In accordance with Art. 13 of the General Data Protection Regulation no. 679/2016 (hereafter “Regulation” or “GDPR”) and Italian Legislative Decree 196/2003, as amended by Italian Legislative Decree 101/2018, your data will be processed based upon principles of fairness, lawfulness and transparency, protecting your confidentiality and your rights. We provide you with the following information.
1. DATA CONTROLLER
The Data Controller is
FONDAZIONE ITS TURISMO VENETO
tax code 93037690273 and VAT no. 04077780270
based at Via M.L. King no. 5 – 30016 Jesolo (VE) Italy email@example.com – firstname.lastname@example.org
2. TYPES OF DATA PROCESSED
These are personal data such as:
- personal details
- contact details
- tax and financial details (tax code, IBAN, etc)
- training activity details (hours, results, marks, attendances, etc.)
3. LEGAL BASES AND PURPOSES OF PROCESSINGYour personal data will be processed for the following purposes:
- to fulfil all formalities required to enrol on and complete the training course;
- to inform you of training activities and events;
- to communicate the outcome of selections and/or rankings relating to the training on paper and through publication on the institutional website;
- to fulfil tax, regulatory and administrative obligations related to the commercial relationship.
For the aforementioned purposes, the processing is lawful based upon Art. 6, par.1., letter b of the Regulation, namely to respond to your request for enrolment and attendance on the training course.
4. CONSEQUENCE OF ANY FAILURE TO PROVIDE DATA
- Any failure to provide the data, in full or in part, will prevent the ITS TURISMO VENETO FOUNDATION from responding to your request for enrolment and attendance on the training course.
5. CONSEQUENCE OF ANY FAILURE TO PROVIDE DATA
Your personal data will be processed by way of suitable methods and procedures, even on computer and electronically, and stored in IT and paper archives, adopting appropriate organisational, technical and security measures.
Your data will be processed for the entire duration of the competition and, thereafter, for the period during which the joint controller is subject to storage obligations for tax or other purposes, envisaged by rules of law or regulations or to protect the rights of the joint controller. Thereafter, they will be erased, anonymised and/or pseudonymised (based upon the most suitable security measures and the technological instruments in existence at the end of the processing).
For the purposes indicated above, your personal data will only be processed by trained and authorised personnel and/or by assigned officers and they will not be communicated, disseminated or transferred to third parties.
6. DISCLOSURE OF DATA
Your personal data may or will be disclosed to the following categories of entities:
- financial administration and other public authorities, where required by law or at their request;
- credit institutions for payment orders or other financial activities instrumental to the course provided;
- external consultants;
- external entities that carry out control activities, such as auditing companies, board of statutory auditors, supervisory body;
- specialist companies or law firms for the recovery of credits and/or for the protection of your interests/rights; the aforementioned entities, to which your personal data may or will be disclosed (not being designated in writing as Processors), will process the personal data in the capacity of data Controllers in accordance with the GDPR and the national legislation in force, in full autonomy.
The personal data may also be processed, on behalf of the Controller, by Processors (and possibly sub-processors), namely external bodies and/or companies used by the Controller performing activities instrumental or consequent to the service provided, specifically designated in accordance with Art. 28 of the GDPR, the updated list of which is available from the Controller.
The data will not be disseminated and will not be subjected to any fully automated decision-making process, therein including profiling. At present, no transfer of your data outside the European Union is planned. If it becomes necessary to transfer the data to non-EU countries, the service providers will be selected among those providing appropriate safeguards as envisaged by Art. 46 of the GDPR 678/16.
7. RIGHTS OF THE DATA SUBJECT
The legislation in force (Articles 15-22 of the GDPR) gives you the right to access your data at any time, as well as to obtain their rectification and/or supplementation, if inaccurate or incomplete. You may also obtain their erasure or restriction of processing, if the presuppositions are in place, as well as object to their processing on grounds related to your particular situation. You may obtain the portability of the data provided by you, where processed in an automated manner for the contractual performances requested by you, within the limits of what is envisaged by the Regulation (Art. 20 of the GDPR). You may withdraw consent to processing at any time, limited to circumstances where that processing is based upon your consent for one or more specific purposes and concerns common personal data (for example, date and place of birth or place of residence) or special categories of data (for example, data revealing your racial origin, political opinions, religious beliefs, state of health). This is without prejudice to the lawfulness of the processing based upon consent performed prior to the withdrawal of the same.
8. DATA PROTECTION OFFICER
The data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the address email@example.com, if you have any doubts or require any clarifications.
You may lodge a complaint with the Italian data protection authority, the Garante Privacy, if you consider it necessary to protect your personal data and your rights in that regard.