By processing of personal data we mean any operation or series of operations, carried out even without the aid of electronic tools, concerning the collection, registration, organisation, structuring, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other format for making data available, comparison, interconnection, limitation, cancellation or destruction, even if not registered in a database.
The client acknowledges that this informative notice fulfils the obligation to comply with Article 13 of the GDPR 679/2016 towards the client and users who participate in the use of the Company’s services and to whom the client will release the information contained herein and to acquire the necessary consent on its behalf.
Therefore, we hereby inform you that such data will be processed manually and/or with the support of IT or telematic means for the following purposes.
A. Primary purposes of the processing of personal data and legal basis of processing.
A.1 Pre-contractual and contractual purposes for fulfilment of the contract.
Firstly, the processing of personal data requested that the client is required to indicate, pursues the purposes of making it possible to stipulate a contract with the client for the provision and use – even by individual users of the client – of training products and services (both in classroom sessions and distance learning on FAD e-learning platforms, (hereinafter the “Contract”) and to allow the Companies to fulfil their obligations and, before the conclusion of the Contract, according to the defined modalities, the processing of the client’s personal data may also pursue pre-contractual purposes, such as responding to specific requests from the Client concerned, for example, and for greater transparency towards the client, the primary purposes of processing related to fulfilment of the Contract (in each phase) can be for the specific purpose of: supply of products and the required training services, maintenance and technical assistance related to these services, management of complaints and/or disputes, prevention/repression of fraud and any illegal activity, storage of personal client and user data, use of personal data for communications regarding the performance of the established contractual relationship, etc.
A.2 Purposes of fulfilment of obligations under the law, regulations or EU regulations.
Secondly, personal data will also be processed to fulfil the obligations established by law, regulations or community legislation and for civil, accounting and tax purposes.
A.3 Purpose to permit the registration of the client on websites for carrying out distance training activities pursuant to the Contract.
Access to and browsing of websites or other electronic and/or telematic platforms (including mobile platforms) where companies provide their training services even at a distance are free but the possibility of benefiting from the aforesaid services is only permitted after client and authorised user registration. The registration process consists in completing a form in which the client (and users authorised by the same) is required to indicate his/her personal data – some of which has to be entered compulsorily – for the activation of authentication credentials (login + password) with which the party concerned can access all areas and training services reserved for registered users.
Therefore, further primary purposes of processing are represented by the need to allow the completion of the required prior registration procedure (also on-line) and the creation of an account and to allow the operators of the websites and platforms of the Companies (or third parties) to generate and subsequently conduct technical and administrative management (including the purpose of providing support and technical assistance upon request) of accounts, client IDs, activation codes, passwords and similar authentication credentials generated during the registration process. These primary and main purposes of data processing of registered clients (and authorised users by the same) include allowing them to benefit, where it is possible to do so, from remote services of pre and post-contractual assistance for the management of each contractual, administrative, technical or legal profile. Regarding this processing, the purpose is also to manage any type of request for assistance – technical, commercial and/or contractual – received by the Companies and reply to clients.
B. Communication and dissemination of personal data for the pursuit of primary processing purposes.
In all the cases described above – and according to the applicable provisions of the Privacy Code – the Concessionaire may communicate personal data to third parties who provide services whose communication is necessary for the performance of the services the Contract concerns [for example: companies that provide services for the management of financial transactions; suppliers of services for installation, assistance and maintenance of IT and telematic systems and systems and of all functionally related services necessary for the performance of the services the Contract concerns; sub-contracting companies for the services necessary for the implementation of the contract management service and management of training services; persons, companies or professional firms that provide assistance, consultancy or collaboration with the Companies in accounting, administrative, legal, tax and financial matters relating to the Contract; companies and institutional parties involved in fraud prevention; service providers aimed at the verification, accuracy and validity of the personal and fiscal data of the client and authorised users of the same.
Furthermore, for the pursuit of the primary purposes, the data may be disclosed to any other third party when the communication is mandatory by law (for example: investigation of telematic platforms by judicial police or requests from the Judicial Authority) or to properly fulfil contractual services (e.g.: credit institutes for profiles related to collections and payments), pre-contractual or post-contractual (e.g.: technical assistance and request for support or sending of complaints submitted by the client).
The following are the parties or categories of parties that my become aware of the personal data of the user appointed officers or agents:
Personal data will not be disclosed by the companies, it being agreed that where the client – for example in the use of training services on electronic platforms – proceeds to the dissemination of personal data of authorised users, this processing will be carried out directly as an independent data controller by the client.
B.1. Compulsory or optional nature of consent for the pursuit of the primary purposes regarding the processing of personal data.
In all the cases described above in sections A and B (for disclosure to third parties) – and according to the applicable regulations of the GDPR – the Companies are not obliged to acquire specific consent to processing in relation to clients and users. In fact, all the above-mentioned processing pursues primary purposes, excluding the need to acquire the specific consent of the party concerned, either because the processing is necessary to fulfil an obligation under the law, regulations or Community legislation, or because the processing is necessary to fulfil obligations arising from a contract to which the party concerned is party or to fulfil, before the conclusion of the contract, specific requests of the party concerned.
Where the client does not intend to provide the personal data requested and necessary on the basis of the above, it will consequently be impossible to proceed with the execution of the Contract and the activation of training services, making it impossible to register and use all the services for which registration and/or the provision of data are technically and contractually obligatory.
C. Purpose of the processing of personal data – Purposes of a promotional, advertising and marketing nature.
Personal data collected (from clients and users) may also be processed, either in hard-copy format (e.g.: filling out forms, coupons and similar hard-copy files at the Company’s physical premises and subsequently used electronically on the official websites of the Company) using automated/IT methods, for the following purposes: sales promotion, advertising communication, solicitation and purchasing behaviour, market research, surveys (also by telephone, online or by filling out forms), statistical processing (in identifying format) , and marketing in a broad sense (including prize events, games and competitions or other reward initiatives not included in the subject referred to in Presidential Decree 430/2001) for the offer of products and/or services relating to the Companies.
By granting consent these promotional, commercial and marketing purposes in a broad sense of processing (including the consequent management and administrative activities) are specifically acknowledged and expressly authorises the Data Controller to process the data for the specific purpose.
C.1 Communication and dissemination of personal data for the pursuit of secondary processing purposes.
For the purposes referred to in point C, the Companies hereby specify that the data could also be communicated to third-party commercial partners. The consent to processing for marketing purposes by the data controllers – where provided by the party concerned – does not also cover the different and further marketing processing represented by the communication to third parties of the data for the same purposes.
To proceed with such external communication (currently not carried out by the Companies, but possible in the future), further, separate, additional, documented, express and completely optional informed consent is required.
C.2 Compulsory or optional consent for the pursuit of promotional, advertising and marketing purposes.
Note, particularly, the fact that the provision of personal data to the companies and the provision of consent to processing for marketing purposes and separate consent regarding disclosure to third parties for processing for marketing reasons (should this be carried out in the future) for the purposes and with the methods described above are absolutely optional and optional (and in any case may be revoked without formalities even after the provision of services by sending an e-mail to email@example.com) and failure to confer it will not result in any consequences other than the impossibility for the Companies and any third parties to continue with the above-mentioned marketing activities.
In case of refusal to marketing consent, there will not be any interference and/or consequence on the contractual or other relationships in force.
D. Data retention and security measures.
The data will be kept for the period of time defined by the relevant legislation, mainly on servers at the offices of the Companies and/or on servers of external suppliers. In any case, the retention period for the client’s data will only be the time necessary to pursue the above-mentioned purposes and will be the same as the duration of the service relationship between the client and the Company, without prejudice to the need for contractual, administrative or tax. accounting or legal obligations following termination of the relationship. As soon as the above-mentioned obligations are fulfilled, the data will in any case be deleted, subject to storage according to the different legal terms of the document and/or document containing the data.
We also inform you that this data will be collected, processed and stored in full compliance with the provisions of the GDPR 679/2016 and – for the companies Europcar International SASU and Europcar Information Services – based on applicable local regulations.
The data will also be processed in full compliance with the self-regulation rules regarding the processing of personal data contained in the deontological codes currently in force. E. Data Controller and Data Processors.
The following are the identifying details of the Companies as the data controllers of the client’s data (in some cases the Companies may be joint data controllers of the same data and the processing, in other cases they can assume the status of independent and separate data controllers):
Amicucci Formazione S.r.l – Single shareholder Company
Administrative Office: Civitanova Marche (Macerata) Street Alessandro Volta n.5 / 9 – Postal Code 62012
The Data Controller has appointed a DPO in the person of Luciani Eleonora to whom to apply to exercise the rights of the GDPR 679 / 2016: firstname.lastname@example.org The updated list of data processors can be found at the indicated location.
F. Exercise of rights by clients.
At any time it will be possible – without any formality – to exercise the rights referred to in Articles 15 to 22 of the GDPR 679/2016.