Privacy notice
Privacy notice

Privacy notice on the processing of personal data of users of the and   website

Information pursuant to Articles 13 and 14 of Regulation EU 2016/679 (hereinafter “GDPR”)


Luiss Business School is the business and management school of Luiss Guido Carli University and, as the Data Controller (hereinafter also “LBS” or “Data Controller”), is committed to respecting and protecting your privacy, and ensuring that you to feel safe when browsing the website. On this page, the Data Controller provides you with information about the processing of personal data of subjects (hereinafter “Users”) who browse or consume the and website.

This privacy notice is provided only for the Controller’s website and sub-domains/sections and does not apply to external websites that may be hyperlinked on the Data Controller’s website (kindly refer to these privacy notices). Copying and/or using pages, material, and information enclosed on the website is not authorized without the prior written consent of Luiss Business School. Copying and/or printing of the website content is permitted for personal and non-commercial use only (contact the Controller using the contact details below for further questions or clarifications). Other uses of the content, services, and information on this website are not permitted.

Luiss Business School will endeavor to periodically update and revise this privacy notice, without offering any warranty as to the adequacy, accuracy, or completeness of the information provided by explicitly disclaiming any liability for any errors or omissions in the information displayed on the website.

Origin – Browsing Data

Luiss Business School informs you that the personal data provided by the User when requested to share information and/or contact details, through smartphones or any other tool used to access the Internet, and so-called User’s “browsing” data of the website will be processed in compliance with regulations. The computer systems and software procedures used for the operation of this website implicitly collect personal data when using the Internet.

This information is not collected to identify the User, nonetheless by its very nature could be made possible through data processing held by the Data Controller or third parties. This category of data includes: the “IP addresses” or domain names of the computers used by users who connect to the website, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method to submit requests to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.), and other parameters relating to the user’s operating system and computer environment. This information is used for the sole purpose of obtaining anonymous statistical information on the use of the website, and to verify the proper functioning of the website of and Please note that the aforementioned information may be used to ascertain responsibility in case of cybercrimes against the Controller’s website or other related or hyperlinked websites.

Origin – Data Provided by the User

Luiss Business School collects, stores and processes your personal information in order to provide requested information on Courses, Degree Programs, Services, Events, etc. offered by the University. Personal information will also be collected via voluntary or requested emails sent to the addresses indicated in the website sections, communications made through social network channels, and call centers to respond to requests.


By subscribing to the newsletter, you agree to receiving periodic communications and updates on your topics of interest and activities offered by the Controller via email.

These communications may allow us to collect information related to the date and time that the recipient views the messages and accesses the information related to the links included in the messages.

The purpose of collecting this information is to understand the subject’s interest, improve the quality of the communications sent, and adapt these to the subject’s needs. Please note that you can unsubscribe at any time by clicking the link at the bottom of each email.

Purpose of Processing Data and Legal Basis

Data is processed for the following purposes:

  1. creating an account and managing restricted areas of the website;
  2. strictly related and necessary to the management of contacts or information requests;
  3. for pre-contractual and contractual fulfillments related to the request to participate in courses, educational or institutional events, open days, seminars, social and or other initiatives promoted by  the University that may be of interest to the User;
  4. collect information related to the User’s choices when browsing the website to send communications that align with the preferences expressed;
  5. related to the fulfillment of obligations provided by the European and/or national regulations, the protection of public order, the detection of cybercrimes as well as to comply with European and national legislation and the provisions of the Supervisory Authority;
  6. improve the quality of communications sent by Luiss by identifying the User’s interest(s) in the content of newsletters and, more generally, to improve the School’s communications model.

The provision of information for the purposes outlined in points 1), 2), and 3), related to a pre-contractual and/or contractual phase or functional to a User’s request or provided for by a specific regulatory provision, is mandatory. Failure to do so it will not be possible to receive information and access any services requested. With regards to point 4), the legal basis is the User’s consent. Regarding point 5), the legal basis of such processing is the legal obligation, and for point 6), the legal basis is the legitimate interest of the Controller to improve the quality of its communications. LBS may send promotional communications relating to products and/or services similar to those already provided, pursuant to article 130 c. 4 of Legislative Decree 196/03 (hereinafter the “Code”), using the email provided by the User on such occasions to which they may object in the manner and at the contact details indicated in the Rights of Data Subjects section.

Methods of Data Processing, Storage Times, and Security Measures

Information processes are executed by electronic or automated means, and are carried out by the Data Controller and/or third parties that the latter may use to store, manage, and share the data. Information processing will be carried out for the organization and processing of the User’s personal data, also related to the records originated from the access and use of the services made available via the website, content and services used related to the purposes indicated above and, in any case, in such a way as to guarantee the security and confidentiality of the data.

The Data Controller stores the data subject’s personal information for a period of time according to the law (e.g., 10 years from the termination for data originating a contractual relationship, until the User unsubscribes to the newsletter, 12 months for the data processed for profiling activities, normally maximum 30 days in relation to browsing data that is collected for the operation and maintenance of the website).

In accordance with Article 33 of the GDPR ensuring the security and protection of personal information, the User is advised to promptly report to Luiss any incidents that may result in a potential data breach in order to conduct immediate investigation and action to counter the data breach, by contacting


Cookies are small text files created by a web server while a User is browsing a website, stored on a User’s  computer (smartphones/tablets or other devices used to surf the Internet), and then transmitted to the website the next time the same User visits. A cookie cannot retrieve any other data from the User’s hard-drive or transmit computer viruses or acquire email addresses. Each cookie is unique to the User’s web browser and device used to surf the Controller’s website. Generally, cookies, including “pixel and/or web-bacon”, may be necessary to improve the operation of the website and the User’s experience in consuming the website content and using its services. These cookies allow us to monitor how Users use the website which helps to conduct investigations, improve operations, and create content that is tailored to the User’s needs and preferences.

For example, analytical cookies are used to understand how visitors interact with the website and provide information on metrics such as traffic source (e.g., most and least frequently visited pages), number of visitors, average time spent on the website, and how visitors arrive on the website. In this way, it is possible to determine what works best, what content is most liked, and how the content and functionality of the pages can be improved. To investigate how our visitors use the website, we employ services offered by Third Parties to collect, aggregate, and analyze data. These cookies have a limited lifespan. Collected information is used by the Data Controller in aggregate and/or anonymous form, e.g., to monitor and analyze the use of the website, improve its functionality, and more accurately choose the content and layout to meet Users’ needs. In any case, if for any reason you prefer that these specific cookies are disactivated, Google provides a free opt-out add-on that can be installed on major browsers (see You can visit the “All about cookies” website for further information on cookies and how those work. If you wish to block or delete cookies from the website, you can do so by changing your browser settings. We remind you that if you choose to disable all cookies, the necessary, functional, and performance cookies will also be blocked which may cause inconveniences when browsing the website. For example, you can visit the public pages of the website, however you may not have access to restricted areas.

Read about Cookies used by the website on the Cookie Policy.

Interacting with social media networks and external platforms

Through widgets and buttons, the website may be hyperlinked to external platforms and social media networks. In this case, the collected information depends on the profile settings of the User on each social media platform and not on this website’s admin, especially if the User has their profile open on these platforms. Links to Facebook®, YouTube®, LinkedIn®, Instagram®, Twitter®, LiveChat®, TikTok® (and links to other social media platforms that may be introduced over time) allow you to interact with LBS pages present in social media to share ideas, opinions and topics on the website, and may result in the collection of User data. Please note that you may post on the content published on LBS social media channels. Before interacting with such areas, carefully read the Terms of Use of the social media platform and note that under certain circumstances, the information you post may be viewed by anyone and any information you include in your posts may be viewed, collected, and used by third parties. Further information can be acquired from the service providers’ websites. Please note that when browsing these websites, your personal information is not managed by LBS and whose intervention is limited to making the link available using buttons on its website.

Areas of Communication and Transfer of Data.

For the abovementioned purposes, Luiss Business School may share with and have Users’ personal information processed, in Italy and abroad, by third parties with whom it has an agreement, where these third parties collaborate or provide services at our request. We will only provide these third parties with the information necessary to perform the requested services by taking all measures to protect personal information. Data may be transferred outside the European Economic Area if this is necessary for the management of your contractual relationship or to provide you with a service you have requested. In this case, protection and security obligations equivalent to those guaranteed by the Controller will be imposed on the recipients of the data and in any case in compliance with the requirements of Chapter V of the GDPR. In the case of using services offered directly by Partners, we will only provide data that is strictly necessary for performance. In any case, required data only will be shared and the warranty applicable to data transfers to third countries will be applied where required. In addition, personal information may be shared with the public authorities to comply with regulatory obligations or for the ascertainment of responsibility in case of cybercrimes against the website as well as third parties (as managers or, where they are providers of electronic communication services, independent holders) providing computer services (e.g., hosting services, website management and development) which LBS uses to perform tasks and activities for the functioning of the website.

Subjects belonging to the abovementioned categories operate as separate Data Controllers or as Data Processors appointed for this purpose by the Controller pursuant to Section 28 of the GDPR. In addition, personal information may be processed by employees/consultants and those who collaborate with LBS who, having been authorized, are specially instructed and appointed as Data Processors pursuant to Section 29 of the GDPR and Section 2 quaterdecies of the Italian Data Protection Code.

Rights of Data Subjects

In the definition of the GDPR, Users or Data Subjects are granted the rights set forth in Articles 15 to 22 of the GDPR. In particular, the Data Subject has the right at any time to withdraw consent to the processing of data, to request its rectification, updating, transformation into anonymous form, to limit even partially its use, to request its portability, where applicable to the processing carried out by the Controller, and its possible deletion as well as not to be subjected to a fully automated decision, including profiling. The rights are exercisable to the extent that the processing is not mandatory by provisions of law or regulation.

In addition, the Data Subject may submit a complaint to the Supervisory Authority pursuant to Article 77 of the GDPR.

If the Data Subject wishes to exercise the rights recognized by the law, they must send an email at or write to the Controller, Luiss Business School, ref. Privacy – DPO, at Via Nomentana, 216 –  00162 Rome, specifying their request and providing the information necessary for the identification of the petitioner.

Data Controller and Data Protection Officer.

The Data Controller is Luiss Business School, Via Nomentana, 216 –  00162 Rome.

The references of the Data Protection Officer (RPD or Data Protection Officer, DPO) are mentioned in the above paragraph.

The User’s Use of the Website, including via tablets and/or smartphones, implies full knowledge and acceptance of the content and any indications included in this version of the policy published by the Controller at the time the website is accessed. LBS warns that this policy may be modified without notice and therefore, recommends it is consumed periodically.

This privacy notice is updated as of October 2022.