Privacy and Cookie policy
Information in accordance with Articles 13 and 14 EU Reg. 2016/679 (Rev.4.0 Agg.19/07/2024)
This page describes how the site is managed with regard to the processing of personal data of users who consult it or use the services it offers.
This page explains the processing of personal data carried out in relation to the services made available via the web through the website https://www.istitutofanfani.it/
Index
Index
THE "OWNER" OF THE PROCESSING (who decides why, how and to whom to have the data processed)
Following consultation of this website and use of the services it offers, data relating to identified or identifiable persons may be processed.
In addition to browsing data, information may be collected, for example:
> when a contact request is made;
> from the use of other services through the Platforms made accessible by the site or the APP, for which reference should be made to the relevant paragraph of this document;
> through the use of cookies or other technologies as indicated below.
The data controller, with respect to the services provided to users, is ISTITUTO FANFANI S.r.l. (hereinafter simply "Istituto Fanfani") with headquarters in Florence, Piazza dell'Indipendenza n. 18/b, better identified at the foot of the page
The Fanfani Institute has appointed a Data Protection Officer, who is responsible for overseeing, in full independence and in the absence of conflicts of interest, compliance with data protection regulations. The Data Protection Officer can be contacted at the following e-mail address: dpo@istitutofanfani.it
RIGHTS OF INTERESTED PARTIES
With reference to the processing referred to in this document, the data subjects (users of the site) have the right:
> to request from the data controller access to and rectification or erasure of personal data or restriction of the processing of personal data concerning him or her and to object to their processing;
> if the processing is carried out by automated (computerized) means and on the basis of his or her consent, to receive in a structured, commonly used and machine-readable format the personal data concerning him or her and/or to obtain their direct transmission to another data controller, if technically feasible;
> to revoke their consent at any time (without affecting the lawfulness of the processing based on the consent before revocation), of course this is for processing carried out on the basis of this assumption;
> to lodge a complaint with a supervisory authority: Garante per la protezione dei dati personali - Piazza Venezia n. 11 00187 ROMA - Telephone switchboard: (+39) 06.696771 - E-mail: protocollo@gpdp.it - certified mail protocollo@pec.gpdp.it.
More information at the end of this policy.
To assert their rights, the data subject may contact the owner by sending a communication to the address segnalazioni@istitutofanfani.it.
Requests can also be made by sending a registered letter to the above address, always keeping in mind that it will not be possible to respond where there is no certainty about the identity of the requester.
NAVIGATION DATA data processed in connection with the site visit
The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes, for example, the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to your operating system and computing environment, such as browser type and version, browser plug-in types and versions, mobile device identifier (IDFA or AndroidID) and other parameters related to your operating system and computing environment.
These data, in the absence of specific consent to processing for further purposes, are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to monitor its proper functioning.
The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site, and only in that case can specific procedures aimed at identifying the author be activated.
The legal basis for the processing of these data is the legitimate interest of the holders consisting of the protection of data security, smooth operation of the site and improvement of service standards.
Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. The processing related to the web services of this site are handled by personnel appointed by the Data Controller as well as by external subjects, appointed as data processors (ART. 28 EU REG. 2016/679), who are entrusted with the technical management and maintenance of the site and its information systems. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
No data from the web service is disseminated.
The personal data provided by users who submit requests for informative material to be sent to them(newsletters, answers to questions, etc.) are used for the sole purpose of performing the service or provision requested and are communicated to third parties only if this is necessary for that purpose.
DATA VOLUNTARILY PROVIDED BY THE USER
Apart from what has been specified above, the user is free to provide the personal data requested in the course of browsing to solicit the sending of informative material or other communications. Failure to provide them may result in the impossibility of obtaining what has been requested.
When the user visits a part of the Site or activates a feature made available by the APP that involves the collection of personal data, he or she is presented again with a link to this information document and is asked to attest that he or she has read it and, if necessary, a consent.
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site or reachable through the APP entails the subsequent acquisition of the contact details provided by the sender, necessary to respond to requests, as well as any other personal data included in the missive which, unless otherwise duly communicated, will be kept for the time necessary to fulfill the requests.
Below are made available specific disclosures referring to pages set up for particular on-demand services or through which additional personal data can be acquired.
Treatments resulting from a request for contact or registration
- The personal data voluntarily given by the data subject through of the contact area, or the e-mail addresses made available on the platform are processed with mainly automated tools for:
- ensure a certain and timely response and fulfill the data subject's own requests (legal basis for processing: legitimate interest and consent of the data subject in case of "special" personal data);
- Fulfillment of obligations arising from EU laws, rules and regulations; fulfillment of provisions issued by the Judicial Authority, (legal basis for processing: coinciding with the purpose);
- To feed the system of acquiring knowledge of the public through statistical analysis, carried out through anonymized and aggregated data, useful for the verification, improvement and thus design of an increasingly efficient service,(legal basis of processing: legitimate interest of the owner coinciding with the purpose).
- The contact details, e-mail addresses provided may be used to send courtesy communications and/or informational material related to the holder's activities, only where the following legal bases apply:
- Legitimate interest consisting in the processing of personal data for direct marketing purposes taking into account the relationship with the data subject [Art. 6 c.1 lett. f EU Reg. 2016/679] where the requested contact was related to or involved the establishment of an ongoing relationship with the data controller
- consent of the data subject [Art. 6 c. 1 lett. a Reg. EU 2016/679], which, in case of own interest, the owner will request in the course of contacts aimed at fulfilling the data subject's requests.
- The data may be processed by promotion, communication and public relations staff, computer systems maintenance staff whose task is to ensure the functionality of the systems, data security, other designated staff within the limits of their assigned tasks and the provisions of company procedures, and other individuals who provide services for purposes auxiliary to the fulfillment of the data subject's requests, also within the limits strictly necessary to carry out their tasks.
- Data may be disclosed or made available:
- to subjects who can access the data by virtue of a provision of the law, regulation or EU legislation, within the limits provided by these rules,
- other related companies (subsidiaries - parent companies) always for current "administrative accounting purposes" related to the fulfillment of the requests of the person concerned
- to other entities that provide services for purposes related to the fulfillment of the data subject's requests, to the extent strictly necessary to perform their tasks - business partners, whose cooperation is necessary for the provision of the requested services The Business Partners will operate as autonomous data controllers and in compliance with their respective privacy notices, which will be made available by them
- Personal data will also be transferred to entities located outside the European Union to the country where the data subject resides or is located only if necessary to fulfill his or her requests and in compliance with applicable regulations.
When filling out the forms, fields whose completion is mandatory are indicated with an asterisk, in the absence of the required data, it will not be possible to fulfill the requests of the interested party.
If, at the time of the contact request, the data subject has to communicate special categories of data (such as: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data relating to the person's health or sex life or sexual orientation), a specific consent to their processing may be required, in the absence of which it may be impossible to process the data subject's requests.
IMPORTANT NOTICE:
Users are urged to take special care to include in communications sent to the Fanfani Institute only information of which they have full availability having informed any third parties to whom they refer.
DATA RETENTION
The data disclosed, unless otherwise specified by the data subject or further needs duly communicated, will be kept for as long as necessary to fulfill the data subject's requests and comply with legal requirements.
Where the data subject has a contractual relationship with the Data Controller, the data will be retained, if relevant to it, for the duration of the contract or registration, after which retention will be continued only if obligatory by law and in accordance with the rules on the retention of administrative records or as indicated in the information disbursed at the time of the establishment of the contractual relationship and registration.
Contact information for which consent has been given to send commercial communications will be retained until 12 months after the Fanfani Institute last sends communications or the data subject withdraws consent.
REGISTRATION PROCEDURE - FANFANI APP
On the site, as on the FANFANI APP you can proceed with your registration .
Having made the registration, it will be possible:
> Book, change and pay for services, services and appointments,
> receive reminders and alerts about your reservations,
> consult their Health Record,
> stay up-to-date on the evolution of our Network, promotions and active services,
> consult and contact our Medical Specialists, simplify contact with all our facilities.
In order to offer the best service with the highest standards of security, the management of the registration and exam booking procedure, as well as of the APP FANFANI, has been entrusted to a company specialized in the field, with proven experience and reliability, appointed as Responsible party ex art. 28 REG. UE 2016/679, which operates through its own WEB platform developed with the highest standards of security. The Data Subject may review all information at. https://www.tuotempo.it/gdpr-tuotempo
IMPORTANT NOTICES:
> Unless expressly delegated, current legal regulations, particularly regarding privacy, do not allow third parties to fill in fields or send information in place of the person interested in making the registration.
> Again, please remember to enter contact information that is in the exclusive availability of the person registering (avoiding, for example, the inclusion of company e-mails) this is because the Fanfani Institute will be able to send communications addressed exclusively to the person concerned, including those containing his/her personal data.
> Keep in mind that with the password set by him, the User will be able, among other things, to access his data and perform operations that may correspond to an economic value, it is recommended, therefore, to choose a password of adequate complexity (it must not contain references easily traceable to the User, resorting in its formulation also to special characters, numbers, punctuation or increasing at discretion its length, which cannot be less than 8-10 characters) and to guard it carefully, changing it periodically or whenever there is a suspicion that its confidentiality is compromised.
"WORK WITH US" SECTION
IMPORTANT INFORMATION
The spontaneous application form can only be filled out by individuals over 18 years of age.
Completion of the fields is reserved for the Candidate interested in reporting his or her availability. Unless expressly delegated by the Candidate, current legal regulations, particularly regarding privacy, do not allow third parties to fill in the fields or send resumes in place of the Candidate himself/herself.
The Candidate may communicate only information for which he/she has full availability having received the necessary authorizations from the parties to whom it relates.
We invite the candidate to update their data periodically, keeping in mind that:
- the Fanfani Institute may consider, for the purpose of selections, curricula that have not been updated for more than 12 months, and after that period, only the name, contact details and generic indication of the position of interest will be used for the purpose of requesting the interested party to update the data and confirm their availability;
-in any case after 24 months from the last update by the candidate, your data can be deleted.
What data are processed in the selection process
(a) data and information provided by the data subject or by parties delegated or authorized by the data subject (including by filling out biographical forms, sending resumes, etc.);
(b) data from public records, lists, acts or documents that are knowable by anyone;
c). data related to pre-contractual information (curriculum vitae, data that can be freely acquired from public sources and/or provided by persons in charge of selection, etc.);
d) data that originate in the course of any audits and interviews in which the candidate participates and during any assessment of psycho-physical fitness for the job (e.g.: and subjective evaluations of the selection officers appointed by the Owner and possibly certificates/certificates of fitness issued in the pre-employment phase by the Competent Doctor).
Among the above-mentioned data may be included, only if relevant and necessary in relation to the purposes set out below, also data relating to criminal convictions and crimes and/or special categories of data such as: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as dealing with genetic data, biometric data intended to uniquely identify a natural person, data relating to health or sex life or sexual orientation of the person. Among the data mentioned in point 1, for example, data communicated by the data subject with reference to illnesses, including occupational illnesses, disability, infirmity, psychophysical fitness to perform certain tasks or membership in protected categories fall into these categories.
Data source.
The above data :
> come from the data subject himself, including through third parties acting on his behalf or authorized by him (e.g., family members, personnel recruitment agencies, schools/training institutions, associations, etc.)
> are acquired from sources freely accessible to anyone (public records, directories, acts or documents knowable by anyone, etc.);
> originate during any interviews in which the candidate participates and during any assessment of psycho-physical suitability for the job (e.g.: certificates/certificates of suitability issued in the pre-employment phase by the Medical Officer in charge and subjective assessments of the selection officers)
> come, in some cases, from previous employers - reference persons indicated by the candidate
Why data are processed - Purpose of processing
The processing to which personal data will be subjected has the following purposes for each of which the "legal basis" that makes it possible is indicated in parentheses [the "legal bases" are the conditions that make a purpose lawful as set forth in Articles 6 and 9 of EU Reg. 2016/679]:
a. evaluation of the candidate for the purpose of his/her possible employment even if not in an employment relationship. [legal basis: pursuit of a legitimate interest of the data controller consisting in the effectiveness in the selection processes - art. 6 c.1 lett. f - adoption of pre-contractual measures triggered at the request of the data subject art. 6 c.1 lett. b - art. 111 bis D.Lgs. 196/2003];
b. storage for possible future employment, even if not in an employee relationship (Ex: project contracts, etc.), including by affiliated and/or controlled companies [legal basis: consent of the data subject];
c. verify the truthfulness of the data provided by the candidate; it is specified in this regard that the truthfulness of the data necessary for a correct evaluation of the candidate is an essential requirement for participation in the selection; [legal basis: pursuit of a legitimate interest of the data controller consisting in the protection of assets and the correctness and effectiveness in the selection processes and verification of the statements made - art. 6 c.1 lett. f art. 9 c. 2 lett. f EU Reg. 2016/679].
How data are processed and retention times
In relation to the aforementioned purposes, the processing of personal data may take place by means of paper, computer and telematic tools and will include all the operations or complex of operations necessary for the processing in question, including communications in the areas referred to on this document and any verifications of the accuracy of the data also carried out at the subjects indicated on their CVs by the interested party; all this always guaranteeing the most absolute confidentiality, relevance and nonexcessiveness with respect to the purposes described above.
For some tasks that require special attention, the candidate may be required to participate in specific psycho-aptitude tests provided by third parties who will act as autonomous data controllers.
Even if the candidate is not immediately selected, the above data will be retained, again for selection purposes, for a period of not more than 24 months after the last contact had with the person concerned, bearing in mind that after 12 months from only the name, contact details and a generic indication of the position of interest will be used for the purpose of requesting the person concerned to update the data and a confirmation of his or her availability.
Who they can be treated by
For the same purposes, the data may be processed by the following categories of appointees and/or managers, always and only to the extent actually necessary to carry out their functions:
- Staff of the Human Resources function of the FANFANI INSTITUTE.
- Managers and coordinators of the Company, Department/Function/Office/Operational Unit interested in the candidate's profile.
- Resources to whom management/maintenance of information systems is delegated - System administrators.
- Head of Prevention and Protection/Safety Service.
- other employees within the limits of the assignments received and the provisions of company procedures.
- Subjects (companies /professionals) who collaborate as Managers ex art. 28 Reg. EU 679/2016 to the activities, or who provide services functional to them, such as: management of information systems, training, organizational / managerial consulting, personnel selection; in this regard, it is noted that these subjects will always and in any case be bound to full compliance with the rules and procedures aimed at ensuring the widest protection and safeguarding of personal data adopted and imposed by the Owner also and not only in compliance with the regulations in force.
To whom the data may be disclosed and dissemination
Personal data may be disclosed to:
- ⇨Entities/Companiesotherwise related to the Holder that may have interest in the candidate's profile.
- ⇨Inthe pre-employment phase, in case the candidate is selected, for the purposes of the requirements of Legislative Decree No. 81 of April 9, 2008 (Testo Unico Sulla Salute e Sicurezza Sul Lavoro), to the competent doctor, who retains ownership for all processing of sensitive personal data that are necessary for him to perform the tasks entrusted to him.
- ⇨toother companies/consultants, whom you will get to know from time to time, involved in the selection activities to the extent strictly necessary to carry out the tasks entrusted to them such as: assistance in the fulfillment or direct execution of tax compliance/, information systems management, financial services, personnel training, organizational/directional consulting.
Of course, the communications described above are limited only to the data necessary for the recipient institution to carry out its tasks and/or to achieve the purposes related to the communication itself, always referable to what is stated in point 3 above.
Data will not be disseminated
Transfer to non-EU countries
As a rule, data will not be transferred to non-EU countries, unless this is necessary for the completion of the selection process and to the country where the data subject is located or resides The transfer will always be carried out in full compliance with the regulations and exclusively for the purposes mentioned above:
- in occurrence of one of the conditions set forth in Art. 49 of EU Reg. 2016/679:
(a) the data subject has explicitly consented to the transfer;
(b) transfer necessary for the performance of a contract concluded between the data subject and the data controller or the performance of pre-contractual measures taken at the request of the data subject;
(c) transfer necessary for the conclusion or performance of a contract concluded between the data controller and another natural or legal person for the benefit of the data subject;
(e) transfer necessary to establish, exercise or defend a right in court;
- and/or to entities required to guarantee an adequate level of protection, including by signing the standard contractual conditions indicated at the European level (Commission Implementing Decision (EU) 2021/914 of June 4, 2021) or or adopt and document other forms of adequate guarantee as provided in Article 46 EU Reg. 2016/679.
When it is mandatory to report your data
The communication and updating of one's data is obviously optional in nature; the forms always indicate the data whose provision is mandatory for the purpose of admission to the selection procedures; in the absence of the other data, one can still participate in the selections but the evaluations made will be less accurate.
User rights - in-depth
Right of access
The data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data and the following information:
(a) the purposes of processing;
(b) the categories of personal data in question;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly if recipients in third countries or international organizations and, if so, the existence of appropriate safeguards;
(d) when possible, the expected period of retention of personal data or, if this is not possible, the criteria used to determine this period;
(e) the existence of the data subject's right to request from the data controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing;
(f) the right to file a complaint with a supervisory authority;
(g) if the data are not collected from the data subject, all available information on their origin;
(h) the existence of any automated decision-making process, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way, and, at least in such cases, meaningful information about the logic used, as well as the importance and expected consequences of such processing for the data subject.
Right of rectification
The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning him or her without undue delay.
Right of cancellation
The data subject shall have the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller shall be obliged to erase the personal data without undue delay if one of the following grounds exists:
(a) personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
(c) the data subject objects to the processing, and there is no overriding legitimate reason for processing;
(d) personal data have been processed unlawfully;
e) personal data must be deleted in order to comply with a legal obligation under European Union law or the law the member state to which the data controller is subject;
Rights to limitation of processing
The data subject has the right to obtain from the data controller the restriction of processing when one of the following cases occurs:
(a) the data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
(b) the processing is unlawful and the data subject objects to the deletion of personal data and instead requests that their use be restricted;
(c) although the data controller no longer needs them for the purposes of processing, the personal data are necessary for the data subject to establish, exercise or defend a right in court;
(d) the data subject has objected to the processing, pending verification as to whether the data controller's legitimate reasons prevail over those of the data subject.
Right of opposition
The data subject has the right to object at any time to the processing of personal data concerning him or her carried out for direct marketing purposes, including profiling insofar as it is related to such direct marketing.
Right to data portability
The data subject shall have the right to receive in a structured, commonly used and machine-readable format personal data concerning him or her that have been provided to a data controller and shall have the right to transmit such data to another data controller without hindrance by the data controller to whom he or she has provided them if:
(a) the processing is based on consent or a contract; and
(b) the processing is carried out by automated means.
When exercising his or her rights with regard to data portability, the data subject has the right to obtain direct transmission of personal data from one data controller to another, if technically feasible.
Some Definitions
Personal data: Any information relating to an identified or identifiable natural person
"Particular" personal data NEED MORE PROTECTION AND PARTICULAR ATTENTION, such are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to a person's health or sex life or sexual orientation (Art. 9 of EU Reg. 2016/679)
Processing means any operation or set of operations, performed by any means or methods and applied to personal data or sets of personal data, (such as collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, communicating by transmission, disseminating or any other form of making available, comparison or interconnection, restriction, deletion or destruction)
Data Subject: The natural person to whom the personal data refer.
Controller: the natural or legal person, public authority, department or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data
Data Processors (appointed pursuant to Art. 28 EU Reg. 2016/679): the natural or legal person, public authority, service or other body that processes personal data on behalf of the Data Controller
Legal basis of processing: the normative principle under which the described processing of personal data can be carried out, in many cases coinciding with the stated purpose.