Privacy Notice

In accordance with the Reg. UE 2016/679 (Personal Data Protection European Code) we provide you with the necessary information on the processing of your personal data that you provided to us filling in the registration form on our website to obtain our cards - actually Firenzecard and Firenzecard+ (plus) – and the App Firenzecard after downloading and installing our App from the digital stores Google Play and ITunes). This notice is not valid for other websites possibly accessible through links on the domain website owner, who is not in any way responsible for the websites of third parties. This notice is provided in accordance with the Reg. UE 2016/679 (Personal Data Protection European Code) and it is also inspired by the Directive 2002/58 / EC, as updated by Directive 2009/136 / EC, on Cookies as well as by the Measures of the Authority for the protection of personal data of 08.05.2014 concerning cookies.

1. Subject of Processing

SUBJECT OF DATA PROCESSING, in accordance with artt. 4 and 24 of the Reg. EU 2016/679 is  Firenze smart (Silfispa), via dei Della Robbia 47, 50132 FIRENZE, P.Iva 06625660482. RESPONSIBLE FOR DATA PROCESSING, in accordance with the artt. 4 and 28 of Reg. EU 2016/679 is the General Manager of Firenze smart (Silfispa), Dr.ssa Manuela Gniuli. The Data Protection Officer (RDP) is the Eng. Lorenzo Usai.

2. Purpose and Legal Basis of Processing

The personal data furnished will be processed in accordance with the the lawful conditions ex art. 6 Reg. UE 2016/679, upon agreement by clicking a box that indicates “you accept” to the present conditions and until opposition, and the purposes for processing the user personal data are related to:

  • Navigation through the website and App Firenzecard that you can download from the Google Play and ITunes Apple IoS stores;
  • Gestione della Sua richiesta di iscrizione all’e-commerce accessibile dal sito web per l’acquisto e connessa emissione del codice voucher per il ritiro della sua card sia in formato fisico o in formato digitale inserendo suddetto il codice all’interno della App;
  • Management of your e-commerce registration request accessible from the website for the purchase and connected issue of the voucher code for the collection of your physical or digital card by entering the above code inside the App;
  • Requirements related to activities for providing / using the service and to the related administrative and accounting activities (art. 6 lett. b);
  • Sending e-mails related to the newsletter and any request for participation in anonymous surveys on the service quality (art.6 lett.a);
  • If you use your card in the digital version, by entering the purchase code in the Firenzecard App, your system will request access to the GPS location of your smartphone if you want to use the search function to find the nearest museums or your location on the map. If you accept to share the GPS position to enjoy the aforementioned services, it is confirmed that this information is not recorded by our systems, but it remains an authorization exclusively connected to the use of the App through the device used by you.
  • If you use your card in the digital version, when you enter the purchase voucher code in the Firenzecard App the system generates the digital card and requires confirmation of personal data (name and surname) and the number of minors belonging to your family (the total number only and no further information). This information is essential in order to make the necessary checks by the museum staff for the correct use of the service at the time of visiting the museums. Possible false declarations are punishable according to the law n. 445/2000.

3. Cookies

Please consult the Cookie Notice on our website to know the Cookie Policy adopted by the Responsible for Data Processing and to learn more about.

4. Recipients or Categories of Recipients of Personal Data

The personal data provided will be processed on anonymous basis and aggregated purely for statistical analysis related to the service monitoring. This personal data, in compliance of the above purposes, will be processed by the internal processors and/or by third-party companies within the limits of the current service contracts and in compliance of the above purposes. In particular, the data may be made available to the Municipality of Florence, upon request and in compliance with the current law as well as to companies contractually linked to  Firenze smart (Silfispa); - subjects that deal with the related activities including, for example, subjects connected to provide our Cards and the related accessory services; - Studies or companies in the context of assistance and consultancy relationships; - External subjects for the administration, maintenance and updating of the information system and website; - Competent authorities for compliance with legal obligations and/or provisions of public entities, upon request; - Firenze smart (Silfispa) commercial partner companies. The aforementioned recipients of the data transmission will treat them as data controllers, as natural persons acting under the authority of the Data Controller and the Data Processor or as independent Data Controllers, in order to comply with the contracts or related purposes.

5. Transfer or Personal Data to Third Countries and/or International Organisations

The personal data provided may be transferred abroad, within or outside the European , within the limits and under the conditions of articles. 44 and ss. of the 2016/679 EU Regulation, in order to comply with the purposes related to the treatments. The user will have the ability to obtain a copy of the transfer conditions by filling out the information request form at the following link

6. Data Retention Period or Criteria

The data processing will be carried out in an automated and/or manual manner, with methods and tools aimed at guaranteeing maximum security and confidentiality, by persons specifically appointed to do so. In compliance with the provisions of art. 5 paragraph 1 letter e) of EU Reg. 2016/679 the personal data collected will be kept no longer than is necessary for the purposes for which the data were collected or for which they are further processed in a manner that allows the identification of the user.
The criteria of the data retention can be consulted by filling out the information request form at the following link

7. Nature of Data Submission and Refusal

Apart from what is specified in point 2 above in which, for the data indicated, the lack of submitting personal data will make impossible for the customer to use the Firenzecard services, it will be possible for the user:

  • Unsubscribe automatically from the email newsletter service following the automatic subscription cancellation process;
  • Unsubscribe from any request to participate in an anonymous survey to the service quality by filling out the information request form at the following link where you say clearly that “I request the immediate cancellation from any present and future survey linked to the use of Firenzecard”.

The erasure of the points described above will be taken as soon as the procedures indicated are completed.

8. Rights of Data Subjects

You may, at any time, exercise your rights as stated in Arts. 15, 16, 17, 18, 19, 20, 21, 22 of the EU Regulation 2016/679, by contacting the Data Controller or the Designated Responsible for Data processing, by filling out the information request form at the following link You have the right, at any time, to obtain from the Controller the access to your own data, the rectification, the erasure of your data, the limitation of data processing without prejudice to any other administrative and judicial appeal. You have the right to complain to the Guarantor for personal data protection and, with reference to art. 6 paragraph 1, letter a) and art. 9, paragraph 2, letter a), you have the right to revoke at any time the consent to the processing and use of your data in the forms and modalities established in the previous point 6.

Date Update: 16.11.2021