Privacy policy

Last updated on 6/9/2022

Contents

  1. INTRODUCTION
  2. WHO PROCESSES YOUR DATA
  3. WHICH DATA DO WE PROCESS
  4. WHAT ARE THE PURPOSES OF DATA PROCESSING?
  5. HOW DO WE PROCESS YOUR DATA?
  6. HOW LONG DO WE PROCESS YOUR DATA?
  7. TO WHOM DO WE COMMUNICATE OR TRANSFER YOUR DATA?
  8. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
  9. CHANGES TO THIS PRIVACY POLICY

 

INTRODUCTION

In this document, we describe how we manage the website https://www.britishinstitute.it (hereinafter "Website") with reference to users personal data processing. The Website is managed by The British Institute of Florence, with headquarter in Palazzo Lanfredini, Lungarno Guicciardini n° 9, Florence, Italy (hereinafter "British Institute"). When you browse our Website, you interact with us or use our services ("Services"), we can collect information and personal data about you. For this reason, in accordance with the provisions of Regulation (EU) n. 2016/679, the General Data Protection Regulation ("GDPR"), we have created the following document (hereinafter "Privacy Policy") in order to describe to you the personal data we collect, the purposes and methods of data processing and security measures we implement to protect them. This Privacy Policy constitutes the information provided pursuant to Articles 13 et seq. GDPR and to national data protection laws and it concerns exclusively the Website and the data processing by the British Institute (as further indicated in par. 2). Any third party websites referred to on this Website, including through links, are not covered by the information indicated in this Privacy Policy.

 

WHO PROCESSES YOUR DATA

On this Website, two subjects, acting as independent data controllers, can carry out personal data processing. As detailed in the respective sections, indeed, for certain processing purposes, the data controller is The British Institute of Florence, with headquarter in Palazzo Lanfredini, Lungarno Guicciardini n° 9, Florence, Italy, email address: info@britishinstitute.it

 

WHICH DATA DO WE PROCESS

  • Navigation data: The information systems and software procedures relied upon to operate this Website collect personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This information is not gathered to be associated with identified subjects but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used to connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the purpose of obtaining statistical information on the use of the Website and to check its correct functioning and they are deleted in line with the requirements of applicable law. The data could be used to ascertain responsibility in case of possible criminal actions or damages against the Website only to the extent permitted by applicable law.
  • Data necessary to have access to the Website, cookies and other technologies: Subject to your prior consent as required under applicable law, our Website uses cookies and other technologies; for more information visit our Cookie Policy.
  • Identification data, contact data and other personal information: Optional sending of e-mail messages to the addresses indicated on this Website entails the subsequent acquisition of the sender's address, necessary to respond to the requests, and of any other personal data included in the message. If you collect, process and communicate to us information of third parties, you will need to do so in accordance with the provisions of the GDPR and, therefore, you will need to give the third parties prior information on the purposes and methods of processing and, if necessary, you will need to collect their free and express consent before carrying out the processing activity. Through our Website you can also send a message to request for information; to do so, you can fill in a form with your name and surname, the email address to be contacted with the reply to your request, and, if necessary, a short text message. Specific summary information notices will be progressively reported or displayed on the Website pages set up for particular services on request.

 

WHAT ARE THE PURPOSES OF THE DATA PROCESSING?

We process your personal data for the following purposes and we indicate the respective legal bases:

  • To manage and operate our Website, providing you access to it, to improve it and to solve potential problems in accordance with the GDPR, Article 6 (1) (f). Processing is based on the British Institute legitimate interest in presenting its activities to the public, ensuring the functioning of the Website, improving its appearance and user experience. For these purposes the British Institute acts as data controller.
  • To get to know our users in accordance with the GDPR, Article 6 (1) (a) and (f). The use of cookies and similar technologies allows us to recognize you when you return to our Website andto analyse your online activities, subject to your prior consent, as applicable. For more information, visit our Cookie Policy. The British Institute is the data controller for this purpose.

The provision of you data is neither a statutory nor a contractual requirement. You are not obliged to provide us with your data, however, failure to do so may prevent you from using all features of the Website or our the full range of our Services.

 

HOW DO WE PROCESS YOUR DATA?

Your personal data can be processed with automated and/or paper-based tools. The security of your personal data is important to us. We adopt - and we require our service providers to adopt - adequate technical and organizational security measures to prevent data loss or destruction, even accidental, unlawful or incorrect uses and unauthorized access to data, in compliance with applicable laws. Furthermore, IT systems are set in a manner that allows to use personal and identification data only if necessary to achieve specific processing purposes. We implement multiple technologies and security procedures to protect personal data from the risks described above.

However, we would like to remind you that electronic transmission and information storage are not 100% safe. Therefore, we are not able to guarantee that loss, misuse or alteration of the data will never occur, despite the security measures we implement to protect your personal data. We do not use automated individual decision-making that would produce legal effects for you or would similarly significantly affect you. 

 

HOW LONG DO WE PROCESS YOUR DATA?

Personal data are processed for the time necessary to provide the requested information or Services, in compliance with any applicable legal or regulatory obligations. You can exercise your rights at any time, including the right to delete your data. More information is provided in section 8 below. When you send a communication or a request to us, we process your personal data for the time necessary to reply to your question or provide the requested assistance. For further information on the retention of cookies and similar technologies, please visit our Cookie Policy. 

 

TO WHOM DO WE COMMUNICATE OR TRANSFER YOUR DATA?

Our authorized staff, according to respective needs, will process your personal data. Furthermore, your data will be processed by our suppliers for technical and organizational services functional to the processing purposes stated above, such as for example suppliers of technical assistance services for the Website; suppliers of hosting services; suppliers of services for the multiple sending of marketing communications; suppliers of documents and data archiving services. These parties act as our data processors based on our instructions and on the agreements signed with us. We might disclose your personal data to authorities or public bodies and to any other legitimate recipient pursuant to the law. In this case, the recipients will act as autonomous data controllers according to their respective institutional purposes. To receive the updated list of your personal data recipients you can contact us at the contacts indicated above. In case of transfer of your data abroad to foreign countries that do not guarantee the same level of data protection as in your home country, we will ensure that the transfer is carried out in compliance with the provisions of applicable laws, i.e. through the collection of your consent, when necessary, or through the adoption of any other measure necessary to ensure an equivalent protection of transferred data, including, without limitation, by concluding standard contractual clauses according to European Commission template. If you would like to receive a copy of these safeguards, please contact us through the contact details indicated in section 2 of this Privacy Policy. Currently, your personal data are not transferred outside of the European Union.

 

WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

Pursuant to - and subject to certain restrictions under - applicable personal data protection law, you can request to access your personal data, to verify its accuracy or to ask its rectification or update at any time. You can also request to erase your personal data, as well as to limit your data processing in the cases provided by the law and you can object to the processing of your data on grounds relating to your particular situation, at any time, unless for the existence of compelling legitimate grounds of processing by the data controller or as otherwise restricted under applicable personal data protection law. The right to object to the processing of personal data can be exercised at any time in cases of processing for direct marketing purposes. You can also request portability of your data, and receive such data in a structured format, commonly used and machine-readable, and you can request that your data be transferred to another data controller without any obstruction from our part.

You can lastly withdraw your consent to the processing of personal data at any time. You can contact the British Institute through the contact details indicated in section 2 of this Privacy Policy to exercise the abovementioned rights. Lastly, you can lodge a complaint with the competent supervisory authority or contact the authority if the exercise of your rights is subject to delay, limitation or exclusion by the data controller. The contact details of the national supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en. The contact details of the German state data protection authorities can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. You can also exercise all other rights provided to you under national data protection laws. 

 

CHANGES TO THIS PRIVACY POLICY

We may update and modify this Privacy Policy either completely or partly at any time. The version published on the Website is the last updated and currently in force. In case of modification of this Privacy Policy, we will inform you through a special banner, link or pop-up on the home page of the Website or through a dedicated email.