Effective Date: 22nd May 2018
INFORMATION ABOUT THE DATA CONTROLLER
Name: Alexandra Kapinya
Address: via Vincenzo Monti 8, 20123 Milano, Italia
E-mail address: firstname.lastname@example.org
PURPOSES OF THE PROCESSING
a.) Contractual purpose.
The Data Controller will process personal data for contractual purposes. Data processing is therefore necessary to provide You with services. Personal data will be collected through the online contact and register forms available on the website. Specifically, personal data will be processed in order to allow data subject to:
- use the website;
- register a personal account;
- enrol and attend online English courses;
b.) Marketing Purpose
With your consent, I will process personal data for marketing purposes which will include contacting You by email with information, newsletters, and offers on my services. Personal data will be collected through the online contact forms. You will always have the opportunity to opt-out and withdraw your consent, following the instructions set out by this policy or by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received. E-mail subscribers must be over 16 years of age. You will be able to subscribe to one or two types of newsletter:
- educational newsletter with English mini-lessons, blog posts and/or
- marketing emails;
LEGAL BASIS FOR DATA PROCESSING
a.) Contract execution and provision of services.
Under Regulation EU 2016/679, Data Controller must always have a lawful basis for processing personal data. In this circumstance, the data is necessary for my performance of services to You. I will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected, as better explained under “Data Storage Period” chapter. Your personal data will therefore be kept until you intend to use my services and will be deleted thereafter. If you do not accept and agree to such processing, I will not able to provide the services.
With your consent, I will send electronic communications for direct marketing of my services, including by e-mail and newsletter. You, as data subject, will always have the opportunity to opt-out and withdraw your consent, by contacting directly Me or by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received.
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA
I may contract with the following categories of third parties to supply certain services:
1. web hosting services: Such disclosure is required for contractual purposes and necessary for Me to provide You with the use of the website.
2. Providers of email marketing software: I will disclose your personal data only with your consent.
In some cases, those third parties may require access to some or all of your personal data that I process. If any of your personal data is required by a third party, as described above, I will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, including by entering into a data processing agreement in order to appoint them as data processors, whenever required.
CATEGORIES OF DATA COLLECTED
Depending upon your use of the website, I may collect some or all of the following personal and non-personal data: e-mail address, name, surname, location, language, e-mail provider, Web browser type, IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use the website, time zone settings and the devices you use to access our website.
I will process the above data to operate website and ensure relevant content is provided to you, to ensure the security of my website using security plugins, including to maintain backups of the website.
TRANSFER OF PERSONAL DATA OUTSIDE THE EU
Transfer of data to: United States
All data recipients participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework and are therefore deemed to ensure, according to the European Commission, an adequate level of protection for personal data transferred from the data Controller to the Data Processors.
CRITERIA TO DETERMINE PERSONAL DATA STORAGE
Account Information will be kept until You decide to delete your account or up to contract termination. Personal Data will be kept only for the time strictly necessary to provide the service and thereafter deleted. Information for marketing purpose will be deleted upon data subject’s request.
YOUR RIGHTS AS DATA SUBJECT
Under the GDPR, You have the following rights:
- The right to obtain from Me confirmation as to whether or not personal data concerning You are being processed;
- The right to access your personal data;
- The right to have your personal data rectified if any of your personal data held by Me is inaccurate or the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- The right to be forgotten, including to delete the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or because You withdraw consent on which the processing is based.
- The right to restrict the processing of your personal data according to article 18 of GDPR.
- The right to object to Me using your personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to Me directly, I am using it with your consent or for the performance of a contract, and that data is processed using automated means, You can ask Me for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling.
- You have the right to lodge a complaint with a supervisory authority.
HOW DO YOU ENFORCE YOUR RIGHTS?
You can enforce your rights at any time by sending Me an e-mail to the following address: email@example.com
I have a duty to respond to your requests at the latest within one month of receiving them. This deadline may be extended by two additional months if necessary, taking into account the complexity and the number of requests received. In case of extension You will be informed of the delay and the reasons.
If I do not take action on your request, I will inform you without delay and at the latest within one month of receipt of your request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.