Prior to collecting your personal data in order to allow the registration to the wireless Internet Service, the access to the wifi connection and to the information about the railway station services, RFI S.p.A invites you to read carefully the following Privacy Notice regarding the protection of personal data. 

Our contact details are shown in this section 

• RFI S.p.A., the Data Controller, is represented by the Chief Executive Officer, with registered office in Piazza della Croce Rossa, 1 – 00161 (Rome), who can be contacted at e-mail address: titolaretrattamento@rfi.it.
• The Data Protection Officer can be contacted at e-mail address: protezionedati@rfi.it.

In this section we specify which categories of data we are asking you for

Following personal data are object of the processing through the website, within the limits of the purposes defined in this information note:

• Data directly collected from the data subject:
  • By means of click through: telephone number;
  • By means of social login: if previously authorized through the provider of the social network (Facebook, Twitter, Linkedin) and, where present: name, surname, date of birth, e-mail, gender, place and, for Facebook only, also number of contacts.
• Data automatically collected during the web browsing:
  • The “wifistation.it” website uses the so-called technical cookies, strictly necessary for the website to function. The technical/IT information acquired during the web browsing are used in an aggregate and anonymous way, with the only purpose to make the web browsing and use quicker. The consent by the data subject is not requested for the use of such cookies. In any case it can be chosen to browse the web without cookies by deactivating them in the browser settings.
  • We also process: information obtained by hotspot positions, mac-address, as well as web browsing data. 

The processing of personal data can be carried out using IT and other tools, in order to ensure appropriate measures for security and privacy. 

In this section we specify the reasons why we are asking for your data

Your data will be processed for the following purposes:

• Data directly collected from the data subjects:
  • By means of click through: are necessary to allow the access to the service (legal basis: contractual).
  • By means of social login: are necessary to allow the access to the service (legal basis: contractual)

• Data automatically collected during the web browsing: are used with the aim of upgrading the service quality and providing statistics about the website use, improving it and enriching the user’s visit experience, as well as ensuring that the provided contents are presented in the most efficient way to the users, according to their device. In addition, the browsing data are collected in order to keep the system efficient (legal basis: legitimate interest).
  The mac-address and the information obtained from the hotspot positions are collected in order to allow your access in the railway stations (legal basis: contractual)

In this section we specify who is going to process your data and to whom they will be provided 

In order to pursue the above mentioned purposes, the provided personal data will be processed by RFI S.p.A. Your personal data will be made accessible only to the subjects who need them in the performance of their tasks or because of their hierarchical job position. These subjects will be properly trained in order to avoid: loss, access by non authorised subjects, non-compliant processing.

Moreover, the data can be used by the Companies of the same Group who carry out instrumental activities on behalf of RFI S.p.A. Such Companies have subscribed a specific contract regulating the committed processings and the obligations in the field of data protection..

In this section we guarantee that your data will not be disseminated

Your personal data will never be published, disclosed or made available/accessible to indeterminate subjects. Some strictly anonymous information can be used, in an aggregate way, to carry out statistical analysis about the number of users and how they use the service, also with the goal of improving it.

In this section we specify how long we are going to keep your data

• With reference to the data automatically collected during the web browsing, we point out that the information obtained from the hotspot positions will be stored in encrypted form and erased every day, while the browsing data will be stored 24 hours and afterwards made anonymous. Technical session cookies will be deleted from the user's device by closing the browser. Persistent ones have an explicit expiration date and they remain inside the user's device even after closing the browser (maximum 1 year), unless the user deletes them before their expiration date.
• With reference to the data directly collected from the data subjects: the necessary data to allow the provision of the service (telephone number and social login data) are stored 24 hours at most from the last access date.

In this section we specify the rights we ensure

The EU Regulation 2016/679 (articles from 15 to 23) grants the data subjects the exercise of specific rights. In particular, in relation to the processing of your personal data, you have the right to request Rete Ferroviaria Italiana S.p.A.:

• The access: you can ask for confirmation whether or not there is a processing of personal data concerning you, as well as more clarification about the information referred to in this information notice.
• The rectification: you can ask to rectify or complete the data you provided us, if inaccurate or incomplete.
• The erasure: you can ask your data to be erased, if they are no longer necessary for our purposes, in case of withdrawal of consent or opposition to the processing, in case of unlawful processing, or if there is a legal obligation of erasure.
• The restriction: you can request your data to be processed only for the purpose of storage, with exclusions of other processing, for the period necessary to rectify your data, in case of unlawful processing for which you oppose the erasure, if you need to exercise your rights in court and the data we keep may be useful to you and, finally, in case of opposition to the processing and a verification is in progress whether our legitimate grounds override yours.
• The opposition: you can object at any time to the processing of your data, unless our legitimate grounds for proceeding prevail over yours, for example for our exercise or defence of legal claims.
• The portability: you can request to receive your data, or to have those data transmitted to another controller indicated by you, in a structured, commonly used and machine-readable format.

At any time you may request to exercise your rights to Rete Ferroviaria Italiana S.p.A. (Data controller), which can be contacted at privacy-dci@rfi.it, or by contacting the Data Protection Officer at protezionedati@rfi.it, or writing to the address P.zza della Croce Rossa n. 1 – 00161 Roma.

Furthermore, in case you consider that your rights have been infringed, you may file a complaint against the Supervisory Authority, which in Italy is the Italian Data Protection Authority.