Personal data protection policy
Information regarding the processing of personal data
According to art. 13 EU Regulation n. 2016/679 (hereinafter “GDPR”) we inform you that your data will be processed in the following manner and for the following purposes:
1.Subject of processing
The Holder processes personal identification data (for example, name, surname, address, telephone, email, bank and payment references and other personal data relating to the selection process, such as educational qualifications, reference letters, identity documents, etc.) communicated by you through filled-in paper forms and/or available on the website managed by the undersigned.
2.Purpose of processing and legal basis
to provide services requested by the undersigned, which is a management training school, and in particular provide services requested by the user or available on the portal managed by Società Italiana Management; the legal basis is the execution of a contract of which the interested party is a party or the execution of pre-contractual measures adopted at the request of same;
fulfill contractual, legal or obligations of regulation or community legislation and to fulfill accounting and tax and administrative obligations; the legal basis to fulfill a legal obligation to which the owner is subject;
send information on courses/events; the legal basis being express consent; in the case of information on courses/events of a similar nature, the pursuit of legitimate interest by the data controller, pursuant to the provisions of art. 130, paragraph 4 of the Privacy Code (Legislative Decree No. 196/2003) and by provision of the Guarantor Authority for protecting personal data of June 19, 2008, even in the absence of explicit consent.
3. Methods and duration of treatment
The data collected by completing online forms are processed electronically and by means of management information systems. The data collected may be processed in aggregate form for statistical purposes and to verify quality standards of services offered, in this case excluding processing of identification data.
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data is subject to both paper and electronic and/or automated processing.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and will be kept for the time prescribed by civil and fiscal regulations, as well as for historical and statistical purposes.
4. Access to and communication of data
Your data may be:
– known to employees and collaborators of the Data Controller, in their capacity as appointees and/or system administrators;
– communicated to third-party companies or other parties (for example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that carry out outsourcing activities on behalf of the Data Controller;
– communicated to employers for reaching objectives, certifying bodies, universities, research institutes, police headquarters, embassies, computer digitization companies, public and private structures for institutional purposes and job placement, even outside the EU;
– used for possible future information and promotional communications, subject to consent.
5. Data Transfer
Personal data is stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures that data transferred outside the EU data will be transferred in compliance with applicable legal provisions, subject to stipulation of the standard contractual clauses envisaged by the European Commission.
6. The Nature of provision and consequences of refusing to answer
Providing data required for the purposes referred to in point 1, letters a), b), is necessary for conducting activities properly and for effective management and provision of services connected to them. Providing data in fields marked with an asterisk (“*”) is mandatory in order to conclude the contract or for providing the services requested.
7. Rights of the interested party
The interested party has the right to obtain confirmation that processing of personal data concerning him is in progress and, in this case, he has the right to obtain access to the data, rectify, cancel or limit processing of same, has the right to object to processing at any time, even in the case of processing for direct marketing purposes and automated decision making; furthermore, the right to portability, revocation of consent without prejudice to the lawfulness of processing based on consent before revocation, and to make a complaint to a supervisory authority.
8. Exercising Rights
You may exercise your rights at any time by sending a written request to:
Società Italiana Management
Via del Castro Laurenziano, 9 – 00161 Rome, Italy
9. Data Controller
The Data Controller is Società Italiana Management
Via del Castro Laurenziano, 9 – 00161 Rome, Italy.