• Open Innovation Lombardia

    Legal Notice and General Conditions of Use of Open Innovation Services


The use of the Open Innovation Portal, a telematic service made available by the Lombardy Region, involves the processing of personal data according to the definition of EU Regulation 2016/679 on the Protection of Personal Data (hereinafter also "Regulation" or "GDPR") and Italian Legislative Decree no. 196 of 30 June 2003 (so-called Privacy Code) as amended in accordance with Legislative Decree no. 101 of 10 August 2018, in addition to the acceptance of the general conditions of use specified below. Acceptance of the terms of use and the indications provided, constitutes a necessary condition for the registration of the User and the use of the services made available on Open Innovation at the following address: 


Therefore, the following information does not concern other websites, pages or on-line services that can be reached through hypertext links on the Open Innovation portal

The Lombardy Region is the Data Controller of the personal data of its own competence (data of the persons in charge of processing / data subjects, before the User, etc.), hosted on regional servers dedicated to regional services and products, in relation to which the company Aria S.p.A. - Agenzia Regionale per gli Acquisti e l'Innovazione, a digital company of the Lombardy Region, is the Data Processor with the exclusive task of managing the correct operation of the platform for the provision of Open Innovation services and functionalities, within which Users provide for the publication of the contents and other information, as well as the personal data required for the correct registration.


Pursuant to Regulation (EU) 2016/679, since the use of the Portal entails the processing of personal data relating to individuals involved in the management process, it will be necessary to read the provisions of the privacy policies on the processing of personal data made available on the Open Innovation portal, both to proceed with the registration of the user profile and to register for specific events organised by Open Innovation. This notice is an integral and substantial part of the privacy policy of the Lombardy Region and the methods of management of personal data collected. 

According to art. 4, par. 1 no. 7 of EU Regulation 2016/679, the Data Controller is the Lombardy Region, in the person of its legal representative pro tempore, with registered office in Piazza Città di Lombardia no. 1 (Milan), Italy. 

For the processing of personal data provided in relation to the services offered by Open Innovation, pursuant to art. 28 of EU Regulation 2016/679 Lombardy Region avails itself of the following subjects as Data Processors: ARIA S.p.A. Agenzia per gli Acquisti e l'Innovazione (formerly Lombardia Informatica S.p.A.), with registered office in Via Torquato Taramelli no. 26, Milan (20124), Italy and Finlombarda S.p.A., with registered office in Via Torquato Taramelli no. 12, Milan (20124), Italy, respectively for the management and maintenance of regional IT systems and for the performance of activities and tasks instrumental to the provision of the services offered by Open Innovation. 

With reference to personal data ARIA S.p.A., in consideration of its specific competences, also performs the task of IT system administrator, with the exclusive task of managing the correct operation of the platform for the provision of Open Innovation services and functionalities.

In accordance with art. 28, par. 4 of the GDPR, the Lombardy Region requires the same obligations on the Data Processors as regards data protection, including the guarantees to implement adequate technical and organisational measures to ensure that the processing meets the requirements of current legislation.

Personal data processing method

In compliance with the provisions of EU Regulation 2016/679 and within the scope of processing personal data involved in the Service, the Lombardy Region and the Data Processors it shall appoint, will be required to comply with the following instructions:

a) process personal data only according to the documented instructions of the Data Controller, 

b) ensure that the persons authorised to process personal data are committed to confidentiality or have an appropriate legal obligation to confidentiality;  

c) comply with the conditions provided for by current legislation for the appointment of any Sub Data Processors; 

d) taking into account the nature of the processing, assist the Data Controller with appropriate technical and organisational measures, as far as possible, in order to comply with the Data Controller's obligation to fulfil the requests for the exercise of the data subject's rights referred to in articles 15, 16, 18, 19 of the Regulation, where applicable;

e) at the choice of the Data Controller, delete or return all personal data after the provision of the services relating to the processing has ended and delete existing copies, unless the law of the European Union or its Member States provides for the retention of the data; 

f) make available all the information necessary to the Data Controller to demonstrate compliance with the obligations set out in these instructions and to allow, in addition to contributing to, the audit activities, including inspections, carried out by the Data Controller or by another person appointed by the same;

g) inform the Data Controller immediately if, in his/her opinion, an instruction violates the contents of the EU Regulation referred to above or other national or EU provisions on data protection;

h) assist the Data Controller in ensuring compliance with the obligations set out in articles 33 to 36 of the Regulation (security measures, notification and disclosure of breaches, impact assessment and prior consultation), taking into account the nature of the processing and the information available to the Data Processor; 

i) implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, inter alia, where appropriate: 

i. pseudonymisation and encryption of personal data;
ii. the ability to ensure confidentiality, integrity, availability and resilience of processing systems and services on a permanent basis; 
iii. the ability to promptly restore the availability and access of personal data in the event of a physical or technical incident; 
iv. a procedure to regularly test, verify and evaluate the effectiveness of technical and organisational measures to ensure data processing security;
v. the provision of secure authentication procedures for access to restricted areas of the platform;

l) ensure that the persons acting under the authority of the Data Processor and having access to personal data relating to the Service do not process such data unless duly instructed by the Data Processors themselves.

In light of the foregoing, in relation to the processing of personal data carried out for the Open Innovation services, the Lombardy Region can in no case be held liable for any breaches of the privacy regulations in force by Users on the occasion of and/or due to the use of the Open Innovation Portal.  


The service consists of a Portal that offering a set of features that allow registered users to manage their specific skills and create, among other things, professional partnerships in the Research & Innovation sector. The system guarantees all security standards for data access and features high interoperability in terms of security.

Obligations towards the User

The Lombardy Region guarantees the functionality of the system made available to users on the basis of the service levels and other commitments contained in this document. At the same time, the Lombardy Region cannot be held liable for any malfunctioning of computer systems that are not under its direct control. 

Obligations and responsibilities

The Lombardy Region, in its quality as the User owning the IT structure used for providing the service, makes the technological platform available for free. Within such platform registered users can use the functionalities made available on the Open Innovation Portal. The User undertakes to use the service with due diligence, guaranteeing the truthfulness and reliability of the content published, where appropriate, providing useful news and documents.

The Lombardy Region declines all liability for any errors, inaccuracies, defaults and/or false information regarding the contents and information published by the Users, or even related to the initiatives promoted through the Open Innovation portal.

In no case, shall the Lombardy Region be held liable for facts and/or loss and/or damage of any kind, which may derive to the User and/or third parties as a result of the use of Open Innovation and its functionalities, from the consultation of data or information published and/or used on the portal.

Likewise, the Lombardy Region declines any and all liability for direct and/or indirect loss or damage, related to the nature and/or loss of data and/or content published, arising from or related to use, inability to use, unauthorised and/or improper use by registered Users.

The User, through the publication and/or dissemination of any content on the Open Innovation portal, assumes all responsibility, civil and criminal, for any prejudice caused to third parties, including liability for any breach of intellectual property law (copyright, industrial property, trademarks, patents, etc.). 

Virus protection

The Lombardy Region , also through the support and aid of the regional bodies in charge of the governance of technological infrastructures, adopts suitable and preventive security measures to ensure the proper operation of the services offered through Open Innovation and to prevent and/or minimise any malfunctions and/or alterations of the related IT systems.

The User undertakes to enter data, files and file folders free from computer viruses, checking in advance the integrity of the contents to be posted and/or published on the Open Innovation Portal. 

The Lombardy Region shall not be held liable for any harmful consequences suffered by Users as a result of downloading "infected" material and/or computer programs entered and/or made available by Users on the Open Innovation portal.

Finally, the Lombardy Region is not liable for direct and/or indirect loss or damage, resulting from any interruptions, delays and/or anomalies in the service due to causes not depending on the same, such as, for example, but not limited to: blackouts of the electricity supplier, failures in the electronic communication networks of the connectivity provider or exceptional events: disasters, earthquakes and/or natural catastrophes, etc.

Final clauses

In the event of serious violations in the use of the Open Innovation Portal, the Lombardy Region reserves the right to suspend the use and enjoyment of the services,subject to prior notification, as well as to make appropriate reports to the competent authorities in the event that such violations entail criminally relevant cases.

The Lombardy Region also reserves the right to modify, where necessary, the conditions of use and the functional and operational procedures of the organisational and technological infrastructure for the provision of the services made available, by giving suitable notice thereof.

go to top