Privacy Notice pursuant to Articles 13–14 of EU Regulation 2016/679

Data Subjects: Users of the website www.fondazionericercaunifi.it

Fondazione per la Ricerca e l’Innovazione, as Data Controller of your personal data, pursuant to and for the purposes of EU Regulation 2016/679 (hereinafter “GDPR”), hereby informs you that the aforementioned legislation provides for the protection of data subjects with regard to the processing of personal data. Such processing will be carried out in accordance with the principles of fairness, lawfulness, transparency, and protection of your confidentiality and rights.

Your personal data will be processed in compliance with the legislative provisions of the above-mentioned regulation and the confidentiality obligations set forth therein.

---

Purpose and Legal Basis of Processing

In particular, your data will be used for the following purposes related to the performance of contractual or pre-contractual obligations:

• Management of cookies necessary for the website (technical cookies are essential for the proper functioning of the site and are used solely to manage services related to the website itself, such as login access).

Subject to your consent, your personal data may also be used for the following purposes:

• Management of non-technical statistical cookies for the website (statistical cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously).

The provision of data for the above purposes is optional. Any refusal to consent to processing will not affect the continuation of the relationship or the appropriateness of the processing itself.

---

Methods of Processing

Your personal data may be processed in the following ways:

• By means of electronic computers using software systems managed by third parties;
• By means of electronic computers using software systems managed or programmed directly by the Controller.

All processing is carried out in compliance with Articles 6 and 32 of the GDPR and through the adoption of appropriate security measures.

Your data will be processed only by personnel expressly authorized by the Controller, in particular:

• Internal operators responsible for managing the website.

---

Communication of Data

Your data may be disclosed to external parties for the proper management of the relationship, particularly to the following categories of recipients, including all duly appointed Data Processors:

• Web service providers responsible for managing and maintaining the platform.

Disclosure to Third Parties

Your data may also be disclosed to external entities identified as Third Parties, including:

• Google – https://policies.google.com/privacy?hl=en
• WordPress – https://automattic.com/privacy/

Your personal data will not be publicly disclosed.

---

Data Retention Period

In compliance with the principles of lawfulness, purpose limitation, and data minimization pursuant to Article 5 of the GDPR, your personal data will be retained as follows:

• 1 day: Google Analytics, WordPress
• 730 days: Google Analytics
• Session duration: PHP.net, WordPress

---

Cookie Management

If you have any doubts or concerns regarding the use of cookies, you may prevent their installation and reading at any time, for example by modifying the privacy settings of your browser to block certain types of cookies.

Since each browser—and often different versions of the same browser—may differ significantly, if you prefer to act independently through your browser settings, you can find detailed information in your browser’s help section. For an overview of procedures for the most common browsers, you may visit www.cookiepedia.co.uk.

Advertising companies also allow you to opt out of receiving targeted ads, if desired. This does not prevent cookies from being set but stops the use and collection of certain data by such companies.

For more information and opt-out options, visit www.youronlinechoices.eu/.

---

Data Controller

The Data Controller, pursuant to the law, is Fondazione per la Ricerca e l’Innovazione
Piazza San Marco 4, 50121 Florence (FI), Italy
VAT No. 05753930485
represented by its legal representative pro tempore.

---

Rights of the Data Subject

You have the right to obtain from the Data Controller the erasure (right to be forgotten), restriction, updating, rectification, portability, and objection to the processing of your personal data, as well as to exercise all rights provided for in Articles 15, 16, 17, 18, 19, 20, 21, and 22 of the GDPR.

You may view the updated version of this privacy notice at any time at:
https://www.privacylab.it/informativa.php?14702469145

---

EU Regulation 2016/679 – Articles 15–22: Rights of the Data Subject

1. The data subject has the right to obtain confirmation as to whether or not personal data concerning them exists, even if not yet recorded, to receive it in intelligible form, and to lodge a complaint with the Supervisory Authority.
2. The data subject has the right to obtain information regarding:
   • The origin of the personal data;
   • The purposes and methods of processing;
   • The logic applied in case of processing carried out with electronic tools;
   • The identification details of the Data Controller, Data Processors, and the designated representative pursuant to Article 5(2);
   • The subjects or categories of subjects to whom personal data may be communicated or who may become aware of it as designated representatives in the State’s territory, Data Processors, or persons in charge.
3. The data subject has the right to obtain:
   • Updating, rectification, or, where relevant, integration of the data;
   • Erasure, anonymization, or blocking of data processed in violation of the law, including data whose retention is not necessary for the purposes for which it was collected or subsequently processed;
   • Confirmation that the operations referred to above have been made known, including their content, to those to whom the data was communicated or disclosed, except where this proves impossible or involves disproportionate effort;
   • Data portability.
4. The data subject has the right to object, in whole or in part:
   • On legitimate grounds, to the processing of personal data concerning them, even if relevant to the purpose of collection;
   • To the processing of personal data for the purpose of sending advertising material, direct sales, market research, or commercial communication.