Privacy Policy

Under the current Regulation (EU) 2016/679 (GDPR), the Foundation Higher Technical Institute of Tourism and Hospitality IATH (“hereinafter Academy IATH” or “the Foundation“), with registered office at via Regina n. 5 – 22012 Cernobbio (Como) (tel: 031341873; email: info@iath.it) as Data Controller, informs you that your personal data will be processed in full compliance with legal obligations and principles, guaranteeing the full protection of the rights and fundamental freedoms recognized to you.This Information Notice describes, in general terms, the purposes and methods of the processing carried out by Academy IATH. The Foundation has also prepared specific Information Notices on the processing of personal data for each category of data subjects who have relationships with the organization.
  • PURPOSES OF PERSONAL DATA PROCESSING AND LEGAL BASIS
The processing of personal data of data subjects, based on the characteristics of their relationship with the Foundation, aims at fulfilling the requirements demanded by the management of the relationship itself in relation to:
  • specific tasks, assignments, and roles entrusted and held by employees and collaborators operating within Academy IATH
  • obligations towards participants in training courses offered by Academy IATH
  • services provided through the website “www.iath.it”, including sending newsletters and managing donations
  • fulfillment of legal and contractual obligations,
  • fulfillment of tax and fiscal obligations in general,
  • fulfillment of obligations towards the Public Administration.
In most cases, the legal basis for processing is the consent of the data subject, which is obtained through the subscription of personalized forms.In the case of relationships with the Public Administration and for the execution of institutional activities, processing is necessary to comply with a legal obligation to which the Data Controller is subject.In the case of relationships with suppliers, processing is necessary for the execution of a contract and/or the execution of pre-contractual measures.In the case of provision of services through the website, the legal basis is the legitimate interest of the Data Controllers of Academy IATH.
  • DATA COLLECTION AND TYPES OF DATA PROCESSED
Academy IATH, through the website www.iath.it, collects personal data directly from data subjects in the section reserved for course registrations. The categories of data acquired and processed are as follows:
  • Personal data (name and surname)
  • Contact details (email, telephone number, residential address)
  • Other data concerning the academic path of the data subject and their educational interests
  • Other data collected through the website (cookies)
  • NECESSITY OF PROVIDING PERSONAL DATA
The collection of personal data necessary to comply with legal provisions governing relationships with data subjects is mandatory. Failure to provide such data will result in the inability to establish the educational and training relationship between Academy IATH and the data subject.
  • PERIOD OF PERSONAL DATA PROCESSING
Your data will be processed for the duration of the selection process and then deleted unless you explicitly consent to the retention of your CV to be informed about any future vacancies in classes (for up to five years).METHODS OF PERSONAL DATA PROCESSINGThe processing of acquired personal data is carried out using both paper-based and electronic tools, in compliance with all technical and organizational measures prepared by Academy IATH to ensure the security and confidentiality of information. Processing is carried out in accordance with principles of fairness, lawfulness, transparency, in order to protect the rights of data subjects in accordance with the provisions of the EU Regulation.
  • AUTHORIZED INTERNAL PERSONNEL FOR PERSONAL DATA PROCESSING
The acquired personal data are processed by internal personnel within the Foundation’s organization, trained and authorized by the Data Controller, who are bound by professional secrecy and maximum confidentiality.Personal data may also be processed by consultants and service providers external to the organization of Academy IATH such as IT service companies, labor consultancy firms, and the competent medical officer. All these subjects process personal data in compliance with the regulations on the protection of personal data and under the control of the Data Controller, and, where required, are appointed as external Data Processors.
  • DISCLOSURE OF PERSONAL DATA
Your data may be disclosed to third parties, exclusively for technical and operational needs strictly related to the aforementioned purposes and in particular to the following categories of subjects:
  • hosting entities for internships, traineeships, training courses, internships, or job placements;
  • public authorities and administrations (e.g., Provincial Administration of Como, Lombardy Region) for purposes related to the fulfillment of legal obligations;
  • our funding bodies (e.g., European Union);
  • subjects to whom the right to access personal data is recognized by law or secondary or community legislation; insurance companies and competent authorities,
  • for compliance in case of accidents;
  • subjects to whom the communication of personal data is necessary or functional to the fulfillment of existing contractual obligations.
Acquired personal data will not be disseminated and will not be transferred outside the European Union unless the student carries out an internship abroad.DATA SUBJECT RIGHTSEach data subject may at any time request the Data Controller to access, rectify, delete, limit, transfer (Articles 15 to 20 of the GDPR) their personal data.In addition, data subjects have the right to request the Data Controller not to be subject to automated decision-making processes (Article 22).At any time, by contacting the Data Controller, you also have the right to modify or revoke your consent to the processing of your data (Article 21) without prejudice to the lawfulness of the processing based on consent given before the revocation, and being informed of what is reported in point 3 of this Information Notice.In addition to the rights listed above, data subjects may at any time lodge a complaint with the Supervisory Authority on the website www.garanteprivacy.it.
Scroll to Top