Privacy Policy

PRIVACY POLICY AND COOKIE POLICY

PRIVACY POLICY – PRIVACY POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH ARTICLE 13 OF REGULATION (EU) 2016/679

ACADEMY ISTITUTO PRIVACY S.r.l. – P. Iva 16543941005 – Piazza di San Salvatore in Lauro, 13 – ROME, as Data Controller (hereinafter: hereinafter: “Academy Istituto Privacy” or “Data Controller”), in accordance with EU Regulation 2016/679 (hereinafter: “Regulation” or “GDPR”) – considers privacy and the protection of Personal Data the main objective of its activity. We therefore invite you, before transmitting any Personal Data to the Controller, to read this Policy carefully: it contains important information about the processing of your Personal Data. “Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity. You may also act as a “user” or “contractor.” “User,” means any natural person who uses a publicly accessible electronic communications service, for private or commercial reasons, without necessarily being a subscriber to it; “contractor” means any natural person, legal person, entity or association that is a party to a contract with a provider of publicly accessible electronic communications services for the provision of such services.

This Disclosure:

  • is intended to be made for the websites https://academy.istitutoitalianoprivacy.it/ – https://academyistitutoprivacy.it/ – https://www.data.game (hereinafter: “Sites”) and for the App “DATA! The game” (hereinafter: “App”) and is an integral part of the services we offer;
  • is made pursuant to Article 13 of the Regulations, to those who interact with the web services of the Sites and the Owner’s App, either through simple consultation or through the use of specific services made available through the Sites and/or the App.

The Holder can be contacted at: academy@istitutoprivacy.eu .

This document has been prepared pursuant to Article 13 of the EU Regulation 2016/679 (hereinafter: “Regulation” or “GDPR”) in order to enable you to learn about our privacy policy, understand how your personal information is processed when you use our Sites or Apps and, where applicable, to give your free and informed consent to the processing of your Personal Data. The data you provide or otherwise acquire as part of your use of Academy Istituto Privacy’s services – such as for participation in events or training courses or for the purchase of publications or other publishing products (hereinafter “Services”) – will be processed in accordance with the provisions of the Regulations and the obligations of confidentiality that inspire the activity of Academy Istituto Privacy S.r.l.

According to the GDPR regulations, the processing of personal data carried out by Academy Privacy Institute will be based on the principles of lawfulness, fairness, transparency, purpose limitation and storage, data minimization, accuracy, integrity and confidentiality.

TABLE OF CONTENTS

  1. Data controller
  2. The Personal Data being processed
  3. Navigation data
  4. Data voluntarily provided by the data subject
  5. Purpose of processing and soft spam
  6. Legal basis and mandatory or optional nature of processing
  7. Recipients of Personal Data
  8. Retention of Personal Data
  9. Transfer of data abroad
  10. Rights of the data subject
  11. Changes

____________________________________________________________________

  1. Data controller

The Data Controller of the processing of Personal Data is Academy Istituto Privacy S.r.l. (henceforth “Academy Istituto Privacy” or “Academy Istituto Privacy”), headquartered at Piazza di San Salvatore in Lauro 13, 00186 – Rome, VAT No. 16543941005, which can be reached by email at academy@istitutoprivacy.eu

  1. The Personal Data being processed

As a result of browsing the Sites or using the App, we inform you that Academy Istituto Privacy will process your Personal Data, which may consist of an identifier such as a first and last name, an identification number, an online identifier, or one or more characteristic elements of your physical, economic, cultural, or social identity capable of making you identified or identifiable. Other Personal Data that you freely provide in information request forms and/or for the purchase of editorial products and/or the use of services may be processed (see the section “Data voluntarily provided by the data subject”). Any sensitive data, of special categories referred to in Art. 9.1 Reg. 2016/679/EU, will not be processed.

  1. Navigation data

The computer systems and software procedures used to operate the Sites acquire, in the course of their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Sites, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Sites and to check its correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Sites or third parties: except for this eventuality, at present the data on web contacts do not persist for more than seven days.

  1. Data voluntarily provided by the data subject

In order to handle your requests to purchase editorial products and/or to participate in training courses, we may process personal and/or contact data such as your first name, last name, social security number, electronic, telephone or postal contact details, and other data provided in order to obtain information, shipments or for training course enrollment requests; we may also process data related to training and education degrees contained in curricula, and data and meta-data related to training courses and services, including test and examination results and related information on the date, time and manner of taking training services and/or taking tests. Payment data and other banking information, e.g., contained in receipts for payment of registration fees for training courses or purchase of publishing products.

Should you communicate to Academy Istituto Privacy Personal Data of third parties, you must ensure – assuming all responsibility – that this particular hypothesis of processing is based on an appropriate legal basis under Article 6 of the Regulations, which legitimizes the communication to Academy Istituto Privacy and the related processing of the information in question.

  1. Purpose of processing

The data processing we intend to carry out may have the following purposes:

(a) To enable the provision of the Services you have requested such as:

    • registration to the Sites or App;
    • Purchase of digital and/or print publishing products;
    • in-app purchases;
    • email newsletter subscription;
    • Enrollment in training courses;
    • Sharing of content on the Sites or App;
    • Generic request for information;
    • Registration for events and initiatives organized by the Academy Privacy Institute;
    • Collection and analysis of resumes for purposes of collaboration with the Academy Privacy Institute;
    • Response to requests for assistance or information;
    • Management of the existing contractual relationship with clients, students and teachers of the Training Courses organized by the Academy Privacy Institute, including publishing images, videos and audios of teachers on the web and/or TV and/or satellite e-learning platform.

b) so-called “soft spam”: without prejudice to your right to object to such mailings at any time (by writing to academy@istitutoprivacy.eu), to send you promotional e-mails about products or services similar to those you have already purchased (such as other editorial or educational products, educational games or video games, etc.);

(c) to fulfill legal, accounting and tax obligations;

  1. d) to assert or defend rights in court, in case of abuse in the use of the Sites/Apps and/or our Services and/or for contractual or non-contractual disputes;
  2. e) with your consent, direct marketing to send you communications of a promotional nature via email, operator phone, paper mail, text message, Whatsapp, Telegram, Messenger, Signal or push notifications on App.
  3. Legal basis and mandatory or optional nature of processing

The legal basis for the processing of Personal Data for the purposes referred to in section 5-a) of the preceding paragraph is Article 6.1.b) of the Regulations as the processing is necessary for the provision of the contracted Products and Services and/or for the response to requests from the data subject. Providing Personal Data for these purposes is optional but failure to do so would result in the inability to provide the Products or Services requested on the Sites or through the Apps.

As for the purpose of section 5-b), in case you have purchased services or goods from Academy Istituto Privacy, your data may be processed for the purpose of sending you by e-mail advertising material in relation to Academy Istituto Privacy products or services similar to those you have purchased, without your consent (so-called “soft spam”). The legal basis for the processing of your data for these purposes is Article 130 paragraph 4 Legislative Decree 196/2003. In any case, pursuant to art. 21 of the Regulations, you have the possibility to object to such processing at any time, either initially or in subsequent communications, easily and free of charge (by writing to academy@istitutoprivacy.eu), as well as to obtain feedback without delay confirming that such processing has been stopped (art. 12 of the Regulations).

The purpose referred to in Section 5-c) of the preceding paragraph is a processing of Personal Data carried out in accordance with Article 6.1.c) of the Regulations, in order to fulfill a legal obligation (e.g., to issue a receipt or invoice for purchases of Products or Services).

Processing for the purposes in Section 5-d) of the previous paragraph would be carried out under Article 6.1.f) of the Regulations, that is, on the legal basis of legitimate interest.

The processing for direct marketing purposes through email, operator phone, paper mail, sms, Whatsapp, Telegram, Messenger, Signal or push notifications on App is based on your free, specific, informed consent ex art. 6 GDPR and 130 D.lgs. 196/2003.

  1. Recipients of Personal Data

Your Personal Data may be shared, for the purposes mentioned in Section 5, with:

  1. Persons who typically act as data controllers ex art. 28 of the Regulations i.e.: i) persons, companies or professional firms that provide assistance and consulting services to Academy Istituto Privacy in accounting, administrative, legal, tax, financial and debt collection matters relating to the provision of the Services; ii) parties with whom it is necessary to interact for the provision of the Services (e.g. hosting providers) iii) or parties delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks); (collectively “Recipients”); the list of data processors that process data may be requested from the Data Controller.
  2. subjects, entities or authorities, autonomous data controllers, to whom it is mandatory to communicate your Personal Data by virtue of provisions of the law or orders of the authorities;
  3. persons authorized by Academy Istituto Privacy to process Personal Data under Article 29 of the Regulations necessary to carry out activities closely related to the provision of Services and/or supply of Products, who have committed to confidentiality or have an appropriate legal obligation of confidentiality (e.g., employees and collaborators of Academy Istituto Privacy).

 

  1. Retention of data

Personal Data processed for the purposes set out in Section 5 will be kept for as long as is strictly necessary to achieve those same purposes in accordance with the principles of minimization and limitation of storage under Article 5.1.e) of the Regulations.

In any case, the Controller will retain Personal Data for as long as necessary to fulfill contractual and legal obligations (e.g., accounting records 5 years and business records 10 years from the time of purchase).

App User data, where collected, will be retained for as long as the App is used and for 12 months after the last use.

Data processed for direct marketing purposes through e-mail, operator phone, paper mail, text message, Whatsapp, Telegram, Messenger, Signal, or push notifications on App will be retained for up to 5 years after your consent is given, or for the shorter time until you exercise your right to object or withdraw your consent.

Purchase details data, relating to customers purchasing a Product or Service, will be kept for soft spam purposes (art. 130 Legislative Decree 196/2003) until any exercise of the right to object or, failing that, for a maximum period of 2 years from the last purchase.

Data related to intermediate and final results of examinations of courses held by Academy Istituto Privacy will remain available for three months from the time of the examination, and then will be deleted. Data related to the results of the preliminary tests for admission to the Master of Data Protection & Data Protection Designer Course – managed by Academy Istituto Privacy as the External Manager ex art. 28 of the Regulations designated by the Italian Institute for Privacy, separate and autonomous owner of the personal data processing necessary for the organization of the Master of Data Protection & Data Protection Designer Course – or to other courses will be deleted immediately after the admission/non-admission assessment, in compliance with the principle of minimization, since there is no provision whatsoever for noting the correction of the papers in the case of admission tests. More information regarding the data retention period and the criteria used to determine this period can be requested by writing to the Data Controller.

  1. Transfer of data abroad when using platforms for live streaming or providing content and training materials in training courses and other Services

In the event that platforms such as Zoom, for live streaming of lectures and/or sharing of informational materials, are used to benefit from training services, it should be noted that this use of services could necessarily result in the export outside the territory of the European Union of the data of the data subject (identification data, contact details, data and meta-data relating to the days, times and contents of training sessions) requesting this service. This transfer would be occasional and non-systematic in nature, occurring on the basis of the exemption in Article 49(1)(b) of the Regulation, as the transfer would occasionally prove necessary for the performance of the online training service contracted by the data subject with the Data Controller. Alternatively, the data subject’s consent would be required under Article 49 paragraph 1 (a) of the Regulation. In all cases where this is possible, the Data Controller will enter into Standard Contractual Clauses in accordance with Article 46 of the GDPR with any importers of personal data located outside the European Economic Area.

  1. Rights of data subjects

Pursuant to Articles 15 et seq. up to 21 of the Regulation, you have the right to request at any time, access to your Personal Data, the rectification or deletion thereof, the restriction of processing in the cases provided for by Articles 16, 17, 18 of the Regulation, as well as to obtain in a structured, commonly used and machine-readable format the data concerning you, in the cases provided for by Article 20 of the Regulation. At any time, you may revoke, ex art. 7 of the Regulation, any consent given; you may also lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data WWW.GARANTEPRIVACY.IT) pursuant to art. 77 of the Regulation, if you believe that the processing of your data is contrary to the legislation in force.

You may at any time revoke consent or object to processing for direct marketing purposes through e-mail, operator phone, paper mail, text message, Whatsapp, Telegram, Messenger, Signal, or push notifications on App, including by telling us which means to select.

You may make a request to object to the processing of your data pursuant to Article 21 of the Regulations in which you give evidence of the reasons justifying the objection: the Data Controller reserves the right to evaluate the request, which would not be accepted if there are compelling legitimate grounds for processing that override your interests, rights and freedoms.

Requests should be addressed in writing to the Owner, including by email to academy@istitutoprivacy.eu.

  1. Changes

This privacy policy is effective as of February 18, 2025. Academy Privacy Institute reserves the right to change or simply update its content, in part or in full, including due to changes in applicable law. Academy Privacy Institute will notify you of such changes as soon as they are introduced and they will be binding as soon as they are posted on the Sites. Academy Istituto Privacy therefore invites you to regularly visit this section to become aware of the most recent and updated version of the privacy policy so that you are always up to date on the data collected and Academy Istituto Privacy’s use of it.

 

Cookies and online trackers

This cookie policy refers only to the Sites and the App and should be understood as an integral part of the Privacy Policy of the same.

  1. Definitions, characteristics, and enforcement

Cookies are small text files that sites visited by the user send and store on the user’s computer or mobile device, only to be transmitted back to the same sites on the next visit. It is precisely because of cookies that a site remembers the user’s actions and preferences (such as, for example, login details, language choice, font size, other display settings, etc.) so that they do not have to be indicated again when the user returns to said site or navigates from one page to another of it. Cookies, therefore, are used to perform computer authentication, session tracking and storage of information regarding the activities of users accessing a site, and may also contain a unique identifier code that allows tracking of the user’s navigation within the site itself for statistical or advertising purposes. In the course of browsing a site, users may also receive on their computer or mobile device cookies from sites or web servers other than the one they are visiting (so-called “third-party” cookies). Some operations could not be accomplished without the use of cookies, which in some cases are therefore technically necessary for the very operation of the site.

There are various types of cookies, depending on their characteristics and functions, and these can remain on the user’s computer or mobile device for different periods of time: so-called session cookies, which are automatically deleted when the browser is closed; so-called persistent cookies, which remain on the user’s equipment until a predetermined expiration date.

Under current Italian law, the use of cookies does not always require the user’s express consent. In particular, “technical cookies”, i.e. those used for the sole purpose of carrying out the transmission of a communication over an electronic communication network, or to the extent strictly necessary to provide a service explicitly requested by the user, do not require such consent. These are, in other words, cookies that are indispensable for the operation of the site or necessary to perform activities requested by the user.

  1. Types of cookies used by the Sites

Our Sites use the following types of cookies, and offer the ability to de-select them, except for third-party cookies for which the user should refer directly to the respective cookie selection and de-selection methods, indicated by links:

Technical cookies – navigational or session – strictly necessary for the operation of the Sites or to enable the user to take advantage of the requested content and functionality.

At present, there are no analytical or profiling cookies in use.

  1. How to view and change cookies through your browsing program (so-called browser)

The user can select which cookies to authorize through the appropriate procedure prepared in the section Settings relating to cookies, as well as authorize, block or delete (in whole or in part) cookies through the specific functions of his or her browsing program (so-called browser): however, in the event that all or some of the cookies are disabled, it is possible that the Sites may not be accessible or that some services or certain functions of the Sites may not be available or may not function properly and/or the user may be forced to change or manually enter certain information or preferences each time he or she visits the Sites.

For more information on how to set preferences on the use of cookies through your web browser, you can consult the relevant instructions:

 

  1. Cookie-related settings

Below it is possible for the user to make a choice and indicate specifically which cookies to allow.

You are advised that not authorizing technical cookies may result in your inability to use the Sites, view their content and take advantage of related services. Inhibiting functionality cookies may result in some services or certain features of the Sites not being available or not working properly, and you may be forced to change or manually enter certain information or preferences each time you visit the Sites. With regard to cookies directly sent by the operator of the Sites, in addition to the procedure made available on this page, the user may also block or delete (in whole or in part) cookies through the specific functions of his or her browsing browser (in this regard, see above).

The choices made by the user in reference to the Sites’ cookies will in turn be recorded in a special technical cookie, having the characteristics listed in the appropriate cookie table. Such a cookie may, however, in some circumstances not work properly: in such cases, the user is advised to delete unwanted cookies and also inhibit their use through the features of his or her browsing browser. Your preferences with respect to cookies will need to be reset if you use different devices or browsers to access the Sites.