List of active policies
| Name | Type | User consent |
|---|---|---|
| Level of Satisfaction with Course Quality | Privacy policy | Authenticated users |
| Training programme delivery | Privacy policy | Authenticated users |
Summary
Consent for the purpose of: Measuring customer satisfaction - Evaluating the quality of the course by the interested parties:• Evaluating the quality of the course by means of a questionnaire.
Summary
Consent for the purpose of: Service provision - Purpose of providing training activities:• Registration for the registry and/or the e-learning platform;
• Provision of courses and attendance register;
• Coordination of teaching activities;
• Carrying out secretarial activities;
• Constant monitoring of the activities and results achieved by the students;
• Tutoring and interaction with students also through digital tools such as chats, forums, etc.;
• Management of office hours;
• Issuing of certificates or qualifications;
• Administrative/organisational communications related to the requested service;
• Archiving of training activity records and final evaluations;
• Administration and maintenance of computer archives and the e-learning platform.
Full policy
Level of Satisfaction with Course Quality
Information notice pursuant to art. 13 of European Regulation 679/2016 on the protection of personal data [GDPR]
In accordance with the requirements of the General Regulation on the protection of personal data, the Data Controller provides the interested party with the following information in relation to the processing of personal data carried out.
| DATA CONTROLLER | |
|---|---|
| Data Controller | Euroform RFS |
| Address | P.zza della Libertà, 40 - 87036 Rende (CS) |
| PIVA / CF | 03143780785 / 98030530780 |
| Contact details | Website: www.euroformrfs.it | Telephone: (+39) 0984 467735 | Fax: (+39) 06 233232407 | Email: info@euroformrfs.it |
| Privacy contact | Comitato Privacy Euroform RFS (gdpr@euroformrfs.it) |
| Data protection officer | Not present |
| Joint controllers of the processing | No joint controller present |
| If you wish to request further information on the processing of your personal data or to exercise your rights, you can write directly to the above-mentioned Privacy Contact. | |
| STAKEHOLDER CATEGORIES | |
|---|---|
| List of stakeholder categories | Customers or Users, Students, Teachers |
| PROCESSING CARRIED OUT | |
|---|---|
| Provision of training courses | |
| Description |
Processing of personal data relating to face-to-face and distance learning (DL). The data of the interested parties are processed for the purpose of: • Registration in the registry and/or on the e-learning platform; • Storage and updating of the courses in which you have taken part; • Course delivery and attendance records; • Course design or training/work activities; • Coordination of teaching activities; • Student examination and assessment; • Secretarial activities; • Teaching support; • Classroom management; • Monitoring and evaluation of training activities; • Preparation of lessons and teaching materials; • Mediation between teachers and students; • Assessment of students‘ abilities and resources; • Constant monitoring of students’ activities and results; • Tutoring and interaction with students, also through digital tools such as chats, forums, etc.; • Managing office hours; • Managing logistics; • Identifying training needs; • Organising/participating in meetings; • Issuing certificates of participation in courses and exams passed; • Issuing certificates or qualifications; • Administrative/organisational communications related to the requested service; • Archiving of training activity registers and final evaluations; • Promotion and management of company internships (where applicable); • Management of relations with companies (where applicable); • Support for students and assistance with job placement (where applicable); • Administration and maintenance of computerised archives and the e-learning platform; • Application for and management of funding for training activities (where applicable); • Communication of the progress of training activities to employers (where applicable); • Communication to private insurance companies (where applicable); • Issuing of invoices or tax documents; • Receiving/sending payments; • Carrying out activities functional to administration and bookkeeping for the tax obligations of the Data Controller, also with the support of the Accountant. |
| ORIGIN, PURPOSE, LEGAL BASIS AND NATURE OF THE DATA PROCESSED | |
|---|---|
| Origin | Data collected from the interested party. |
| Purpose |
1. Fulfilment of fiscal and accounting obligations - Purpose in compliance with the obligations established by laws, regulations and community legislation (in particular with regards to tax obligations; administrative checks, inspections by supervisory bodies; investigations by the judicial police, etc.). Personal Data is/will be processed as part of the Data Controller's normal business, without the consent of the data subject as legitimised by art. 6.1.c (legal obligation to which the data controller is subject) of the GDPR. 2. Litigation management - Defensive purposes. Personal data is/will be processed as part of the normal activity of the Data Controller, without the consent of the data subject as legitimised by art. 6.1.f (legitimate interest of the data controller or third parties) of the GDPR. 3. Measuring customer satisfaction - For the purpose of evaluating the quality of the course by the interested parties. For the aforementioned purpose, the basis of legitimacy of the processing is the specific consent of the interested party -art. 6.1.a of the GDPR- which is explicitly collected for: - Evaluation of the quality of the course by means of a questionnaire. OPTIONAL CONSENT (In the case of CME courses, consent is necessary for the assignment of CME credits) Consent is collected in paper or electronic form after showing the information on the processing of personal data, usually during the first contact with the interested party, and is valid indefinitely until revoked. Therefore, for all subsequent contacts, consent to the processing of the related data will no longer be requested. Notwithstanding the above, this information notice, together with the consent given, is effective with reference to the plurality of services provided also by each separate Operating Unit of the Data Controller. 4. Insurance services - Purpose of insurance of activities related to the provision of training courses. Personal Data is/will be processed as part of the Data Controller's normal activity, without the consent of the data subject as legitimised by Article 6.1.f (legitimate interest of the data controller or third parties) of the GDPR. 5. Technical cookies - Use of technical cookies in the case of access to the e-learning platform. Technical cookies are cookies that are used for browsing or to provide a service requested by the user. They are not used for other purposes and are normally installed directly by the website owner. The use of session cookies (i.e. temporary cookies that are removed when the browser session is closed) is strictly functional to optimising the use of the site and therefore to guarantee the best navigation within the site. Technical cookies do not require consent and are installed automatically as a result of accessing the site. 6. Service provision - Purpose of providing training activities. For the aforementioned purpose, the basis of legitimacy of the processing is the specific consent of the data subject -art. 6.1.a of the GDPR- which is collected explicitly for: • Registration in the registry and/or on the e-learning platform; • Provision of courses and attendance register; • Coordination of teaching activities; • Carrying out secretarial activities; • Constant monitoring of the activities and results achieved by the students; • Tutoring and interaction with students also through digital tools such as chats, forums, etc.; • Management of office hours; • Issuing certificates or qualifications; • Administrative/organisational communications related to the requested service; • Archiving records of training activities and final evaluations; • Administration and maintenance of computerised archives and the e-learning platform. MANDATORY CONSENT Consent is collected in paper or electronic form after showing the information on the processing of personal data, usually during the first contact with the interested party, and is valid indefinitely until revoked. For all subsequent contacts, therefore, consent to the processing of the related data will no longer be requested. Notwithstanding the above, this information notice, together with the consent given, is effective with reference to the plurality of services provided also by each separate Operating Unit of the Data Controller. 7. Communications to fulfil legal obligations - Communications provided at the request of law enforcement agencies, administrative or judicial authorities, public entities and other competent institutions in compliance with legal formalities. Personal Data is/will be processed as part of the Data Controller's normal activities, without the consent of the data subject as legitimised by art. 6.1.c (legal obligation to which the data controller is subject) of the GDPR. 8. Professional integration - Purpose of support in the enhancement of acquired skills and job placement. For the aforementioned purpose, the basis of legitimacy of the processing is the specific consent of the data subject - art. 6.1.a of the GDPR - which is explicitly collected for: - Promotion and management of company internships; - Management of relations with companies; - Support for students and assistance in finding employment. OPTIONAL CONSENT Consent is collected in paper or electronic form after showing the information on the processing of personal data, usually during the first contact with the interested party, and is valid indefinitely until revoked. For all subsequent contacts, therefore, consent to the processing of the related data will no longer be requested. Without prejudice to the above, this information notice, together with the consent given, is effective with reference to the plurality of services provided also by each separate Operational Unit of the Data Controller. 9. Communications to third parties - Purpose of communication: information on the status of courses, passing of exams and achievement of qualifications to employers and/or external bodies that finance training activities. For the aforementioned purpose, the basis of legitimacy of the processing is the specific consent of the data subject -art. 6.1.a of the GDPR- which is explicitly collected for: • Requesting and managing funding for training activities (where applicable); • Communication of the progress of training activities to employers and/or external bodies that finance training activities (where applicable); MANDATORY CONSENT Consent is collected in paper or electronic form after showing the information on the processing of personal data, usually during the first contact with the interested party, and is valid indefinitely until revoked. Therefore, for all subsequent contacts, consent to the processing of the related data will no longer be requested. Notwithstanding the above, this information, together with the consent given, is effective with reference to the plurality of services provided also by each separate Operating Unit of the Data Controller. |
| Legal basis |
For purposes 1, 7: Processing is necessary for compliance with a legal obligation to which the controller is subject For purposes 2, 4, 5: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party For purposes 3, 6, 8, 9: Consent of the Data Subject |
| Personal data processed |
Professional quality certificates, Fiscal Code and other personal identification numbers, Telephone contact, Cookies [Cookies are small text files that websites send to visitors' terminals, where they are stored before being re-transmitted to the same sites on the next visit. So-called “third party” cookies are set by a website other than the one the user is visiting. This is because on each site there may be elements (images, etc.) that reside on servers other than the one of the site being visited.], Contact and communication data, Navigation data[The company's website acquires some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but it could allow users to be identified through processing and association with data held by third parties. For example: • IP or domain names; • Information on the operating system; • Browsing index and identifying behaviour.], Home address, Email address, Work, Name, address or other personal identification details, VAT number |
| ‘Particular‘ data (sensitive data) are those defined by articles 9 and 10 of Regulation 2016/679/EU (’GDPR"). These data are processed in compliance with the provisions of the GDPR and in the light of the General Authorisations issued by the Italian Data Protection Authority. | |
| Specific data processed | During the lessons and networking sessions, authorised personnel may take photographs for the sole purpose of providing information and sharing the results of the seminar through Euroform RFS channels (website, social media: Facebook, Instagram and LinkedIn). |
| Legal basis: art. 9 | |
| RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA | |
|---|---|
| Categories of recipients |
The communication of your personal data, carried out on the legal bases provided for in Article 6 of Regulation 2016/679/EU, to the following third parties is envisaged: Police forces, local authority associations, other public administrations, professional associations and bodies, employers, business and company associations, joint labour bodies, insurance companies, ISPELS (Institute for Industrial Protection and Environmental Safety), INAIL (National Institute for Insurance against Accidents at Work), ASL (Local Health Authorities), hospitals and regional health authorities, judicial authorities, the revenue agency, authorised parties, Legal consultants, Joint trade funds, Prefecture, National Agency for Regional Health Services, External parties appointed to maintain and assist IT and communication systems, Authorities and Public Bodies with legal authority, Parent/Legal guardian, Teachers These organisations, bodies, companies and professionals act as Data Processors appointed by Euroform RFS or are themselves Data Controllers of the personal data transmitted to them. |
|
Your personal data, or rather the personal data of third parties in your ownership, may also be communicated to external companies, identified on a case-by-case basis, to which Euroform RFS entrusts the execution of obligations deriving from the assignment received and to which only the data necessary for the activities requested of them will be transmitted. All employees, consultants, temporary workers and/or any other ‘natural person’ who, authorised to process data, carry out their activities on the basis of instructions received from Euroform RFS, pursuant to art. 29 of the GDPR, are designated ‘Persons in charge of the processing’ (hereinafter also ‘Persons in charge’). Euroform RFS provides the persons in charge or data processors, if appointed, with adequate operating instructions, with particular reference to the adoption of and compliance with security measures, in order to guarantee the confidentiality and security of the data. Precisely with reference to the aspects of personal data protection, you are invited, pursuant to art. 33 of the GDPR, to report to Euroform RFS any circumstances or events from which a potential ‘personal data breach’ may arise, in order to allow an immediate evaluation and the adoption of any actions aimed at countering such an event, by sending a communication to Euroform RFS at the above addresses. Euroform RFS is still obliged to communicate the data to Public Authorities upon specific request. |
|
| TRANSFER ABROAD | |
|---|---|
| Transfers to foreign countries (outside the EU) or to international organisations | No transfers to foreign countries or international organisations |
| Your personal data may be transferred abroad if necessary for the management of the assignment received. For the processing of information and data that may be communicated to these subjects, the equivalent levels of protection adopted for the processing of personal data of its employees will be required. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory tools provided for in Chapter V of the GDPR will be applied. | |
| METHOD, LOGIC OF THE PROCESSING AND STORAGE TIMES | |
|---|---|
| Duration of the processing | The processing will not last longer than is necessary for the purposes for which the data were collected. |
|
Your data is collected and recorded lawfully and correctly for the purposes indicated above, in compliance with the principles and requirements of art. 5 c 1 of the GDPR. The processing of personal data is carried out using manual, computerised and telematic tools with logic strictly related to the purposes themselves and, in any case, in such a way as to guarantee its security and confidentiality. |
|
| NATURE OF THE PROVISION | |
|---|---|
| Personal data will be processed for the following purposes: | |
| Purposes that do not require consent |
• Fulfilment of fiscal and accounting obligations - Purposes in compliance with the obligations established by laws, regulations and community legislation (in particular with regards to tax compliance; administrative checks, inspections by supervisory bodies; investigations by the judicial police, etc.). Personal data is/will be processed as part of the normal activities of the Data Controller, without the consent of the data subject as legitimised by art. 6.1.c (legal obligation to which the data controller is subject) of the GDPR. • Litigation management - Defensive purposes. Personal Data is/will be processed as part of the Data Controller's normal business activities, without the data subject's consent as legitimised by art. 6.1.f (legitimate interest of the data controller or third parties) of the GDPR. • Insurance services - Purpose of insurance of activities related to the provision of training courses. Personal Data is/will be processed as part of the Data Controller's normal activity, without the consent of the data subject as legitimised by Article 6.1.f (legitimate interest of the data controller or third parties) of the GDPR. • Technical cookies - Use of technical cookies when accessing the e-learning platform. Technical cookies are cookies that are used for browsing or to provide a service requested by the user. They are not used for other purposes and are normally installed directly by the website owner. The use of session cookies (i.e. temporary cookies that are deleted when the browser is closed) is strictly functional to optimise the use of the website and therefore to guarantee the best navigation within the site. Technical cookies do not require consent and are installed automatically as a result of accessing the site. - Communications to meet legal obligations • Communications provided at the request of law enforcement, administrative or judicial authorities, public entities and other competent institutions in compliance with legal formalities. Personal data is/will be processed as part of the Data Controller's normal activities, without the consent of the data subject as legitimised by art. 6.1.c (legal obligation to which the data controller is subject) of the GDPR. |
| Purposes that require the consent of the data subject |
• To measure the degree of customer satisfaction - For the purpose of evaluating the quality of the course by the data subjects. For the aforementioned purpose, the basis for the lawfulness of the processing is the specific consent of the data subject - Article 6.1.a of the GDPR - which is explicitly collected for: - Evaluation of the quality of the course by means of a questionnaire OPTIONAL CONSENT (In the case of CME courses, consent is necessary for the assignment of CME credits) Consent is collected in paper or electronic form after showing the information on the processing of personal data, usually during the first contact with the interested party, and is valid indefinitely until revoked. Therefore, for all subsequent contacts, consent to the processing of the related data will no longer be requested. Notwithstanding the above, this information notice, together with the consent given, is effective with reference to the plurality of services provided also by each separate Operational Unit of the Data Controller. • Provision of the service - Purpose of providing training activities. For the aforementioned purpose, the basis of legitimacy of the processing is the specific consent of the data subject - art. 6.1.a of the GDPR - which is explicitly collected for: - Registration in the registry and/or on the e-learning platform; - Provision of courses and attendance register; - Coordination of teaching activities; - Carrying out secretarial activities; - Constant monitoring of the activities and results achieved by the students; - Tutoring and interaction with students also through digital tools such as chats, forums, etc.; - Management of office hours; - Issuing certificates or qualifications; - Administrative/organisational communications functional to the requested service; - Archiving of training activity records and final evaluations; - Administration and maintenance of computer archives and the e-learning platform; MANDATORY CONSENT Consent is collected in paper or electronic form after showing the information on the processing of personal data, usually during the first contact with the interested party, and is valid indefinitely until revoked. Therefore, for all subsequent contacts, consent to the processing of the related data will no longer be requested. Notwithstanding the above, this information notice, together with the consent given, is effective with reference to the plurality of services provided also by each separate Operating Unit of the Data Controller. • Professional integration - Purpose of accompanying the valorisation of acquired skills and job placement. For the aforementioned purpose, the basis of legitimacy of the processing is the specific consent of the data subject -art. 6.1.a of the GDPR- which is explicitly collected for: - Promotion and management of company internships; - Management of relations with companies; - Support for students and assistance with job placement. OPTIONAL CONSENT Consent is collected in paper or electronic form after showing the information on the processing of personal data, usually during the first contact with the interested party, and is valid for an indefinite period until revoked. Therefore, for all subsequent contacts, consent to the processing of the related data will no longer be requested. Without prejudice to the above, this information, together with the consent given, is effective with reference to the plurality of services provided also by each separate Operational Unit of the Data Controller. • Communications to third parties - For the purpose of communicating information on the status of courses, passing examination tests and obtaining qualifications to employers and/or external bodies that finance training activities. For the aforementioned purpose, the basis of legitimacy of the processing is the specific consent of the data subject -art. 6.1.a of the GDPR- which is explicitly collected for: - Requesting and managing funding for training activities (where applicable); - Communicating the progress of training activities to employers and/or external bodies that fund training activities (where applicable); MANDATORY CONSENT The consent is collected in paper or electronic form after showing the information on the processing of personal data, usually during the first contact with the interested party, and is valid indefinitely until revoked. For all subsequent contacts, therefore, consent to the processing of the related data will no longer be requested. Without prejudice to the above, this information notice, together with the consent given, is effective with regard to the plurality of services provided also by each separate Operating Unit of the Data Controller. Only with your explicit consent, to be given at the end of this information notice, will the data, for which consent is required, be processed. The provision of data is in any case optional and will not prejudice the contractual relationship with the Data Controller. |
| Your consent is not required for data collected and used for purposes related to the execution of activities pertaining to the contractual relationship and compliance with the indicated legal obligations. Failure to communicate the aforementioned personal data will make it impossible to proceed with the relationship in question. Your consent is not required for data collected and used for the legitimate interest of the Data Controller (letter f, art. 6, of the GDPR). The communication of the aforementioned personal data is optional but necessary for the execution of the services offered by the Data Controller. Any refusal to communicate such data will make it impossible to provide the requested services in whole or in part. | |
|
RIGHTS OF THE DATA SUBJECTS (Articles 15 to 22 of the GDPR) |
|
|---|---|
| Right of access | The data subject has the right, in accordance with the provisions of Articles 15 to 22 of the GDPR, to request from the data controller access to his/her personal data. |
| Right to rectification | The data subject has the right, in accordance with the provisions of articles 15 to 22 of the GDPR, to request the data controller to rectify his/her personal data. |
| Right to erasure | The data subject has the right, in accordance with the provisions of articles 15 to 22 of the GDPR, to request the data controller to erase his/her personal data. |
| Right to restriction | The data subject has the right, in accordance with the provisions of articles 15 to 22 of the GDPR, to request the data controller to limit the data concerning him/her. |
| Right to object | The data subject has the right, in accordance with the provisions of articles 15 to 22 of the GDPR, to object to the processing of his/her data. |
| Right to data portability | The data subject has the right, in accordance with the provisions of articles 15 to 22 of the GDPR, to exercise their right to data portability. |
| Right to withdraw consent | The data subject has the right, in accordance with the provisions of articles 15 to 22 of the GDPR, to exercise their right to withdraw consent. |
| Right to lodge a complaint | The data subject has the right, according to the provisions of art. 77 of the GDPR, to exercise his/her right to lodge a complaint with the supervisory authority. |
| AUTOMATED PROCESS | |
|---|---|
| Is there an automated process? | NO |
| Automated processes or profiling methods | - |
| Legal basis | - |
The Data Controller reserves the right to make any changes to this information on the processing of personal data that it deems appropriate or that are required by current regulations, at its sole discretion and at any time. On such occasions, users will be duly informed of the changes made.
The Data Controller
Euroform RFS
27/12/2024
