Preface

Luiss, the Libera Università Internazionale degli Studi Sociali Guido Carli, is an autonomous university offering an advanced educational model. As the Data Controller (hereinafter also referred to as “Luiss” or the “Data Controller”), Luiss is committed to respecting and protecting your privacy while you simply browse the Luiss App (hereinafter the “App”). 
On this page, the Data Controller aims to provide information about the processing of personal data pertaining to individuals (hereinafter referred to as “Users”) who visit, browse, or interact with the App. This notice applies only to the Data Controller's App and all its sub-sites or sections, and not to any other websites accessed via provided links (for which you should refer to their respective privacy notices or policies). 
Reproduction or use of pages, materials, and information contained within the App, by any means and on any medium, is not permitted without the prior written consent of Luiss. You may copy and/or print the App's content for personal, non-commercial use only. For any requests or questions, please contact the Data Controller using the contact details below. Any other use of the content, services, or information on the App is not permitted.
Luiss will ensure that the content and information provided are reasonably updated and reviewed, but offers no guarantee as to their adequacy, accuracy, or completeness. Luiss explicitly disclaims any liability for any errors or omissions in the information displayed on the App.

The Data Controller and the Data Protection Officer

The Data Controller is Luiss Guido Carli - Viale Pola 12, 00198 Rome.

The Data Protection Officer (DPO) can be contacted at the addresses listed above or via email at dpo@luiss.it.

By using the App, including on a tablet and/or smartphone, the User acknowledges full knowledge and acceptance of the content and any instructions included in this version of the privacy notice published by the Data Controller at the time the site is accessed. Luiss advises that this policy may be modified without prior notice and therefore recommends reviewing it periodically.

What personal data do we collect?

-    Browsing data:
Luiss informs you that the personal data provided by the User and acquired when requesting information and/or contact, via smartphone or any other device used to access the Internet, as well as the so-called “browsing” data of the App by Users, will be processed in accordance with applicable law. 
During normal operation, the computer systems and software procedures used to run the App collect certain personal data that is transmitted implicitly when using the Internet. This information is not collected to be associated with identified data subjects, but by its very nature, it could, through processing and association with data held by the Data Controller or third parties, allow the identification of App users. This category of data includes the "IP addresses" or domain names of the computers used by Users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the web server, the size of the file received in response, the numerical code indicating the status of the response from the web server (successful, error, etc.), and other parameters related to the User's operating system and computing environment. This data is typically used solely to gather anonymous statistical information about the app's usage and to ensure its proper functioning. 
Please note that the aforementioned data could be used to determine liability in the event of cybercrimes against the Data Controller's website or other sites connected or linked to it.

-    Data provided by the User:
Luiss collects, stores, and processes the User’s personal data to provide requested information about the University’s offerings, including undergraduate courses, master’s programs, services, and events. Sending emails to the addresses listed in specific sections of the App, or communicating through social networks, call centers, and other channels, is optional, explicit, and voluntary. This entails the subsequent collection of some of your personal data, which is necessary to respond to your requests.

Cookies:

A cookie is a short text string sent to your browser and potentially stored on your computer (or alternatively on your smartphone/tablet or any other device used to access the Internet). This typically occurs each time you visit the App.
Cookies stored on your device cannot be used to retrieve any data from your hard drive, transmit computer viruses, or identify and use your email address. Each cookie is unique to the browser and device used to access the Data Controller's App. Generally, cookies—including what are known as “pixels” and/or “web beacons”—are used to improve the app's functionality and the user's experience when accessing its content or services. These cookies help us understand how you use the App, allowing us to evaluate and improve its functionality and create content that better meets your needs and preferences. For example, analytical cookies let us know which pages are visited the most and the least, how many people visit the App, how much time the User spends on the App on average, and how visitors arrive at the App. This allows us to identify what works best, what content is most popular, and how we can enhance the content and functionality of the pages. To understand how our visitors use the site, we use third-party services to collect, aggregate, and analyze data, which helps us better understand how the app is used. These cookies have a limited lifespan. The Data Controller uses the collected information in an aggregated and/or anonymous form, for example, to monitor and analyze app usage, improve its functionality, and more accurately select content and design to meet the User’s needs. For more information on what cookies are and how they work, you can visit the “All about cookies” website at http://www.allaboutcookies.org .
If you wish to block or delete cookies received from the App, you can do so by changing your browser settings. Please note that if you choose to disable all cookies, even the necessary, functional, and performance cookies will be blocked, which could make navigating the app more difficult. For example, you'll still be able to visit the app's public pages, but you might not be able to access any restricted areas.

For detailed information on the cookies used by the App, please read the Cookie Policy.

Why do we collect your data, and why is its processing lawful?

<p >User data is processed for the following purposes:

1. to create and manage the account in order to access the app’s reserved areas;
2. to handle requests for contact or information;
3. to fulfill pre-contractual and contractual obligations related to requests to participate in courses, educational or institutional events, open days, seminars, social activities, and/or other University activities that may be of interest to the User;
4. to collect information about the User's choices while browsing the App, in order to send communications that align with their expressed preferences;
5. to fulfill obligations under EU and national regulations for the protection of public order, the investigation and prosecution of crimes, and to comply with European and national legislation and the provisions of the Data Protection Authority;
6. to improve the quality of communications sent by Luiss by tracking the User’s interest in newsletter content and, more broadly, in the University’s communication model.
7. to enable the app’s geolocation features in order to provide location-based services and features.
   
   Providing data for the purposes outlined in points 1), 2), and 3) – whether related to a pre-contractual and/or contractual phase, in response to a User’s request, or required by a specific legal provision – is mandatory. Failure to do so will prevent the User from receiving information and accessing any requested services. 
   Regarding the purpose outlined in point 4), the legal basis is the User’s consent. Regarding point 5), the legal basis for this processing is a legal obligation, while for point 6), the legal basis is the Data Controller’s legitimate interest in improving the quality of its communications. Regarding point 7), the legal basis is the User’s explicit consent, without which geolocation services cannot be activated.

Sending Newsletters:

By requesting to subscribe to the newsletter service, the User authorizes the use of the provided email address to receive periodic communications and updates on topics of interest related to the activities offered by the Data Controller.
These communications may allow us to collect data on the date and time the recipient views the messages, as well as their interaction and information about accessing any links within the messages. We collect this information to assess the recipient’s interests, improve the quality of the communications we send, and tailor them to their needs. When we send marketing communications or newsletters, we include topics that we think may interest the User, based on their online activity. We do not use topics or display personalized material based on sensitive categories related to the User, such as ethnicity, religion, sexual orientation, or health. Luiss may send commercial communications or newsletters about products and/or services similar to those already provided, in accordance with Article 130, paragraph 4 of Italian Legislative Decree 196/03 (hereinafter the “Privacy Code”), as most recently amended by Italian Legislative Decree 101/18. These communications will be sent to the email address provided by the User. The User may object to such communications using the methods and contact details indicated in the section on Data Subject Rights. (For example, at the bottom of each email, the User will have the option to unsubscribe from the service and stop receiving messages.)

<p > Processing methods and logic, retention periods, and security measures

The processing is also carried out with the aid of electronic or automated means (servers, cloud databases, software, etc.) and is performed by the Data Controller and/or third parties the Data Controller may use to store, manage, and transmit the data. The data will be processed to organize and handle the User’s personal data, including logs generated by accessing and using the services available on the App, as well as the content and services used for the purposes outlined above. In all cases, the processing will ensure the data’s security and confidentiality. The personal data processed will be retained for the period required by the applicable legislation at the time. In the event of a potential data breach, the Data Controller will assess its severity and, if necessary, notify the User of the breach, in accordance with Article 34 of the GDPR. 

Who do we share your personal data with?

To achieve the aforementioned purposes, Luiss may disclose and allow the processing of users’ personal data, both in Italy and abroad, to third parties with whom it has relationships, where these third parties provide services at our request or collaborate in their execution. We will provide these third parties only with the information necessary to perform the requested services, taking all measures to protect personal data. 
Data may be transferred outside the European Economic Area if necessary to manage your contractual relationship or to provide a service you have requested. In such cases, data recipients will be subject to protection and security obligations equivalent to those guaranteed by the Data Controller, and in all instances, in compliance with the provisions of Title V of the GDPR. 
When using services provided directly by Partners, we will only share the data strictly necessary for their performance. In any event, only the data necessary to achieve the intended purposes will be disclosed, and, where required, the safeguards applicable to data transfers to third countries will be applied. Furthermore, personal data may be disclosed to the relevant public entities and authorities to comply with regulatory obligations or to ascertain responsibility in the event of cybercrimes against the site. It may also be disclosed to or hosted by third parties (acting as data processors or, in the case of electronic communication service providers, as independent data controllers) that provide IT and telematic services (e.g., hosting, website management, and development services) which Luiss uses to perform tasks and activities, including technical and organizational ones, essential for the website's operation. Entities in the above categories act as separate Data Controllers or as Processors appointed for this purpose by the Data Controller, in accordance with Article 28 of the GDPR. 
Personal data may also be processed by employees, consultants, and individuals collaborating with Luiss who are authorized, specifically instructed, and appointed as Data Processors pursuant to Article 29 of the GDPR and Article 2-quaterdecies of the Code (as most recently amended).
Sensitive personal data—meaning a specific category of personal information related to topics such as confidential medical data, ethnicity or ethnic origins, political orientation, religious beliefs, or sexual orientation—will not be shared with any company, organization, or individual outside of Luiss, unless the User’s explicit consent is requested and expressly and freely provided.  

Interaction with social networks and external platforms

The site can interact with external platforms and social networks through widgets and buttons. In this case, the information collected depends on the user’s profile settings on each social network, not on the site administrator, especially if the user’s login profile on those platforms is active.
Links to Facebook®, YouTube®, LinkedIn®, Instagram®, Twitter®, LiveChat®, and TikTok® (as well as links to other social media platforms that may be added over time) allow you to interact with Luiss’s social media pages and share ideas, opinions, or topics from the website on those platforms. These links may also collect User data. Please note that by using Luiss's dedicated social media pages, you may post content that is publicly available on the Internet. Before interacting with these areas, please read the General Terms of Use for social media carefully, keeping in mind that, in certain circumstances, the information you post can be viewed by anyone, and all the information you include in your posts can be read, collected, and used by third parties. You can find more information on the websites of the companies offering the service. Please note that in this case, while you browse, your personal data is not managed by Luiss. Luiss merely provides the link through these buttons as an additional service to the User and has no control over the data.

What are your rights as a data subject, and how can you exercise them?

The European Union's General Data Protection Regulation (GDPR) grants data subjects specific rights, particularly regarding access to their data, its rectification, objection to processing for commercial purposes or automated processing, erasure, restriction of processing, and data portability. Data subjects also have the right to lodge a complaint with the Italian Data Protection Authority. 
Data subjects wishing to exercise their legal rights can, without any formalities, send an email to privacy@luiss.it or write to the Data Controller, Luiss Guido Carli, at Viale Pola 12, 00198 Rome, Italy, outlining their request and providing the necessary information to identify them. 
The contact details for the Data Protection Officer (DPO) are available on the Data Controller's website at www.luiss.it.

This privacy policy was updated in January 2025.