DISPOSIZIONI SULLA PROTEZIONE DEI DATI PERSONALI – INFORMATIVA AI SENSI DEL REGOLAMENTO UE 679/2016
Italiaidea srl, based in Roma, Corso Vittorio Emanuele II, 184, P.IVA 04291281006, email: firstname.lastname@example.org, phone numbers: 06-69941314, 06-69294455, 335-8269915 (hereinafter referred to as “Manager” o “Operator”) manages, under the name Italiaidea, Italian language and culture courses for foreigners, as part of the activities of historic Italian language and culture school. The manager decides, as the order-holder in accordance with the law, the purpose and the tools for processing the personal data of the users-clients and, ultimately, is responsible for processing and protecting the data in compliance with the legal, national and Community provisions.
Killogroup srls, located in Milano, P.zza Prealpi, 4, is the data controller on behalf of Italiaidea srl and in its capacity of the protection and safety of the personal data and information of the customer-client and it can be contacted at: +390256569264, email@example.com.
The owner-manager believes that data protection is a very serious matter and therefore wishes to communicate correctly, completely and transparently, as it proceeds on the personal data protection of its users-clients. When enrolling in an Italiaidea course, a series of personal data are necessarily entrusted to the owner-manager. Personal data are all types of information that can be connected, directly or indirectly, with a natural person. These include, among other things, the name, the residence, the e-mail address, the telephone number, the profession. In addition, the IP address or any information on the use of a PC can also be considered as personal data under certain circumstances. The owner-manager illustrates below the Italiaidea customer-client (hereinafter referred to as the “user” or “customer”) how data are collected, for which purpose, and to whom such data can be transmitted. Finally, the operator informs the user about his rights and about the internal provisions relating to data backup.
This provision on data protection is an integration of the General terms and conditions of contract and regulation to register to an Italiaidea course and is to be considered as an integral part of it, and it applies to the use of the school’s services, directly connected to it and for its use, as well as services offered on web platforms or elsewhere, always referable to Italiaidea. The data protection provision that is available online or in hard copy and is valid at the time of the actual visit of a user or at the time of the concrete use of the services offered by Italiaidea. With the use of the services offered by Italiaidea and with the formal registration to a language or culture course or with the use of other services or services attributable to Italiaidea, the user-client grants full consent to the following provision and regulation for the protection of personal data and endorse, in full and without reservation, every clause, appearance and method. Failing that the use of the services offered by Italiaidea are not permitted: therefore the user is not obliged to communicate and consent to the processing of data, in the knowledge that, in this case, he / she will not be able to access the service offered by the school. The user may revoke his/her consent to this provision on the protection of personal data in writing at any time (see section VII) and / or contact the data controller or data supervisor for any need.
II. DATA COLLECTION
The manager collects personal data during the registration / registration and use of the services offered by Italiaidea. In order to show the user how his/her data are processed, the operator lists below the three ways in which the user’s personal data are collected.
1 Data communicated by the customer-user to the operator.
When the user-client registers for a Italiaidea course, he / she communicates information about his / her person to the manager. The personal data in this category are communicated in an active way by the user, for example by completing the registration form, by contacting the school’s assistance or by means of the feedback that the user communicates through functions specifically set up in computer.
For the purpose of completing the correct procedure, the customer-user, at the specific time of registration provides, according to the Italiaidea Regulation, all the personal data requested in the registration form
2. Data collected during the use of the school service.
The data communicated are saved by the operator to identify the user-client and to ensure the regular and optimal supply of the school services. The manager saves information when the user contacts the manager in order to help the user and better answer his questions, for example when the user sends an e-mail to the school’s customer assistance. The manager can also use anonymous and aggregated data related to these requests for the improvement of services.
During the use of the school services, the manager can gather additional information about the user-client and about his activity in the context of the Italiaidea services. These include:
a. Contact details: the manager collects contact information such as name, age, residence address, email address, telephone number and any addresses associated with the user’s account. The manager uses the contact details in order to communicate directly with the user about the services purchased and sold through the school and about questions or problems raised by the user-customers.
b. Comments and opinions: When the user directly contacts the manager, for example by e-mail, telephone, post or through an online form, the manager can register requests, comments and opinions. The manager will also record comments and opinions expressed by the user when responding to surveys, participating in promotions or posting in the message areas. The manager uses comments and opinions to answer questions, problems and issues raised by users and to improve, where possible, the services offered by Italiaidea.
c. Payment information and transactions: the manager records the products purchased or sold through Italiaidea, who bought the service and the total amount of the transaction, in addition to the payment methods.
d. Technical information about the device and the user’s Internet connection.
Using the server’s logs and other web tools, the operator, through his own website, can collect information on the device and internet connection of the user-client, including the operating system, browser version, IP address, cookies and other unique identifiers. To analyze how the services of the manager are used, the technical information is generally processed as aggregated data. However, the aggregated data can also be linked to the user’s account to adapt Italiaidea’s services to the device used by the user.
e. Information on the use of the Italiaidea services.
The manager can record the user’s activities, for example login and logout from the user account on the Italiaidea website, purchase of services and courses Italiaidea, attendance to courses electronically and on paper. The manager also saves information about the user’s visits to the Italiaidea website. The manager uses all this information, among other things, to prevent abuse and to improve Italiaidea services.
f. Information on fraudulent or criminal activity related to an account: the manager uses information on fraudulent or criminal activities related to the use of the service in order to identify and prevent fraud or crimes and to promptly inform the competent authorities.
g. All personal information and sensitive data: the manager uses all the personal information collected to implement, monitor and improve the school service, procedures and processes. The manager also uses the personal information collected to develop new products and services, to resolve disputes with users, to provide support to users, to solve problems and apply the correct terms of Italiaidea Regulation and policies, including that on privacy .
The specific type of activity carried out by Italiaidea requires a series of sensitive data to be acquired from the client-users, especially regarding personal characteristics, any relevant medical information or other information that allows, in full compliance with the Italiaidea regulations and rules of general law, the choice and destination of the client-users, with any Italian host families, which, in turn, provides the same information and data to the owner-manager, by virtue of the same purposes. Although considered sensitive data, Italiaidea states and clarifies that it does not record and does not process data concerning information about religious beliefs or other personal beliefs, about sex life, racial or ethnic origin, union membership and / or crimes. In the event that sensitive personal information is provided to the service, the user confirms that he/she has deliberately communicated this information on his/her own will and gives permission to process such data by signing the appropriate consent form.
III. PURPOSE OF THE DATA PROCESSING
The owner-manager process the user-customer data for the following purposes.
Summary of the objectives: The manager processes the user’s data for 1) to provide Italiaidea’s services and, therefore, on a contractual legal basis, with the primary purpose of satisfying the requests of the client-users, from a purely commercial point of view; 2) to improve and further develop Italiaidea’s services, with constant attention to user-client needs; 3) to know the trend of the reference market; 4) to prevent, stem and ascertain the possible abusive use of Italiaidea’s services, especially on the web platform.
Di seguito vengono indicati gli scopi dell’elaborazione dei dati, in dettaglio.
1. Supply of services
In order to offer their own educational services, based on the conclusion of a contract (legal basis of acquisition), the manager must acquire the customer’s personal data and information, as well as a limited set of sensitive data.
2. Improvement and development of Italiaidea services
The manager uses information to improve the school services, for example by making the registration procedure on paper, the online registration, login or payment procedure as simple as possible for the user. The manager transmits to the user messages regarding upcoming changes or improvements of Italiaidea’s services, possibly using his/her e-mail address or through other notification.
3. Advertisement, offers and personalized advices
The manager can put advertisements on his/her platform or collaborate in the promotion, advertising, and optimization of his own or third party advertisements with external partners.
4. Analysis of market trends
The manager analyzes the data to better understand the trends and to adjust and continue to develop Italiaidea’s services. The analysis of trends can be performed by the manager himself or by third parties who, on behalf of the manager, process the data. Collaboration with third parties for data interpretation is based on data processing agreements in full respect of confidentiality and integrity.
5. Prevent and ascertain the abusive use of Italiaidea’s services
The manager can use the information to prevent in any possible way the abusive use of the Italiaidea’s services, especially with regard to the web platform
IV. THIRD PARTIES USE OF DATA
For all services that use social networking features, such as Facebook’s Like button or Google’s +1 button, it should be noted that Facebook and other social network providers may collect data about the user-client even if he/she is not registered on a page or if he/she has consented to the exchange of data. Through the use of popular features, such as the “Like button” of Facebook or the “+1 Button” of Google, providers of these services can obtain data on visits to certain pages or on the use of internet by the client-user. More detailed information on this can be found in the directives on the use and data protection of each individual supplier.
(ad esempio http://www.google.at/intl/de/policies/privacy/,
Third parties to whom data have been transmitted pursuant to the provisions of Point V may collect and use such data for the improvement of their services or for analysis purposes. The publication of data is only possible in aggregate form.
V. TRANSMISSION OF PERSONAL DATA
The operator will not share, sell, transfer or make personal data accessible in any way different from what is described in this data protection provision, unless the operator is called to do so by law or the user has not given explicit authorization .
The transmission of personal data is only possible for the following reasons:
1. Data transmission to third parties:
The manager may possibly share personal data with digital-social platforms such as Facebook, Instagram, to which data are transmitted for the sole purpose of pursuing the business objectives of Italiaidea, already indicated.
The manager may transmit personal data to the police or other authorities if there is a suspicion of illegal behavior linked to the use of the Italiaidea services and if there is a court order or a provision of the administrative authority. The disclosure of personal data to other third parties is possible if they can demonstrate a prevalent legal interest in determining the identity of a user and a certain illegal circumstance and if they are able to demonstrate that knowledge of such information constitutes an essential premise for the legal proceeding.
The foregoing does not preclude the operator from using service providers who process data for the operator on the basis of a related service agreement. The service provider to whom personal data is transferred for processing (for example to make payments or to save information on your server) may process the data only for the purposes indicated in this provision and relating to the protection of data.
VI. CANCELLATION OF DATA AND ACCOUNT
The user is authorized to have his data and his account deleted at any time and without any reasons. The request must be sent to the address firstname.lastname@example.org With the cancellation of data and account, all personal and/or sensitive data are deleted. The manager reserves the right to keep personal data relating to a customer or a closed account. This may be due, among other things, to the application of the General Terms of Contract / regulation, in compliance with the provisions of law, to support investigations, to the implementation of current business or to the settlement of disputes. When the retention of personal data is no longer necessary for the operator, he will destroy them immediately.
The operator informs all the recipients to whom the data have been transmitted the request for cancellation by the user, unless this is not impossible or involves a disproportionate expense. It should be remembered that the timely cancellation of search results in search engines cannot be guaranteed by the operator.
If the user, under the provisions of the law, uses the right to cancel, correct or delete, he / she is entitled to correct and / or cancel his / her personal data, at any time and without motivation; if the user decides to withdraw his consent to the data protection provision, he/she may send a request to the manager-holder indicated at the beginning of this document. The processing of the user’s request described in this point can take up to 8 weeks.
VII. LENGTH OF DATA PROTECTION
The manager does not save personal data for a period longer than required for the fulfillment of the contractual and commercial purposes indicated above and in any case for a maximum amount of time equal to the permanence of the user-client registration in the school. The personal data of the users are deleted and made anonymous when they are no longer relevant for the purposes indicated. The manager saves personal data until the user has been deleted or until the user has issued a declaration of revocation pursuant to point VI or until the data are required for the provision of the services of Italiaidea or until there is a legal limitation of any kind.
VIII. ACCESS AND RECTIFICATION OF PERSONAL DATA
The user has the following rights in relation to his personal information: (i) the right to be informed about how to use his personal data; (ii) the right to access the personal information that the Italiaidea holds; and (iii) the right to request the correction of inaccurate personal data concerning him/her and to request the block, suspension of use or cancellation of his personal data at any time and without any reason or when processing is not in compliance to local and community data protection laws.
IX. FINAL ARRANGEMENTS
1. Change of data protection provision
When the manager changes this data protection provision, the modified version is published with the date of the updated version. No explicit warning is sent to the modification of the data protection provision. It is necessary to periodically check that no changes have been made to the data protection provision. In the event that the user does not agree with the changes, he / she will be free to request the cancellation of the registration or account or to revoke his authorization to the provision for data protection (see point VI).
The manager, by implementing all appropriate security measures according to the law, is not liable for unauthorized access to the user data, for example by hackers or system errors.
3. Applicable law
Only Italian law applies. The exclusive court of jurisdiction is the court of Rome, Italy
The user has the right, at any time, to lodge a complaint with the competent Authority, for the purposes of protection of his right to privacy, pursuant to Article 58 of the EU Regulation 679/2016 and according to the methods best described on the website of the Italian guarantor authority (www.garanteprivacy.it).
5. Safeguard clause
In the event that individual provisions of this Data Protection Arrangement are ineffective or unenforceable, or become ineffective or unenforceable after conclusion of the contract, this will not compromise the effectiveness of the contract. The rule deemed invalid or unenforceable must be replaced by a valid and applicable one, which reflects as much as possible the economic purpose pursued by the contracting parties with the original rule which is not valid or not applicable. The above rules apply if the contract is not complete.
(Informativa estesa come da Provvedimento del Garante per la protezione dei dati personali n. 229/2014)
COSA SONO I COOKIES
I cookies sono file che possono venire salvati sul computer dell’utente (o altri dispositivi abilitati alla navigazione su internet, per esempio smartphone o tablet) quando lo stesso visita un sito web. Di solito un cookie contiene il nome del sito internet dal quale il cookie stesso proviene e la c.d. “durata vitale” del cookie (ovvero per quanto tempo rimarrà sul dispositivo dell’utente). I cookie possono essere impostati dal nostro sito web (cookie di prima parte) oppure da altri siti/servizi web integrati nel nostro sito (cookie di terze parti).
TIPOLOGIE DI COOKIES
Questa tipologia di cookie permette il corretto funzionamento di alcune sezioni del sito. Sono di due categorie:
– permanenti: una volta chiuso il browser non vengono distrutti ma rimangono fino ad una data di scadenza preimpostata o finché l’utente non li elimina;
– di sessione: vengono distrutti ogni volta che il browser viene chiuso.
Questi cookie sono necessari a visualizzare correttamente il sito e in relazione ai servizi tecnici offerti, verranno quindi sempre utilizzati e inviati, a meno che l’utenza non modifichi le impostazioni nel proprio browser. Gli interessati che non volessero conservare questi cookies potranno cancellarli dopo la navigazione semplicemente andando nelle impostazioni privacy del proprio browser di navigazione e selezionando l’opzione di eliminazione dei cookies.
Cookies di prestazione o di performance
Raccolgono e analizzano le informazioni sull’uso del sito da parte dei visitatori (pagine visitate, numero di accessi, tempo di permanenza nel sito, ecc.) per fornirti una migliore esperienza di navigazione. Questo tipo di cookie non raccoglie alcun tipo di informazione che può in qualche modo identificarti. Tutte le informazioni raccolte sono anonime e usate solamente per migliorare l’utilizzo del sito. Questi cookies non sono usati per finalità di natura commerciale.
Cookies di terze parti
Questi cookie vengono impostati da domini diversi da quello indicato nella barra degli indirizzi del browser, ovvero da organizzazioni che non corrispondono ai proprietari dei siti Web.
Cookies di profilazione comerciale
Attraverso questo tipo di cookies possono essere raccolte informazioni relative all’utente da utilizzare al fine di inviare messaggi pubblicitari in linea con le preferenze manifestate dallo stesso nell’ambito della navigazione in rete (profilo).
Il presente sito internet non utilizza Cookie di profilazione commerciale.