Discover the next Open Days Milano · Firenze · London · Paris · Dubai Register nowDiscover the next Open Days

Privacy policy

Pursuant to art. 13 of EU Regulation 2016/679 - Istituto Marangoni S.r.l. website

In compliance with the provisions of art. 13 of EU Regulation 2016/679 (hereinafter, “EU Regulation”) on the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data, this information is for users of the Website www.istitutomarangoni.com (hereinafter, the “Site”).

It is understood that the Data Controller will make additional detailed information available for specific situations.

Under art. 4, no. 7, of the EU Regulation, Istituto Marangoni S.r.l., with headquarters on 4, Via Pietro Verri,

20121, Milan (MI), Telephone: 02 76316680, is the Data Controller (hereinafter, “Controller”) and can be contacted at privacy@istitutomarangoni.com. Istituto Marangoni S.r.l. has appointed a Data Protection Officer (DPO), who can be reached at the email address dpo@istitutomarangoni.com.

For the purposes specified below, the Data Controller, depending on the case and if necessary, will process personal data belonging to the following categories:

  • Common personal data, such as personal and contact data relating to initiatives, courses, and events offered by the Data Controller;
  • Navigation data (common personal data). The data in this category are collected through cookies. Please refer to the relevant cookie policy for detailed information on the cookies used.

For more information on the use of cookies on the Website, see the Cookie Policy.

The purposes of processing are as follows:

  1. Purposes based on the data subject’s consent (Art. 6 par. 1 letter a of the GDPR)
    a) To send you communications on Campus initiatives, scholarships, programmes and events that may be of interest to you;
    b) To aggregate and analyse information to provide personalised content and improve the educational offer. 

All data processed for these purposes will be kept for 3 years; however, the interested party can withdraw consent at any time (Art. 7 par. 3 GDPR)

  1. Purposes for the protection of the Data Controller’s legitimate interest (Article 6 par. 1, lett. f GDPR)
    c) Data Controller website management;
    d) To contact you and send you information about our programmes by email or telephone following your requests received by us by filling in the forms on our Website. In particular, once the forms are completed, the Data Controller will perform aggregate analysis based on the technical cookies required for filling in the form itself;
    e) To register educational activities and relations with the public in our archives;
    f) To contact you again after an interruption in the contact centre line to provide you with the information you need;
    g) To get accredited for events promoted by our Campus, such as the Istituto Marangoni Open Day.

The data processed for purpose c) will be stored as specified in the Cookie Policy.

The data processed for purposes d) will be kept for five years, at the end of which you will be asked again for your consent to receive newsletters.

The data processed for purpose e) will be kept for one year, after which they will be deleted.

The data processed for purpose f) are kept for seven days.

The data processed for purpose g) are kept for five years.

The processing of the personal data referred to above is based on the following lawful basis:

  • The data subject’s consent (Art. 6 par. 1 lett. a) GDPR).
  • The Data Controller’s legitimate interest (Art. 6 par. 1 lett. f) GDPR);

The data acquired by the Data Controller for the above purposes may be disclosed to one or more of the following categories of subjects, such as:

  • Group companies;
  • Third parties (i.e. external collaborators and companies that provide specific instrumental services) who carry out outsourced activities on behalf of the Data Controller in their capacity as external data processors;
  • Hosting service providers;
  • Subjects who carry out management activities of the Data Controller’s IT system;
  • Judicial authorities and subjects to whom data must be disclosed by law. These subjects will process the data in their capacity as independent data controller.

A complete and updated list of independent Data Controllers, Data Processors and any Data Recipients (under Article 4, No. 9 of the EU Regulation) can be requested from the Data Controller’s offices or by contacting privacy@istitutomarangoni.com.

Personal data will be managed and stored on servers in the European Union and owned by the Data Controller and/or third-party companies appointed as Data Processors. Data may be transferred to countries that do not provide the same level of protection as required by the GDPR or the applicable legislation. Istituto Marangoni S.r.l. will ensure that each recipient assumes specific contractual obligations in compliance with the regulations applicable to personal data protection (including signing the Standard Contractual Clauses approved by the European Commission), except where the processing refers to any other lawful basis for the transfer of such information. However, the data subject can always request more information, including the countries to which data is transferred, by writing to the email address privacy@istitutomarangoni.com.

Please refer to the Cookie Policy for the details of transfers via cookies.

Personal data will be processed on paper, electronically, and/or automatically. Personal data collection, registration, organisation, storage, consultation, processing, modification, extraction, comparison, use, interconnection, disclosure, cancellation and destruction and any other appropriate operation, including automated procedures, may be carried out in compliance with the regulations required to ensure, among other things, data confidentiality and security, as well as their accuracy, updating and relevance for the stated purposes.

The data subject, in relation to their data, has the right to exercise at any time and following EU provisions the rights established by the latter and listed below:

  • The right to withdraw consent (Article 7, par. 3, of the EU Regulation) is the right to withdraw consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Data subject’s right of access (art. 15 of the EU Regulation): the right to obtain confirmation as to whether or not personal data relating to him/her exists and a copy of such data in intelligible form;
  • Right of rectification (Art. 16 of the EU Regulation): right to rectification of inaccurate personal data concerning him/her;
  • Right to erasure “right to be forgotten” (Art. 17 of the EU Regulation): right to have personal data erased;
  • Right to restriction of processing (Art. 18 of the EU Regulation): right to obtain the restriction of processing, e.g. if the accuracy of the data is contested or in case of unlawful processing;
  • Right to data portability (art. 20 of the EU Regulation): the right to receive the personal data concerning him or her, which they have provided to a controller, in a structure, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided if the processing is based on consent or carried out by automated means.
  • Right to object (art. 21 of the EU Regulation): the right to object to the processing of personal data;
  • Right not to be subject to automated decision-making processes (art. 22 of the EU Regulation): the right not to be subject to a decision based solely on automated processin.

The Company undertakes to respond to your requests within one month, except for particularly complex requests, which may take up to 3 months. In any case, the Company will explain the reason for the wait within one month of your request.

The outcome of the request will be provided in writing (at the data subject’s request) or in digital format (in this case, free of charge). The Data Controller specifies that the data subject may be charged a fee if their questions are explicitly unfounded, excessive or repetitive: in this regard, Istituto Marangoni S.r.l. will keep track of requests. In compliance with art. 19 of the EU Regulation, Istituto Marangoni S.r.l. undertakes to notify the recipients to whom the data subject’s information has been disclosed about any rectifications, erasures or limitations of processing requested by the data subject, where possible. Please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

If the data subject considers that their rights have been compromised or harmed or that the processing of personal data relating to them infringes the governing Regulation, they have the right to lodge a complaint with the supervisory authority for the protection of personal data as indicated at the following link.

For the purposes from letter d) to letter g), the provision of data by the data subject is required; failure to provide it may hinder the processing of requests from the data subject.

For letters a) and b), the provision of data by the data subject is optional. Failure to provide personal data may make it impossible to receive communications on Campus initiatives, scholarships, courses and events and make it impossible for the Owner to aggregate and analyse the information collected through the Website to improve the educational offer.

For purpose c), providing personal data is required; failure to provide it may prevent browsing this Website.

Istituto Marangoni S.r.l. may make changes and/or additions to this policy, including as a result of subsequent amendments and/or regulatory additions. In such cases, the new version of this policy will be notified to the data subjects as quickly as possible.