Privacy Policy
Information on the Processing of Personal Data
Pursuant to the current Regulation (EU) 2016/679 (GDPR), the Istituto Tecnico Superiore del Turismo e dell’Ospitalità Foundation IATH (“hereinafter referred to as IATH Academy” or “the Foundation“), with its registered office at Via Regina No. 5 – 22012 Cernobbio (Como) (Tel: +39 031 341873; Email: info@iath.it), in its capacity as Data Controller, informs you that your personal data will be processed in full compliance with legal obligations and principles, ensuring the complete protection of your recognized fundamental rights and freedoms
This Privacy Notice describes, in general terms, the purposes and methods of the data processing carried out by IATH Academy. The Foundation has also prepared specific Privacy Notices for each category of data subjects who have relationships with the organization.
- PURPOSES OF PERSONAL DATA PROCESSING AND LEGAL BASIS
The processing of personal data of data subjects, depending on the nature of their relationship with the Foundation, aims to fulfill the requirements related to the management of such relationship, including:
- The specific tasks, roles, and duties assigned to employees and collaborators operating within IATH Academy.
- Obligations undertaken towards participants in IATH Academy’s training programs.
- Services provided through the website www.iath.it, including the sending of newsletters and management of donations.
- Fulfillment of legal and contractual obligations.
- Fulfillment of tax and fiscal obligations in general.
- Compliance with obligations towards Public Administration.
In most cases, the legal basis for the processing is the consent of the data subject, which is obtained through the subscription of personalized forms.
In the case of relationships with the Public Administration and for the execution of institutional activities, the processing is necessary to fulfill a legal obligation to which the Data Controller is subject.
In the case of relationships with suppliers, processing is necessary for the performance of a contract and/or for the execution of pre-contractual measures.
For relationships with suppliers, processing is necessary for the execution of a contract and/or pre-contractual measures.
- DATA ACQUISITION AND TYPES OF DATA PROCESSED
IATH Academy acquires personal data directly from data subjects through the www.iath.it website, in the section dedicated to course registrations. The categories of data collected and processed include: The categories of data acquired and processed are as follows:
- Personal data (name and surname)
- Contact details (email, telephone number, address)
- Other data related to the educational path of the data subject and their training interests
- Other data collected through the website (cookies)
- NECESSITY OF PROVIDING PERSONAL DATA
The collection of personal data necessary to comply with legal provisions regulating relationships with data subjects is mandatory. Failure to provide such data will result in the inability to establish an educational or training relationship between IATH Academy and the data subject.
- PERIOD OF PERSONAL DATA PROCESSING
Your data will be processed for the duration of the selection and then deleted unless you explicitly consent to the retention of your CV to be informed about any future vacancies in the classes (up to a maximum of five years).
METHODS OF PERSONAL DATA PROCESSING
The processing of acquired personal data is carried out using both paper and electronic tools, in compliance with all technical and organizational measures implemented by IATH Academy to ensure the security and confidentiality of information. Processing is conducted according to principles of fairness, lawfulness, and transparency, protecting the rights of data subjects in accordance with EU regulations.
- AUTHORIZED INTERNAL PERSONNEL FOR THE PROCESSING OF PERSONAL DATA
Acquired personal data is processed by internal staff within the Foundation’s organization who are trained and authorized by the Data Controller and are bound by professional secrecy and maximum confidentiality.
Personal data may also be processed by external consultants and service providers to IATH Academy’s organization, such as IT service companies, labor consultancy firms, and occupational physicians. All these parties process personal data in compliance with data protection regulations under the supervision of the Data Controller and, where applicable, are designated as external Data Processors.
- COMMUNICATION OF PERSONAL DATA
Your data may be disclosed to third parties strictly for technical and operational needs closely related to the purposes outlined above, and specifically to the following categories of recipients:
- hosting subjects for the conduct of internships, internships, training courses, alternation or for job placements;
- to public authorities and administrations (e.g. Provincial Administration of Como, Lombardy Region) for purposes connected with the fulfillment of legal obligations;
- to our financing bodies (e.g. European Union);
- to subjects to whom the faculty of accessing personal data is recognized by provision of law or secondary or community legislation;
- to insurance companies and competent bodies, for compliance in the event of accidents;
- to subjects to whom the communication of personal data is necessary or is otherwise functional to the performance of contractual obligations in place.
The personal data acquired will not be subject to dissemination and will not be transferred outside the European Union unless the student carries out an internship abroad.
RIGHTS OF THE DATA SUBJECT
At any time, each data subject may request the Data Controller to access, rectify, delete, limit, transfer (Articles 15 to 20 of the GDPR) their personal data.
In addition, data subjects have the right to request the Data Controller not to be subjected to automated decision-making processes (Article 22).
At any time, by contacting the Data Controller, you also have the right to modify or revoke your consent to the processing of your data (Article 21) without prejudice to the lawfulness of the processing based on consent given before the revocation and being informed of what is reported in point 3 of this Information.
In addition to the rights listed above, data subjects may lodge a complaint with the Supervisory Authority at www.garanteprivacy.it at any time.