This website may process personal data provided voluntarily by the user through the website tools (requests for information, registration to the reserved area to download documents, receive newsletters, etc.) which will be used exclusively to satisfy your requests and send communications via e-mail relating to issues concerning the training activities carried out by IIPLE and will not be disseminated, it may only be communicated to Entities and Subsidiary and Associated Companies, consultants and suppliers to support the Data Controller in carrying out the above-mentioned activities.
Information on the processing of personal data pursuant to Articles 13 and 14 of EU Regulation 679/2016 (GDPR)
We hereby wish to inform you that European Regulation 679/2016 on the protection of individuals with regard to the processing of personal data provides for the protection of individuals with regard to the processing of personal data.
IIPLE processes personal data of natural persons belonging to the organizations of customers (actual and potential) and suppliers, course students, registered users of the IIPLE website (persons interested in the courses, individuals and freelancers), its own employees and external collaborators, personnel belonging to third party organizations, such as entities and affiliates or associates.
Such personal data have been collected from the data subject - when attending courses, conferences and seminars, meetings with IPPLE staff and lecturers, registration on the website, etc. - or provided by related bodies (building societies).
Pursuant to Articles 13 and 14 of EU Regulation 679/2016, we therefore provide you with the following information regarding the processing of personal data:
Purpose of the processing
The processing of the data provided by you is necessary to fulfil contractual or pre-contractual commitments and to comply with legal obligations. In particular, the data will be processed for the following purposes
Furthermore, for IIPLE's legitimate interest, the personal data provided may also be processed for the following purposes
Processing methods and storage
The processing will be carried out either manually or by automated means with the aid of electronic means, and includes, any operation or set of operations, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, comparison or interconnection, restriction, deletion or destruction, excluding dissemination or any other form of making available.
Personal data belonging to ‘particular categories of data’ (according to art. 9 of the GDPR, formerly also referred to as ‘sensitive data’), such as those revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade-unionist character, state of health and sex life, as well as data relating to offences or criminal convictions (according to Art. 10 of the GDPR, also referred to as ‘judicial data’).
However, the Data Controller has adopted appropriate technical and organizational measures to protect the confidentiality, integrity and availability of the data collected. These measures have been assessed as suitable following the evaluation of all the risks - with relative seriousness and probability of occurrence - that affect the personal data processed.
The provision of data is
The data may be/will be communicated to:
solely for the purposes indicated above.
The data will not be disseminated.
Personal data will not be transferred outside the European Union and will not be subject to profiling.
The personal data subject to processing will be kept during the contractual relationship and, in the event of termination of the relationship, will be kept for the period necessary to fulfil accounting and legal obligations, also in relation to any financing linked to the course. Data used to carry out promotional activities may be kept for that purpose if the person concerned does not request its deletion.
In any case, personal data will be deleted after 10 years from the end of the course or from the last contact made, unless legal or contractual obligations require their retention.
Contact details of the Data Controller
The data controller is:
I.I.P.L.E. - Istituto Istruzione Professionale Lavoratori Edili della Provincia di Bologna
Via del Gomito 7 - 40127 Bologna
Tel. 051/327605 - info@edili.com
Rights of the interested party
At any time, you may exercise your rights vis-à-vis the Data Controller, pursuant to Articles 15 (‘Rights of access of the data subject’), 16 (‘Right of rectification’), 17 (‘Right to erasure’) and 18 (‘Right to restriction of processing’) of the Regulation - which, for your convenience, we reproduce in full below - by addressing your request to the aforementioned address of the Data Controller, to the c. a. of the Data Processor for the purpose of exercising the aforementioned rights of access, or to the e-mail address info@edili.com. By the same means you may withdraw your consent for the processing of data concerning you. You may also lodge a complaint about the processing of personal data carried out by the Company with the National Supervisory Authority, i.e. the Personal Data Protection Authority (www.garanteprivacy.it).
EU Regulation 679/2016 Articles 15-16-17-18
Article 15 - Data subject's right of access
1. The data subject shall have the right to obtain from the data controller confirmation as to whether or not personal data relating to him or her are being processed and, if so, to obtain access to the personal data and to the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organizations
(d) where possible, the period for which the personal data will be retained or, if that is not possible, the criteria used to determine that period
(e) the existence of the right of the data subject to request from the controller the rectification or erasure of personal data concerning him/her or to object to the processing of personal data concerning him/her
(f) the right to lodge a complaint with a supervisory authority;
(g) where the data are not collected from the data subject, all available information as to their source
(h) the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4), and, at least in such cases, meaningful information on the logic used, as well as the importance and the envisaged consequences of such processing for the data subject.
2. Where personal data are transferred to a third country or an international organization, the data subject shall have the right to be informed about the existence of appropriate safeguards in accordance with Article 46 relating to the transfer.
3. The controller shall provide a copy of the personal data undergoing processing. In case of further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, and unless otherwise specified by the data subject, the information shall be provided in a commonly used electronic format.
4. The right to obtain a copy referred to in paragraph 3 must not infringe the rights and freedoms of others.
Article 16 - Right of rectification
The data subject shall have the right to obtain from the controller the rectification of inaccurate personal data relating to him without undue delay. Having regard to the purposes of the processing, the data subject shall have the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration.
Article 17 - Right to erasure (‘right to be forgotten’)
1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him/her without undue delay and the controller shall be obliged to erase the personal data without undue delay, if one of the following grounds applies
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) and if there is no other legal basis for the processing
(c) the data subject objects to the processing pursuant to Article 21(1) and there is no overriding legitimate ground for processing, or objects to the processing pursuant to Article 21(2);
(d) the personal data have been unlawfully processed;
(e) the personal data must be erased in order to comply with a legal obligation laid down by Union or Member State law to which the controller is subject;
(f) the personal data have been collected in connection with the offering of information society services referred to in Article 8(1).
2. Where the controller has made personal data public and is obliged under paragraph 1 to erase them, the controller shall, having regard to the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform the controllers who are processing the personal data of the data subject's request to erase any link, copy or reproduction of his or her personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that the processing is necessary
(a) for the exercise of the right to freedom of expression and information;
(b) for compliance with a legal obligation to which the processing is subject under Union or Member State law or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
(c) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3)
(d) for archiving in the public interest, scientific or historical research or statistical purposes in accordance with Article 89(1), insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the purposes of such processing; or
(e) for the establishment, exercise or defence of legal claims.
Article 18 - Right to restriction of processing
1. The data subject shall have the right to obtain from the controller the restriction of processing when one of the following cases occurs
(a) the data subject contests the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of those personal data;
(b) the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that their use be restricted
(c) although the controller no longer needs the personal data for the purposes of the processing, the personal data are necessary for the establishment, exercise or defence of legal claims by the data subject
(d) the data subject has objected to the processing pursuant to Article 21(1), pending verification as to whether the legitimate reasons of the controller prevail over those of the data subject.
2. Where processing is restricted pursuant to paragraph 1, such personal data shall, except for storage, only be processed with the consent of the data subject or for the establishment, exercise or defence of legal claims or the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.
3. A data subject who has obtained a restriction of processing pursuant to paragraph 1 shall be informed by the controller before that restriction is lifted.