(Information on the processing of personal data of the Data Subject)
1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The Data Controller is EUROGRANDINE S.r.l., VAT No. 11507590013, with registered office in Turin (TO), Via G.B. Feroggio n. 12 – 10151; tel. 01119476971; e-mail: email@example.com, hereinafter referred to as “Data Controller”, “Data Controller” or “EUROGRANDINE”.
2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER
The Data Controller has appointed Mr. Rudy Caltagirone as Data Protection Officer (DPO), whose contact details are: firstname.lastname@example.org.
3. PURPOSE, LEGAL BASIS OF THE PROCESSING AND COMMUNICATION OF PERSONAL DATA
The purpose is the purpose for which personal data are processed. The data of users who make use of the site and the e-commerce relating to the acquisition of training courses for Tirabolli are used for the following purposes:
(a) NAVIGATION AND INTERACTION SERVICES WITH THE WEBSITE AND E-COMMERCE:
PURPOSE OF THE PROCESSING: the correct and complete execution of the assignment entrusted and the use of the services, i.e. navigation on the site, replying to messages, sale and use of the courses through the e-commerce, as well as the correct management of the fulfilments imposed by the regulations in force.
LEGAL BASIS OF THE PROCESSING: the processing is based on the execution of pre-contractual measures or contractual obligations, the communication of the data is necessary for the establishment of the relationship and in order to fulfil the mandate.
b) PROMOTIONAL ACTIVITIES (NEWSLETTER):
PURPOSE OF THE PROCESSING: to receive, also through the newsletter, promotional communications regarding industry news and/or the organisation of new training courses.
LEGAL BASIS OF THE PROCESSING: the processing is based on the Owner’s legitimate interest in sending direct marketing communications to those who have already established a relationship with the Owner (e.g. participation in courses) and who are therefore presumed to be interested in keeping up-to-date on the news proposed. The communication of data may be revoked at any time, but without the provision of data it will not be possible to provide the marketing service.
For those who come to the Controller’s website for the first time and/or who have never established a relationship with the same, processing is based on free, explicit and informed consent given for this specific purpose and until revocation. The provision of data is not compulsory, but without it it will not be possible to provide the marketing service.
At any time you can re-read the information notice and change the consent previously given, check and/or change the status of the active services and possibly request additional services.
4. RECIPIENTS OF PERSONAL DATA
The data will not be disclosed, but communicated to Third Parties/Partners where necessary for the provision of the service, as well as to subjects who carry out tasks of a technical or organisational nature on behalf of the Data Controller that are instrumental to the provision of the services requested; these subjects have been authorised as Data Processors through a specific written deed. The categories of recipients of personal data are: insurance companies, IT operators, providers, communication agencies, professional firms and business consulting companies, banking and insurance institutions.
5. DATA RETENTION PERIOD AND CRITERIA USED TO DETERMINE IT
Users’ personal data will be kept for a period of time no longer than is necessary for the purposes for which they were collected and processed. In particular, the user/customer’s personal data will be kept and processed as long as the user maintains his/her user account; data processed for marketing purposes will be kept and processed as long as the user/customer maintains his/her subscription to the newsletter, in compliance with the principles of proportionality and necessity.
6. RIGHTS OF THE DATA SUBJECT AND RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
The Data Subject may at any time, by sending a communication to the references listed above, exercise his/her rights, including
– revocation of consent
– access to personal data
– rectification of personal data
– cancellation (right to be forgotten) of personal data
– restriction of the processing of personal data
– opposition to the processing of personal data and portability of personal data
– the right to lodge a complaint with the Garante per la Protezione dei Dati Personali and/or another Guarantor Authority, should you believe that your rights have been violated by the Controller and/or a third party.
7. PERSONAL DATA PROCESSING METHODS
The personal data sent through the registration procedures for our services are processed using mainly electronic instruments, recorded and stored on electronic databases and specific security measures are observed by the Data Controller to prevent the loss of data, unlawful or incorrect use and unauthorised access. Processing for marketing purposes will take place by means of electronic mail, which will also be used for the purpose of direct sales of requested services.
8. PLACE OF PROCESSING
The personal data provided by the data subjects may be processed at the registered office of the Data Controller and at the premises of authorised data processors, stored on servers in the territory of countries belonging to the European Union (EU) in compliance with the legislation on the protection of personal data.