Pursuant to Article 13 of the EU regulation 2016/679 (“GDPR”), we hereby inform you that eXact learning solutions SpA (the “Company” or the Data Controller) will process the personal data you supply (“Data”) acting as Data controller.
1. LEGAL BASIS AND PURPOSES OF THE PROCESSING
Pursuant to Article 5 of the GDPR, both Data supply and the relevant consent to collect and process such Data are voluntary. A web user may deny his/her consent and he/she is allowed to revoke any existing consent at any time.
That being said, the Data processing:
- Shall be necessary to access the LCMS platform. Therefore, if you refuse to supply your Data, you will not be able to access the platform;
- Shall be voluntary for the purposes of demo requests, as well as for both information and commercial purposes (e.g., RFP); therefore, if you deny your consent to such processing, you will not receive any reply.
This Website also processes some Data even for legitimate interests of the Data Controller.
Therefore, the Company will process Data by transferring them to companies of LATTANZIO KIBS (www.lattanziokibs.com) group (or to other third-party companies) for purposes related or instrumental to platform testing and promotion, including the use of such Data in future surveys or similar activities. The latter being in line with the main purposes of this processing.
Data collected for purposes related to the Data Controller’s legitimate interest shall be held until such interest is met.
2. PROCESSING METHODS
This Website is processing the users’ Data while applying appropriate safety measures in order to prevent any unauthorised access, disclosure, alteration or destruction of the Data. Data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject, by way of computer and/or computerised systems, as well as according to organisational methods and logic strictly related to the purposes stated. Our Website management software is being continuously updated and regularly scanned, in order to detect any virus and dangerous codes. Some appropriate organisational measures (different positions and tasks as regards the performance of both the processing activity and checks) have been established, as well as procedural and technical measures (such as a firewall, antivirus and other advanced technologies) have been adopted in order to protect Data.
In some circumstances, different staff representaries involved in the Website organisation (such as administrative, commercial, marketing, legal affairs staff and system administrators) or external third parties (such as third-party technical service providers, hosting providers, computer companies and communication agencies) may have access to Data in addition to the Data Controller.
Data supplied by the Website user
Any voluntary and deliberate transmission of messages to the Data Controller addresses, as well as any willing completion and submission of website forms shall result in collecting the sender’s contact details, together with all his/her personal details included in his/her communications. Personal data supplied by the data subject in order to make use of the services offered on the Website shall be processed to act on his/her request in compliance with this policy and the specific privacy policies delivered during the acceptance of each service. Such Data shall be stored for a period enabling the supply of the service requested and/or necessary to handle any claims.
Data being automatically collected by systems and software for the Website to function shall be used to both produce anonymous statistics regarding the Website visit and to check it is functioning correctly. In these circumstances, navigation data does not allow the identification of any user and shall be deleted soon after such anonymous processing.
This Website makes use of the following cookies:
- Session cookies. These cookies do not remain stored on the users’ device and they will expire at the end of the browser session. Their use is strictly limited to deliver session identifiers (server-generated random numbers), which are necessary to enable a safe and efficient Website visit.
- Third party cookies. This Website uses Google Analytics on both “IP address masking” and data sharing disabled modes. “IP address masking” mode enables having the Website user’s address anonymised. See: https://support.google.com/analytics/answer/2905384 for any further information on the anonymisation method.
3. STORAGE PERIOD
Data shall be stored in the company database for the period required for the purposes of the processing. Once such period is expired, such Data will be destroyed or anonymised.
4. DATA SUBJECT’S RIGHTS
The Website user shall be entitled to exercise his/her rights according to the EU regulation 2016/679, Chapter III, Article 15 and following, according to the terms and conditions set by the laws in force. Namely, he/she shall have the right to:
- partially or totally object, for legitimate grounds, to the processing of data concerning him/her for purposes of sending advertising material or direct selling or for purposes of market research or business communication;
- obtain confirmation as to whether or not personal data concerning him or her are being processed (right of access);
- know from which source the personal data originate;
- obtain clear communications;
- obtain information about the logic involved, as well as the means and purposes of such processing;
- obtain the update, the erasure, the rectification, as well as the right to have incomplete personal data completed, or have such personal data concerning him/her be anonymised. He/she shall also have the right to obtain a data stoppage concerning Data being processed and infringing any law, and the data being no longer required for the purposes for which they have been collected;
- where the data processing is not based on the data subject’s consent, he/she shall have the right to receive the data he/she has provided to the Data Controller, in a structured, commonly used by an electronic device and machine-readable format for a data processor, only paying for the support provided;
- generally speaking, he/she shall be entitled to exercise all rights being enforceable according to the laws in force.
Where Data are being processed on grounds of any legitimate interest, the data subjects’ rights shall be ensured in any case (other than the right to data portability, which is not provided for by any legislation or regulation, GDPR included), with a special view to the right to object to the processing, which can be exercised by sending a request to the Data Controller to that regard.
Right to lodge a complaint
Every data subject shall have the right to lodge a complaint with a supervisory authority (Article 77 of GDPR) or to an effective judicial remedy (Article 79 of GDPR) if he/she considers that the processing of Data relating to him/her, which is performed by means of this Website, infringes the above said EU regulation.
The above mentioned rights may be exercised by writing to eXact learning solutions SpA at the following address: via Cimarosa n. 4, 20144 Milano (Italia), or by sending an email to: firstname.lastname@example.org
It is understood that where the data subject makes the request by electronic means, the information shall be provided in a commonly used electronic form.
5. PLACE OF PROCESSING
Data will be processed at the Data Controller’s operational headquarters and everywhere the processors are placed. Please contact the Data Controller for any further information.
6. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The Data Controller is eXact learning solutions SpA,, whose legal representative is Mr. Valerio Torda, registered office in via D. Cimarosa n. 4 20144 Milano (Italia).
7. EXTERNAL DATA PROCESSOR
Computer infrastructure is being managed by EKO Srl, registered office in Via A. Saffi, 21 – 20123 Milano (Italia), who are in charge of processing Data on behalf of the Data Controller and act in compliance with the European legislation.