INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to Regulation (UE) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)


This information concerns the website and is provided by University of Florence - Department of Civil and Environmental Engineering (DICEA), headquartered in Florence, Via di S. Marta n. 3, as personal data processing controller (DICEA).

In this statement, singular definitions also include plural ones, and vice versa.

In compliance with the GDPR, with this information we intend to inform you that DICEA will process the personal data provided through the Site under the following conditions.

Art. 1. Purpose and legal basis of the processing. Mandatory or optional conferment. Consequences of refusal to process.

The processing of personal data is aimed at achieving the following purposes:

  1. to allow registration on the Site and to access services reserved for registered users. The legal basis of the processing is the execution of pre-contractual measures adopted at your request;
  2. to contact DICEA and/or to respond to your requests made through the Site. The legal basis of the processing is the legitimate interest of DICEA in following up the user's requests.

The provision of data for the purposes of point a) is purely optional. However, as such processing is necessary to allow registration to the Site, your refusal to provide the data in question will make your registration to the Site impossible.

The provision of data for the purposes of point b) is purely optional. However, as such processing is necessary to respond to your requests, your refusal to provide the data in question will make impossible for DICEA to carry out this type of activity.

Notwithstanding the foregoing, it is understood that DICEA will still be able to use your personal data for the sole purpose of correctly fulfilling the obligations provided by the laws in force.

Sensitive/judicial data

DICEA does not process sensitive or judicial data.

Art. 2. Processing method

The processing of personal data concerning you will be mainly carried out with the aid of electronic or automated tools, according to the methods and tools suitable to guarantee the security and confidentiality of the data in accordance with the GDPR. In particular, all the technical, IT, organisational, logistical and procedural security measures necessary to ensure the minimum level of data protection required by law will be adopted, allowing access only to people appointed by DICEA or by the data processing controller designated by DICEA.

The acquired information and the treatment methods will be relevant and not excessive in relation to the type of rendered services. The data will also be managed and protected in environments whose access is under constant control.

Art. 3. Communication and diffusion of data

Your data provided through the Site may be disclosed:

  • to all those subjects (including public authorities) who have access to personal data by virtue of regulatory or administrative measures;
  • to companies, consultants or professionals who may be responsible for the installation, maintenance, updating and, in general, management of DICEA hardware and software or which it uses for the provision of its services;
  • to employees and/or collaborators of DICEA;
  • to all those public and/or private entities, natural and/or legal persons (legal, administrative and tax consultancy firms, judicial offices, Chambers of Commerce, Chambers and Labor Offices, etc.) if communication is necessary or functional for the proper fulfillment of legal obligations.

The data concerning you will not be disclosed, except in anonymous and aggregate form, for statistical or research purposes.

Art. 4. Holder of the Treatment

DICEA, as personal data processing Controller, can be contacted at the following address:

Art. 5. Storage of personal data

DICEA will keep your personal data no longer than the time necessary to satisfy the purpose which they have been collected for. In particular, DICEA will retain your personal data provided for registration on the Site until the user deletes his account; the data provided to contact DICEA will be retain until they are no longer used to answer user requests.

Art. 6. Rights of the data subject

Pursuant to art. 13 of the GDPR, DICEA informs you that you are entitled to:

  • ask DICEA for the access to personal data and the rectification or the cancellation of the same or the limitation of the processing that concerns you or to oppose their treatment, in addition to the right to data portability;
  • revoke consent at any time without prejudice to the lawfulness of processing based on consent given before revocation;
  • complaint to a supervisory authority (e.g. the Guarantor for the protection of personal data).

The above rights may be exercised with a request addressed without formality to DICEA to the contacts indicated in art. 4.

In particular, DICEA informs you that the right to portability implies that you are entitled to receive in a structured format, of common use and readable from automatic device, the personal data concerning you provided to DICEA and it has the right to transmit such data to another controller without hindrance by DICEA.

Art. 7. Changes

DICEA reserves the right to make changes to this policy at any time, giving appropriate advertising to the users of the Site and ensuring in any case adequate and similar protection of personal data. In order to see any changes, you are invited to consult this policy regularly.

In any case, if DICEA makes any substantial changes to this policy (e.g.: processing of personal data for different and additional purposes), it will notify the interested parties by email.