Terms and Conditions of Use
By using this website, you agree to the following terms and conditions. By using our services you grant ISI Abroad the permission to view, process and share all data and information provided with all ISI Abroad personnel and relevant personnel at your home university. ISI Abroad (ISI Florence and Umbra Institute) understands the importance of protecting personal information. This Privacy Policy outlines how ISI Abroad collects, uses, and discloses your personal information. You will also find information on how we protect your personal information.
1. What information do we collect?
Account information: We collect your name, address, email address, phone number, passport, photos, financial statements, and other personal data. We use this information for account identification and email communication about the account status and to process the services provided.
Payment information: We do not store your payment card details. When you purchase service upgrade, that information is provided directly to our third-party payment processors (Paypal or Authorize.net) whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council. PCI-DSS requirements help ensure the secure handling of payment information.
Log files: Our server automatically gathers some anonymous information about visitors, including IP addresses, browser type, language, and the times and dates of web page visits. The data collected does not include personally identifiable information and is used for server performance analysis and troubleshooting purpose.
Cookies: We use cookies to keep you logged in and save your visit preferences.
2. How long do we retain your information?
We will retain your information for as long as is reasonable to provide our service. Out-of-date information will be removed from our database. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
We will also retain log files for internal analysis purposes. Log files are generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our service, or we are legally obligated to retain this data for longer time periods.
3. Where do we store your information?
We host our database and servers in Inmotion Hosting servers and Google Workspace Drives in the US.
4. How do we protect your information?
We protect your data on-line. Data access is protected by an account authentication process. Only account holder who knows the account credential can access to your own data in your account. Only an employee, or necessary personnel who need the information to perform a specific job is granted access (i.e. home university administrators in the US and Italy). The server in which we store our database is hosted with Amazon Web Service, Google Workspace and Inmotion Hosting in a secure environment.
5. Do we share your information to outside parties?
We do not share your personal data with third parties, other than as necessary to fulfill our services (i.e. home university administrators in the US and Italy). We do not sell your personal data to any third parties. We may be required to disclose an individual’s personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. For example, we may share information to respond to a court order, subpoena, or request from a law enforcement agency.
6. Google Analytics
We use Google Analytics to collect information about use of this site. Google Analytics collects information such as how often users visit this site, what pages they visit, when they do so, and what other sites they used prior to coming to this site. We use the information only to improve this site. Google Analytics collects only the IP address assigned to you on the date you visit this site, rather than your name or other identifying information. Google Analytics uses cookie on your web browser to identify you as a unique user. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.
7. General Data Protection Regulation (GDPR)
see above
7.1. Collection and use of personal data
See section 1. What information do we collect?
7.2. Protection of your personal data
See section 4. How do we protect your information?
7.3. Disclose of your personal data
We do not share your personal data with third parties, other than as necessary to fulfill our services. We do not sell your personal data to any third parties. We may be required to disclose an individual’s personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. For example, we may share information to respond to a court order, subpoena, or request from a law enforcement agency.
7.4. Legal basis for processing personal data
GDPR states that a company may process personal data under the following conditions:
Consent: As a website visitor (cookies enabled), an applicant, program participant or app user, you have given your consent for processing personal data for one or more specific purposes.
Performance of a contract: Provision of personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
Legal obligations: Processing personal data is necessary for compliance with a legal obligation to ISI Abroad is subject.
Vital interests: Processing personal data is necessary in order to protect your vital interests or of another natural person.
Public interests: Processing personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the company.
Legitimate interests: Processing personal data is necessary for the purposes of the legitimate interests pursued by ISI Abroad.
In order to collect, use and process your personal data, we rely on the following legal bases as appropriate and relevant in the specific context:
Performance of a contract.
7.5. Your rights
We respect the confidentiality of your personal data. If you are within the EEA, you have the following rights:
The right to access, update or delete the information we have on you.
Request correction of the personal data that we hold about you: You have the right to have any incomplete or inaccurate information we hold about you corrected.
Object to processing of your personal data: This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your personal data on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request erasure of your personal data: You have the right to ask us to delete or remove personal data when there is no good reason for us to continue processing it.
Request the transfer of your personal data: We will provide to a third-party you have chosen your personal data in a structured, commonly used, machine-readable format.
Withdraw your consent: You have the right to withdraw your consent on using your personal data. If you withdraw your consent, We may not be able to provide you with access to our programs or services.
7.6. Removing your personal data
If you need to remove your account immediately, please email us at [email protected].
Otherwise, when your program ends, your App account will be terminated, and all location data is also removed from the App.
7.7. Addressing compliance to GDPR
The following actions are undertaken to ensure that ISI Abroad complies at all times with the accountability principle of GDPR:
The legal basis for the processing of personal data is clear and unambiguous.
All staff involved in handling personal data understand their responsibilities for following good data protection practice.
Rules regarding consent are followed.
Routes are available to data subjects wishing to exercise their rights regarding personal data, and such inquiries are handled effectively.
Regular reviews of procedures involving personal data are carried out.
Privacy by design is adopted for all new or changed systems and processes.
8. Contact us
If you have questions or concerns regarding this Privacy Policy, you should first email us at [email protected].
9. How often do we update this Privacy Policy?
We may modify this Privacy Policy from time to time. Please see the revised date at the top of this page to see when this Privacy Policy was last revised.