Privacy Notice

In accordance with the Reg. UE 2016/679 (Personal Data Protection European Code) we provide you with the necessary information on the processing of your personal data that you provided to us for registration on our website and App, to receive our cards (currently Firenzecard and Firenzecard app upon installation from the digital stores Google Play and ITunes). This notice is not valid for other websites possibly accessible through links on the domain website owner, who is not in any way responsible for the websites of third parties. This notice is provided in accordance with the art. 13 of Reg. UE 2016/679 (Personal Data Protection European Code).


1. Subject of Processing

DATA CONTROLLER, in accordance with articles. 4 and 24 of EU Reg. 2016/679 is the Municipality of Florence with headquarters in Palazzo Vecchio – Piazza della Signoria, 50122 FLORENCE - VAT number 01307110484 PEC:protocol@pec.comune.fi.it; Phone Number: +39 055055, the Data Protection Officer (RPD) is Dr. Otello Cini - rpdprivacy@comune.fi.it.

RESPONSIBLE FOR DATA PROCESSING, in accordance with the artt. 4 and 28 of Reg. EU 2016/679 is SILFI SOCIETÀ ILLUMINAZIONE FLORENCE and SERVICES SMARTCITY SPA with headquarters in Via Dei Della Robbia 47 - 50132 FLORENCE - VAT number 06625660482; 
the Data Controller is the General Manager of Firenze smart (Silfispa), Dr.ssa Manuela Gniuli. The Data Protection Officer (RDP) is the Eng. Alessandro Burresi  - privacy@firenzesmart.it.


2. Purpose and Legal Basis of Processing

The personal data furnished will be processed in accordance with the the lawful conditions ex art. 6 Reg. UE 2016/679, and where necessary with prior consent by ticking the acceptance box of these conditions and until objected to, your data will be processed for purposes related to:

•    Navigation through the website www.firenzecard.it;
•    and App Firenzecard that you can download from the Google Play and ITunes Apple IoS stores;
•    Execution of the services made available through the Firenzecard App downloadable from the digital store Google Play and ITunes Apple iOS;
•    Management of your e-commerce registration request accessible from the website www.firenzecard.it for the purchase and the collection of your physical or digital card by entering the above code inside the App;
•    Management of the users account registered in the App to benefit from the related services offered by the Data Controller;
•    Requirements related to activities for providing / using the service and to the related administrative and accounting activities (art. 6 lett. b);
•    Sending e-mails related to the newsletter and any request for participation in anonymous surveys on the service quality (art.6 lett.a);
•    Use of the ticketing support service. The service does not provide any form of authentication and/or request for data that can identify the user. The data provided voluntarily by the user, in order to request/receive service and support information, involves the acquisition of contact, necessary exclusively for the provision of the requested service;
•    If you use your card in the digital version, by entering the purchase code in the Firenzecard App, your system will request access to the GPS location of your smartphone if you want to use the search function to find the nearest museums or your location on the map. If you accept to share the GPS position to enjoy the aforementioned services, it is confirmed that this information is not recorded by our systems, but it remains an authorization exclusively connected to the use of the App through the device used by you.
•    If you use your card in the digital version, when you enter the purchase voucher code in the Firenzecard App the system generates the digital card and requires confirmation of personal data (name and surname) and the number of minors belonging to your family (the total number only and no further information). This information is essential in order to make the necessary checks by the museum staff for the correct use of the service at the time of visiting the museums. Possible false declarations are punishable according to the law n. 445/2000.

The site and the app make use of tracking services where information collected in an automated manner and in exclusively aggregate form is stored in order to verify correct functioning, for statistical purposes connected to monitoring the service and to carry out checks and optimizations of the service. None of this information is related to the person-user, and does not allow identification in any way.

3. Collected Data

The personal data collected and processed are common data.
The user can register by entering the personal data relating to:
•    first name;
•    last name;
•    email address;
•    birthdate (optional);
•    gender (optional);
•    zip code (optional);
•    country (optional).

The user can also choose to register with the mobile application through the user's account on the Facebook social network, provided by Facebook Inc. The requested permissions concern basic information, which normally includes the following Data: id, name , surname, email, city of residence. If you have made additional data publicly available, it will be available. For more information on the following permissions, refer to Facebook's privacy policy https://www.facebook.com/privacy/explanation.

The user can also choose to register with the mobile application through the user's account on the Twitter social network, provided by Twitter Inc. The requested permissions concern basic information, which normally includes the following Data: nickname and name . If you have made additional data publicly available, it will be available. For more information on the following permissions, refer to Twitter's privacy policy https://twitter.com/it/privacy.

On iOS systems, the user can also choose to register with the mobile application using the Apple ID account, provided by Apple Inc. The requested permissions concern basic information, which normally includes the following Data: name, surname, e-mail. You may opt-out of your email address using an anonymous relay address provided by Apple. For more information on the following permissions, please refer to Apple's privacy policy https://www.apple.com/legal/privacy/it/.


4. Cookies

To find out the cookie policy adopted, please consult the cookie policy on the website at the following link: https://www.firenzecard.it/en/cookie-policy.


5. Recipients or Categories of Recipients of Personal Data

The data processed, in compliance with the provisions of the previous point 2, will be processed by the internal data processors and/or by third-party companies within the limits of the current service contracts and in compliance of the above purposes. 

In particular, the data may be made available to companies contractually linked to the Owner/Responsible; – subjects who deal with related activities including, for example, subjects connected to provide our Cards and the related accessory services; - Studies or companies in the context of assistance and consultancy relationships; - External subjects for the administration, maintenance and updating of the information system and website; - Competent authorities for compliance with legal obligations and/or provisions of public entities, upon request; Commercial partner companies of the Responsible.

The aforementioned recipients of the data transmission will treat them as sub-processors, as natural persons acting under the authority of the Owner and the Responsible, in order to comply with the contracts or related purposes.


6. Transfer or Personal Data to Third Countries and/or International Organisations

The personal data provided may be transferred abroad, only and exclusively within the European Union, within the limits and under the conditions of articles. 44 and ss. of the 2016/679 EU Regulation, in order to comply with the purposes related to the treatments. 


7. Data Retention Period or Criteria

The data processing will be carried out in an automated and/or manual manner, with methods and tools aimed at guaranteeing maximum security and confidentiality, by persons specifically appointed to do so. In compliance with the provisions of art. 5 paragraph 1 letter e) of EU Reg. 2016/679 the personal data collected will be kept no longer than is necessary for the purposes for which the data were collected or for which they are further processed in a manner that allows the identification of the user.


8. Nature of Data Submission and Refusal

Apart from what is specified in point 2 above in which, for the data indicated, the lack of submitting personal data will make impossible for the customer to use the Firenzecard services. 
Anyway it will be possible for the user:

•    Unsubscribe automatically from the email newsletter service following the automatic subscription cancellation process;
•    Unsubscribe from any request to participate in an anonymous survey to the service quality by filling out the information request form at the following link https://www.firenzesmart.it/contatti where you say clearly that “I request the immediate cancellation from any present and future survey linked to the use of Firenzecard”.

The erasure of the points described above will be taken as soon as the procedures indicated are completed.

9. Rights of Data Subjects

You may, at any time, exercise your rights as stated in Arts. 15, 16, 17, 18, 19, 20, 21, 22 of the EU Regulation 2016/679, by contacting the Data Controller or the Designated Responsible for Data processing, by filling out the information request form at the following link https://www.firenzesmart.it/contatti
You have the right, at any time, to obtain from the Controller the access to your own data, the rectification, the erasure of your data, the limitation of data processing without prejudice to any other administrative and judicial appeal. 
You also have the right to complain with the competent supervisory authority, the Privacy Guarantor.



Date Update: 01.03.2024