(Pursuant to art. 13 of European Regulation n. 679/2016)

Prior to collecting your personal data in order to allow the registration to the wireless Internet Service, the access to the wifi connection and to the information about the railway station services, RFI S.p.A invites you to read carefully the following Privacy Notice regarding the protection of personal data. 

I. Data Controller and Data Protection Officer

Our contact details are shown in this section 

  • RFI S.p.A., the Data Controller, is represented by the Chief Executive Officer, with registered office in Piazza della Croce Rossa, 1 – 00161 (Rome), who can be contacted at e-mail address: titolaretrattamento@rfi.it.
  • The Data Protection Officer can be contacted at e-mail address: protezionedati@rfi.it.

II. Personal Data Categories 

In this section we specify which categories of data we are asking you for

Following personal data are object of the processing through the website, within the limits of the purposes defined in this information note:

  • Data directly collected from the data subject:
     By means of click through: telephone number;
    • By means of social login: if previously authorized through the provider of the social network (Facebook, Twitter, Linkedin) and, where present: name, surname, date of birth, e-mail, gender, place and, for Facebook only, also number of contacts.
  • Data automatically collected during the web browsing:
    • The “wifistation.it” website uses the so-called technical cookies, strictly necessary for the website to function. The technical/IT information acquired during the web browsing are used in an aggregate and anonymous way, with the only purpose to make the web browsing and use quicker. The consent by the data subject is not requested for the use of such cookies. In any case it can be chosen to browse the web without cookies by deactivating them in the browser settings.
    • We also process: information obtained by hotspot positions, mac-address, as well as web browsing data. 


The processing of personal data can be carried out using IT and other tools, in order to ensure appropriate measures for security and privacy. 

III. Purpose of the Processing

In this section we specify the reasons why we are asking for your data

Your data will be processed for the following purposes:

  • Data directly collected from the data subjects:
    • By means of click through: are necessary to allow the access to the service (legal basis: contractual).
     By means of social login: are necessary to allow the access to the service (legal basis: contractual)
  • Data automatically collected during the web browsing: are used with the aim of upgrading the service quality and providing statistics about the website use, improving it and enriching the user’s visit experience, as well as ensuring that the provided contents are presented in the most efficient way to the users, according to their device. In addition, the browsing data are collected in order to keep the system efficient (legal basis: legitimate interest).
    The mac-address and the information obtained from the hotspot positions are collected in order to allow your access in the railway stations (legal basis: contractual)

IV. Data Recipients 

In this section we specify who is going to process your data and to whom they will be provided 

In order to pursue the above mentioned purposes, the provided personal data will be processed by RFI S.p.A. Your personal data will be made accessible only to the subjects who need them in the performance of their tasks or because of their hierarchical job position. These subjects will be properly trained in order to avoid: loss, access by non authorised subjects, non-compliant processing.

Moreover, the data can be used by the Companies of the same Group who carry out instrumental activities on behalf of RFI S.p.A. Such Companies have subscribed a specific contract regulating the committed processings and the obligations in the field of data protection..

V. Data Dissemination 

In this section we guarantee that your data will not be disseminated

Your personal data will never be published, disclosed or made available/accessible to indeterminate subjects. Some strictly anonymous information can be used, in an aggregate way, to carry out statistical analysis about the number of users and how they use the service, also with the goal of improving it.

VI. Data Storage

In this section we specify how long we are going to keep your data

  • With reference to the data automatically collected during the web browsing, we point out that the information obtained from the hotspot positions will be stored in encrypted form and erased every day, while the browsing data will be stored 24 hours and afterwards made anonymous. Technical session cookies will be deleted from the user's device by closing the browser. Persistent ones have an explicit expiration date and they remain inside the user's device even after closing the browser (maximum 1 year), unless the user deletes them before their expiration date.
  • With reference to the data directly collected from the data subjects: the necessary data to allow the provision of the service (telephone number and social login data) are stored 24 hours at most from the last access date.

VII. Rights of the Data Subjects

In this section we specify the rights we ensure

EU Regulation 2016/679 (artt. 15 - 23) confers the excercise of specific rights on the data subjects. In particular, with regard to the processing of your personal data, you have the right to ask RFI S.p.A.: the access to your data; the rectification; the erasure and portability of your data; the restriction of processing; the object to processing. In addition, you can lodge a complaint with the Supervisory Authority, the Italian “Garante per la Protezione dei Dati Personali”. At any time, you can ask to exercise your rights to RFI S.p.A., who can be contacted at e-mail address: privacy-DPR-DFV@rfi.it  or applying to the Data Protection Officer, who can be contacted at e-mail address: protezionedati@rfi.it