Privacy policy - Covenant ETS
Pursuant to Article 13 of the European Regulation 2016/679 (the “Privacy Regulation”), COVENANT ETS intends to inform all users and/or visitors of the website WWW.ROOTS.INSTITUTE (respectively referred to as the “Users” and the “Site”) about the use of personal data, log files, and cookies collected through the Site itself.
1. Data controller and data protection officer
The Data Controller of personal data is COVENANT ETS (Tax Code and VAT number 07118560486, with legal headquarters in Firenze (FI), Via XX Settembre 128, (hereinafter referred to as the “Data Controller”).
2. Data collected by the Site
a) automatically
Browsing Data:
The computer systems and software procedures used to operate this Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.
These data, necessary for the web services use, are also processed for the purpose of:
- checking the correct functioning of the services offered
Browsing data does not persist for more than 6 months (except for any need to ascertain crimes by the Judicial Authority).
b) provided by the use
User-Provided Data:
The optional, explicit, and voluntary sending of data through the various form fields present on the Site, which involve the acquisition of the sender’s contact data, necessary to fulfill contact requests, services, and any assignment of credentials for restricted areas.
c) through cookie
The Site uses cookies, for which please refer to the extended “cookie policy” statement.
3. Types of personal data, purposes, legal basis and retention period
The personal data requested and provided are necessary for us to allow access to the Site and the use of the following services:
Service type: Contact Area/Reminder.
Types of personal data collected: demographic information, contact details (e.g., email, phone numbers, etc.).
Purpose: to acquire, through the completion of a specific form, the references of the website users to meet requests for informational/commercial contact (Contact Area/Reminder).
Legal basis: contract execution for requests; consent in case of requesting authorization to send promotional or marketing material. Retention period: until withdrawal of consent.
Retention period: until withdrawal of consent or unsubscription.
Service type: Newsletter
Types of personal data collected: demographic information, web contact data.
Purpose: to include the individual in the newsletter mailing list.
Legal basis: user’s consent.
Retention period: until withdrawal of consent or unsubscription.
Service type: Registration for "Contacts"
Types of personal data collected: demographic information, web contact data.
Purpose: to acquire, through the completion of a specific form, the demographic references of the website users to allow the submission of unsolicited applications.
Legal basis: user’s consent.
Retention period: 2 years
The processing of data for the above purposes will be carried out in compliance with the Privacy Regulation and all specific sector regulations.
The data provided will be processed mainly by computer under the authority of the Data Controller, by persons specifically instructed, authorised and trained to process the data in accordance with Articles 28 and 29 of the Privacy Regulation. Please note that appropriate security measures are also observed pursuant to Articles 5 and 32 of the Privacy Regulation to prevent the loss of data, unlawful or incorrect use and unauthorised access.
4. Compulsory or optional nature of consent to provide data
The provision of data is optional, but if it is not provided it will not be possible to take advantage of certain services provided by the Site.
5. Where we may transmit the data
The data may be communicated, within the EU, in full compliance with the provisions of the Privacy Regulation, to the following entities:
(1) the financial administration and/or other public authorities, where required by law or at their request;:
(2) the structures, subjects and external companies which the Data Controller uses to carry out activities connected with, instrumental to or consequent upon the performance of the Site services.:
The information automatically collected by the Site may also be transferred to cloud servers of Third Parties also located outside the EU, if such processing is necessary for the performance of the Site services. The legal basis of such processing is therefore Article 49, paragraph 1, letter b of the Privacy Regulation.
6. Security measures
Through the Site, data are processed in compliance with the applicable law and using appropriate security measures in accordance with the legislation in force, also pursuant to Articles 5 and 32 of the Privacy Regulation.
In this regard, we confirm, inter alia, the adoption of appropriate security measures aimed at preventing unauthorised access, theft, disclosure, modification or destruction of processed data.