DATA PROTECTION OFFICER(RPD/DPO- Data Protection Officer), in accordance with artt. 37 – 39 of Reg. UE 2016/679 Has nominated the Data Protection Officer(DPO) reachable from the address of the Holder of the data processor or by mail at firstname.lastname@example.org
DATA PROCESSOR, the list of the data processors according with artt. 4 e 28 of Reg. UE 2016/679 is constantly updated and available by writing at: email@example.com
PURPOSE AND JURIDICAL FUONDATION OF THE TREATMENT
The personal data provided will be processed in compliance with the conditions of lawfulness of the regulation for the following purposes:
- sending information about our courses and services
- sending information about school initiatives and/or of our partners, courses, activities and events that may be of interest to the User
- Marketing purposes (ex. newsletter sending, promotional communications) by automated methods (e-mail, sms)
- Interaction with social networks and external platforms, statistics and viewing of content from external platforms
- For promotional and/or institutional communication purposes and the use of images and videos
The processing is based on the legitimate interests of the Data Officer pertinent to the purposes referred to in the previous paragraphs.
Failure to provide personal data or to give consent (in the cases provided) makes it impossible to exercise these purposes.
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF DATA
Personal data will be communicated to recipients, who will process the data as supervisors (art. 28 of the Reg. UE 2016/679) and/or in their physical capacity acting on behalf of the Controller and the Processor (art. 29 of the Reg. UE 2016/679), for the purposes listed above. In detail, the data will be communicated to:
- Parties that provide IT system and telecommunications management (including e-mail); – studies or company in the context of service reports; – authorities competent for the carrying out of relevant laws and/or regulations of public bodies, upon request; -In the case of administrative and accounting purposes, the data may be possibly be transmitted to commercial information companies for the assessment of solvency and payment habits and/or to subjects for credit recovery. The subjects that belong to the beforementioned categories act as data processing manager, or operate in total autonomy as separate data controllers. The list of data processors is continuously updated and can be requested by writing an e-mail at firstname.lastname@example.org
- Specifically designated people, working at the offices
The data may also be communicated to public authorities or administrations, as far as their specific competence, in compliance with legal obligations.
DATA TRANSFER TO THIRD COUNTRIES AND/OR INTERNATIONAL ORGANISATIONS
Personal data may, if necessary, be transferred to countries of the European Union and to countries outside of the EU, in order to achieve the scope described above
In case, the data will be transferred according to Article 44 – General principle for the transfer; Article 45 – Transfer based on an adeguacy decision; Articolo 46 – Transfer dubject to appropriate safeguards, specifically the data will be transferred.
The intrest party can obtain information about the guarantees for data transfer by writing an e-mail at email@example.com
STORAGE PERIOD OF YOUR DATA AND CRITERIA FOR DETERMINING THE PERIOD
The personal data will be processed automatically and manually, with modes and instruments that ensure the max safety and confidentiality, by subjects in charge to perform it.
The personal data collected will be retained in a way that consent the identification from the concerned persons for a time not longer than the achievement of the purposes for which the data were treated. You can ask our Data Retention by sending a mail at firstname.lastname@example.org
RIGHTS OF DATA SUBJECTS
You have the right, at any time, to ask the Processing Official the access to your personal data (art. 15), the correction (art. 16) or the deletion (art. 17) of them, or the limitation of the data processing (art. 18) or the notification requirement in the event of rectification and deletion of personal data or the limitation of data processing (art. 19) or the opposition to their processing based on legitimate interest (art. 21).
The data subject also has the right, if the personal data is processed automatically and were provided based on his consent or if the processing is needed to perform the contract, to receive in a structured format, commonly used by an automatic device his personal data and has the right to pass this data to another Data Controller without any interference from the controller whom you provided them. This right should not apply where processing is based on a different legal basis (art. 20).
Withdrawal of consent. Processing has no legal basis in consent but in legitimate interest. When the processing of personal data is based on the consent, you have the right to withdraw it at any time without compromising the processing lawfulness based on your consent before the withdrawal.
You can claim your rights as expressed in EU 2016/679, by addressing the Official, sending an e-mail at email@example.com or by writing a registered letter from/to to the office of the Data Controller indicated above.
You have the right to lodge a complaint with a supervisory authority.
SUBJECTS TO WHOM YOUR DATA MAY BE COMMUNICATED
Your personal data may be communicated to specific parties deemed recipients of data, where natural or legal persons are to be considered as such, public authority, the service or another body receiving communication of personal data, whether or not they are third parties. In this respect, in ordet to correctly implement all the processing activities necessary under this Policy, the following parties may be in a position to process your personal data:
Third parties which perform part of processing and/or activities connected with or instrumental to the processing on behalf of the Controller or Joint Controller. These subjects have been appointed as Data Controllers, so a natural or legal persons, public authority, service, agency, or any other body which, alone or jointly with others, has decision making powers with respect to data processing;
Individuals, employees and/or collaborators of the Data Controller who have been authorized to carry out specific and/or multiple Processing activities using personal data. These individuals have been given specific instructions concerning the security and correct use of personal data and are defined as persons who, under direct authority of the Controller or Processor, are authorized to process personal data;
Companies with which the Data Controller or the Joint Controllers have established collaborations because of a contractual relationship;
società con cui il Titolare o i Contitolari del Trattamento hanno instaurato collaborazioni in virtù di un rapporto contrattuale;
Where required by law or to prevent or repress the commission of a crime, your Personal Data may be disclosed to public bodies or judicial authorities without the public bodies being defined as Recipients. The Regulation states that public authorities that receive communication of Personal Data in the context of a specific investigation conducted in accordance with the law of the European Union or the Member States are not considered Recipients.
Last update: 03/05/2023