DISCLOSURE FOR SITE VISITORS
In implementation of the EU Regulation 2016/679
FUA – FLORENCE UNIVERSITY OF THE ARTS – S.r.l.
Registered Headquarters in via Alfonso Lamarmora n. 39, Firenze
Administrative/Operative Headquarters: Palazzo Bombicci Guicciardini Strozzi, Corso Tintori 19-21, FIRENZE
p. IVA 05475460480 n. REA n. FI-549656
Registered Headquarters Via Ricasoli, 26, 50100 Firenze,
Administrative/Operative Headquarters Villa Brilli Peri, Via Guelfa 85-114-116 / FIRENZE
p. iva 05957530487 n. REA FI-622601
(herein jointly referred to as “CONTROLLER”)
Email address email@example.com Phone +39 055.246.90.16 Fax +39 055.247.8068
Mon – Thu / 8.30AM to 5.30PM (GMT + 1)
In accordance with Art. 13 of EU 2016/679 Regulation (“GDPR” General Data Protection Regulation) and of Legislative Decree no. 196/2003, CONTROLLER informs Users (e.g. visitors to any FUA and Palazzi Florence Association for International Education website) regarding the use of personal data concerning them. The compliance by CONTROLLER with the legal obligations regarding transparency and mandatory publication of data and documents remains unaffected.
1. Nature of data, purpose of processing and legal basis. The personal data collected and processed by CONTROLLER are:
- those provided directly by Users, at the time of their sign-up as a member of this website, where such membership sign-up is available;
- the data provided from time to time by users relative to the specific service requested;
- data relating to the functionality of the website in the form of session and variable storage cookies that do not contain any personally identifiable information (PII); These data are processed exclusively for institutional purposes of CONTROLLER (website operation), in particular for the technical functionality required by the software and systems for the availability of web content shared between CONTROLLER and users, as well as for the provision of the specific services requested by users. The legal basis of the processing is therefore the ability to provide website content to the user.
2. Methods of processing, retention period and consequences of non-disclosure of data.
The treatment is carried out both in automated and manual mode, there are no fully automated decision-making processes or profiling. Data collection takes place in compliance with the principles of relevance, completeness and non-excess in relation to the purposes for which they are processed. Failure to provide the data referred to in paragraph 1, letters a) and b), preclude the establishment and continuation of the relationship with CONTROLLER. The omitted supply of the data indicated in point 1, letter c), makes it impossible to access the services requested or limits the functionality of the website, especially in cases where said website has membership functionality. The personal data provided is processed in compliance with the principles of lawfulness, correctness and pertinence provided for by the law, also with the aid of IT and telematic tools for storing and managing the data, which will be kept for the duration of the contractual relationship and for the following 5 years with the exception of different legal obligations, and in any case in such a way as to guarantee their security and protect the privacy of the person concerned. The data may be processed anonymously for statistical activities aimed at improving the services offered.
3. Data Controllers and processors
The sole data controller is CONTROLLER as per the contact details above. Data processors are CONTROLLER employees and collaborators who process the data in compliance with current laws on the matter, for institutional purposes and in compliance with legislative obligations.
4. Categories of subjects to whom the data may be communicated or who may come across them as managers or processors. Users’ personal data may be communicated:
- to public and private subjects in Italy or abroad (universities or colleges of the Students or official affiliates of CONTROLLER) when communication is necessary for the performance of institutional functions of the requesting entity or for services requested by Users;
- to public and private subjects if these subjects request it in order to facilitate the orientation, training and professional integration of members of sites that provide membership;
Sensitive and judicial data may be communicated, in the context of the purposes indicated in point 1, only where required by law or regulation. In any case, the communication or dissemination of data required, in accordance with the law, by the public security authority, by the judicial authority or by other public entities for the purposes of defense, state security, and the detection of offenses, is reserved, as well as the communication to the judicial authorities, in compliance with legal obligations, where they are considered alleged criminal offences. Outside of the aforementioned cases, personal data are in no way and for any reason communicated or disclosed to third parties
5. Rights of the concerned User
The concerned User can exercise:
- the right to ask the Data Controllers to confirm that personal data concerning them is being processed and, in this case, to obtain access to personal data and information about the processing that concerns them (Article 14 of the GDPR);
- the right to obtain without delay: a) the correction of inaccurate data concerning them, the updating or, when necessary, the integration of this data (Article 16 of the GDPR) or b) the cancellation of the data in the cases provided for by law (Article 17 of the GDPR) or c) the limitation of processing in cases provided for by law (Article 18 of the GDPR) or the blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed, d) the attestation that the operations referred to in the preceding letters a, b and c have been brought to the attention, also regarding their content, of those to whom the data have been communicated or disseminated, except in cases where such proves impossible or involves a use of means manifestly disproportionate to the protected right;
- the right to data portability, e.g. the right to receive, in a structured, commonly used and automatically readable format, personal data concerning him/her provided to a data controller, that the User can transmit to another data controller, without any impediments from the original data controller to whom they have provided the data, in the cases provided for by law (Art. 20 of the GDPR);
- the right to object in whole or in part to the processing of personal data in the cases provided for by law (Article 21 of the GDPR for processing carried out for the public interest and legitimate interest of the owner, profiling and direct marketing and art 22 of the GDPR for automated decision-making processes);
- the right to lodge a complaint with a supervisory authority (Privacy Guarantor);
The rights can be exercised with a request to the Data Controller, identified as the Director of the Registrar’s Office, sending an electronic mail to the address firstname.lastname@example.org.
This website, as most on the Internet, uses variable storage – more commonly called cookies. These are in-use for a variety of reasons detailed below.
Cookies are small text files that are stored locally on your computer and can only be accessed by the server that saved them. These allow for websites to provide services and a seamless experience by saving variables such as screen width, last item viewed, visitor preferences or session information. This last part, session information, is very important to keep tabs on your status on the site, while visiting. These session cookies attach a random and anonymous session variable to your visit so that when you change pages and move about the site, your experience is continuous. Without session variables, multiple visitors would clash and one user’s clicks may be interpreted by the server as that of another.
Many times, public websites share affiliate code and set cookies for one-another in order to track users across domains. This type of marketing has been commonplace on the Internet for many years and is generally reserved to commercial sites that monetize the visitor. Our sites NEVER SHARE ANY INFORMATION WITH THIRD PARTIES and furthermore WE DO NOT TRACK, NOR ALLOW TRACKING FROM OUR SITES EXCEPT AS STATED IN THIRD-PARTY COOKIES (3 below).
Our site uses the following types of cookies:
1) Session Cookies
These types of cookies expire when you leave the site and are mainly used to ensure a seamless experience. In the case of sites where we offer membership and login, these cookies allow you to login and be represented as you.
2) First-Party Cookies
These are cookies that our site may set to store simple variables. Our sites do not store any of your personal information and these cookies are purely used to manage your visit experience. Specifically, a site may track the browser width in pixels so that the page renders correctly, which slide in a presentation series you’ve seen so as to allow navigation through the slides and similar and similar, purely technical, reasons. In no cases are these cookies used for tracking or analysis. This site utilizes a cookie to remember your choice of language for repeat visits and as a system-function, does not require opt-in permission nor does it identify the user and is permitted per Recital 30 of the GDPR.
3) Third-Party Cookies
We do not utilize any third-party cookies. Traditionally where these appear is when advertising is presented to the user. Our sites do not serve any advertisements nor do we share or sell our data to any third parties. However, when utilizing services that provide video (e.g. Vimeo, YouTube), embedded PDF slideshows (e.g. Youblisher, Issu) or other externally-served content, these service providers may try and set cookies for their own purposes. While we cannot control their software implementation, your consent (as discussed below) will determine whether these are set or not.
Upon arriving at our site, as a citizen of the EU and related affected countries under GDPR regulation, you will be presented with an option to accept or decline cookies. When declining cookies, please note that Session Cookies may be provided regardless and are allowed per Recital 30 of the GDPR. However, by declining the cookie consent, your website browsing experience may be diminished (certain content not showing, especially those from third parties) or completely impossible, as in the case of sites where membership is possible.
Last updated: 6 May, 2018