PRIVACY POLICY

pursuant to articles 13 and 14 UE Regulation 2016/679

Dear Interested,

Social Academy considers the protection of the personal data of its customers and users to be of fundamental importance, either effective and/or potential.

With this document (hereinafter, the “Privacy Policy”), we intend to renew our commitment to you to grant you that the treatment of your personal data, carried out in any way, both automated or manual, takes place in full compliance with the protections and recognized rights of the (UE) Regulation 2016/679 (following, “GDPR” or “Regulation”) and by the additional applicable regulations on the subject of personal data protection.

The term personal data reference is made to the definition contained in the article 4.1 of the Regulation, namely "any information regarding a physical identified person or identifiable; is considered identifiable the physical person that can be identified, directly or indirectly, with particular reference to an identifier such as a name, an ID, location data, an online ID or one or more characteristic elements of his physical, physiological, genetic, psychic, economic, cultural or social identity" (below, the “Personal Data”).

The Regulation provides that, before proceeding with the processing of Personal Data - this term must be understood, according to the relevant definition contained in art. 4.2 of the Regulation "any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction" (below, the “Treatment”) – it is necessary that the person to whom such Personal Data belongs is informed about the reasons for which such data are requested and how they will be used.

In this regard, this Information - drafted on the basis of the principle of transparency and inclusive of all the elements required by art. 13 of the Regulation - aims to provide you in a simple and intuitive way with all the useful and necessary information so that you can provide your Personal Data in a conscious and informed way and, at any time, exercise your rights.

A. THE HOLDER OF THE TREATMENT

The company that will process your Personal Data for the purposes referred to in this Notice and which, therefore, will play the role of data controller according to the relevant definition contained in art. 4.7 of the Regulation, ie "the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data" is:

  • Social Academy S.r.l., registered office in via Catone n. 3, 00192 – Rome (below, the “Holder” of “Social Academy”).

B. PURPOSE AND LEGAL BASIS OF THE PROCESSING

The Owner, in order to allow navigation and your registration to its websites (The “Website” or “Websites”) – in the sections where it is possible to register and / or purchase or download Training Products for free and / or send requests for information using the contact forms and / or subscribe to the newsletter service – collect some of your Personal Data as well as navigation data (including through cookies), in accordance with the policies present in the relative preference management systems that appear at the first access to the Sites. You can change your preferences on navigation cookies at any time by clicking here.

The processing of your Personal Data will be conducted by the Data Controller to allow you, therefore, to:

  • get in touch with the company
  • purchase Educational Products on the Marketplace
  • try for free or purchase plans for using Buprivacsiness in Cloud
  • perform the Skill Game (digital questionnaire designed and developed by Social Academy to discover your potential and professional vocations)
  • send requests for information
  • download free resources
  • take advantage of all the other services offered from time to time by the Site in which you are browsing

To allow the Data Controller to carry out the processing activities for the above purposes, it will be necessary to provide the Personal Data marked with the symbol [*].

This treatment will be lawful by virtue of art. 6, paragraph 1, letter b) of the Regulations.

In the absence of the provision of even one of the marked data, it will not be possible to proceed with the processing of your Personal Data and, consequently, it will not be possible to provide you with the information and services requested.

The Personal Data that will be requested from you for the pursuit of the aforementioned purposes will be those reported in the registration and / or contact and / or purchase form, i.e., by way of example and not limited to: name, surname, e-mail address , address, telephone numbers of fixed and / or mobile users.

No Personal Data relating to your health and, in general, special categories of personal data referred to in art. 9 of the Regulations.

In addition to the aforementioned purposes, your Personal Data may be processed for promotional activities of the products and services provided by the Data Controller, in order to provide you with a better service, to promote products and services of your interest sold and / or provided by Social Academy.

With regard to this direct marketing purpose, it should be noted that, by virtue of art. 6.1 lett. f) of the Regulations and art. 130 paragraph 4 of the Privacy Code (so-called soft spam exception), the Data Controller may carry out this activity based on its legitimate interest, regardless of your explicit consent and in any case up to your opposition or limitation (pursuant to the provisions of Section F lett . d) and f) of the Information) to this Processing, as better explained in Recital 47 of the Regulation, in which it is "considered legitimate interest of the owner to process personal data for direct marketing purposes”.

This will be possible following the assessments made by the Data Controller regarding the possible and possible prevalence of your interests, fundamental rights and freedoms that require the protection of Personal Data on your legitimate interest in sending direct marketing communications.

Moreover, you can lawfully and at any time oppose the receipt of promotional communications, without this in any way compromising the processing for other purposes.

The contact methods aimed at direct marketing activities may be both automated and traditional (in some cases providing for calls from our operators, based on your specific requests). In any case, as detailed below in this Notice, you can also partially object (for example by consenting only to traditional contact methods).

C. SUBJECTS TO WHOM YOUR PERSONAL DATA MAY BE COMMUNICATED

Your Personal Data may be disclosed to specific subjects considered recipients of such Personal Data. In fact, art. 4.9 of the Regulation defines Recipient of a Personal Data "the natural or legal person, public authority, service or other body that receives communication of personal data, whether or not it is a third party" (hereinafter, the " Recipients ").

In this perspective, in order to correctly carry out all the processing activities necessary to pursue the purposes referred to in this Notice, the following Recipients may be in a position to process your Personal Data:

  • third parties who carry out part of the processing activities and / or activities connected and instrumental to them on behalf of the Data Controller. These subjects have been appointed as Data Processors pursuant to art. 28 GDPR, having to be understood individually with this term, pursuant to art. 4.8 of the Regulations, "the natural or legal person, public authority, service or other body that processes Personal Data on behalf of the Data Controller" (hereinafter, the " Data Processor ");
  • individuals, employees and / or collaborators of the Data Controller, who have been entrusted with specific and / or more processing activities on your Personal Data. These individuals have been given specific instructions on the subject of security and correct use of Personal Data - also through specific training activities - and are defined, in accordance with art. 4.10 of the Regulations, "persons authorized to process Personal Data under the direct authority of the Data Controller or Data Processor" (hereinafter, the " Authorized Persons ");
  • owners of Training Products marketed on the Marketplace (so-called Vendor) for purposes strictly related to allowing you to use the related product you purchased.

Where required by law or to prevent or suppress the commission of a crime, your Personal Data may be disclosed to public bodies or judicial authorities without these being defined as Recipients. In fact, pursuant to art. 4.9 of the Regulation, "the public authorities that may receive communication of Personal Data in the context of a specific investigation in accordance with the law of the Union or of the Member States are not considered Recipients”.

Google Workspace API Usage To provide the functionalities of our service, we utilize Google Workspace APIs. However, we want to assure our users that the data collected through these APIs is not used to develop, train, or improve generalized artificial intelligence or machine learning models. User data is exclusively used for the purposes specified in this privacy policy.

D. PROCESSING TIME

One of the principles applicable to the processing of your Personal Data concerns the limitation of the retention period, governed by art. 5.1 lett. e) of the Regulation which states "Personal Data are stored in a form that allows identification of the Data Subjects for a period of time not exceeding the achievement of the purposes for which they are processed; Personal Data may be stored for longer periods provided that they are processed exclusively for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, in accordance with art. 89 (1), without prejudice to the implementation of adequate technical and organizational measures required by these Regulations to protect the rights and freedoms of the interested party ".

In light of this principle, your Personal Data will be processed by the Data Controller limited to what is necessary for the pursuit of the purpose referred to in this Notice.

In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, as indicated in Recital 39 of the Regulation, i.e. until the termination of the existing relationship between you and the Data Controller in relation to your requests for information, without prejudice to the legitimate interest of the Data Controller referred to in Recital 47 of the Regulation as well as a further retention period that may be imposed by law as also provided for by Recital 65 of the Regulation.

E. RIGHTS

As required by art. 15 of the Regulation, you will be able to access your Personal Data, request its correction and updating, if incomplete or incorrect, request its cancellation if the collection took place in violation of a law or regulation, as well as oppose the processing for legitimate and specific reasons.

In particular, we report below all your rights that you can exercise, at any time, towards the Owner:

  1. RIGHT OF ACCESS

    You will have the right, pursuant to art. 15.1 of the Regulations, to obtain from the Data Controller confirmation that your Personal Data is being Processed or not and, in this case, to obtain access to such Personal Data and following information: a) the purposes of the processing; b) the categories of Personal Data in question; c) the Recipients or categories of Recipients to whom your Personal Data have been or will be communicated, in particular if Recipients of third countries or organizations international; d) when possible, the retention period of the Personal Data provided or, if not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the Data Controller to rectify or cancellation of Personal Data or limitation of the Processing of Personal Data concerning him or to oppose their Processing; f) the right to lodge a complaint with a supervisory authority; g) if the Personal Data i are not collected from the interested party, all the information available on their origin; h) the existence of an automated decision-making process, including profiling pursuant to art. 22 paragraphs 1 and 4 of the Regulation and, at least in such cases, significant information on the logic used as well as the importance and expected consequences of this processing for the interested party.

    All this information can be found within this Information which will always be available to you in the Privacy Policy section of the Site.


  2. RIGHT OF RECTIFICATION

    You will be able to obtain, pursuant to art. 16 of the Regulation, the correction of your Personal Data that are inaccurate. Furthermore, taking into account the purposes of the processing, you will be able to obtain the integration of your Personal Data which are incomplete, also by providing a supplementary declaration.


  3. RIGHT TO CANCELLATION

    You will be able to obtain, pursuant to art. 17.1 of the Regulation, the cancellation of your Personal Data without undue delay and the Data Controller will be obliged to delete your Personal Data, if there is even one of the following reasons: a) the Data Personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) you have opposed the processing pursuant to articles 21.1 or 21.2 of the Regulation and there is no longer any legitimate overriding reason to proceed with the processing of your data Personal Data; c) your Personal Data have been unlawfully processed; d) it is necessary to delete your Personal Data to comply with a legal obligation provided for by a community standard or internal law.

    In some cases, as required by art. 17.3 of the Regulation, the Data Controller is entitled not to delete your Personal Data if their processing is necessary, for example, for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation. , for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, for the assessment, exercise or defense of a right in court.


  4. RIGHT TO RESTRICTION OF PROCESSING

    You will be able to obtain the processing limitation, pursuant to art. 18 of the Regulation, in the event that one of the following hypotheses occurs: a) you have contested the accuracy of your Personal Data (the limitation will continue for the period necessary for the Data Controller to verify the accuracy of such Personal Data); b) the Processing is unlawful but you have opposed the cancellation of your Personal Data by requesting, instead, that its use be limited; c) although the Data Controller no longer needs it to processing purposes, your Personal Data are used to ascertain, exercise or defend a right in court; d) you have opposed the processing pursuant to art.21.1 of the Regulation and are awaiting verification in on the possible prevalence of the Data Controller's legitimate reasons with respect to yours.

    In case of limitation of processing, your Personal Data will be processed, except for storage, only with your consent or for the ascertainment, exercise or defense of a right in court or to protect the rights of a 'other natural or legal person or for reasons of significant public interest. We will inform you, in any case, before this limitation is lifted.


  5. RIGHT TO DATA PORTABILITY

    You can, at any time, request and receive, pursuant to art. 20.1 of the Regulation, all your Personal Data processed by the Data Controller in a structured, commonly used and legible format or request its transmission to another Data Controller without impediments. In this case, it will be your responsibility to provide us with all the exact details of the new Data Controller to whom you intend to transfer your Personal Data, providing us with written authorization.


  6. RIGHT OF OBJECTION

    In accordance with art. 21.2 of the Regulation and as also reaffirmed by Recital 70, you can object, at any time, to the Processing of your Personal Data if these are processed for direct marketing purposes.


  7. RIGHT TO PROPOSE A COMPLAINT TO THE SUPERVISORY AUTHORITY

    Without prejudice to your right to appeal to any other administrative or jurisdictional office, if you believe that the processing of your Personal Data conducted by the Data Controller is in violation of the Regulations and / or applicable legislation, you can lodge a complaint with the Guarantor Authority for the Protection of Competent Personal Data.

    To exercise all your rights as identified above, simply contact the Data Controller by sending an email to the Data Controller in the box privacy@socialacademy.com or a registered letter to the Headquarters of the Data Controller .


F. PLACES OF TREATMENT

Your Personal Data will be processed by the Data Controller within the territory of the European Union.

If for technical and / or operational reasons it becomes necessary to make use of subjects located outside the European Union, we inform you as of now that these subjects will be appointed as Data Processors pursuant to and for the purposes of art. . 28 of the Regulations and the transfer of your Personal Data to these subjects, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulations.

All the necessary precautions will therefore be taken in order to guarantee the most complete protection of your Personal Data by basing this transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on adequate guarantees expressed by the third party recipient to pursuant to Article 46 of the Regulation; c) on the adoption of binding corporate rules, so-called binding corporate rules; d) by adopting standard contractual clauses approved by the European Commission.

In any case, you can request more details from the Data Controller if your Personal Data have been processed outside the European Union by requesting evidence of the specific guarantees adopted.

Last Update: 02.07.2020