Discover the next Open Days Milano · Firenze · London · Paris · Dubai Register nowDiscover the next Open Days
EN
MENU
Close
<— Back

Privacy Policy Havana AI Assistant

Information pursuant to Art. 13 EU Regulation 2016/679 (GDPR)

Havana AI Assistant

1) Why do you receive this communication

Istituto Marangoni S.r.l. would like to inform you about the processing of your personal data (hereinafter, "Data") when contacting you via telephone call made through Havana AI Assistant, so as to guarantee respect for your rights and fundamental freedoms as a data subject (hereinafter, "Data Subject"), with particular reference to the confidentiality and security with which the Data are processed.

2) Data Controller

The data controller is Istituto Marangoni S.r.l. - Via Pietro Verri, 4, 20121 Milano MI, e-mail address: privacy@istitutomarangoni.com (hereinafter referred to as "Data Controller" or just "Data Controller").

The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted at the following e-mail address: dpo@istitutomarangoni.com.

3) What data we collect

The Data Controller processes the Data indicated below:

  1. Name, surname and telephone number provided by the Data Subject as part of a previous contact with the Data Controller (by calling the Data Controller's Info Centre or by requesting information by filling in the web form on the Data Controller's institutional website).
  2. Possible summary transcript of the telephone call at the end of the call.
4) For what purposes we use the Data and on what legal basis

The Data Controller processes the Data for the following purposes:

  1. The Data referred to in letter a) of paragraph 3, to contact Data Subjects who in the last twelve (12) months have shown interest in the courses of study offered by the Controller by calling the Info Centre or by filling in the institutional web form. The use of the Havana AI Assistant is, therefore, aimed at understanding whether he/she is still interested in the services offered by the Controller and, if so, whether he/she would like to be contacted by a human operator.
  2. The Data referred to in letter b) of paragraph 3, solely for the purpose of improving the service offered by the Data Controller and checking the correctness of telephone calls and any redirection to the human operator made by Havana AI Assistant.

For the purposes described above, Data is processed on the following legal basis:

  • Pursuit of a legitimate interest of the Data Controller (Art. 6(1)(f) GDPR).
5) How long do we keep the Data

The Data Controller shall process the Data for a maximum period of twelve (12) months after collection, unless the Data Subject objects to the processing in the manner set out in the following paragraph 11

After this period, the Data will be deleted or anonymised.

6) How we process data

The Data Controller processes the Data using computerised means (making telephone calls using the Havana AI Assistant artificial intelligence system) by means of staff authorised to carry out collection, use, recording, consultation, storage, deletion, extraction, communication and restriction operations.

The Data is in no way used to train the Havana AI Assistant algorithm based on artificial intelligence. The latter only contacts Data Subjects whose Data is previously and manually provided by the Data Controller. Havana AI Assistant does not distinguish between Data Subjects' contacts on the basis of specific criteria and does not perform automatic evaluations on what the Data Subjects report during telephone calls.

7) Who can access the Data

The Data may only be accessed by persons authorised by the Data Controller and exclusively for the pursuit of the purposes set out in paragraph 4 above.

The Data may also be processed by suppliers appointed as External Data Processors (Havana Technologies Pte. Ltd), which the Controller uses to provide the service, as well as possibly by sub-suppliers appointed by the External Data Processors to enable the service to be provided.

8) Where the Data Reside

The Data reside on servers located within the European Economic Area (EEA). Should it be necessary, for technical and/or operational reasons, to make use of subjects located outside the EEA, the processing of the Data will be regulated in compliance with the GDPR: therefore, all necessary precautions will be taken in order to guarantee the protection of the Data, pursuant to articles 46 et seq. of the GDPR.

9) Nature of data provision

The provision of the Data is necessary for the pursuit of the purposes set out above under 4.

The data subject may, however, at any time object to the processing as set out in the following paragraph 11.

10) What are the data subject's rights in relation to the GDPR?

According to the provisions of the GDPR, in relation to the processing in question, the Data Controller guarantees the exercise of the following rights to the Data Subject:

  • Right of access [Art. 15 GDPR] (right to obtain confirmation of the existence or non-existence of Data Subjects' Data and their copy in intelligible form);
  • Right of rectification [Art. 16 GDPR] (right to obtain from the Data Controller the rectification of inaccurate Data concerning the Data Subject without undue delay);
  • Right to erasure [Art. 17 of the GDPR] (right to erasure of data of Data Subjects).

Note: Should it prove impossible to proceed with the deletion of Data by virtue of the above, the Data Controller will inform the Data Subjects of the reasons why it is impossible to do so;

  • Right to restriction of processing [Art. 18 GDPR] (right to obtain restriction of processing, e.g. if the accuracy of the Data is contested or in case of unlawful processing);
  • Right not to be subjected to automated decision-making [Art. 22 GDPR] (right not to be subjected to a decision based solely on automated processing that produces legal effects or similarly significantly affects Data Subjects).

These rights may be exercised in writing by sending an e-mail todpo@istitutomarangoni.com or . privacy@istitutomarangoni.com

The same contacts may be requested at any time for further information on the processing of Data. It should also be noted that the exercise of one's rights must not prejudice and/or infringe the rights and freedoms of others.

The Data Controller undertakes to reply to requests within a period of one (1) month, except in the case of particularly complex requests, for which a maximum of three (3) months may be taken. In any event, the Data Controller shall explain the reason for the wait within one (1) month of the request.

The outcome of the request will be provided in writing (at the request of the Data Subject) or in electronic format (and, in this case, free of charge). The Data Controller specifies that the Data Subject may be required to make a contribution if his/her requests are manifestly unfounded, excessive or repetitive: in this regard, the Data Controller will keep track of the requests.

The Data Controller, in accordance with Article 19 of the GDPR, undertakes to inform the recipients to whom the Data Subject's Data has been disclosed of any rectification, erasure or restriction of processing requested by the Data Subject, where possible.

11) Right of objection (Art. 21 GDPR)

The Data Subject also has the right to object, at any time, to the processing of his or her Data based on legitimate interest (Art. 6(1)(f) GDPR), by contacting the e-mail addresses described in the previous paragraph.

12) Right to lodge a complaint (Art. 77 GDPR)

Should the Data Subject consider that his or her rights have been compromised or infringed, or that the processing of the Data is contrary to the legislation in force, he or she has the right to lodge a complaint with the Data Protection Authority in the manner indicated at the following web address: https://www.garanteprivacy.it/diritti/come-agire-per-tutelare-i-tuoi-dati-personali/reclamo.

13) Updating this policy

This policy is subject to change. Any substantial changes will be communicated by e-mail or via our institutional website.