Map the giants - Privacy Policy

Privacy policy, cookies, acquisition and dissemination of images and videos


Dear user, in accordance with Article 13 of EU Regulation 2016/679, also known as GDPR, please find the following information on how we will process your personal data.

Your personal data will be processed in accordance with the principles of propriety, lawfulness, transparency and the protection of privacy and your rights. It may occur manually or electronically or with the use of IT or automated devices. Data processing may consist of any operation carried out with or without the use of automated processes, including the collection, recording, organisation, structuring, storage, elaboration, selection, blocking, adaptation, modification, extraction, consultation, use, communication via transmission, diffusion or any other means of making available, comparison, interconnection, limitation, cancellation or destruction of said data.

Who is the Data Controller? 

The Data Controller – i.e. the body that determines how and why your data is processed – is the University of Milano-Bicocca, located in Piazza dell’Ateneo Nuovo 1, 20126 Milan, represented by its legal representative Rector Giovanna Iannantuoni (hereinafter the “Controller”). You can contact the Controller by writing to the address shown above or sending an email to or the certified email address

Who is the Data Protection Officer?

The University of Milano-Bicocca has appointed a Data Protection Officer who can be contacted with all queries relating to personal data processing and to exercise any rights deriving from GDPR. The Data Protection Officer can be contacted at or certified email address


Why do we process your data?

In accordance with Article 6, Paragraph 1 of GDPR, your personal data is processed so that the relevant university department/bodies can fulfil all duties allocated to them. More specifically, the university will process your data for:

  • Research activities focused on coral reefs
  • Socio-economic studies
  • Contacting you for further information and/or clarification on the submission
  • Promotional and commercial activities
  • Use/diffusion of images, provided a release form has been signed, on its website and social media

channels pursuant to articles 96 and 97 of the Law 633/1941 (the Law on Copyright).

Who can we communicate your data to?

Your data is processed by personnel who belong to the departments of the university and are authorised by the Data Controller, in accordance with their functions and skills.

Your data will not be transferred to countries outside the EU or to international organisations. In the event that this becomes necessary, you will be provided with a specific information notice. In the event that no decision on adequacy has been issued for the destination country, or if adequate guarantees are not available as regards data protection, you will be asked to grant your consent before we proceed with the transfer.

Is it compulsory for you to provide us with your data?

 No, you are not obliged to communicate your data to us but in case of refusal, the University will not be able to proceed with the specific activities.


How long will we store your data for?

Your personal data is processed by the Data Controller until the purposes envisaged by the project are fulfilled.

If your personal data is stored in the database of the Data Controller, it is stored for an unlimited period of time.

If your personal data is contained in analogue documents and/or digital products or products owned by the Data Controller, this data is subject to legal storage time limits; the various time limits are contained in the “Disposal of analogue and digital documents guidelines”, which can be found on the university website.

Where present, authentication logs will be erased after 180 days.

What are your rights and how can you exercise them?

You have the right to:

  • access your personal data;
  • obtain the correction or cancellation of data or the limitation of data processing;
  • request data portability if data is in digital form;
  • oppose data processing;
  • make a complaint to the supervisory authorities.

You can exercise your rights by contacting the Data Controller and/or the Data Protection Officer; the Data Controller must respond to your within 30 days of the date they receive your request (this period can be extended to 90 days if the request is particularly complex).

In the event that you believe that your data has been processed in a way that violates relevant regulations, or if the response to a request in which you have exercised one or more of the rights set out in Articles 15-22 of GDPR fails to arrive within the time limit indicated or is unsatisfactory, you can contact the supervisory authority or the authority of the protection of personal data.

Will you be subject to automated decision-making processes?

No, you will not be subject to any decisions based solely on automated processes (including profiling), unless you have explicitly provided your consent for this.

Is your data safe?

Your data is processed in a lawful, proper manner and we adopt appropriate security measures designed to prevent any unauthorised access, disclosure, modification or destruction of the data.

[This policy was last updated on 20/11/2023]




Having received the information note from the data controller pursuant Legislative Decree 196/2003 (Privacy Code) and to the EU General Data Protection Regulation 2016/679, which is published on and provided with the present  declaration, in the knowledge that the processing of the personal data provided may include the acquisition and publication of images and/or audiovisual material, pursuant to Law 633/1941 (the Law on Copyright)


the personnel employed by the University of Milan-Bicocca and other public or private figures to whom the university allocates services for which they have the required skills, within the limits set out by law, on an out-sourcing basis or as part of conventions or agreements to use Photo Audio and/or Videos, collected through the website and social media for research purpose  and for the purpose of publicizing / promoting the University’s activity (so-called secondary purposes).


The authorization is understood to be granted free of charge without time limits also pursuant to articles 10 and articles 96 and 97 of the Law 633/1941 (the Law on Copyright).

The author(s) of the Photos, Audio and/or Videos must inform any interested parties (such as the people portrayed) in the cases and in the ways provided for by articles 96 and 97 of the Law 633/1941 (the Law on Copyright) requesting the authorization for the use, publication and dissemination in any form of theirs images.

The Authorization include the acquisition of Photo Audio and/or Videos in any form of use on printed paper and/or on any other means of dissemination for the use, publication, dissemination and promotion, as well as the authorization for the conservation of the Photo Audio and/or Videos themselves in the computer archives of ​​the University of Milan Bicocca, on the premises on the University or on third-party premises during the carrying out of activities related to the activity of the University itself.

Without prejudice to the recognition of the author’s moral right the University will became owner of the the use, publication, dissemination and patrimonial right relating to the Photo Audio and/or videos presented, without the author/authors being able to have anything to claim in this regard for any reason, including the request for compensation connected to the use of the Photo Audio and/or Videos themselves.


The author(s) of the Photo Audio and/or Videos indemnify the University from any liability, including towards any subjects recognizable.

The above authorization is granted within the limits of the privacy policy attached to the present deed, and prohibits the dissemination of personal data in contexts different from those indicated, for purposes different from the stated goals, and in ways that harm the personal dignity and decorum of the subject depicted.

This authorization may be revoked at any time by written communication to be sent via post or e-mail (

The acknowledgment of this document and authorization to process data is provided by clicking the checkbox. This involves signing the document with an electronic signature in accordance with Article 3, n. 10 of the eIDAS Regulation 2014/910.