Skip to main content

Privacy policy

Information for the processing of personal data of users of the University of Florence websites

The General Regulation on the Protection of Personal Data (EU Regulation 2016/679 of the European Parliament and Council of 27 April 2016) from now on GDPR, provides for the protection of individuals with regard to the processing of personal data as a fundamental right.

This information is provided only for the institutional and related thematic sites (in Italian) of the University of Florence and has no value for other websites that may be reached through links on the pages visited by users, pursuant to article 13 of the GDPR.

Data Controller

The data controller of your personal data voluntarily disclosed or acquired automatically by the website of the University of Florence is the University itself, located in Florence, Piazza San Marco, 4 - phone 055 27571 - email urp(AT)unifi.it, pec: ateneo(AT)pec.unifi.it.

Data Protection Officer

The Data Protection Officer (RPD) is Mr. Massimo Benedetti, Director of the General and Legal Affairs Department, Florence, via G. la Pira, 4 - phone. 055 2757667 - email: privacy(AT)unifi.it.

Purposes of the procession and legal basis

In compliance with the principles of lawfulness, fairness, transparency, adequacy, relevance and necessity as per art. 5, paragraph 1 of the GDPR the University of Florence, as Data Controller, will process the personal data automatically collected during your navigation on the websites of the University or voluntarily disclosed, for the following purposes:

  • navigation data, that is information that includes IP addresses, domain names of computers used by the user who connects to the site; the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the file size obtained in response from the server, the numerical code indicating the status of the response given by the server (success, error); other parameters relating to the operating system and the user's computer environment, are collected for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. These data, although they are never collected to be associated with identified individuals, through processing and association with data held by third parties, could still allow the identification of the user. Finally, these data can be used to ascertain responsibility in case of hypothetical computer crimes against the websites.
  • data provided voluntarily by the user, i.e. information, personal and identification data collected to allow the user access to certain services requested by the user him or herself, such as non-institutional email address, personal telephone numbers, any personal and judiciary data entered voluntarily by the user during the use of online services or by sending requests to published e-mail addresses, are processed for the performance of activities for institutional purposes only and in the interest of the person requesting the service. The data processing and retention times are different for each online service and are described in detail in the specific information contained in the subscription pages.

Categories of data users and possible data discosure

The data processed for the purposes mentioned above will be communicated or will in any case be accessible to employees and collaborators assigned to the competent offices of the University of Florence, who, in their capacity as data protection officers and/or system administrators and/or persons in charge of processing, will be adequately trained for this purpose by the Controller.

The University can disclose the personal data under its control to other public administration offices if these must process the data for any proceedings falling under their own institutional competence as well as to all those public entities to which, in the presence of the relevant prerequisites, the communication is mandatory according to EU provisions, laws or regulations.

The management and conservation of personal data collected by the University of Florence takes place on servers located within the University and/or on external servers provided by of suppliers of a number of services necessary for the technical-administrative management of data. Such suppliers, for the sole purpose of the requested service, may have access of your personal data and in such cases they will be duly appointed as Data Processors pursuant to art. 28 of the GDPR.

An updated list of Data Protection Officers for data of which the University of Florence is Controller is available here (pdf in Italian). 
The data collected will not be transferred to countries outside the EU.

Data retention time

The automatically collected navigation data is kept only for the time necessary (24 hours) to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. 
For the retention times of the other data voluntarily given by the user, please refer to the specific information available on Data protection webpage.

Analysis of website access data

The University adheres to the Web Analytics Italia (WAI) project, a national platform for collecting and analysing statistical data related to the traffic of the digital sites and services of the Italian Public Administration; please consult the Information on data processing performed issued by the platform itself.

Your rights

You have the right to request from the University of Florence, as the data controller, pursuant to articles 15, 16, 17, 18, 19 and 21 of the GDPR:

  • access to personal data and to all the information referred to in article 15 of the GDPR;
  • correction of incorrect personal data and the integration of incomplete personal data;
  • cancellation of personal data, except for those contained in documents that must be compulsorily kept by the University and unless there is a legitimate overriding reason to proceed with the processing;
  • the limitation of processing where one of the hypotheses referred to in article 18 of the GDPR occurs.

You also have the right to:

  • oppose the processing of personal data, without prejudice to what is necessary with regard to the need and compulsory treatment for the purpose of establishing the relationship;
  • revoke any consent given for non-mandatory data processing, with no prejudice to the lawfulness of the process based on the consent given before the revocation.

How to exercise your data

You may exercise all the above rights by sending an e-mail to the Data Protection Officer at the following e-mail address privacy(AT)unifi.it.

Complaints

You also have the right to lodge a complaint with the Guarantor Authority for personal data protection pursuant to art.77 of the GDPR.

Compulsoriness of data disclosure

Besides what mentioned above concerning navigation data, disclosure of personal data is optional. Some data disclosure may be necessary in order to use certain online services.

Cookies

Cookies are text files that are stored on the computers of web users to allow safe and efficient exploration of the site and monitor its use.

We inform you that no personal data is acquired on purpose from this website. This website uses only technical cookies to allow correct navigation, with the aim of continuous improvement of the service. This site does not use profiling cookies.

Technical cookies in this website

  • User session cookies: essential for managing authentication to online services. These cookies are not stored permanently on the user's computer and are deleted when the browser is closed and their use is strictly limited to the transmission of session identifiers necessary for the safe and efficient browsing of this website;
  • Configuration cookies: for consent to the use of cookies. They expire after 180 days.

Other cookies may be installed on your computer in case of access to the links on the website to view, for example, videos or other information on social networks (e.g. YouTube, Facebook, etc.). The information on the processing and user consent are the responsibility of the providers of these services. These cookies can be rejected by the user, without any consequence for browsing on the University websites.

You can decide whether or not to accept cookies directly through the settings of your browser and prevent - for example - that third parties can install them. Through the browser 's preferences it is also possible to delete the cookies installed in the past, including the cookie for the consent to the installation of cookies by this website is saved.

It should be noted that disabling all cookies the use of some services, especially online services, could be compromised.

You can find information on how to manage cookies directly in the browser you are using: Google Chrome, Mozilla, Firefox, Apple Safari, Microsoft Windows Explorer, Opera, etc.