*updated pursuant to EU Regulation 2016/679 (GDPR)
Here follows a description of the way personal data are processed through this website, in relation to Users visiting the website and/or interacting with the web services supplied through the website.
1. DATA CONTROLLER
The data controller for the processing of data through the website is Fondazione Gustav Mahler, Piazza Domenicani 25 – 39100 Bolzano, firstname.lastname@example.org, ph. +39 0471 301712, fax + 39 0471 301391.
2. DATA PROTECTION OFFICER (DPO)
The data protection officer (DPO) is email@example.com
3. TYPES OF DATA SUBJECT TO THE PROCESSING, PURPOSES AND LEGAL BASIS FOR THE PROCESSING
3.1 Data supplied voluntarily by the User for the Services requested
If, in order to access the services/information offered, the user voluntarily supplies any of their personal data, collected by means of specific formats present on the website, this action entails the acquisition of said data on the part of the data controller in order to supply the requested services. In particular:
Sending of applications to attend courses: the data necessary for the assessment of the application (identification data, e-mail, telephone numbers, copies of identity documents, curriculum vitae and professional information, videos etc.) are collected.
Some data requested in the formats are necessary in order to supply the service and they are marked with an asterisk. Other data are fully optional and can be entered by the user for the purpose of a more complete or customized service or, with the prior consent in the cases provided for by current applicable rules, to receive informative and commercial messages or to analyse interests and personal information or habits or consumer choices.
The purposes of data processing are, therefore, depending on the requested services:
• Performance of the service requested by the user;
• Fulfilment of law, administrative and accounting obligations related to the attendance of courses organized by the Mahler Academy;
• Communication with the client about the requested service;
• Prevention of frauds and abuses damaging the website;
• Management of applications to attend courses.
The legal basis for the processing of data is the fulfilment of contract obligations if and as requested by the user as well as for optional services performed with the consent of the data subject.
If necessary, specific summary information and, possibly, requests for consent will be progressively provided or displayed on the website pages prepared for special services on request.
3.2 Navigation data
In addition to what is specified below for cookies, the information systems and software procedures governing the operation of this website acquire, during normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information which is not collected to be associated with identified data subjects but which, by its nature, could enable the identification of users by means of processing and associations with data held by third parties.
This category of data includes the IP addresses or the domain names of the computers used by the users connecting to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (success, error, etc.) and other parameters related to the operating system and the IT environment of the User.
These data are used for the purpose of obtaining anonymous statistical information concerning the use of the website and of checking its correct operation.
These data could be used to establish responsibility in case of cybercrimes against the website.
The purposes of processing these data are, therefore
Enabling the operation of the website and the performance of services requested by the user;
Controlling and improving the operation of the website;
Obtaining and using statistical information about the use of the website;
Establishing responsibility in case of alleged cybercrimes.
The legal basis for the processing of data is therefore the legitimate interest of the data controller in performing and improving the website services supplied.
3.3 Cookies and tracking
Cookies and similar technologies are small fragments of information used to store on a computer technical and/or personal details, to identify users of a service and enable specific functions. Cookies are used by the data controller and its partners for technical, statistical and/or profiling purposes.
The browser can be configured so as to refuse the acceptance of cookies in general or to receive a notice before cookies are stored.
The legal basis for the processing of data is therefore the legitimate interest of the data controller in case of technical cookies and the consent of the data subject for profiling cookies.
4. DISCLOSURE OF DATA TO THIRD PARTIES
4.1 Data voluntarily supplied by the User (contact or information requests, management of applications to attend courses etc.)
The personal data given by the User are managed by internal subjects of the companies that are the data controllers (consultants and employees) identified above depending on their competences and within the framework of their tasks and/or contract obligations.
Some data may be communicated to: external subjects/companies when communicating personal data is necessary or functional to the performance of the requested service or for the management of the contract relationship with the data subject (strategic, IT, consulting company, hosting company or companies managing services for the data controllers or sending of documents or materials, insurance companies) in the manners and for the purposes described above.
4.2 Dissemination of data
No data deriving from web services is disseminated, where ‘disseminated’ means that data are brought to the knowledge of a multitude of unspecified subjects.
5. DATA TRANSFER TO THIRD COUNTRIES
The personal data supplied by the user, the other types of data processed and navigation data may be processed or transferred to non-EU countries for the purposed indicated above, in compliance with the current applicable rules about data transfer to third countries pursuant to Article 44 and following articles of Reg. 2016/679 (GDPR) and applicable local rules.
6. METHOD OF PROCESSING
Personal data are processed with IT tools whilst respecting confidentiality requirements and protection measures envisaged by current applicable rules. Specific security measures are observed to prevent the loss of data, illegal or incorrect usage and unauthorized access.
7 DURATION OF DATA STORAGE
Data supplied by the User: personal data supplied by the user are stored for the period necessary for the purpose(s) indicated and, if needed, for the fulfilment of contract, tax and legal obligations for the period envisaged by current applicable local rules.
Data about applications and curricula: two years from the receipt of data supplied by the user (or a different period as envisaged by local rules), barring the case of induction in the company.
8. AUTOMATED PROCESSES
Automated decision-making processes (e.g. cookies) for the functionality of the website and/or automated process to analyse habits, choices, navigation modes of the user by means of cookies or services of third parties, with the prior consent of the data subject as specified below, may be performed.
9. SUPPLY OF DATA AND CONSEQUENCES OF THE FAILURE TO SUPPLY DATA
Apart from what is specified for navigation data, the user is free to supply the personal data indicated in the forms used to request services of the website. Failure to supply data foreseen as mandatory, though, entails that the requested service cannot be performed. On the other hand, failure to supply data indicated as optional may entail the supply of an incomplete service and the impossibility for the data controller to perform further activities.
10. RIGHTS OF DATA SUBJECTS, RIGHT TO LODGE A COMPLAINT AND WITHDRAWAL OF CONSENT
The data subjects whose personal data have been collected as described in this Policy have the right – provided that legal requirements are met - at any moment, to request access, rectification or erasure of their personal data, their limitation, to object to their processing and to exercise the right to data portability.
The data subject has the right to withdraw any consent he/she has given to data processing at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.
Please consider that, once eliminated, personal data cannot be retrieved again and stored content is also eliminated in a permanent way. The user’s personal data will also be eliminated when no longer necessary for the purposes they had been originally collected for.
In order to exercise the rights envisaged by current applicable rules about personal data protection and to know the complete list of external data processors appointed for each area and activity or in order to receive information about the transfer of data to non-EU countries and related safeguards, you can write to firstname.lastname@example.org. Your request will be dealt with as soon as possible and in any case within max. 30 days.
Furthermore, the data subject has the right to lodge a complaint with a supervisory authority of data processing in the Member State of his or her habitual residence or in the EU Member State where he or she works or where the alleged infringement took place.
11. MINORS, TRUTHFULNESS OF DATA ENTERED AND USER’S OBLIGATIONS
This website does not address its services to children and minors, as defined by local laws.
In any case, we reserve the right to contact the user and verify that requirements are met and, if they are not, suspend or eliminate the account entirely and/or discontinue the supply of services.
Latest update on: 09/2018