privacy

Regulation (EU) 2016/679, art. 13 concerning the processing of personal data

PRIVACY POLICY

Dagù S.r.L, with registered office in via Cesare da Sesto 5 – 20123 Milan (MI), taxpayer’s identification and VAT no. 07365690969 (hereinafter, “Controller”), in its capacity as data controller, hereby informs you pursuant to art. 13 of Leg. dec. no. 196, 30.6.2003 (hereinafter, “Privacy Code”) and to art. 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in accordance with the following procedures and for the following purposes:

1. Subject of the Processing
The Controller processes personal data, including details (for example, first name, surname, address, telephone number, e-mail) (hereinafter, “personal data” or “data”) conveyed by you in the making of contracts for the Controller’s services. By “processing of personal data” is meant any operation or set of operations performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, elaboration, selection, blocking, adaptation or modification, extraction, consultation, use, conveying by transmission, dissemination or otherwise making available, comparison or interconnection, limitation, deletion or destruction.

2. Purpose of the Processing
The processing of data will aim at carrying out the tasks listed below:
1) The personal data and the information regarding the child and the family members are requested for purposes of:
– evaluation of the application and drafting of the placement list and, where appropriate, the waiting list;
– management in the best manner possible of the child’s insertion in our educational structure;
– assessment of the child’s level of personal autonomy;
– organising the activities in which the child will be inserted (both internal and external: trips, visits);
– being able to contact an adult in case of need (telephone numbers, e-mail addresses);
– discharging the administrative obligations (issuing of receipts for payment);

2) the conferring of certain data is mandatory (the child‘s identity data, those of the person who exercises authority, of residence, of contact) for the pursuit of the purposes described in the foregoing clause 1);

3) certain data, including sensitive data, may be conveyed, i.e. transmitted to a specific person or entity, only if such conveying is necessary for the pursuit of the purposes described in the foregoing clause 1); for such conveying it is necessary to obtain your consent; absence of consent would leave us incapable of operating in the child’s interests. For operations indispensable for the protection of the child’s health we shall in any case deem ourselves authorised to operate without any limitation; the possible scopes of conveying of data are specified in section 5 hereof. By way of example we specify, amongst possible scopes:

4) in the event of our need to become aware of constraints of whatsoever nature which must be taken into consideration in the conduct of activities in which the child may be inserted, you are requested to give us written notification thereof;

5) during the activities that will be carried out in the course of the entire educational programme there will be produced, by the teaching staff, assessments, reports, tutorial sheets, which may contain references, data or information concerning the child; these materials will be merged, along with the material produced during the activities, in the Personal File that will accompany the child throughout his/her schooling; upon his/her move to another school, the Personal File is transmitted to the new institution in accordance with the usual procedures for the transfer of schooling documentation, subject to the parents’ consent;

6) during activities it is possible that video recordings will be made or photographs taken in order to document what has been carried out; in most cases this is a tutorial necessity, in others a documentary necessity; in any event the scope of diffusion of images is solely internal and useful for the purposes described.

7) you will be requested to authorise the publication on our website or on our social network pages of images as per the foregoing clause 6. Images used will be pertinent to such publications’ content and will not show elements from which states of health or other information of sensitive nature are apparent. No information of a personal nature will accompany the images. Smile Milano will not be liable for any use made by third parties of the images published. Should there arise a need to use the images in other contexts more general or indeterminate, for example publications or public projections, specific consent thereto will be requested;

8) we hereby inform you that it is possible for family members of children attending the school to make video recordings or take photographs provided that this be done during public festive occasions, birthday parties or open activities and provided that the images not be intended for dissemination or for commercial use but solely for family use;

9) you will be offered the possibility, by means of a special form to be compiled, to provide the names of other persons authorised to collect the pupil at the end of the school day; the list thus provided may be updated at any time by means of notification in writing; such authorisation relieves the School of any liability, civil or penal, for any accidents occurring after collection;

10) you will also be requested to provide documentation regarding such mandatory vaccinations as are required by current legislation for transmission to appropriate control authorities.

3. Procedures of Processing
The processing of your personal data is carried out by means of the operations specified in art. 4 of the Privacy Code and in art. 4 sect. 2) GDPR and precisely: collection, recording, organisation, storage, consultation, elaboration, modification, selection, extraction, comparison use, interconnection, blocking, conveying, deletion and destruction of the data.
Your personal data are subjected to processing both on paper and by electronic and/or automatic means.
The Controller will process the personal data for the time necessary to attain the purposes aforesaid and in any case for not more than 10 years from the termination of relations for the Purposes of service.

4. Access to data
Your data may be rendered accessible for the purposes as per art. 2:
– to employees and collaborators of the Controller, in their capacity as persons assigned to and/or internal managers of processing and/or system administrators; to other companies or entities (e.g. supervisory authorities, professional firms, external consultants and professionals specialised in childcare and children’s development, etc.) who perform outsourced tasks on behalf of the Controller in their capacity as external managers of the processing.

5. Conveying of data
Without need for express consent (pursuant to article 24 par. a), b), d) Privacy Code and art. 6 par. b) and c) GDPR), the Data Controller may convey your data for the purposes as per art. 2 to:
– Public bodies entitled to demand the sending of data or information (municipalities, provincial and regional school boards, public health authorities, social workers);
– Administrative services companies or firms in charge of quality control regarding the services concerned by our offer;
– Medical, paramedical or administrative personnel of healthcare structures employed in activities of monitoring, prevention or assistance;
– Insurance companies, experts or other entities involved in the settlement of reimbursement cases subsequent to accidents;
– External bodies providing transport service.

Said entities will process data in their capacity as independent data controllers.
The data will not be conveyed to any subjects other than those indicated in the foregoing sections 3) and 4), and will not be disseminated without your prior written consent;

6. Transfer of data
Personal data are stored on servers located within Italy or within the European Union. In any case it remains understood that the Controller, if necessary, will have the option to move the servers to a location outside the EU. Should such be the case the Controller hereby warrants that the transfer will take place in accordance with the applicable legal provisions, subject to establishment of the standard contractual terms prescribed by the European Commission.

7. Nature of the conferment of data and consequences of refusal to respond
The conferment of data for the purposes as per section 2 hereof is mandatory save for clauses 2.3/2.4/2.6/2.7, for which we request specific consent. In absence thereof we cannot warrant the Services under art. 2.

8. Rights of the data subject
In your capacity as data subject you have the rights as per art. 7 of the Privacy Code and art. 15 GDPR and precisely the rights:
– to obtain confirmation as to whether or not personal data concerning you exist, even if they are not yet registered, and their conveying in intelligible form;
– to obtain specification: a) of the origin of the personal data; b) of the purposes and procedures of the processing; c) of the logic applied in the event of processing carried out by means of electronic instruments; d) of the identity details of the Controller, of the managers and of the designated representative pursuant to art. 5, sect. 2 of the Privacy Code and art. 3, sect. 1 GDPR; e) of the entities or categories of entities to which the personal data may be conveyed or which may become aware thereof in their capacity as designated representatives in Italy, of managers or staff in charge.
– to obtain: a) the updating, rectification or, when such interest exists, complementing of data; b) the deletion, transformation into anonymous form or blocking of data processed in breach of law, inclusive of those whereof the storage is not necessary for the purposes for which they were gathered or subsequently processed; c) certification that the operations as per the foregoing points a) and b) have been brought to the cognisance, including with respect to the content thereof, of those entities to which the data have been conveyed or disseminated, save in the event wherein such discharge proves impossible or involves the employing of means manifestly disproportionate to the right protected;
– to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of their collection.
Where applicable, you also have the rights as per articles 16-21 GDPR (right to rectification, right to be forgotten, right of restriction of processing, right to data portability, right to object), as well as the right to file a complaint with the competition authority.

9. Procedure for exercise of rights
You may exercise your rights at any time by sending:
either a recorded delivery letter with advice of receipt to Dagù S.r.L, with registered office in via Cesare da Sesto 5 – 20123 Milan (MI), or an e-mail message to the address amministrazione@nidoscuolaclorofilla.it

10. Controller, manager and staff in charge
Dagù S.r.L., with registered office via Cesare da Sesto 5 – 20123 Milan (MI). The list of managers and staff currently in charge of processing is kept at the Controller’s registered office.