SCHOOL POLICY REV.02

This Privacy Policy is produced by the Data Controller in compliance with Article 13 of EU Regulation 2016/679 (General Data Protection Regulation).

1. DATA CONTROLLER

ROTHO BLAAS SRL, with registered offices at Via dell'Adige 2/1, I-39040 Cortaccia (BZ), Italy, VAT No. IT 01433490214, is the Data Controller for the personal data you have provided.
If you wish to make a report, or if you have any requests or wish to exercise the rights referred to in Article 15 et seq. of EU Regulation 679/2016, please contact our Privacy Representative by e-mail at the following address: privacy@rothoblaas.com.

2. TYPE OF DATA PROCESSED, PURPOSES OF DATA PROCESSING AND LEGAL BASIS

You can register for a training course directly using this application by completing the registration form with your personal identification and/or commercialinformation: name, surname, e-mail, address, residential address, telephone number, occupation, business name, tax code and/or VAT No.

A.

B. images and videos.

The data referred to in point A is used for:

The legal basis for the processing is:
• the fulfilment of contractual obligations if and inasmuch as requested by the data subject;
• the consent of the data subject.

3. NATURE OF THE PROVISION OF THE DATA

The provision of data referred to in point 2.A is totally optional; however, failure to provide the data prevents registration in the training course selected.
The provision of data referred to in point 2.B is totally optional; failure to provide the data will not prevent registration in the chosen training course.

4. DISCLOSURE AND DISSEMINATION OF DATA TO THIRD PARTIES

In order to fulfil the specified objectives, some data may be disclosed to Group companies; external parties/companies to whom the disclosure of the personal data proves to be necessary or in any case functional for the purpose of performing the requested service or for the management of the contractual relationship with the data subject, under the control of the Data Controller.

The personal data in point 2.B may be disseminated through the company internet site, the company’s social media accounts or any other Rotho Blaas advertising material.

5. TRANSFER TO THIRD COUNTRIES

The personal data provided by the data subject may be processed or transferred to a country outside the EU for the above-mentioned purposes in accordance with the applicable legislation in relation to the transfer of data to Third Countries and the relative guarantees specified therein (Article 44 et seq. of EU Regulation No. 679/2016).

6. DATA PROCESSING METHODS AND RETENTION TIMES

Data processing of the gathered data is carried out through computerised procedures or, in any case, by digital means by internal or external parties specifically appointed and authorised for such purpose and committed to confidentiality terms. Data is processed and stored using tools suitable to ensure its safety, integrity and confidentiality through the adoption of adequate security measures, as established by law.
The data referred to in point 2.A will be kept for two years from the date of consent.
The data referred to in point 2.B will be kept for ten years.

7. RIGHTS OF DATA SUBJECTS

For any comments, requests and/or for exercising the rights referred to in Article 15 et seq. of EU Regulation 679/2016, Data Subjects can refer to our privacy reference contact by sending a mail to the following address: privacy@rothoblaas.com.
Specifically, the data subject may, at any time, exercise their rights, find out about the data that concerns them, how it was acquired, receive information about the parties or classification of parties to whom their data may be disclosed, verify that their data is accurate, complete, current and safeguarded, receive their data in a commonly used structured format, readable on an automated device, revoke any consent given at any time to process their data, request its deletion, and fully or partially oppose the use of their data. In addition, data subjects shall have the right to revoke consent at any time without prejudice to the legality of the processing based on consent provided before revocation and to file a complaint with the applicable authority, the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), should they believe that the processing of their data is in violation of the above-mentioned Regulation.