Protecting the privacy of your personal information is important to us at ISI Florence. We respect your right to privacy and recognize our obligation to keep information about you secure and confidential.
We adhere to the following GLBA & GDPR principles when processing personal data:
- Data is processed fairly and lawfully;
- Data is processed only for specified and lawful purposes;
- Processed data is adequate, relevant and not excessive;
- Processed data is accurate and, where necessary, kept up to date;
- Data is not kept longer than necessary;
- Data is kept secure and is processed in a manner that ensures appropriate security.
We are the controller and responsible for your data.
We are Committed to Protecting Your Privacy
This commitment is demonstrated by:
- Safeguarding any information that is shared with us by users according to strict standards of confidentiality and security also in place in the U.S.A. and Italy.
- Employing strict standards and safeguards to prevent fraud.
- Not selling information to other companies for marketing purposes.
- Limiting the collection and use of your personal information to the minimum we require to administer the data you send us and deliver quality service.
- Permitting only those employees who are trained in the proper handling of personal information access to your information.
- Requiring employees to undergo GLBA & GDPR Employee Cyber Security Awareness during the fall of every academic year, and immediately upon new employee hires if mid-year.
- Not revealing your information to any external entity unless we have been authorized to do so, are required to by law or have previously informed you via disclosures or agreements.
- Continuing to protect your privacy after your data has been processed.
Collecting Information About You
We collect nonpublic personal information about you from the following sources:
- Information we receive from you on ISI FLORENCE forms, loan application(s), promissory note(s), and financial support statements.
- Information received from schools you attend or formerly attended, such as transcripts or recommendation letters.
- Information received from credit reporting agencies.
- Information obtained in e-mails ISI FLORENCE receives from you.
Managing Information to Serve Your Needs
We do not disclose any nonpublic personal information about you or our other current and former students to anyone, except as permitted by law. For example, we share such information with schools, lenders, and other guarantee agencies and the U.S. Department of Education, as needed to administer your loan in conformance with the law. Nonpublic information may also be disclosed to persons or entities which you have authorized us to contact with respect to your student loan(s), such as your parents or references.
We maintain physical, electronic, and procedural safeguards in compliance with federal regulations to safeguard your nonpublic personal information.
Our Goal is Maintaining Accurate Information
We continually strive to maintain complete and accurate information about you. If you feel that our records contain inaccurate or incomplete information about you, please let us know immediately. We will correct any inaccuracies as quickly as possible.
Where Data is Stored
Your personal information is contained in our offices in locked cabinets in the U.S.A and/or Florence, Italy or in U.S.-based servers behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
Protecting Your Privacy Online
Protecting your personal information online is an essential part of our service to you. For example:
- We validate your identity before we allow online access to your account.
- When collecting information about you online, we employ technologies such as firewalls and data encryption to protect your information from others.
When you send us an e-mail to make a comment or to ask a question, we will use your e-mail address to reply to you and we will store your e-mail address for future communication.
When You Call ISI FLORENCE
Students or applicants who call ISI FLORENCE by phone regarding non-public personal information are required to provide the reception desk with the ID number assigned during the online application process.
Using Your IP Address
When you enter the ISI FLORENCE websites, we may identify the Internet Protocol (IP) address associated with the device you are using, such as a personal computer or handheld device. The IP address does not identify you personally, but it may allow us to identify the device you’re using. We store IP addresses in case we ever need to track a connection to its point of origin for security reasons.
Linking to Other Websites
Links to third-party sites are provided for your convenience. Such sites are not within our control and may not follow the same privacy, security or accessibility standards as ours. ISI FLORENCE is not responsible for the content or availability of third-party sites, their partners or advertisers. We encourage you to review the privacy policies of third parties before providing information on their sites.
Protecting Your Information – How You Can Help
By taking a few simple precautions, you can help safeguard your personal information:
- Keep account information and passwords to yourself. Do not disclose this information to others.
- Never provide personal or confidential information over the telephone to unknown callers.
- Be sure to use a secure browser when doing any business over the Internet. When you have completed your Internet business, exit online applications immediately.
- Maintain current virus protection software on your personal computer. Never open e-mail from unknown sources.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
- We will notify you via email and in accordance with local law requirements
- We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors
What are your rights as a data subject?
We understand how important your data and the processing of it is to you. We, therefore, adhere to the rights of the data subject within the various grounds of Lawful Processing (as defined in the General Data Protection Regulation). These rights include:
- The right to be informed of how personal data is processed
- The right of access to your personal data: You may request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it
- The right to rectification: You have the right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us
- The right to erasure: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request
- The right to object to processing: You may object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms
- The right to restrict processing: This enables you to ask us to suspend the processing of your personal data in the following scenarios:
a) if you want us to establish the data’s accuracy;
b) where our use of the data is unlawful but you do not want us to erase it;
c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it
- The right to data portability: You may request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Rights in relation to automated decision making and profiling: Under the GDPR, you also have a right not to be subject to decisions based solely on automated data processing (including profiling) if the decision produces legal effects on you or significantly affects you
- You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent Should you wish to exercise any of these rights, please do so by contacting us at the details stated below. To better safeguard your data, we will also take reasonable steps to verify your identity before granting access or making corrections to your data. Please note that calls may be recorded for training purposes and of protection of our staff and clients. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.