Privacy policy for the colletion and procssing of personal data pursuant to Articles 13 of Regulation (EU) 679/2016 of 27 April 2016

This privacy policy is issued pursuant to Art. 13 of Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and compliance with the legislation on the processing of personal data, as well as the free movement of such data.

In particular, this privacy policy applies to recruitment process for NEXTSCREEN Doctoral Candidates jobs

Data Controller

Politecnico di Milano – Director General delegated by the pro-tempore Rector – contact:

Data Processor

Politecnico di Milano has been appointed as “Data Controller” by the other institutions in the consortium limited to this collection purpose

Internal data processor

Prof. Andrea Bassi – email:

The data shall be processed by other persons authorised and instructed for this purpose in accordance with current legislation.

Data Protection Officer and contact details

E-mail: – Tel. 02 23999378.

Purpose of the processing, legal basis, categories of data and retention period.

For the purposes of applying the relevant European and national legislation (Regulation EU 679/2016, henceforth “Regulation”), we hereby inform you that your personal data will be used for the following purposes:

Intended purpose of the personal data processingLegal basis of the processingCategories of personal data subject to processingRetention period of personal data
The data will be collected to allow future recruitment process for NEXTSCREEN Doctoral Candidates jobs and the preparation for an employment relationship with a legal entity of the NEXTSCREEN Partners.  6.1 (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;Personal details, Contact details, Career detailsThe data are as long as it is necessary for recruitment purposes. After the conclusion of the application process (e.g. by rejection from our side or withdrawal from your side), we will delete the data.

Nature of the data

The provision of the data requested for Purpose is optional. In the event of failure to provide the data requested, the planned services/activities cannot be guaranteed.

Processing methods

The processing carried out for the purposes described above may be carried out on paper or on digital media, manually and/or using electronic or in any case automated tools, external databases (Microsoft Sharepoint).

Data may also be stored in paper archives for the duration of the course/activity [specify]/processing and indefinitely in digital format in view of the obligations of transparency and the correct operation of public administration.

The data acquired for the aforementioned purposes shall only be accessed by duly authorised personnel.

Categories of recipients

In relation to the purposes indicated, the data may be disclosed to the following public and/or private entities or may be disclosed to companies and/or persons that provide services, including externally, on behalf of the Data Controller. In particular, the data collected may be transmitted to service providers that are necessary for the delivery of the initiative. These parties will be formally appointed as “External data processors” by the Politecnico di Milano. Furthermore, the data collected may be disclosed to third party recipients, in their capacity as sponsors of the initiative, for their own purposes within the context of the initiative or similar events. Finally, your personal data may also be disclosed to other public administrations, including in anonymous form in the event that the latter are obliged to process such data for any procedures within their institutional competence, as well as to any public entities to which, under the relevant conditions, disclosure is legally required by the provisions of European system, laws or regulations, in addition to insurance bodies for any accident reports.

Specifically, the consortium parties are recognised as the recipients of your personal data who will process data as autonomous data controllers.

Transfer to non-EU countries or international organizations

The personal data will be processed by the Data Controller within the European Union.

Should it become necessary, for reasons of a technical and/or operational nature, to make use of parties located outside of the European Union, or should it become necessary to transfer a part of the data collected to technical systems and services managed in the cloud and located outside of the European Union, the processing will be regulated in accordance with the provisions of Chapter V of the Regulation and authorised on the basis of specific decisions by the European Union.

All of the necessary precautions will therefore be implemented in order to ensure the utmost protection of the personal data, the transfer being based:

a) on adequacy decisions regarding third country recipients as expressed by the European Commission;
b) on appropriate safeguards provided by the third party recipient pursuant to Article 46 of the Regulation;
c) on the adoption of binding corporate rules. 

Specifically, data could be transferred, upon specific consent, to the Swiss partner “Eidgenössische Technische Hochschule Zürich”

Rights of data subjects

As a data subject, you can ask the Data Controller for the following at any time:

As a data subject, you also have the right to object in whole or in part:

These rights can be exercised by contacting

If you believe that your rights have been violated by the data controller and/or a third party, you have the right to lodge a complaint with the Personal Data Protection Authority and/or other competent supervisory authority pursuant to the Regulation.

Milan, 07/11/2023