Bicocca GHC

Privacy and cookies policy

This document details our privacy policy, in compliance with our obligations under national (Legislative Decree n. 196 of 30 June 2003, Code on the protection of personal data) and European Community law (EU General Data Protection Regulation n. 2016/679, GDPR) and subsequent amendments. The present website respects and protects the confidentiality of visitors and users, and makes all possible and proportionate efforts not to violate the rights of users. This privacy policy applies exclusively to online activities on this website, and is valid for the website’s users and visitors. The purpose of this privacy policy is to provide as much transparency as possible on the data collected by the website and the way it is used. It does not apply to data collected through channels other than this website, which is available at the following address:

Legal basis of data processing

By using or consulting this website, visitors and users explicitly approve and consent to the processing of their personal data in the ways and for the purposes described below, including the sharing of said data with third parties if necessary to provide a service. .

Types of data collected and purposes

The personal data provided through the website shall be processed for the following purposes:
a. Purposes of statistical research / analysis on aggregate or anonymous data, without the possibility of identifying the user, aimed at measuring the functioning of the site and assessing usability and interest;
b. Compiling data collection forms for receiving newsletters or communications generally via e-mail;
c. Purposes related to the online provision of University services.
The website uses log files which store data collected in an automated manner during user visits. The data collected can include the following:
a. Internet Protocol address (IP);
b. Browser type and parameters of the device used to connect to the website;
c. Date and time of the visit;
d. The websites visited immediately prior (referral) and next to the visit.
The above-mentioned data is processed in an automated, anonymous manner to ensure the proper functioning of the website and for security reasons. The same data may be processed, in compliance with existing regulations, to block attempts to damage the website itself or other users, or to prevent any other harmful or illegal activities.
Should the website allow user comments, or in the case of specific services requested by the user, the website automatically detects and records some of the user’s identification data, including his or her email address. This data is understood to be voluntarily provided by the user upon their request for the service in question. By adding a comment or any other information, the user confirms having read the privacy policy, and specifically provides their consent for sharing the content inserted with third parties.
The data that website users shall accept to make public through the services and the tools made available by the latter are provided by the users willingly and knowingly, exempting the present website from any liability in case of violations of the law.
The user is responsible for making sure they have the necessary permission for inserting the personal data of third parties or content protected under national and international law. The data collected by the website during its functioning are used exclusively for the above-mentioned purposes, and stored for the period of time strictly necessary for carrying out the above-mentioned activities, which normally amounts to 180* days.
[*The 180 days must be understood as the maximum lenght of time for data storage; this length shall be reduce should the user request data erasure.]

Recipients of the data

Your data is processed by the subjects belonging to the University structures authorized by the Data Controller for processing, in relation to their functions and responsibilities. Furthermore, the Data Controller may communicate his personal data to the following third parties, because their activity is necessary to achieve the aforementioned purposes, also with respect to the functions assigned to them by law:
There is no data transfer in Extra-EU territories or “International Organizations” . In the event that the need arises, firstly, a specific disclosure will be provided and, in the event that an adequacy decision has not been issued for the country of destination, or if adequate protection guarantees are not available, it will be requested. consent to proceed with the transfer.

Use of cookies

Use of cookies third parties

Third parties

The portal uses third-party content (through resource embedding techniques); it is thus possible that during a visit to the portal, other cookies – including both technical cookies and user profiling cookies – may be sent by these third parties to the user’s browser. The suppliers of said services are responsible for their own privacy and cookie policies. Below is a list of the services used and links to their privacy and cookie policies.

The data arising from the use of Google, Youtube, Twitter, Facebook, and Instagram profiling cookies is processed for the purposes and in the ways detailed in the policies above; some of the data may be processed outside of the borders of the European Union.
The technical cookies and log files are collected by the website and are processed in the offices of the external data processor, who processes the data on behalf of the data controller, and whose offices are located within the European Economic Space.
For detailed information on the cookies used by the portal, see below.

Disabling cookies

a. It is possible to deny consent to the use of cookies by selecting the specific setting on one’s browser.
Below are the links that explain how to disable cookies on the most popular browsers (for any other browsers, we suggest you look for this option in your software’s help section)
1. Internet Explorer
2. Google Chrome
3. Mozilla Firefox
4. Opera
5. Apple Safari

b. Disabling third-party cookies:
Disabling third-party cookies is also possible in the ways described in their respective privacy policies and/or made available directly by the third-party company serving as the data controller. Disabling Google Analytics cookies only can be done by using the additionalOpt-Out component provided by Google for all the main browsers, available at the following link
Cancelling cookies already stored on the terminal:
Even if the authorization for using third-party cookies is revoked, such cookies may have been stored on the user’s terminal prior to the revocation. For technical reasons, it is not possible to erase these cookies, but the user’s browser makes it possible to eliminate them via the browser’s privacy settings. The browser’s options include “Clear browser history”, which can be used to eliminate cookies, website data, and plug-in.

Cancelling cookies already stored on the terminal

Even if the authorization for using third-party cookies is revoked, such cookies may have been stored on the user’s terminal prior to the revocation. For technical reasons, it is not possible to erase these cookies, but the user’s browser makes it possible to eliminate them via the browser’s privacy settings. The browser’s options include “Clear browser history”, which can be used to eliminate cookies, website data, and plug-ins.

Necessary cookies

These cookies make it possible for the Portal’s various components to function, and make the entire web ecosystem accessible by enabling basic functions such as page navigation. The website cannot function properly without these cookies.

Name of cookieDurationPurposeDomainCLASSIFICATION
has_jsSessionMemorizes the client’s consent status: whether their javascript is active or not. On the basis of this information, the site either activates or refrains from activating functions based javascriptwww.bicoccaglobalhealth.unimib.itGroup A
cookie-agreed6 months + 2 weeksMemorises the user’s consent status for cookies for the current domainwww.bicoccaglobalhealth.unimib.itGroup A
cookie-agreed-version6 months + 2 weeksIt refears to the eu_cookie_compliance.js script versionwww.bicoccaglobalhealth.unimib.itGroup A


These cookies are used to monitor website visitors in order to show pertinent, targeted advertising reflecting the user’s browsing preferences.

Name of cookiesDurationPurposeSource/Domainclassification
VISITOR_INFO1_LIVE6 monthsTries to estimate the user’s connection speed for websites with integrated YouTube videos.YouTubeGroup C
PREF8 monthsRegisters a unique ID used by Google to generate statistical data on how the visitor users Youtube videos on various websitesYouTubeGroup C
YSCsessionRegisters a unique ID used to generate statistical data on which YouTube videos have been viewed by the userYouTubeGroup C
IDE13 monthsUsed by Google DoubleClick to register and produce reports on the actions of the user on the website after he or she has clicked on one of the advertiser’s ads in order to evaluate the efficacy of a given ad and present targeted advertising to the userdoubleclick.netGroup E

Classification (coding criteria)

The cookies / tracking tools used can be classified according to the following features.

Strictly Necessary (Group A)

Hosting and backend infrastructure
Platform and hosting services (e.g. backup)
SPAM protection
Traffic optimization and distribution
Consent management throught cookie banner

Simple interactions and functionality (Group B)

Contact the user
Registration and authentication
User database management

Experience improvement (Group C)

Interaction with data collection platforms and other third parties, including sharing content on social networks
Viewing content from external platforms

Measurement (Group D)

Content and functionality performance tests
Heat mapping and session recording
Management of data collection
Infrastructure monitoring

Targeting and Advertising (Group E)

Remarketing and behavioral targeting

Security measures

This website processes user data in a proper and lawful manner, and adopts all necessary security measures to prevent the unauthorized access, publication, modification, or unauthorized destruction of said data.
Processing takes place through digital and/or telematic tools, with organizational modalities and approaches that are strictly related to the stated purposes of data processing. In addition to the data controller, in some cases subjects authorized by the University and involved in the organization of the website may have access to the data.

Rights of the user

Pursuant to EU Regulation 2016/679 (GDPR) and national laws, users can exert the following rights within the limits and according to the modalities established under existing laws:
1. The right to access his or her own personal data;
2. The right to obtain rectification or erasure of said data and limits on their processing;
3. The right to data portability (applicable only to data in electronic format), as disciplined by art. 20 of regulation UE 2016/679;
4. The right to object to data processing;
5. The right to file a claim with the Italian Data Protection Authority.
Requests must be addressed to the data controller.

Existence of automated decision-making processes

“Automated” decisions are those that can be based on data supplied directly by the interested persons (e.g. though a questionnaire) or obtained through direct observation (such as location data collected by an app); automated decision-making processes cannot affect the rights or legitimate interests of persons, and cannot have a significant impact on additional and distinct individual expectations.
The site NOT makes use of automated decision-making processes.

Exercising user rights

To exert the above-mentioned rights, users may contact the data controller at the following email address: or at the following certified email address:
The data controller must reply within one month of receipt of the request, which deadline can be extended up to three months for particularly complex requests.

Data controller

Pursuant to existing laws, the data controller is Università degli Studi di Milano-Bicocca, in the person of its legal representative Professor Giovanna Iannantuoni.

Contact information:

Data protection officer (DPO)

Contact info:


The present privacy policy was last updated on 01/07/2023