Information pursuant to Article 13 of EU Regulation 2016/679 (GDPR)
Istituto Marangoni S.r.l. wishes to inform you about the processing of your personal data (hereinafter, "Data") collected during the application process for recognition of one of the statuses provided for in the "Regulations for the recognition of the status of working student, student athlete or para-athlete, student caregiver, student with disabilities - SLD, ADHD or SEN, student parent or pregnant student" (hereinafter also referred to as the "Academic Regulations"), in order to guarantee your fundamental rights and freedoms as a data subject (hereinafter referred to as the "Data Subject"), with particular reference to the confidentiality and security with which the Data is processed.
The Data Controller is Istituto Marangoni S.r.l. – Via Pietro Verri, 4, 20121 Milan, Italy, email address: privacy@istitutomarangoni.com (hereinafter, the "Data Controller" or simply the "Controller").
The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted at the following email address:dpo@istitutomarangoni.com .
The Data Controller processes the following Data:
The Data Controller processes the Data for the following purposes:
For the purpose described above, the processing of Data is carried out on the following legal basis:
The Data Controller processes the Data for a maximum period of three (3) years from collection, unless the Data Subject revokes their consent in advance in the manner indicated in paragraph 10 below.
After this period, the Data will be deleted or anonymised.
The Data Controller processes the Data using IT systems and authorised personnel who are authorised to collect, use, record, consult, store, delete, extract, communicate and restrict the Data.
In order to ensure an adequate level of protection, the Data Controller processes the Data by adopting technical and organisational security measures such as:
Only persons authorised and appointed by the Data Controller may access the Data, exclusively for the purposes indicated in the previous paragraph 4).
The Data may also be processed by appointed suppliers acting as external Data Processors (IT service companies), which the Data Controller uses to receive and manage your request, as well as by any sub-suppliers appointed by the external Data Processors to enable the provision of the service.
The Data is stored on servers located within the European Economic Area (EEA). If, for technical and/or operational reasons, it is necessary to use entities located outside the EEA, the processing of the Data will be governed in accordance with the provisions of the GDPR: therefore, all necessary precautions will be taken to ensure the protection of the Data, in accordance with Articles 46 et seq. of the GDPR.
The provision of Data is necessary for the purposes indicated above in the paragraph 4).
For , the statuses "Working Student", "Student Athlete or Paralympic Athlete", "Caregiver Student", "Student with Disabilities" (disability of less than 66% or BES), "Student Parent" and "Pregnant Student" , the Data Subject may revoke their consent to processing at any time as indicated in paragraph 10 below. However, in this case, the Data Controller will no longer be able to grant the benefits provided for the recognition of the requested status.
In accordance with the provisions of the GDPR, in relation to the processing in question, the Data Controller guarantees the exercise of the following rights to the Data Subject:
Note: if it is impossible to proceed with the erasure of the Data in accordance with the above, the Data Controller will inform the Data Subjects of the reasons why it is impossible to do so ;
The above rights may be exercised in writing by sending an email todpo@istitutomarangoni.com orprivacy@istitutomarangoni.com .
Further information regarding the processing of data may be requested at any time by contacting the above addresses. It should also be noted that the exercise of one's rights must not prejudice and/or infringe the rights and freedoms of others.
The Data Controller undertakes to respond to requests within one (1) month, except in cases of particularly complex requests, for which a maximum of three (3) months may be required. In any case, the Data Controller will explain the reason for the delay within one (1) month of the request.
The outcome of the request will be provided in writing (at the request of the Data Subject) or in electronic format (and, in this case, free of charge). The Data Controller specifies that the Data Subject may be asked to contribute to the costs if their requests are manifestly unfounded, excessive or repetitive: in this regard, the Data Controller will keep a record of the requests.
The Data Controller, in accordance with Article 19 of the GDPR, undertakes to inform the recipients to whom the Data Subject's Data has been disclosed of any rectifications, erasures or restrictions on processing requested by the Data Subject, where this is possible.
If the Data Subject believes that their rights have been compromised or infringed, or that the processing of the Data is contrary to the legislation in force, they have the right to lodge a complaint with the Data Protection Authority in accordance with the procedures indicated at the following web address: https://www.garanteprivacy.it/diritti/come-agire-per-tutelare-i-tuoi-dati-personali/reclamo.
This policy may be subject to change. Any substantial changes will be communicated by email or through our institutional website.