this notice describes, pursuant to and for the purposes of art. 13 of EU Regulation 2016/679 (General Data Protection Regulation, hereinafter referred to as GDPR), the ways in which CT ACADEMY – as Data Controller – processes the data provided by You through the website. The processing of personal data will be based on the principles of lawfulness, transparency, correctness and protection of confidentiality and rights of the User, always in compliance with the European legislation currently in force.
The Joint Controller, pursuant to Art. 26 GDPR, is Cavalleria Toscana Group (CAVALLERIA TOSCANA S.p.A., RG ITALIA S.r.l.), with registered headquarters located in Via Celio Bottai 11, 51015, Monsummano Terme, (PT) – Italy.
E-mail address: firstname.lastname@example.org
Telephone: +39 0572 1906490
The Representative in the Union
Pursuant to Article 27 GDPR, the Representative in the Union is Alessandro Ambrosino, contactable at the address email@example.com
- Site navigation data. The information systems and software procedures used to operate the websites may acquire, during their normal use, some data whose transmission is involved in the use of Internet communication protocols. This category could include IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given to the server (successful, error, etc.) and other parameters relating to the operating system and computer environment of the User. These data are used for the sole purpose of receiving anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.
- Contact Us section. In addition to the data collected when the User sends a message by e-mail to the e-mail addresses indicated on the site, through the Contact us form are acquired: name, surname, email, phone number and any other data that the User enters in the message section. These data are used exclusively for the purpose of satisfying the User’s requests.
- Social networks. Personal data collected from third parties, such as data that the User agrees to share with CT Academy on publicly accessible social networks.
- Newsletter Sign Up. To subscribe to the newsletter through the appropriate form, the User is asked to enter his/her e-mail address. By registering for the newsletter, the e-mail address is included in a list of contacts to send information, including commercial and promotional information, relating to CT Academy and its Joint Controllers. The User’s e-mail address could also be added to this list as a result of registration to the website or after purchasing services, with previous consent.
- Website registration. The Data Controller collects username, first name, last name, e-mail, password. This data is collected in order to allow the registration of the User to the website and the use of the online goods sales service. Through this section no bank data or other data necessary to perfect the payment are collected; In order to proceed with the purchase of the goods through the e-commerce section, the User must provide completely the data requested in the checkout form.
- Courses booking. Users interested in taking part in CT Academy Courses fill in the specific form with their personal data: name, surname, e-mail address, country of origin, phone number, date of birth and other information. In addition, CT Academy collects also the personal data of the parent or legal guardian in case of a person under the age of eighteen.
- Order history. Information about the order history and the products and services saved, also according to the need to provide assistance and support to the customer and manage any returns.
- Payment details. The data controller collects the information necessary to complete orders, accept payments and make refunds. This includes, among other things, information related to the type of payment instrument selected and information on billing and shipping.
Purpose and legal basis of the processing
Generally, the data are processed for the following purposes:
- to execute the User’s requests and answer the questions. The legal basis of the processing is the legitimate interest of the Controller (article 6, letter f of GDPR) to be more efficient, to provide information on the services offered, and to improve and develop new products and services.
- for internal administrative purposes of managing purchasing operations and, in general, to implement all contractual and pre-contractual measures adopted at the request of the User concerned, as well as all related operational and management requirements. The legal basis is the need to execute the agreement to which the User concerned is a party or to implement pre-contractual measures (Article 6, letter b of GDPR).
- for marketing and advertising purposes, to send you news about products, services or promotions by CT Academy and its Partners Joint Controllers. The processing of data collected and stored for this purpose has as legal basis the express consent given by the User (article 6, letter a of GDPR).
- to comply with the legal obligations to which the Data Controller is subject. In the latter case, the legal basis is represented by the need to comply with legal obligations that require the Data Controller to collect and/or further process certain types of personal data (Article 6, letter c of GDPR).
The provision of personal data
The mandatory or optional nature of the conferment is specified from time to time – with reference to the individual information requested – at the time of the individual data collection, by affixing a special symbol (*) to the mandatory information. If you refuse to communicate some of your data marked as mandatory, it will make it impossible to pursue the main purpose of the specific collection: such refusal could, for example, make it impossible to execute the contract for the purchase of services. The provision of further data, other than those marked as essential, is instead optional and does not imply any consequence with regard to the pursuit of the main purpose of the collection.
Modalities and place of the processing
The processing of personal data is mainly carried out by electronic and telematic means by the Controller, the Joint Controllers and other subjects who, suitably selected for reliability and competence, carry out operations instrumental to the pursuit of the purposes strictly related to the use of the website, its services and the purchase of products through the website.
The data are processed at the registered and operational offices of the Data Controller and the Joint Controllers, in any other place where the parties involved in the processing are located, as well as at the host servers, under the responsibility of the bandwidth and domain providers. For further information, please contact the Controller.
The complete and updated list of Data Processors is available upon written request to the Data Controller.
Links to other sites
Rights of the data subject
- to access the processed data, obtain information on certain aspects of the processing and receive a copy of the same (art. 15 GDPR, right of access).
- to check the correctness of your data and request its updating or rectification (art. 16 GDPR, right of rectification).
- to obtain the cancellation or removal of your personal data (art. 17 GDPR, right to cancellation).
- to obtain the limitation of the processing of your data, when certain conditions are met (art. 18 GDPR, right to the limitation of the processing).
- to receive your data in a structured format, in common use and readable by automatic device and, if technically possible, to obtain its transfer without hindrance to another holder (art. 20 GDPR, right to portability).
- to oppose the processing of your data when it takes place on a legal basis other than consent (art. 21 GDPR, right of opposition). When personal data is processed in the public interest, in the exercise of public powers vested in the Data Controller or to pursue a legitimate interest of the Data Controller, you have the right to oppose the processing for reasons related to your particular situation.
To exercise these rights you can send a request to the following e-mail address firstname.lastname@example.org.
You can also lodge a complaint with the competent personal data protection supervisory authority (for Italy, www.garanteprivacy.it ).
Updates and changes