Linkedin Instagram

Privacy Policy

Information notice pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR)

This Privacy Policy is provided by the European School of Molecular Medicine – SEMM ETS (hereinafter also referred to as “SEMM” or the “Data Controller”) in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”).

SEMM informs users that personal data collected through the use of the website www.semm.it (hereinafter the “Website”) will be processed in compliance with the principles of lawfulness, fairness, transparency, data minimization and confidentiality, and in full respect of the rights of data subjects.

This Privacy Policy applies exclusively to the Website and its related subdomains and does not apply to third-party websites accessed via hyperlinks on the Website, for which SEMM is not responsible. Users are encouraged to consult the respective privacy policies of such third-party websites.

Data Controller

(who determines the purposes and means of processing personal data)

The Data Controller is:

European School of Molecular Medicine – SEMM ETS
Via Adamello, 16 – 20139 Milan (Italy)
Email: info@semm.it

Purposes of processing

(why personal data are processed)

Personal data are processed for the following purposes:

  • to ensure the proper technical functioning, security and maintenance of the Website

  • to perform technical assistance and system management activities

  • to collect anonymous statistical information on Website usage

  • to respond to requests submitted via email or contact forms

  • to manage applications, information requests and institutional communications

  • to organize educational activities, scientific events, seminars and academic initiatives

  • to comply with legal or regulatory obligations

Legal basis of processing

The processing of personal data is based on:

  • compliance with legal obligations

  • the legitimate interest of the Data Controller in managing and improving the Website and its institutional activities

  • the consent of the data subject, where required (e.g. submission of forms or requests)

Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Recipients of personal data

Personal data may be processed by:

  • authorized personnel of the Data Controller

  • external service providers (e.g. IT, hosting, technical or organizational service providers)

Such entities may be appointed, where necessary, as Data Processors pursuant to Article 28 GDPR.

An updated list of Data Processors may be requested from the Data Controller.

Disclosure of data

Personal data will not be disclosed.
They may be communicated only when required by law or upon request of competent public authorities.

Processing methods and data security

Personal data are processed using paper-based and electronic tools, adopting appropriate technical and organizational security measures to prevent unauthorized access, loss, misuse or unlawful processing.

The Website uses the HTTPS protocol to ensure secure data transmission.
However, no system can guarantee absolute security; users are therefore encouraged to use adequately protected devices.

Data transfers outside the European Union

Personal data are not transferred to countries outside the European Union that do not provide an adequate level of protection.

Where necessary, any transfer outside the EU will take place in accordance with Articles 44–49 GDPR and subject to appropriate safeguards.

Categories of personal data processed

a) Browsing data

Collected automatically to ensure Website functionality and security (e.g. IP addresses, browser type, access times). These data are used exclusively in aggregated and anonymized form for statistical purposes.

b) Cookies

The Website uses technical cookies and, where applicable, other tracking tools as described in the dedicated Cookie Policy.

c) Data voluntarily provided by users

Personal data provided via email or contact forms (e.g. name, surname, email address, message content) are processed solely to respond to user requests and will not be used for profiling purposes.

Data retention period

Personal data are stored only for the time strictly necessary to achieve the purposes for which they were collected and in compliance with applicable legal obligations.

Rights of the data subject

Data subjects have the right to:

  • access their personal data

  • request rectification or updating of inaccurate data

  • obtain erasure of their data, where applicable

  • restrict or object to processing

  • withdraw consent at any time

  • request data portability, where applicable

  • lodge a complaint with the competent Data Protection Authority

How to exercise your rights

To exercise your rights, you may contact the Data Controller at:

info@semm.it

Requests are processed free of charge and without undue delay, in any case within one month, in accordance with the GDPR.

For further information on data protection rights, data subjects may consult the Italian Data Protection Authority website:
👉 https://www.garanteprivacy.it