Skip to main content
Privacy

Distance learning

Privacy policy under art. 13 of eu regulation 679/2016 of 27 april 2016 for distance learning activities

This policy is addressed to those using telematic tools and services provided by Politecnico di Milano to guarantee distance teaching methods during the suspension of teaching.
The personal data collected/registered for these purposes will be processed under EU Regulation 2016/679 (General Data Protection Regulation) and Legislative Decree 196/2003 and subsequent amendments and additions. (Personal Data Protection Code), as explained below.

Data controller - Identity and contact

The Data controller of Politecnico di Milano is the General Director upon authorization of the pro-tempore Rector – contact: dirgen@polimi.it

Data protection officer – identity and contact

Dr. Vincenzo Del Core - privacy@polmi.it tel.: 02.2399.9378

 

Processing purposes and methods

Personal data may be processed through online platforms or services that allow teaching activities, by configuring "virtual classrooms", evaluating learning for tests and exams, and encouraging interaction between professors and students.
Lessons may be audio/video recorded to allow students to access them for teaching purposes. If the student does not wish to be audio and video recorded, they may participate in discussions when the professor indicates this will not happen. Audio/video recordings of examinations or parts of them could be recorded to check that they are carried out correctly and prevent any irregularities.
Facial detection and recognition technologies may be used to prevent cheating during the exam, for example if the student remained in the video frame, if others share a video frame, if the person who started the exam is the same as the person who completed it, or if the user's face position changed on the webcam recording device.
Data relating to the examination may be processed including: the date and time the user starts and completes an exam; the time each question is answered; time spent on each question; if and when an answer to a question is changed; the quality of the user's Internet connection during the exam (including the time and duration of any Internet disconnections); mouse, keyboard and screen activity; video recording quality (lighting, contrast, motion); audio recording quality; applications and processes running on the device during the exam.
User data can be aggregated and compared to search for patterns or anomalies, for example if a user has spent an unusually long time answering a question compared to other users. Please note that students may be required to show an identification document to the webcam which may be photographed, recorded or simply seen on the screen by a professor for identity verification.

Data processing legal basis

The processing legal basis is to be found, under art. 6, paragraph 1, letter e), of art. 3, letter b) and art. 9, paragraph 2, letter g) of EU Regulation 2016/679 and articles 2-ter and 2-sexies of Legislative Decree 196/2003 and subsequent amendments and additions, in the institutional tasks entrusted to Politecnico di Milano and aimed at guaranteeing the teaching, training, research and third mission activities.
Processing purposes can be found in the second level policies, published on the Politecnico di Milano website: www.polimi.it/privacy/. 

Personal data retention period

Data is kept by Politecnico di Milano for the time necessary to achieve the above purposes. This is without prejudice to the ten-year or longer retention period to ensure legal administrative requirements which cannot be determined in advance, due to different legal processing conditions (e.g. legal proceedings that make the processing necessary for longer than ten years).

Data recipients categories

Data will be processed exclusively by authorised parties and online service providers or platforms that, may become aware of data subject personal data, for the sole purpose to carry out the requested service. These parties are expressly appointed, under art. 28 of EU Regulation 2016/679, as Data Processors.<br/> Data subject data may be processed by system administrators authorised by the Data Controller to carry out IT services. It is possible to know the identity of system administrators or the updated list of Data Processors by writing to the Data Controller.

Data subject rights

As data subject, you may ask the Data Controller:

  • for confirmation of the existence of your data;
  • to access your data and related information, correct inaccurate data or complete incomplete data; delete your data (if one of the conditions in art. 17, paragraph 1 of the Regulation occurs and under the exceptions in paragraph 3 of that article); to limit your data processing (if one of the cases in art. 18, paragraph 1 of the Regulation occurs), transform into anonymous data or block illegal data processing, including data which storage is unnecessary for the purposes for which it was collected or processed.

As data subject, you have the right to fully or partly oppose data processing:

  • for legitimate reasons, even if the data is related to the purpose for which it was collected;
  • or oppose your data processing, for the purposes of sending Politecnico di Milano promotional material for training initiatives and cultural events.

These rights can be exercised by contacting privacy@polimi.it.

If you believe that your rights have been violated by the data controller or a third party, you can lodge a complaint with the Data Protection Authority, or another relevant supervisory authority under the Regulation.

For further data processing information, please refer to the software and applications policies adopted to provide the service.

Last update: June 11, 2020