As set out by current legislation (Art. 13, General Data Protection Regulations, hereinafter also GDPR), the information on the processing of their data is provided for users accessing the website www.myitalianlanguageschools.com (also website below).
WHO IS THE CONTROLLER
The Data Controller is Rocco Rossitto, Via Solferino 63, 95124 Catania, VAT No. 04669890875.
WHAT DATA IS PROCESSED
The data processed is the connection data and data provided spontaneously by the user.
The IT systems and software procedures for the operation of this website acquire some personal data whose transmission is implicit in the use of internet communication protocols during their normal function.
This is information that is not collected for association with identified interested persons but, by its very nature, it could lead to the identification of users through elaboration and association with data held by third parties.
IP addresses or the domain names of the computers of the users who connect to the site, addresses in Uniform Resource Identifier (URI) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operational system and the user’s IT environment fall within this category of data.
Data provided directly by the user
All the personal data provided by the user as an option (for example, when information is requested writing to an email address shown on the site) falls into this category.
WHAT ARE THE PURPOSES AND LEGAL BASIS OF PROCESSING?
Connection data - purposes and legal basis
The connection data is used to obtain statistical information on the use of the website, for security purposes and to check its correct operation and may be used to ascertain responsibility in the event of cyber-crimes against the website.
The legal basis for the processing of such data is the legitimate interest and, in the event of requests by the authorities, legal requirement.
Data supplied directly by the user - purposes and legal basis
The personal data provided by the user as an option when contacting the holder is only used to respond to any requests made.
The legal basis for the processing of this data is therefore the fulfilment of precontractual measures.
If necessary, the data may also be used based on the data controller’s legitimate interest in taking defensive action or asserting or defending a right in Court.
HOW IS THE DATA MANAGED?
The data collected is processed with IT tools and only residually on paper. Adequate security measures are adopted to prevent the loss of data, unlawful or incorrect use and unauthorised access.
Servers in Europe are used to process the data connected with website services.
The data provided directly by the user is stored for the time strictly necessary to fulfil the requests and then erased, except for defensive needs (which may make further storage necessary).
The connection data of users accessing the site is acquired and processed directly by the host provider without the company accessing it.
See the cookie information for the data acquired through Google Analytics and other services using cookies and similar tools.
WHAT HAPPENS IF THE DATA ISN’T PROVIDED?
Except for the connection data necessary to fulfil IT and electronic protocols, the provision of data by users in the various ways available is free and optional.
However, failure to provide data will make it impossible to proceed with requests forwarded or that may be forwarded by the user.
WHO CAN ACCESS THE DATA?
The data shall be processed by the data controller. Consultants, companies supplying IT and assistance services and consultants managing disputes and legal assistance may become aware of the data in the event of disputes which make their involvement necessary.
The person concerned can ask the data controller for the list of external persons who work as data processors.
However, communication is restricted to the categories of data whose transmission is necessary for the fulfilment of the work and purposes pursued.
RIGHTS OF THE PERSON CONCERNED
The law gives the person concerned the right to ask the data controller for access to personal data and its rectification, erasure, restriction of or objection to its processing in addition to the right to data portability.
The person concerned may assert their rights at any time, without formality, contacting the data controller via email at firstname.lastname@example.org
The rights given by current legislation on the protection of personal data are set out in detail below.
Right of access, i.e. the right to obtain confirmation from the data controller that personal data regarding her/him is being processed and, in that case, to gain access to it and the following information: a) the purpose of processing, b) the categories of personal data in question, c) the recipients or categories of recipients to whom the personal data has been or will be notified, particularly if recipients in third-party countries or international organisations, d) when possible, the planned storage period of the personal data or, if not possible, the criteria used to decide such a period, e) the existence of the person concerned’s right to ask the data controller for the rectification or erasure of the personal data, restriction on its processing or to object to its processing, f) the right to complain to a supervisory authority, g) if the data has not been collected from the person concerned, all the information available on its origin, and h) the existence of an automated decision-making process, including profiling and, at least in these cases, significant information on the logic used, and also the importance and the expected consequences of such processing for the person concerned. If the personal data is transferred to a third-party country or international organisation, the person concerned also has the right to be informed of the existence of adequate guarantees on the transfer.
Right to rectification, i.e. the right to obtain the rectification of inexact personal data concerning her/him without unjustified delay from the data controller. Taking the purposes of processing into account, the person concerned has the right to obtain the supplement of incomplete personal data, also by providing a supplementary statement.
Right to erasure, i.e. the right to obtain the erasure of personal data concerning her/him without unjustified delay by the data controller if: a) the personal data is no longer necessary with respect to the reasons why it was gathered or otherwise processed, b) the person concerned revokes the consent that processing is based on and there are no other legal grounds for the processing, c) the person concerned objects to processing as necessary for the performance of a task of public interest, connected to the exercise of public powers assigned to the data controller or pursuit of the legitimate interest and there is no prevailing legitimate reason for processing, or processing for direct marketing is objected to, d) the personal data was processed unlawfully, e) the personal data must be erased to comply with a legal requirement set out by European Union law or that of the member state the data controller is subject to, and f) the personal data was collected in relation to the offer of information company services to minors. However, the request for erasure cannot be accepted if processing is necessary: a) to exercise the right to freedom of expression and information, b) to comply with a legal obligation that requires processing set out by European Union law or that of the member state the data controller is subject to or for the performance of a task of public interest or connected to the exercise of public powers assigned to the data controller, c) for reasons of public interest in the public health sector, d) storage of scientific or historical research or statistics in the public interest, to the extent that erasure risks making achievement of the aims of processing impossible or seriously prejudicing them, or e) the check, exercise or defence of a right in Court.
Right of restriction, i.e. the right for the data to be processed, except for its storage, only with the consent of the person concerned, or for the check on, exercise or defence of a right in Court or to protect the rights of another individual or legal entity or reasons of relevant public interest of the European Union or a member state: a) for the period necessary for the data controller to check its precision if the person concerned disputes the precision of the personal data, b) processing is unlawful and the person concerned objects to the erasure of the personal data asking instead for its use to be restricted, c) although the data controller no longer needs it for processing, the personal data is necessary for the person concerned for the check on, exercise or defence of a right in Court, d) while awaiting the check on any prevalence of legitimate reasons of the data controller over those of the person concerned, s/he objects to the processing made as necessary for the performance of a task of public interest, connected to the exercise of public powers assigned to the data controller or the pursuit of the legitimate interest of the data controller or third parties.
Right of portability, i.e. the right to receive the personal data concerning her/him supplied to the data controller in a structured format, commonly used and legible by automatic devices and the right to transfer such data to another data controller without obstruction by the data controller to whom it was supplied, and also the right to obtain the direct transmission of the personal data from one data controller to the other, if technically feasible, if processing is based on consent or a contract and is made with automated methods. This right does not prejudice the right to erasure.
Right to object, i.e. the right of the person concerned to object, for reasons connected to their particular situation, at any time to the processing of personal data concerning them carried out as necessary for the performance of a task of public interest, connected with the exercise of public powers assigned to the data controller or the pursuit of the legitimate interest of the data controller or third parties. If the personal data is processed for direct marketing purposes, the person concerned has the right to object, at any time, to the processing of personal data concerning her/him carried out for that purpose, including profiling, to the extent it is connected with that direct marketing.
The person concerned is also advised that, if s/he believes their personal data is being processed in breach of the provisions of the GDPR, s/he has the right to complain to the Authority, as set out by Art. 77 of the Regulations, or apply to the appropriate Courts (Art. 79 of the Regulations).
See the cookie information on the cookies and similar tools used by the site.