OSTIA INTERNATIONAL SCHOOL – ITALIAN LAW FIRM
The user's personal data is used by OSTIA INTERNATIONAL SCHOOL SRL S.r.l., which is the
owner of the treatment, in compliance with the principles of protection of personal data established
by the GDPR Regulation 2016/679.
METHOD AND PURPOSE OF DATA PROCESSING
The data will be processed with the support of the following means:
-Mixed - electronic and paper
for the following purposes:
- ADMINISTRATION OF THE OSTIA INTERNATIONAL SCHOOL AND RELATED REQUIREMENTS
- Employment contract
- provision of educational services
- Trips and guided tours
- Work hygiene and safety
- Institution and school assistance
- Publication of photos, images and texts for educational events and events
- School transport service
Any refusal to allow data processing makes it impossible to use the service requested by the user.
CATEGORIES OF ADDRESSEES
CATEGORIES OF RECIPIENTS
2) Without prejudice to communications made in compliance with legal and contractual obligations, all data collected and processed may be communicated exclusively for the purposes specified above to the following categories of interested parties:
- Associations and local authorities;
- Customers and users;
- Municipality and local authorities;
- Consultants and freelancers also in associated form;
- Social security and welfare agencies;
- Family members of the person concerned;
- Internal managers;
- Subjects that perform documentation filing activities;
In the data management, moreover, the following categories of authorized persons and / or internal and external managers identified in writing and to whom specific written instructions about data processing have been provided may become aware of the same:
- MAURIZIO CONTI
- CONSULTANTS AND EXTERNAL PROFESSIONALS
- TEACHERS AND EMPLOYEES
TRANSFER PERSONAL DATA TO THIRD COUNTRIES
Activity description : Training activities of the association and management of members.
Business name : Nursery schools
IT structures : SEAT STRUCTURE
Structure Type : internal
seat : LEGAL (Lido di Ostia)
Personal data are:
a) handled in a lawful, correct and transparent way towards the interested party («lawfulness, correctness and transparency»);
b) collected for specific, explicit and legitimate purposes, and subsequently processed in a way that is not incompatible with these purposes; further processing of personal data for archiving purposes in the public interest, for scientific or historical research or for statistical purposes is not, in accordance with Article 89 (1), considered incompatible with the initial purposes ('purpose limitation');
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("data minimization");
d) accurate and, if necessary, updated; all reasonable steps must be taken to cancel or correct inaccurate data in relation to the purposes for which they are processed ('accuracy');
e) stored in a form that allows identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed; personal data may be stored for longer periods provided that they are processed solely for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes, in accordance with Article 89 (1), without prejudice to the implementation of technical measures and appropriate organizational requirements required by this regulation to protect the rights and freedoms of the data subject ("conservation limitation");
f) processed in such a way as to ensure adequate security of personal data, including protection, through appropriate technical and organizational measures, unauthorized or unlawful processing and accidental loss, destruction or damage ("integrity and confidentiality").
2. The data controller is competent for the respect of the aforementioned and able to prove it ("accountability").
Treatment is lawful only if and to the extent that at least one of the following conditions applies:
a) the interested party has given his consent to the processing of his personal data for one or more specific purposes;
b) processing is necessary for the execution of a contract of which the party concerned is a party or for the execution of pre-contractual measures taken at the request of the same;
c) processing is necessary to fulfill a legal obligation to which the data controller is subject;
d) the treatment is necessary for the safeguard of the vital interests of the interested party or of another physical person;
e) processing is necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority vested in the data controller;
f) processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or the fundamental rights and freedoms of the data subject who request the protection of personal data do not prevail, in particular if the data subject he is a minor.
Paragraph (f) of the first subparagraph shall not apply to the processing of data by public authorities in the execution of their tasks.
The basis on which the processing of the data referred to in paragraph 1 (c) and (e) is based shall be established:
a) from Union law; or
b) the law of the Member State to which the controller is subject.
The purpose of the processing is determined in this legal basis or, when it is necessary for the execution of a task carried out in the public interest or related to the exercise of public authority to which the data controller is invested.
The legal basis could contain specific provisions for adapting the application of the rules of the regulation, including: the general conditions relating to the lawfulness of processing by the data controller; the types of data being processed; those interested; the subjects to whom the personal data and the purposes for which they are communicated can be communicated; purpose limitations, retention periods and processing operations and procedures, including measures to ensure lawful and correct processing, such as those for other specific processing situations referred to in Chapter IX of the Regulation
. The law of the Union or of the Member States pursues an objective of public interest and is proportionate to the legitimate objective pursued.
4. Where the treatment for a purpose other than that for which the personal data were collected is not based on the consent of the data subject or on a legislative act of the Union or of the Member States which constitutes a necessary and proportionate measure in a company to safeguard the objectives referred to in Article 23 (1) of the Regulation, in order to verify whether the processing for another purpose is compatible with the purpose for which the personal data were initially collected, the data controller takes into account, inter alia:
a) any link between the purposes for which the personal data were collected and the purposes of the further processing envisaged;
b) the context in which the personal data were collected, in particular with regard to the relationship between the data subject and the data controller;
c) the nature of personal data, especially if special categories of personal data are processed in accordance with Article 9, or whether data relating to criminal convictions and offenses pursuant to Article 10 of the Regulation are processed;
d) of the possible consequences of further treatment foreseen for the interested parties;
The processing of personal data of the child is lawful where the child is at least 16 years old. If the child is under the age of 16, such treatment is lawful only if and to the extent that such consent is given or authorized by the holder of parental responsibility.
Member States may set by law a lower age for such purposes provided that they are not less than 13 years old.
2. The data controller shall make every reasonable effort to verify in such cases that consent is given or authorized by the holder of parental responsibility on the child, in consideration of the available technologies.
3. Paragraph 1 is without prejudice to the general provisions of contract law of the Member States, such as the rules on the validity, training or effectiveness of a contract with respect to a child.
1. It is forbidden to process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, and to process genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person.
The above does not apply if one of the following cases occurs:
a) the data subject has given his explicit consent to the processing of such personal data for one or more specific purposes, except in cases where Union or Member State law provides that the data subject can not revoke the prohibition;
b) processing is necessary to fulfill the obligations and exercise the specific rights of the data controller or data subject in matters of labor law and social security and social protection, to the extent that it is authorized by Union or Member States or a collective agreement to under the law of the Member States, in the presence of appropriate safeguards for the fundamental rights and interests of the data subject;
c) processing is necessary to protect a vital interest of the data subject or of another natural person if the person concerned is physically or legally incapable of giving his consent;
d) the processing is carried out, within the scope of its legitimate activities and with adequate guarantees, by a foundation, association or other non-profit organization that pursues political, philosophical, religious or trade union purposes, provided that the treatment only concerns the members, former members or persons who have regular contacts with the foundation, association or body because of its purpose and that personal data are not communicated outside without the consent of the interested party;
e) the processing concerns personal data made manifestly public by the interested party;
f) processing is necessary to establish, exercise or defend a right in court or whenever the courts exercise their judicial functions;
g) processing is necessary for reasons of significant public interest on the basis of Union or Member State law, which must be proportionate to the aim pursued, to respect the essence of the right to data protection and to provide for appropriate and specific measures to protect the fundamental rights and interests of the interested party;
h) treatment is necessary for preventive medicine or occupational medicine purposes, assessment of the employee's ability to work, diagnosis, assistance or health or social therapy or management of health or social systems and services on the basis of Union law or Member States or in accordance with the contract with a health professional, subject to the conditions and guarantees referred to in paragraph 3;
(i) processing is necessary for reasons of public interest in the field of public health, such as protection from serious cross-border threats to health or the guarantee of high standards of quality and safety of health care and of medicinal products and medical devices on the basis of Union or Member State law which provides for appropriate and specific measures to protect the rights and freedoms of the data subject, in particular professional secrecy;
j) processing is necessary for archiving purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89 (1), on the basis of Union or national law, which is proportionate to the intended purpose, respects the essence of the right to data protection and provides for appropriate and specific measures to protect the fundamental rights and interests of the data subject.
3. I dati personali di cui al paragrafo 1 possono essere trattati per le finalità di cui al paragrafo 2, lettera h) del regolamento , se tali dati sono trattati da o sotto la responsabilità di un professionista soggetto al segreto professionale conformemente al diritto dell'Unione o degli Stati membri o alle norme stabilite dagli organismi nazionali competenti o da altra persona anch'essa soggetta all'obbligo di segretezza conformemente al diritto dell'Unione o degli Stati membri o alle norme stabilite dagli organismi nazionali competenti.
4. Member States may maintain or introduce additional conditions, including limitations, with regard to the processing of genetic data, biometric data or health data.
The data required for contractual and accounting purposes are kept for the time necessary to carry out the commercial and accounting relationship.
The data of those who do not buy or use products / services, despite having had previous contact with company representatives, will be immediately canceled or treated anonymously, where their preservation is not otherwise justified, unless it has been validly acquired the informed consent of the interested parties relating to a subsequent commercial promotion or market research activity.
The data retention period is: ONE YEAR STAYED DIFFERENT INDICATIONS
According to European Regulation 679/2016 (GDPR) and national legislation, the interested party may, in accordance with the procedures and within the limits established by current legislation, exercise the following rights:
- Request confirmation of the existence of personal data concerning him / her (right of access);
- Know its origin;
- Receive intelligible communication;
- To have information about the logic, the methods and the purposes of the processing;
- Request the updating, correction, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
- In cases of consent-based processing, receive their data provided to the holder, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
- The right to lodge a complaint with the Control Authority.
How and when can the data subject oppose the processing of personal data? (Art. 21 GDPR) .
For reasons relating to the particular situation of the interested party, the same may oppose at any time the processing of their personal data if it is based on legitimate interest or if it takes place for business promotion, by sending the request to the Owner at the time communicated the improvement of the relationship on which the treatment itself is based.
The interested party has the right to cancel his / her personal data if there is no legitimate overriding reason for the Data Controller than the one giving rise to the request, and in any case in case the Data Subject opposes the processing for commercial promotion activities.
To whom can the interested party submit a complaint? (Article 15 GDPR)
Without prejudice to any other action in administrative or judicial proceedings, the interested party may lodge a complaint with the competent supervisory authority on the Italian territory (Authority for the protection of personal data) or the one carrying out its duties and exercising its powers in the Member State where the GDPR violation took place.
The owner of the processing of your personal data is OSTIA INTERNATIONAL SCHOOL SRL S.r.l ..
Contact email : firstname.lastname@example.org
Responsible for data processing: CONTI MAURIZIO
The undersigned (s) (1 identified below have received complete information pursuant to art. 13 of EU Regulation 2016/679 and express consent to the processing and communication of their personal data with particular regard to those so-called details in the limits, for the purposes and for the duration specified in the information.
Any refusal to allow the processing of data could make it impossible to use the service requested by the user.
Information on Cookies
What are cookies
A "cookie" is a text file saved on your computer when you access a website in order to provide information whenever the user returns to the same site. It is a sort of reminder of the visited internet page. With the cookie, the web server sends information to the user's browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) stored on the computer of the latter, and will be read and updated each time the user returns to the site. In this way the website can automatically adapt to the user. During navigation, the user could also receive on his terminal cookies of different sites ("third-party" cookies), set directly by the managers of said websites and used for the purposes and in the manner defined by these.
Depending on their duration, they are divided into session cookies (ie temporary and automatically deleted by the terminal at the end of the browsing session, closing the browser) and persistent cookies (ie those that remain stored on the terminal until they expire or are canceled by the user).
Depending on the function and purpose of use, cookies can be divided into technical cookies and profiling cookies.
Some cookies are used to perform computer authentication, session monitoring and storage of specific information about users who access a web page. These cookies, so-called technical, are often useful to allow you to browse a website and use all its features. Technical cookies are those whose use does not require the user's consent.
Analytics cookies also belong to this category. These are cookies that collect information about the use a user makes of a website and that allow it to improve its functioning. For example analytics cookies show which pages are most frequently visited, allow you to check which are the recurring patterns of use of a website and help you understand every difficulty you encounter in using it.
Other cookies can instead be used to monitor and profile users during browsing, to study their movements and web browsing or consumption habits (what they buy, what they read, etc.), also for the purpose of sending targeted services and advertising custom. In this case we talk about profiling cookies. The use of these cookies requires the prior acquisition of the user's free informed consent pursuant to art. 7 of EU Regulation 2016/679.
It may also happen that a web page contains cookies from other sites and contained in various elements hosted on the page itself, such as banner ads, images, videos, maps or specific links to web pages of other domains that reside on servers other than the one on which the requested page is located. In other words, these cookies are set directly by website operators or servers other than this website. In these cases we talk about so-called third-party cookies, which are usually used for profiling purposes. The use of these cookies requires the prior acquisition of the user's free informed consent.
Types of cookies used by our site
The site also allows the sending of the following third-party cookies. These cookies are not proprietary tools, for more information, therefore, it is possible to access the information and the third-party consent forms, by clicking on the links shown.
To improve the website and understand which parts or elements are most appreciated by users, third-party Google Analytics cookies are used as an anonymous and aggregate analysis tool. These cookies are not proprietary tools, for more information, therefore, you can consult the information provided by Google.
The pages of the website incorporate within them some widgets and buttons for sharing Facebook and Google Plus, to allow the user to share the contents of the website on their social channels, and to interact with our channels. These cookies are not proprietary tools, but are created by Facebook and Google respectively when you use the respective widget or share button. To learn more, visit the following information pages: Facebook and Google.
Some web pages incorporate YouTube video content within them. Visiting a page containing a video, or clicking to view the video, cookies from YouTube could be called up. These cookies are not proprietary tools. To learn more, visit the Google information page.
The user can manage his own cookie preferences through the features present in common browsers that allow you to delete / remove cookies (all or some) or change the settings of the browser itself to block the sending of cookies or limit it to specific sites (compared to others).
For information on the cookies stored on your terminal and to turn them off individually, see the link: http: //www.youronlinechoices.com/it/le-tue-scelte
Plugin Social Network
The collection and use of information obtained through the plugin are governed by the respective privacy policies of social networks, to which please refer.
- Facebook - (cookie information link)
- Twitter - (cookie information link)
- LinkedIn - (cookie information link)
- Google+ - (cookie information link)