The Data Controller processes the following personal data, provided by you during the newsletter subscription:

• Name, surname, and email address;
• Browsing data, such as the IP addresses or domain names of the computers used by users to connect to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the request timestamp, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server's response (success, error, etc.), and other parameters related to the user's operating system and IT environment. This information is collected through cookies as described in the website's Cookie Policy, to which reference is made.

The Data Controller will process your data only with your explicit consent to send you the following newsletters:

• “Guida alla città” – To provide updates on news, events, and tips for making the most of Milano.
• “Student e Talent” – To inform you about events and initiatives organized in the city of Milano.

In the cases mentioned in this section, consent is provided during newsletter subscription, after which you will receive a confirmation email containing a link to finalize your subscription.

Finally, the Data Controller, only with your explicit consent by clicking on the appropriate icons, will share your data with social networks such as Instagram, TikTok, LinkedIn, and YouTube to enable the requested interactions.

The processing of Personal Data is carried out, both electronically and on paper, through operations such as collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of the data.

The Data Controller will process Personal Data for the time necessary to fulfill the purposes outlined above and, in any case—unless a different period is specified in the Cookie Policy regarding processing carried out through the use of cookies—for no more than 30 days from the collection for service purposes and no more than 2 years from the collection for sending the "City Guide" and "Student and Talent" newsletters.

With regard to the communication of Data to social networks, the Data Controller will not retain any of your Personal Data.

Providing your data is optional. However, failure to do so will prevent the Data Controller from updating you on Milano’s news and events.

Unless the communication occurs at your express request and with your consent, your Data may be disclosed, even without your consent, to supervisory bodies, law enforcement authorities, the judiciary, and competent Authorities upon their explicit request. These entities will process the data as independent data controllers for institutional purposes and/or pursuant to legal obligations during investigations and inspections.

Your Data may also be disclosed to third parties (e.g., partners, professionals, companies managing social networks in cases where consent is given, etc.), as independent data controllers, for the execution of activities instrumental to the purposes mentioned above.

In the case of interaction with social networks such as Instagram, TikTok, LinkedIn, and YouTube, we encourage you to review the privacy policies of each data controller regarding the processing of personal data.

The Data is not disseminated or transferred to non-EU countries. However, your Data may be transferred outside the EU by the social networks with which you interact; in such cases, the transfer is carried out in accordance with the methods and guarantees outlined in their respective privacy policies regarding the processing of personal data.

The Data Controller informs you that, as a data subject, and provided that the limitations established by law do not apply, you have the right to:

• Obtain confirmation from the Data Controller as to whether or not your personal data exists, even if not yet recorded, and to have such data made available to you in an intelligible form;
• Obtain from the Data Controller the following information and, where applicable, a copy:

a) the origin and category of the personal data;

b) the logic applied in case of processing carried out with the help of electronic tools;

c) the purposes and methods of the processing;

d) the identification details of the controller and processors;

e) the entities or categories of entities to whom personal data may be disclosed or who may become aware of it, particularly if recipients are in third countries or international organizations;

f) where possible, the period for which the data will be stored or the criteria used to determine that period;

g) the existence of automated decision-making processes, and in such cases, the logic involved, the importance, and the consequences for the data subject;

h) the existence of adequate safeguards in the case of data transfers to a non-EU country or an international organization.

• Obtain from the Data Controller, without undue delay, the updating or correction of inaccurate data or, when in your interest, the completion of incomplete data;
• Revoke, at any time and easily, the consents previously granted, using, where possible, the same channels used to provide them;
• Obtain from the Data Controller the deletion, anonymization, or blocking of data:

a) unlawfully processed;

b) no longer necessary for the purposes for which it was collected or subsequently processed;

c) in the event of revocation of the consent on which the processing is based, provided there is no other legal basis;

d) when you have objected to the processing, and there are no overriding legitimate grounds to continue it;

e) to comply with a legal obligation;

f) in the case of data relating to minors.

The Data Controller may refuse deletion only in the case of:

a) exercising the right to freedom of expression and information;

b) compliance with a legal obligation, performance of a task carried out in the public interest, or the exercise of official authority;

c) reasons of public health interest;

d) archiving in the public interest, scientific or historical research, or statistical purposes;

e) the establishment, exercise, or defense of legal claims.

• Obtain from the Data Controller the restriction of processing in the event of:

a) disputing the accuracy of the personal data;

b) unlawful processing by the Data Controller to prevent deletion;

c) exercising your rights in judicial proceedings;

d) verifying whether the legitimate reasons of the Data Controller prevail over those of the data subject.

• Receive from the Data Controller, when processing is carried out by automated means, without hindrance and in a structured, commonly used, and machine-readable format, the personal data concerning you, in order to transmit it to another controller or—if technically feasible—have it directly transmitted by the Data Controller to another controller;
• Object, in whole or in part:

a) for legitimate reasons related to your particular situation, to the processing of personal data concerning you;

b) to the processing of your personal data for sending communications via email and/or traditional methods, such as phone or postal mail.

• Lodge a complaint with the Data Protection Authority.

In the cases mentioned above, where necessary, the Data Controller will inform third parties to whom your personal data has been disclosed about the exercise of your rights, except in specific cases (e.g., where such notification is impossible or requires a manifestly disproportionate effort compared to the protected right).

You can exercise your rights by:

• Sending a registered letter to the Data Controller's address: Piazza della Scala n. 2, 20121 – Milan (MI), Italy.
• Sending an email to: info@yesmilano.it.

Consent to receive the "City Guide" and "Student and Talent" newsletters can be revoked at any time using the unsubscribe function included in every email sent.

Revoking consent does not automatically result in the deletion of the aforementioned profile from the CRM, unless the right to deletion is exercised as outlined in the "Data Subject's Rights" section of this privacy notice.

The Data Controller is:
Associazione Milano & Partners
Address: Piazza della Scala n. 2, 20121 – Milan (MI), VAT ID IT11016320969.

The Data Controller has appointed a Data Protection Officer (DPO), reachable at: dpo@yesmilano.it.