Informativa Applicant MILANO/FIRENZE

Istituto Marangoni S.r.l. as the Data Controller, wants to inform you about what data it collects and how, so as to ensure that your fundamental rights and freedoms are respected, with particular reference to the confidentiality and security with which the data are processed.

Istituto Marangoni S.r.l. collects and stores your data:

• personal and identifying information (such as name, surname, residential address, e-mail address, courses of interest, citizenship, gender, place and date of birth, telephone number, copy of identity document);
• own bank account and/or the bank account of the person making the payment;
• educational background/curriculum vitae;

We may ask social channels to send information about our courses based on the profiles of their users and in accordance with their data processing policy, but we are not aware of your name.

Istituto Marangoni S.r.l. uses your data for the following purposes:

1. a) To enable you to enroll in the course of your choice, as well as for the provision of related services.
2. b) Accrediting you for events related to your training plan.
3. c) Respond to your requests for information

In relation to the purposes under 3 (a), (b) and (c) the processing is necessary for the performance of a contract to which you are a party (Art. 6(1)(b) GDPR).

1. d) Exercising the rights of the Data Controller.

In relation to the purpose under d), processing is necessary for the pursuit of legitimate interest (Art. 6 par. 1, Lett. f) of the GDPR).

1. e) Send you information on Campus initiatives, scholarships, courses and events that may be of interest to you.
2. f) Send you information and updates on Istituto Marangoni and your membership through Whatsapp.
3. g) For profiling purposes.

In relation to the purposes in (e), (f) (g) the legal basis for processing is your consent (Art. 6(1)(a) GDPR).

For the purposes under 3 (a) and (b) we keep your personal data for the duration of the contractual relationship being established and also beyond the ten-year limitation period from the termination of the relationship in order to fulfil legal obligations as well as for the purposes of legal protection.

For the purposes referred to in point (c) and (d) we keep your data for a period not exceeding 12 months from collection.

For the purposes of (e), (f) and (g) we will keep your data for up to 3 years, without prejudice to your right to revoke your consent at any time.

Once the retention period has expired, the data will be destroyed or made anonymous.

Please note: If, in the event of litigation, it is necessary to ascertain, exercise or defend the rights of the Data Controller, the retention period of the data collected, for the above-mentioned purposes, may be extended due to the possibility that it may be necessary to prepare defensive elements within this timeframe. In this case, the data will only be kept until the conclusion of the litigation.

The processing of your data will be carried out by means suitable to guarantee its confidentiality, integrity and availability. The processing is carried out by means of information systems and/or automated systems and will include all the operations or set of operations provided for in Article 4 of the GDPR and necessary for the processing in question, including communication to the persons in charge of the processing itself. The data in question will not be subject to dissemination; instead, it will or may be communicated to public or private entities operating within the scope of the purposes described above.

Only authorized persons within the scope of the tasks assigned by Istituto Marangoni S.r.l., including those located outside the European Union, can access your data.

Istituto Marangoni S.r.l. is part of Galileo Global Education Italia. Employees of Galileo Global Education Italia, as well as employees of NABA (Nuova Accademia S.r.l.) and Domus Academy, belonging to the same Galileo Global Education Italia Group, may also have access to some of your data.

Non-economic public entities (e.g. MIUR, Lombardy Region) may also have access to some of your data when the communication is necessary for the performance of the institutional functions of the requesting entity.

Personal data will not be disclosed in any way, it may also be communicated to and processed by third parties duly appointed as Data Processors, such as external collaborators and companies that provide specific instrumental services.

Personal data may also be accessible or may be communicated to parties whose right to access your personal data is recognized by provisions of law or secondary or EU regulations.

Your personal data will be managed and stored on servers located within the European Economic Area (EEA) and belonging to the Data Controller and/or to third party companies appointed and duly identified as Data Processors.

Your data may also be processed by the other companies belonging to the Istituto Marangoni group, located outside the European Economic Area (EEA), adopting appropriate security measures to ensure an adequate level of protection.

In addition, some third party companies appointed as Data Processors may transfer your personal data to servers located outside the European Economic Area (EEA). In this case, this will be done in compliance with articles 44 and following of the GDPR, using appropriate safeguards to ensure protection. Further information on these safeguards can be obtained from the Data Controller.

The provision of your data under point 3 a), b), c) e d) is necessary to enter into and execute the contract. For the purposes of point 3 e), f) and g) is optional, if you do not consent you will not be able to learn about our initiatives, events, courses that we will activate.

 According to the provisions of the GDPR, Istituto Marangoni S.r.l. guarantees the following rights:

• Right to withdraw consent [Art. 7(3) of the EU Regulation] (Right to withdraw consent given. Note: revocation of consent does not affect the lawfulness of the processing based on the consent before revocation).
• Data subject's right of access [Art. 15 of the EU Regulation] (right to obtain confirmation of the existence or non-existence of personal data relating to him/her and their copy in intelligible form).
• Right to rectification [Art. 16 of the EU Regulation] (right to rectification of inaccurate personal data concerning him/her).
• Right to erasure ("right to be forgotten") [Art. 17 of the EU Regulation] (right to erasure of one's own data. Note: If the data have already been disseminated, i.e. made available to an indeterminate number of recipients - for example, by publication on the website of Istituto Marangoni S.r.l.-, it may be impossible for Istituto Marangoni S.r.l. to delete/destroy them; therefore, should it be impossible to proceed with the deletion of the data by virtue of what has just been indicated, Istituto Marangoni S.r.l. Will inform you of the reasons why it proves impossible to do so in the present case and will pursue the right to be forgotten).
• Right to restriction of processing [Art. 18 of the EU Regulation] (right to obtain restriction of processing, for example, if the accuracy of the data is disputed or in case of unlawful processing).
• Right to data portability [art. 20 of the EU Regulation] (right to receive in a structured, commonly used and machine-readable format personal data concerning him or her provided to Istituto Marangoni S.r.l. and right to transmit such data to another Data Controller without hindrance by Istituto Marangoni S.r.l. if the processing is carried out on the basis of consent and is carried out by automated means);
• Right to object [Art. 21 of the EU Regulation] (right to object to the processing of one's personal data);
• Right not to be subjected to automated decision-making [Art. 22 of the EU Regulation] (right not to be subjected to a decision based solely on automated processing).

The above rights may be exercised in writing by sending an e-mail to dpo@istitutomarangoni.com The same contact person may be asked at any time for more information regarding the processing of personal data. It should also be noted that the exercise of one's rights must not prejudice and/or infringe upon the rights and freedoms of others.

Istituto Marangoni S.r.l. undertakes to respond to requests within a period of one month, except in the case of particularly complex requests, for which it may take up to 3 months. In any case, Istituto Marangoni S.r.l. will explain the reason for the wait within one month of the request.

The outcome of the request will be provided in writing (at the request of the interested party) or in electronic format (and, in this case, free of charge). Istituto Marangoni S.r.l. specifies that a possible contribution may be requested from the interested party if his requests are manifestly unfounded, excessive or repetitive: in this regard, Istituto Marangoni S.r.l. will keep track of the requests.

Istituto Marangoni S.r.l., in compliance with art. 19 of the EU Regulation, undertakes to report to the recipients to whom the personal data of the interested party have been communicated any rectification, cancellation or limitation of processing requested by the interested party, where this is possible.

If you believe that your rights have been compromised or infringed upon, or that the processing of your data is contrary to applicable law, you have the right to lodge a complaint with the Italian Data Protection Authority in the manner specified by the Authority at the following Internet address: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524

The Data Controller is: Istituto Marangoni S.r.l. - Via Pietro Verri, 4 20121 Milano MI

Mail: privacy@istitutomarangoni.com

The Data Protection Officer can be contacted at the following e-mail address: dpo@istitutomarangoni.com

This policy is subject to change. Any substantial changes will be communicated to you by email or through our website.