This Policy regarding the processing of personal data has been prepared and are provided by Scuola di Fallimento S.r.l. srl a socio unico (a sole member limited company) as Controller, in accordance with articles 13 and 14 of Regulation (EU) 2016/679 on the protection of personal data of individuals (“Regulation” or “GDPR”), to Users who consult the website http://www.scuoladifallimento.com (“Website”).
The following policy is provided for the website http://www.scuoladifallimento.com and for those hosted on third-level domains *.scuoladifallimento.com. It is not valid for other websites that may be consulted by Users via links. The Controller will collect and process the types of data listed below, in accordance with the provisions of the Italian Data Protection Code and the GDPR.
I. Controller and contact information.
Scuola di Fallimento S.r.l. a socio unico, with registered office in Modena (MO), in Piazza Roma 30, Public Certified E-mail (PEC): email@example.com and e-mail: firstname.lastname@example.org, VAT Reg.: 03861170367.
II. Processing Methods
The Controller will process the personal data provided by and/or collected from data subjects, using analog, IT and/or data transmission tools, adopting adequate security measures aimed at preventing unauthorised access to the systems and, therefore, the non-authorised disclosure, change or destruction of such data.
Personal data are also processed in aggregate form, using organisational methods and using logical systems strictly appropriate for the purposes shown in this policy. Under certain circumstances, data may be displayed by categories of persons authorised by the Controller, also called Processors, and involved in the organisation of the provision of services connected to the Website (such as, for example, administrative or sales staff, the marketing department, the legal department or system administrators) or also by external parties (third-party technical service providers, couriers and hosting providers) that will be appointed as Processors. The updated list of Processors and appointees may always be requested by the data subject and is available at the Controller’s registered office.
III. Types of Data collected and Processing purposes
a) Personal and contact details
Such data are requested from the User when completing the registration or information request forms on the Website and on the sites hosted by the sub-domains and include: name, last name, tax code/social security number, VAT Reg., telephone number, e-mail address, Public Certified Email (PEC), profession, company for which the User works and home address.
Such data will and may be processed by the Controller:
- For processing specific requests from a User (name, last name and e-mail address) – Lawfulness: GDPR – lawfulness of processing: for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- For concluding a contract for participation in one of the courses or for the purchase of goods and services, available at the link https://www.scuoladifallimento.com/en/general-terms-and-conditions/ and for performing such contracts (name, last name, telephone number, home address, company for which the contracting party works, profession and e-mail address) – Lawfulness of processing: GDPR – lawfulness of processing: for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- For accounting and tax compliance (name, last name, tax code/social security number, VAT Reg., home address, e-mail address and Public Certified e-mail (PEC)).
- On the user giving the explicit consent, for sending newsletters and commercial information, both by e-mail, by SMS or similar tools (WhatsApp and Telegram, etc.) and by phone (name, last name, e-mail address and telephone number) – Lawfulness: measure issued by the Italian Data Protection Authority (Garante) of 4 July 2013, as amended; lawfulness of processing: consent.
b) Browsing Data
Computer systems and software procedures used to operate the Website may collect, during their normal operation, a series of personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected with the intent of associating it with identified users but, by its very nature, it may lead to the identification of users through processing and through association with data held by third parties.
This category of data includes IP addresses or domain names of computers used by users connecting to the Website, URIs (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code showing the status of the response from the server (successful, error, etc.) and other parameters regarding the User operating system and computer environment.
These data are only used to obtain anonymous statistics about the use of the Website and to check that it is functioning correctly; they are deleted immediately after processing. The data may be used to ascertain liability in the event of any cybercrimes perpetrated against the Website: except for this case, such data are retained the periods defined in section IV of this policy.
c) Providing your data
The provision of contact details, referred to in section III a) for the purposes described under 1) of this policy, is mandatory and failure to provide such data, even in part, will make it impossible for the Controller to disclose the requested information to the User. In this case, processing is lawful as it is based on an explicit request submitted by the User (for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).
The provision of contact details, referred to in section III a) for the purposes described under 2) of this policy, is mandatory and failure to provide such data, even in part, will make it impossible for the Controller to provide the requested services. In this case, processing is lawful as it is based on the performance of a contract to which the User is party (for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contractor in order to take steps at the request of the data subject prior to entering into a contract).
The provision of contact details, referred to in section III a) for the purposes described under 3) of this policy, is mandatory and failure to provide such data, even in part, will make it impossible for the Controller to perform statutory financial reporting and tax compliance. In this case, processing is lawful as it is based on a legal obligation to whch the Controller is subject.
The provision of contact details, referred to in section III a) for the purpose under 4) of this policy, is optional and failure to provide such data, even in part, will make it impossible for the Controller to send newsletters to the User and to contact the User using the other tools listed therein to communicate commercial information. In this case, processing is lawful as it is based on the data subject’s consent.
The User assumes responsibility for the Personal Data of third parties disclosed or shared through the website http://www.scuoladifallimento.com and warrants to have the right to disclose or disseminate such data, holding the Controller harmless from any liability claimed by third parties.
Scuola di Failimento S.r.l. will not transfer collected data to third parties.
IV. Place and Collected data processing and retention times
Data are processed at the operational offices of the Controller and Processors, as well as any other place where the parties involved in processing are located.
Whenever personal data is transferred to a third country or international organisation, pursuant to Article 46 of the GDPR, the data subject shall have the right to be informed of the existence of appropriate safeguards regarding such transfer.
To obtain further details, you may contact the Controller.
b) Processing and retention times
Data is processed for the following periods:
a) For the purposes referred to in article III(a)(1), for the time necessary for fulfilling specific requests.
b) For the purposes referred to in article III(a)(2), for the time necessary to process orders received and to deliver the requested services.
c) For the purposes referred to in article III(a)(3), for ten (10) years following statutory compliance for financial reporting and tax matters.
d) For the purposes referred to in article III(a)(4), for twenty-four (24) months following the collection of the User’s explicit consent or last renewal.
The Controller will keep the User’s personal data for ten (10) years following the conclusion of processing for any exercise of the right of defence.
a) Information on Cookies
A cookie is a small and light text file that is generated by web services in order to memorise the preferences, activities and tastes of users. The cookie created by a service may be read and modified by such service in order to better characterise its users and, primarily, to recognise a user when he/she returns to the website.
Therefore, various information may be stored in the cookie for different purposes, but only if the user has enabled the installation of cookies from the preferences of his/her web browser.
It should be noted that cookies are not and may not be considered dangerous in the common meaning of the term: in fact, they cannot in any way carry viruses or other types of malware. Instead, they may be used to track user behaviour on websites that use certain services.
In general, cookies may be fully disabled from your browser settings at any time. For further details, we recommend you read the help and support pages regarding cookies provided by the cookie developers.
Google Analytics is a web analysis service provided by Google Inc. Google uses personal data collected through its scripts in order to track and examine browsing activity on this Website and the services it offers, compiling reports and sharing them with other third-party services developed by Google.
Google uses personal data to contextualise and personalise the advertisements which are part of its own advertising network, made up of AdSense and AdWords.
Personal Data collected: Cookies and browsing data on the Website.
Processing location: The United States of America.
You may exercise your right to opt out of Google Analytics from here: http://tools.google.com/dlpage/gaoptout?hl=it
VI. Data Subjects’ Rights
Users, as data subjects, may exercise the rights recognised under the GDPR and, specifically:
- Right to access.
- Right to data rectification.
- Right to erasure and to be forgotten.
- Right to restriction of processing.
- Right to object to processing.
- Right to data portability.
Rights may be exercised by submitting an informal request to the Controller that will respond within thirty (30) days after receipt. This term may be extended by a further sixty (60) days, whenever the processing of the request is particularly burdensome for the Controller.
The Controller informs users that, whenever a response is not provided within the times shown, or such response fails to satisfy users or, again, they believe that their rights have been breached, they may lodge a complaint with the Italian Data Protection Authority (il Garante), in the manner shown on the Italian Data Protection Authority’s website, which may be accessed at: http://www.gpdp.it.
The exercise of the rights is free of charge unless the Controller has to sustain unreasonable costs.
The Controller reserves the right to make any changes to this full Policy by publishing them on this page.
At the bottom of this policy, the date of the last change will be shown, so that such changes may be tracked. A copy of each version of this Policy is available to data subjects at the registered office of the Controller.