Information Notice on the
processing of personal data for the purpose of the e-learning training service pursuant
to art. 13 EU Regulation 2016/679
Dear user,
Assos of Switzerland GmbH (hereinafter only
"Assos"), in its capacity as Data Controller (hereinafter "Data
Controller") for the e-learning training service, pursuant to art. 13 of
EU Regulation 679/2016 ("GDPR") wishes to inform you that it
considers privacy and the protection of personal data one of the main objectives
of its business.
Therefore, he invites you to read this information notice carefully which
is aimed at all those who access the e-learning platform, request registration
for training events via the dedicated portal and/or platform services that are
only accessible from the area and -learning, at the web page https://academy.assos.com/.
1.
Data Controller and Data Protection Officer
The Data Controller for
the regional training service is Assos of Switzerland GmbH which is required to
implement training events to support its internal staff to instruct them on the
correct methods of processing personal data during the performance of their
professional activity.
ASSOS of Switzerland GmbH, CH-100.090.328, can be
reached via e-mail privacypolicy@assos.com, and tel. +41 91 641 78 78. The Data
Protection Officer (DPO) can be reached at dpo@assos.com.
2.
Purpose of the data processing
The e-learning training
service processing and, in particular, the collection,
registration, storage, consultation, communication, will be performed for the
following purposes:
a) the fulfillment of contractual obligations of
the Data Controller connected to the provision of training activities on
security and compliance with the protection of personal data in the performance
of professional activities;
b) the
fulfillment of legal obligations of fiscal and administrative nature by the
Data Controller;
c) the planning of the organization of the
training service plan by sending e-mails or paper mail and information
regarding the training sessions provided and the activities carried out.
3.
The legal basis of the processing for these purposes
The legal basis of the
processing for these purposes is the following: art. 6 par. 1 lit. b) of the
GDPR (“processing is necessary for the execution of a contract of which the data
subject is a party or for the execution of pre-contractual measures adopted at
the request of the same”).
Your personal data is not
subject to any automated decision-making process, including profiling.
4.
Types of
personal data collected
The data collected and
stored are those strictly necessary for the fulfillment of the purposes of
managing the contractual obligations connected to the performance of the
training activities of the Data Controller and the fulfillment of legal
obligations of fiscal and administrative nature.
In particular, the
following data is collected:
a) personal access and authentication data;
b) images/videos of users for carrying out training activities in live mode
and/or remote exam sessions;
c) personal identification data (name, surname, e-mail, other
identification elements such as tax code) are mandatory both as required by the
legislation on the attribution of certificates and for administrative and
organizational purposes. This is to avoid generating user identification
problems, in issuing certificates, in case of homonyms.
d) the tracking data of the training activities within the e-learning
platforms which allow: to complete the training course over time; the
assessment of attendance, the detection of passing of the final test.
e) navigation data: IP address, session cookies, pages viewed, login
attempts.
5.
Data Retention times for personal data
The data are stored in a
secure manner for the time necessary to pursue the purposes for which they are processed,
except for the longer time necessary to fulfill legal or regulatory obligations
due to the nature of the data or document.
6. Personal data processing methods
The processing of
personal data and/or images/videos may take place using paper, IT or telematic
tools and with adequate security measures to guarantee the security and
confidentiality of your personal data. The platforms used will be managed by
specially appointed internal staff of proven reliability. The Data Controller
will promptly inform the interested parties, if there is a particular risk of
violation of their data without prejudice to the obligations deriving from the
provisions of art. 33 of the GDPR relating to personal data breach
notifications.
7. Data Subject’s
Rights
The data subject can exercise the following rights
with reference to the data processed by the Data Controller:
•
Information.
The data subject has the right to know how his data is used by the Data
Controller (right which is exercised with this information).
•
revoke consent
at any time. The data subject can revoke the previously expressed consent to
the processing of personal data.
•
object to the
processing of your data. The data subject can oppose the processing of his data
when it takes place on a legal basis other than consent.
•
access his own
data. The data subject has the right to obtain information on the data
processed by the Data Controller, on certain aspects of the processing and to
receive a copy of the data processed.
•
check and ask
for rectification. The data subject can verify the correctness of his data and
request its updating or correction.
•
obtain the
limitation of the processing. When certain conditions are met, the data subject
can request the limitation of the processing of their data. In this case, the
Data Controller will not process the data for any other purpose than their
conservation.
•
obtain the
cancellation (right to be forgotten) or removal of your personal data. When
certain conditions are met, the data subject can request the cancellation of
their data by the Data Controller.
•
receive their
data or have them transferred to another Data Controller (portability). The data
subject has the right to receive their data in a structured format, commonly
used and readable by an automatic device and, where technically feasible, to
obtain their transfer without obstacles to another Data Controller. This
provision is applicable when the data are processed with automated tools and
the processing is based on the consent of the data subject, on a contract of
which the data subject is a part, or on contractual measures connected to it.
•
propose a
complaint. The data subject can lodge a complaint with the competent personal
data protection supervisory authority or take legal action.