed, except where required by law or after being anonymized.
Except as specified for cookies and third-party elements, without the data subject’s prior general consent to third-party communications, only services that do not involve such communications may be provided.
Where necessary, specific and explicit consent will be requested, and the recipients will process the data as independent controllers.
In certain cases (not part of the ordinary management of this site), the relevant Authority may request information and data for the purposes of verifying compliance with personal data processing regulations. In such cases, a response is mandatory under penalty of administrative sanctions.

DATA SUBJECT’S RIGHTS
At any time, you may exercise your rights (access, rectification, erasure, restriction, portability, objection, and the right not to be subject to automated decision-making) with respect to the data controller, as provided by Articles 15–22 of the GDPR (reproduced at the end of this notice).
You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
If processing is based on consent, you may revoke that consent at any time, noting that revocation does not affect the lawfulness of the processing carried out prior to such revocation.

All communications must be sent via email to privacy@lacordata.it or by regular mail to:
DPO La Cordata scs, Via B. Zumbini 6 – 20143 Milan, Italy