This document and its contents are protected under the Directive (EU) 2016/943 about the protection of undisclosed know-how and business information (trade secret), verified and validated by KELONY TM.
For Rome International School, data protection and privacy mean fairness and transparency.
We have therefore prepared this Notice in order to clearly explain how we use your personal data to advertise and sell our products and services, as well as to stick to your commitments, improve and manage them. The aim is to offer you the best experience in your interactions with us in the digital world online, through our website, our App or dApp for mobile phones and other devices, or in the real world.
In accordance with the EU’s General Data Protection Regulation 2016/679 (GDPR) and Privacy aspects, this Notice provides precise guidance on how we collect, use, protect, store, share and delete your personal information. To keep it simple, all these operations are defined as “process” or “processing”. Here are below our references to enable you to contact us and enforce your rights.
THE DATA CONTROLLER OF THE PROCESSING
The Data Controller is:
Via Guglielmo Pecori Giraldi 137
For further details on the processing of your personal data, you can contact us: firstname.lastname@example.org.
THE DATA PROCESSOR
YOUR PERSONAL DATA
What personal data do we collect about you and for which purposes?
Identity Data – We use this information to identify you and be sure you are who you claim to be. It may include: first name, last name, date of birth, e-mail address, unique customer code, pseudonym, password, social media identifiers.
Contact Information – We use this information to contact you and to send you our products, services and promotional information so that we can share our latest updates with you and answer your questions. This includes for example: phone number, shipping and billing address, email address, your username on social media.
Location data – We use this data to ensure that we can provide you the most relevant information for your region. This includes for example: your address, and therefore also your preferred language for interaction and communications.
Correspondence – This information is useful for quality control purposes and to verify that we have complied with your expectations or legal requirements. Such data includes for example: reports of our meetings with you, materials and contents of postal correspondence or by e-mail, chat (text, images and audio/video recordings), messaging (sms, mms).
Community Data – We use this information to ensure that you get the best possible experience out of our customers’ communities or simply to wish you all the best for Holidays time! Such information includes, for example: your interests and preferences for activities or the photos and videos of the events you participated to, or just Holidays time you prefer.
Data from Social Media – We use this information to know you better and establish a better relationship with you as a customer, creating products and services that you can enjoy. This data includes all social media and public domain information such as: your username, interactions and messages, your “likes” and other “posts”, your social media contacts, including photos. Information taken directly or indirectly from your public interactions on social media (e.g. Facebook, Snapchat, Instagram, etc.).
Connection Device Data – We use this information to improve our services, our
performance and to make our network more secure when you connect to our website. This includes, for example, your IP address, the date and duration of your sessions on our website, your referring URL (if you came to our site through another website or an advertisement), the pages you visited on our website, your browser type, your device type, and the version and type of the operating system that you use.
Payment information – We use this information to process your purchase orders. This includes, for example: payment details, bank account, any risk profiles for solvency and regularity of payments, billing address, customer order number and purchase history.
Trade Preference Data – We use this information to ensure that you have the best business experience with us. This includes, for example: your habits, product and service preferences, and any reviews of our social media products and services.
TRANSPARENCY UNDER REGULATION
Why do we use your Personal Data?
We use your personal data to offer you the best possible customer experience with us and to respond precisely to your expectations over time. Specifically, we use your personal data for the following overall purposes:
Perform a contract – We use your personal data to process purchase orders, ensure that payments have been received, comply with the requirements of our contracts and perform the products and services you ordered.
Learn about our products and services – We use your personal information to send you updates about our products and services based on your interests, preferences, attendance at events. We will contact you if you have expressed your specific consent to receive such information.
Storage and Archiving of Data – We store your personal data for a period of time reasonably necessary for the purposes for which it is being processed. Because of your interactions with us, the data you have shared with us will be processed and stored until your consent is effective, after which it will be deleted securely or anonymously. Should our interactions remain inactive for 24 months (from the date of the last correspondence/interaction), we will anonymize your personal data.
The erasure of your personal data, as better specified in this Notice below, may be limited by the legal framework that requires us to store your personal data if necessary to assist in authorities’ investigations, or to support legal proceedings. If none of these reasons apply to the retention of your data, we will securely delete.
Protect our products and services – Some data are necessary for security assurance. It is therefore important to verify that orders and payments are legitimate in order to prevent fraud, for example, and that our marketing strategies are targeted at the right audiences with appropriate messages. Your data will be used to help us achieve these business protection goals, for our legitimate interests.
Delivering a consistently great experience – We collect and store the information you provide directly or indirectly through your online visibility or reviews, and through your connection devices or browser, as explained below in the “Cookies” section.
THE PROTECTION OF YOUR DATA
We take appropriate processes and technical, organizational measures to protect your personal data from destruction – whether accidental or unlawful – loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing and misuse. In particular, when their processing includes data transmission. We are actively committed to protecting your Personal Data and special categories of those data.
Therefore, their processing and safety are guaranteed with the utmost attention, in the form and above all in the spirit required by EU Regulation 679/2016.
How do we protect your data?
First of all, we have created a Personal Data Protection Team that can be contacted at the address of the data controller or through the “Contact us” section on our website. The Data Controller, who determines the purpose and type of processing for your data, has put in place precise security measures for their protection, including choosing the data processors from people with proven experience and training. Aware that the actions to be implemented are complex and not only concern the technological or digital part, we commit ourselves to implement processes and technical, organizational measures that we regularly update: for example, we use access and authentication controls, encryption, firewall, software for detecting malicious programs and manual security procedures – some of which obviously unpublished – to protect the accuracy and security of the data we store.
We limit data access to “need to know” and minimization requirements and take care of all aspects related to the protection of paper or digital data, such as fire protection. We take the protection of your personal data very seriously and therefore the security measures that we apply to ourselves are also required to our suppliers worldwide.
To better protect your data and to be sure that we have put in place effective measures beyond compliance, we have decided to commit a Trusted Third Party Body to verify and validate the whole protection processes we use.
In addition to the measures that depend on us, however, we would like to remind you that the transmission of data over the Internet is never 100% secure and therefore encourage you to pay attention when using the Internet and check e.g. that you are actually browsing only on authentic sites especially if you have to access through authentication applications with codes, PINs, etc.
Less than 16 years old:
Although our site is linked to the most popular social networks, it is important for us to let you know that our products and services are not targeted to persons under the age of 16. We do not want to collect or process data from users under the age of 16. Please note that if you are under the age of 16, you are not supposed to buy or use our products or services, and we will not be liable for any losses or damages incurred by the unauthorized disclosure or processing of personal data under the age of 16.
Who do we share your personal data with?
In order to offer you the best possible experience, we share your data within the Corporate group to which we belong. We also share your personal data with service suppliers who help us to provide you with the best possible service (as described in the table of data processors – above work-in progress).
As a “Triple Bottom Line” accountable actor, we may be required to share your information with the following parties (as permitted and required by law).
Regulatory and law enforcement authorities – Government authorities and/or law enforcement officials, if compulsory by law or required to protect our legitimate interests.
Partners – We may initiate programs, launch events or promotions in collaboration with other companies. Our partners will only use your personal data with your prior consent. If you prefer that your personal information is not shared with a company other than ours, you can always choose not to participate in such programs, promotions or events.
M&A Consultants – In case that our company is acquired by another company, your personal data will be disclosed to our consultants and any advisors of the prospective buyer, as well as to new owners of the company.
TRANSFER OF PERSONAL DATA
Where do we transfer your personal data? Outside the European Union?
For all the purposes indicated in this notice, your personal data may be communicated to other data controllers or processors within and outside the European Union. We will verify that the target country provides an “adequate” level of protection in compliance with the rights covered by current legislation. If these rights are not guaranteed, we will establish service level agreements to protect your data.
We are working to show a list of of the countries in which we transfer your personal information.
What is the legal basis on which we use your personal data?
Your Consent – We need your consent to data processing in order to interact with you through communications, messages, in business meetings or when socializing. For some purposes we need your permission to process your personal data or the data of children for whom you have parental responsibility. For example, your consent to receive marketing communications, or the consent you have given us to share your data with providers or partners and to transfer your data to another country.
Contractual obligations – We will process and use your personal data to fulfill our contractual obligations and to be able to provide you with the products and services requested.
Legitimate Interests – We will process and use your personal data to develop and improve our products and services, to send you business communications and satisfaction questionnaires or for our Research and Development activities.
Compliance with Applicable Laws – We will process and use your personal data to comply with legal obligations under current laws.
How can you enforce your rights?
The General Data Protection Regulation 2016/679 (GDPR) gives you the following rights over your personal data within the limits of the applicable legislation. As an example, if we are required by law to store your data, we will be forced not to comply with your erasure request.
Access to your personal data – You have the right to request access to your personal data.
This right shall also include information as below:
a) why do we have your personal data;
b) what categories of data are available for us;
c) how do we use your personal data;
d) who has access to your personal data (and where it is stored);
e) where your personal data may be transferred;
f) how long do we store your personal data;
g) how do we obtained your personal data in case that they were not provided to us directly by you;
h) the possibility of restricting their processing;
i) if we use your personal data for automated decision making and in which way.
If you would like a copy of your personal data in our possession, you can submit your request to our privacy team at the following e-mail address: email@example.com.
Complaint to a regulatory/supervisory authority – If you are not satisfied with the way we manage your rights or with our Principles for ensuring your personal data protection, you have the right to complain to a regulatory authority in the EU Member State where you live or where your data is processed.
Erasure of your personal data – If you no longer wish to interact with us, or if you don’t want us to process your data any longer, you have the right to request the erasure of all your personal data from our systems. However, we would like to point out that there may be legal obligations, that our company is obliged to comply with and that we may not be able to assist you with your request.
Correction of your personal data – You have the right to verify that your personal data is correct and complete.
Limitations on how we use and process your personal data – You also have the right to ask us to stop using your personal data for certain purposes.
Data portability – You have the right to get a copy of your personal data in a format and way that allows you to transfer it to a new company.
QUESTIONS OR COMPLAINTS
How to contact us?
If you have any questions, concerns or complaints about your rights regarding your personal data, please contact our Privacy Team at the following email address: firstname.lastname@example.org.
WHAT ARE COOKIES?
Cookies are small text files that are stored on your computer or mobile device when you visit a website. They are used to collect information about your behaviour and the use of services such as storage of specific information for the automatic authentication on websites or web servers, user preferences about shopping cards or for tracking browsing sessions. To keep it simple, we use the word “cookies” as a general term for techniques such as cookies, flash cookies, web beacons, HTML5 modules, social plug-ins and tracking cookies. They usually do not take up much space. Some cookies expire and are removed at the end of the Internet session, while others will be saved for a variable period of time.
WHAT ARE THE DIFFERENT TYPES OF COOKIES THAT WE USE?
There are different types of cookies with different uses. Some are used to allow you to browse the website and its features, others give an idea of your navigation experience.
Third-party cookies enable features or functionality such as advertising, interactive content and statistics. They can recognise your computer or mobile device and therefore understand the websites you have visited.
An example of a third-party cookies is the presence of “social plug-ins” for Facebook, Twitter, Google+ and LinkedIn. The most common use of social plug-ins is to share content on social networks. For greater transparency and convenience, hereby are the links to manage the info collected by third parties:
Facebook (configuration): access to the account. Privacy section.
Twitter (configuration): https://twitter.com/settings/security
LinkedIn (configuration): https://www.linkedin.com/settings/
Google+ (configuration): http://www.google.it/intl/it/policies/technologies/managing/
1. Required Cookies
These cookies are strictly necessary to ensure that our website delivers you information, main functions and services securely. They are therefore necessary for navigation through the website and displaying some features. For instance, some required cookies are:
• Cookies preferences which are stored to remember visitor choices in a main cookie banner. This means that the main cookie banner can be minimised on future visits, and so that analytics and advertising cookies are not set for visitors who opt out of this tracking.
• Session cookies, required to follow your progress through the website. It is
essential to ensure that any information you enter or routes you take are
remembered by the website. Without these cookies, every page you visited would
treat you as a completely new visitor. These cookies do not identify you personally
and are not linked to any other information stored about you.
• Load balancer cookies are used when more than one server provides the web pages. When you visit the website, you are assigned to one of several servers. These cookies are required to track which server you are communicating with in order to present a consistent user experience and remember information about the data you have entered. These cookies do not identify you personally and are not linked to any other information stored about you.
functionality is enabled or not, so as to proceed accordingly.
Google reCaptcha are cookies used by the Google service in some forms to stop submissions from spammers.
2. Functionality Cookies
These cookies provide more personalised services, storing information regarding your consent on loading specific features e.g. YouTube videos. Some may be set by providers (anyway, there are still tools for deactivating these cookies according to the type of browser used, explained further in this Policy) and they are stored for reference during future visits to the website.
3. Advertising Cookies
They remember your browsing preferences or are useful for marketing. These cookies allow some data to be shared with advertisers, such as, for example, what you like, so that the advertisements displayed are in line with your preferences.
4. Performance and Analytics Cookies
Performance and analytics cookies help understand visitors’ behaviour when browsing a website. They allow to improve websites and marketing messages sent to customers. This includes, for example, Google Analytics cookies for the collection and analysis of information about visitors’ use of the website. In doing so, information about the use of the website, including your IP address, may be transmitted to Google and stored on servers in the United States. The data collected by Google Analytics is used to analyse how frequently the same people revisit the website, how the website is found (from advertising or referring websites), and which pages are most frequently viewed.
For more information, please see:
See below in the next FAQ how to disable the action of Google Analytics.
5. Social Media Cookies
These cookies may be used to track your activity on social media platforms. They are used to allow you to express opinions. These cookies enable you to recommend the website you are browsing to other users on social media. They also allow to provide advice to other (potential) customers, to review services and provide targeted advertising according to preferences.
We are working to prepare a full list of the cookies we use.
WHAT HAPPENS IF YOU DO NOT WANT COOKIES?
You can change the browser settings to delete or prevent some cookies from being stored on the computer or mobile device. Disabling cookies totally or partially may affect your ability to use the website features. The best browsers allow you to define different settings for “proprietary” and “third party” cookies. For example, in Firefox, through the menu Tools->Options->Privacy, you can access a control panel where you can define whether to accept or not different types of cookies and remove them.
The help section of the browser should provide information on how to manage your cookies settings.
You will find information and instructions for your browse and Adobe Flash Player here:
Adobe (flash cookies):
For the information about the options that some of the third parties we work with offer to refuse advertising targeting activities or opting out, you can visit the following sites:
You can selectively disable the action of Google Analytics by installing on your browser the opt out component provided by Google. To disable Google Analytics, see the link below: https://tools.google.com/dlpage/gaoptout.
Remember that you will need to visit those websites from each browser and device for which you want to reject cookies. Since opt out tools may depend on cookies, you may need to visit these pages again to reset your preferences when you delete cookies.
HOW OFTEN WILL THIS DATA PRIVACY NOTICE BE UPDATED?
WHERE CAN I GET MORE INFORMATION?