Service Information
INFORMATION PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679 (GDPR)
This information is provided pursuant to art. 13 of REGULATION (EU) 2016/679 (GDPR) by the Data Controller concerning the personal data provided by users of the website https://scuolaitalianapizzaioli.it/ (“the Site”) when using the services available on its pages.
DATA CONTROLLER
The Data Controller of personal data is SCUOLA ITALIANA PIZZAIOLI SRL (hereinafter also referred to as “SCUOLA ITALIANA PIZZAIOLI” or “Company”), headquartered in Busseto (PR), Via Zilioli n°1.
To exercise the rights recognized by REGULATION (EU) 2016/679 (hereinafter “GDPR” or “Regulation”) or to request any clarification regarding the processing of personal data, you can contact the Data Controller at the following contacts: phone 342 6609672, PEC email scuolaitalianapizzaioli@legalmail.it.
PURPOSES OF THE PROCESSING
The Data Controller processes personal data voluntarily provided for various purposes:
1) management of the Data Subject’s requests (e.g., information requests or course registrations): this includes all activities strictly functional to satisfying the Data Subject’s requests, including those connected or instrumental, functionally related to the operation of the Data Controller or the protection of its rights or compliance with legal and/or regulatory obligations.
2) sending the newsletter (which keeps you updated with communications from the Data Controller regarding training events, competitions, and editorial activities) to those who explicitly request it by filling out the appropriate form on the site and authorizing the Data Controller to process their personal data.
LEGAL BASIS FOR THE PROCESSING
- consent to processing by the Data Subject: purpose no. 2;
- execution of a contract to which the Data Subject is a party or execution of pre-contractual measures taken at the request of the Data Subject: purpose no. 1;
- compliance with a legal obligation to which the Data Controller is subject: purpose no. 1;
- pursuit of the legitimate interest of the Data Controller: purpose no. 1.
PROVISION OF DATA AND CONSEQUENCES OF REFUSAL
Failure to provide the data indicated as “mandatory” in the specific forms or consent (where required) will result in the inability to use the requested service.
CATEGORIES OF DATA RECIPIENTS
Only persons authorized to process the data and entities processing data on behalf of the Data Controller, appointed as Processors (e.g., providers of IT, telecommunication, and technological services), may access personal data. These entities are bound to confidentiality and privacy based on specific internal regulations.
The personal data provided by the Data Subjects are not subject to communication and/or dissemination.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
The data processed for the purposes mentioned above will not typically be transferred outside the European Economic Area. Should this be necessary (based on the IT tools used), the Data Controller ensures that the transfer will occur in compliance with Chapter V of the GDPR and, in particular:
– Article 45 Transfer on the basis of an adequacy decision;
– Article 46 Transfer subject to appropriate safeguards;
– Article 47 Binding corporate rules.
If these provisions cannot be applied, the transfer will be carried out in compliance with Article 49.
DATA RETENTION CRITERIA
Personal data are processed for the time necessary to achieve the purposes for which they were collected or for any other legitimate related purpose. Therefore, if personal data are processed for different purposes, they will be retained until the purpose with the longest duration expires; however, these data will no longer be processed for purposes whose retention period has expired.
Personal data that are no longer necessary or for which there is no longer a legal basis for retention are irreversibly anonymized (or permanently deleted).
The personal data provided for purpose 1 will be retained for a period determined by strict necessity based on the various pursued purposes and, in any case, in compliance with the current data protection legislation, accounting record retention requirements, and civil code prescription terms.
Regarding the newsletter, data will be retained for the entire period during which the Data Subject remains subscribed to the service.
Periodic checks are conducted every three years to delete data no longer necessary for the purposes for which they were processed.
DATA SUBJECT RIGHTS
The Data Subject has the right to request:
- access to personal data and information (art. 15 of the GDPR);
- rectification or deletion of the same (arts. 16 and 17 of the GDPR);
- restriction of the processing of personal data (art. 18 of the GDPR).
Additionally, the Data Subject can:
- object to the processing of personal data under the conditions and limits of art. 21 of the GDPR;
- exercise the right to data portability (art. 20 GDPR).
For processing operations based on consent (pursuant to Article 6, paragraph 1, letter a), and Article 9, paragraph 2, letter a) of the GDPR), the Data Subject has the right to withdraw such consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal).
Finally, if the Data Subject believes that the processing of their personal data violates the GDPR, they have the right to file a complaint with a supervisory authority (Data Protection Authority or other competent authority) pursuant to Article 77 and following of the GDPR.
UNSUBSCRIPTION FROM THE SERVICE
To stop receiving the newsletter, you can click on the “Unsubscribe” link at the bottom of each message sent.
Clicking the link will open a confirmation web page that the unsubscription was successful.
