Privacy Policy


ISTITUTO GIORDANO SPA respects your privacy and undertakes to protect your personal data on the basis of European Parliament and Council Regulation (EU) 2016/679 of 27 April 2016 “on the protection of individuals with regard to the processing of personal data and on the free movement of such data,” repealing Directive 95/46/CE (General Data Protection Regulation) in force as of 24 May 2016 and applicable as of 25 May 2018.

1. Introduction
This Privacy Policy describes the use of your personal data by ISTITUTO GIORDANO SPA when you interact with ISTITUTO GIORDANO SPA for our services or when you simply consult our company website.
It also informs you of your privacy rights and the protection of same under the legal system.
Please read this Privacy Policy carefully so that you are informed of how your personal data is used.
For any questions, or to exercise your privacy rights, please follow the instructions in this Privacy Policy. See point 15, “How to contact ISTITUTO GIORDANO SPA for questions on privacy.”

2. Institutional website
The website www.giordano.it presents our company, our services and promotes our training courses. The website is designed to be used by everyone and we do not knowingly collect data concerning its users.
ISTITUTO GIORDANO SPA is the Data Controller for this website and for any personal data processing performed by or on behalf of ISTITUTO GIORDANO SPA. The Data Controller for processing performed by or on behalf of ISTITUTO GIORDANO SPA is ISTITUTO GIORDANO SPA in the person of its CEO, Nazario Giordano; the Data Manager is Mauro Gulino. A DPO (Data Protection Officer) work group has been appointed by the Board of Directors of ISTITUTO GIORDANO SPA to address all issues related to privacy; to contact it, please refer to the specific section.
In this Privacy Policy we refer to "ISTITUTO GIORDANO SPA," "we" or "us" to mean the ISTITUTO GIORDANO SPA Data Manager.

3. Personal data that we can collect
Personal data, or personal information, is information on any party from which we can deduce that party’s identity. Data from which your identity has been removed (anonymous data) are therefore excluded.
We collect various information on our customers. These personal data are attributed to the following categories:
  • Identification data: name, surname, and if you communicate with us via social media, this data category also includes the username you use on said social media;
  • Contact data: postal address, telephone numbers, email address, billing address;
  • User identification codes or keys;
  • Data relating to personal characteristics: date of birth, gender, nationality;
  • Transaction data: these include information on payments made by and to you and additional information on products and services purchased from us.
We do not collect sensitive data about you (these include data revealing your racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, information on your state of health and genetic and biometric data). Furthermore, we do not collect judicial data relating to you.

4. How are personal data collected?
The various methods we use for collecting data from and about you are listed below.
Direct interaction. You decide to communicate identification, contact and financial data to us by completing a form or communicating such data by mail, telephone, email or via chat or social media.
This includes personal data you communicate when you:
  • Request an offer for one of our services;
  • Forward requests or ask to receive information;
  • Request an appointment;
  • Send your curriculum vitae to our website;
  • Contact us on social media;
  • Subscribe to our newsletter.

5. How we use your personal data
We use your personal data within the limits prescribed by law. In general, we use your personal data in the following circumstances.
  • If we need to perform a contract which is being concluded or is already concluded with you, e.g., issue an invoice for a service provided to you.
  • If we need to pursue our legitimate interests (or those of third parties), provided that your interests and fundamental rights do not take precedence.
  • If we need to comply with legal or regulatory obligations.
In general, the legal basis on which we process your personal data does not include your consent except where expressly required by law, e.g., to send certain direct marketing communications. In cases where the legal basis requires consent, you have the right to withdraw your consent at any time.
For further information please compare the legal foundations on which we base our personal data processing with the legal basis on which we process personal data.

6. The legal foundations on which we process personal data 
You should be aware that we may process your personal based on different legal foundations depending on the specific purpose of use of the data.
Our decision-making process is not automated.
Please feel free to ask us any questions in this regard. Please see the section How to contact ISTITUTO GIORDANO SPA for questions on privacy.

7. Advertising, marketing and your communication preferences
In the event of specific consent we may use direct marketing strategies via email, telephone, text message or mail, e.g., you can receive our newsletter via email. We make every effort to ensure that our website always clearly communicates our activities and the type of messages delivered to you, both when you decide to receive our newsletter and when you complete the contact form. You may change your mind at any time and decide to cancel your subscription.

8. Cookies
By using the website you consent to the use of cookies in accordance with this policy. If you do not consent to the use of cookies in this way, you must set your browser appropriately or not use the website. If you decide to disable cookies this may affect your website browsing experience. Cookies are computer files or partial data which can be saved on your computer or other internet-enabled devices (e.g., smartphone or tablet) when you visit a website. A cookie contains the name of the website the cookie originates from, the cookie duration (i.e., how long it remains on your device), and a value normally consisting of a randomly generated unique number. Cookies are used to make your use of the website easier and/or to adapt the website and the services it offers to your interests and needs. Cookies can also be used to speed up your future activity on the website. In addition, cookies are used to track you and to compile anonymous statistics in aggregate form.

Further information on cookies used
When you visit this website, the following four types of cookie can be stored on your computer or other device: first party cookies, third party cookies, session cookies and persistent cookies.
Session cookies 
The time which elapses from when you open your internet browser to when you close it is called a browsing session. Session cookies are stored on your computer or other device during a browsing session, but expire and are normally deleted at the end of a browsing session.
First party cookies
First party cookies are saved directly on your computer or other device. They may include cookies such as session cookies and persistent cookies (described below). We use first party cookies to track movements made by your computer or other device when you consult one of our websites, e.g., for analytical purposes.
Third party cookies
Third party cookies are managed by third parties which can collect and track certain browsing data. This website uses the Google Analytics service (described in the section Browsing and statistical data collected by third parties).
Persistent cookies 
Persistent cookies are stored on your computer or other device during a browsing session, but remain on your computer or other device after the end of such browsing session (e.g., password registration). Persistent cookies allow our websites to recognise your computer or other device when it is used to access one of our websites after the end of a browsing session and at the start of a new browsing session, essentially to help you to reconnect to our website quickly.

BROWSING AND STATISTICAL DATA COLLECTED BY THIRD PARTIES
As is now customary on the Internet, this website uses statistical analysis tools provided and managed by third parties, which can collect and “track” certain browsing data.
It should be emphasised that many Italian and foreign websites normally make use of these technologies and solutions via outsourcing, but very few state this in their privacy policy. We have attempted to do so and to inform you in the most correct and transparent way possible: in all cases we remain at your disposal for any information or further clarification you may require.
Because they are collected by tools and companies other than the website manager, these data are not in the physical possession of Istituto Giordano, which can use them solely for consultation but cannot modify or delete them independently. For such operations and for detailed knowledge of the privacy policy applicable to such data you must directly contact the data controller, i.e., the company which directly provides the statistical service used.
This website uses the following third-party tools :
- Google Analytics (provided by: Google Inc. 1600 Amphitheatre Parkway - Mountain View CA 94043, USA)

INFORMATION RELATING TO GOOGLE ANALYTICS
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies," which are text files placed on your computer to allow the website to analyse how users use it. Information generated by cookies on your use of the website (including your IP address) will be transmitted to and stored on Google’s servers in the USA. Google will use this information for the purpose of tracking and examining your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet use. Google may also transfer this information to third parties where required by law or when such third parties process such information for Google. Google will not associate your IP address with any other data in its possession. You can refuse the use of cookies by selecting the appropriate settings on your browser, but this may prevent you from using all the functions of this website. By using this website, you consent to Google’s processing of your data in the manner and for the purposes stated above. Useful addresses for a better understanding of the Google Analytics privacy policy:
- http://www.google.com/analytics/it-IT/tos.html
- http://www.google.com/privacypolicy.html
Any requests relating to data associated with this processing should be addressed to the data controller (Google Inc.).

9. Personal data disclosure
Your personal data will not be shared with third parties, except for external auditors and professional consultants such as banking, legal, accounting and insurance consultants and administrative, regulatory and law enforcement bodies. In addition, if the requested activity requires the intervention of an external inspector or collaborator, the data could be shared with such parties.
We require all third parties to respect the security of your personal data and manage them in accordance with current legislation. We do not allow third-party service providers to use your personal data for their own specific purposes, but only allow them to process your personal data for specified purposes and in accordance with our instructions.

Without your express consent, pursuant to Art. 6 “Lawfulness of processing”, letters b) and c) of the General Data Protection Regulation, the Data Controller may transmit your data, obtained and produced, to perform the service specified in the signed contract, and within the limits of their respective and specific competence, to accreditation bodies, certification bodies, ministries, and in general to any public or private party to which the communication is mandatory by law or by virtue of bilateral agreements for the performance of such purposes. These parties will process the data in their capacity of independent data controllers.

10. Data security
We have established suitable security measures to prevent accidental loss of your personal data, their use or access by unauthorised parties, and their alteration and dissemination. In addition, access to your personal data is restricted to collaborators and other third parties who must necessarily have knowledge of them for reasons connected with the performance of their commercial activity. Your personal data will be processed exclusively according to our instructions and such parties are bound by an obligation of confidentiality.
We have established procedures to manage any personal data violation and we will communicate any such violations to you and to any supervisory authority if so required by law.

11. Third party links
This website could include links to third-party websites and third-party plug-ins and applications (e.g., Facebook). By clicking on these links or connecting to them you agree that third parties can collect or share your data. Third-party websites are not controlled by us and ISTITUTO GIORDANO SPA is not responsible for their respective privacy policies. Upon leaving our website, you are required to read the privacy policy of any other website consulted.

12. Data storage

We do not store data for longer than is needed for the purpose for which they are processed. To determine the appropriate storage period, Istituto Giordano Spa considers the quantity, nature and sensitivity of personal data, the purposes for which we process them, and whether we can fulfil those purposes by other means.

Therefore, in relation to the different types of processing performed, Istituto Giordano Spa may store your data:
  • if there is a contract: until the end of the ordinary 10-year prescription period following termination of the contract (variable in the case of specific EU regulations and directives which require a longer storage period);
  • for marketing activities: for as long as you do not unsubscribe from our portal (if subscribed);
  • until you withdraw your consent to receive our newsletter or, at most, until the end of the ordinary 10-year limitation period from when you voluntarily provided us with your data.
Curricula vitae sent to the dedicated area of our website are stored for a maximum period of 24 months, after which they will be removed from our databases.
In certain circumstances you may ask us to delete data concerning you; for further information please see section 14, Rights guaranteed by law, below.

13. Exercise of rights
Requests to exercise rights stated in this privacy policy, including in particular the right to data deletion and the right to withdraw consent, must be addressed directly to Istituto Giordano S.p.A. at the stated addresses. Alternatively, you may exercise your rights by sending the Privacy Team a registered letter with notification of receipt.
 
14. Rights guaranteed by law

The European Regulation on personal data protection is applied for users, who are entitled to the following rights guaranteed by the privacy protection legislation with reference to personal data pursuant to Article 13, paragraph 2, and Articles 15 to 21 of EU Regulation 2016/679.
 
Right to object
You have the right to object at any time for reasons connected with your particular situation, to the processing of personal data concerning you, pursuant to Article 6, paragraph 1, letters e) or f), of the GDPR, including to profiling based on these provisions. The Data Controller will refrain from further processing of your personal data unless there are legitimate binding reasons to process them which prevail over your interests, rights and freedoms, or for the performance of an existing contract. 

Other rights
  • Right of access: you have the right to obtain from the Data Controller confirmation of whether personal data concerning you are being processed, and if so to obtain access to the personal data and specific information, in accordance with Art. 15 of the GDPR;
  • Right to rectification: you have the right to obtain from the Data Controller the rectification of any inaccurate personal data concerning you. With regard to processing purposes, you have the right to supplement any incomplete personal data, including by providing a supplementary statement, in compliance with Art. 16 of the GDPR;
  • Right to data deletion, including the right to withdraw consent: also known as the "right to be forgotten.” You have the right to obtain from the Data Controller the deletion of personal data concerning you and the Data Controller is obliged to delete these personal data without unjustified delay, or to withdraw consent, if the reasons defined in Art. 17 of the GDPR exist. As regards the right to withdraw, you also have the right to withdraw your consent at any time without prejudicing the lawfulness of the processing based on consent given prior to withdrawal (provided there is no legal provision for maintaining it which prevails over the request);
  • Right to restrict processing: you have the right to obtain from the Data Controller the restriction of processing when the assumptions defined in Art. 18 of the GDPR are present;
  • Right to portability: you have the right to receive in a structured format, commonly used and readable by an automatic device (e.g., a .csv file), the personal data concerning you provided to the Data Controller, and you have the right to transmit these data to another data controller under the terms and conditions specified in Art. 20 of the GDPR.
  • Right to lodge a complaint with the supervisory authority: Without prejudice to any other administrative or judicial appeal, if you consider that processing concerning you violates this regulation, you have the right to lodge a complaint with a supervisory authority, particularly in the member state where you habitually reside or work, or where the alleged violation occurred. The supervisory authority with which you have lodged the complaint will inform you of its status or outcome, including the possibility of a judicial remedy pursuant to Article 78.
These rights are subject to certain rules which govern their exercise. For further information, you may consult the Guide to application of the European Regulation on personal data protection.
You may contact us if you wish to exercise any of the aforementioned rights (see point 15, i.e., the section How to contact ISTITUTO GIORDANO SPA for questions on privacy).
There is no charge for accessing your personal data (or for exercising the aforementioned rights). Nevertheless, we reserve the right to apply substantial charges if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under these circumstances.
We may request specific information about you to help us confirm your identity and ensure proper access to your personal data (or for the exercise of any of your rights). This security measure is needed to ensure that your personal data are not disclosed to any third parties which do not have the right to receive them. We may also contact you to request further information in relation to your request in order to speed up the procedure.
We make every effort to respond to all legitimate requests within one month. Sometimes we may need more than one month if the request is particularly complex or if you have submitted numerous requests. In such cases, we will inform you of the timings and keep you updated.
We have established a Privacy Division with a work team that handles all matters relating to this privacy policy. If you have any further questions about this privacy policy, or intend to submit a request to exercise a right guaranteed by law, you can contact the DPO work group via the contact information in point 15, i.e., the section How to contact ISTITUTO GIORDANO SPA for questions on privacy.

15. How to contact ISTITUTO GIORDANO SPA for questions on privacy
For any questions regarding this privacy policy or if you intend to exercise any of your rights, you can contact the RPD work group, writing to Mr. Davide Mazzotti: 

E-mail: privacy@giordano.it
Pec: privacyig@pec.it
or a writing request to, ISTITUTO GIORDANO SPA - Divisione Privacy, Via Rossini, 2 - 47814 Bellaria Igea Marina (RN).