1. Identity and contact details of the owner:
The data controller is QSA srl - Engineering Consulting Training – VAT number 01670340221, with registered office in 38030 Ziano di Fiemme (TN), Via alla Marcialonga n. 3.
It is possible to contact the Data Controller using the following contact details:
Phone: 0462 500049
2. Purpose of the processing and legal basis:
The collection, or the processing of personal data, takes place for the pursuit of the following purposes:
a) Execution of the contract and contact purposes
The personal data collected will be processed for the purpose of registering for the training courses provided by the company and for purposes related to the progressive management of the services covered by the training service, such as the organization of the activity and the issuance of documentation proving participation in the course.
The purpose is research/statistical analysis on aggregated or anonymous data, therefore without the possibility of identifying the user, aimed at measuring the functioning of the Site, measuring traffic and evaluating usability and interest.
b) Fulfillment of legal obligations
Your personal data will be processed for the fulfillment of legal obligations established by community regulations, national laws, or by other regulatory sources.
In particular, QSA srl - Engineering Consulting Training may process your data for the fulfillment of accounting and tax obligations.
c) Implementation of the Company Management System
Your personal data will be processed for the fulfillment of the procedures connected to the correct application of the company's internal management system, aimed at guaranteeing the monitoring of company processes, continuous improvement and the achievement of company objectives, customer management service, and conducting surveys aimed at improving the quality of the services provided.
d) Subscription to the Mailing List (Newsletter)
Your personal data will be used to send the periodic newsletter of QSA Srl for the purpose of:
· update its customers on the latest regulatory news, scheduled courses, events and seminars, compliance deadlines
· transmit insights on the main issues related to the topic of occupational safety and hygiene, organizational well-being and health promotion,
· communicate any news regarding new services, opportunities, loans provided or promoted by QSA Srl.
The legal basis that makes the processing lawful, carried out for the purposes described above, is substantiated in the execution of the contract of which the interested party is a party and in the execution of pre-contractual measures adopted at the request of the same (Article 6 paragraph 1, letter b) GDPR), in the fulfillment of legal obligations to which the Data Controller is subject (art. 6 paragraph 1, letter c) GDPR), as well as in the pursuit of the legitimate interest of the same (art. 6 paragraph .1, letter f) GDPR).
The provision of the requested data is optional, but necessary for the performance of the above service; therefore, failure to provide them will only make it impossible to participate in the initiative.
3. Communications and data sharing with third parties:
The personal data provided may be communicated to third parties for activities strictly connected and instrumental to the operation of the service.
Third parties who will have access to the personal data collected will process the data only on the instructions of the Data Controller, which will be formalized in a dedicated contract and within the limits of the same.
The subjects belonging to the aforementioned categories perform the function of Data Processing Manager, subject to the authority and control of the Data Controller
Apart from these cases, personal data will not be communicated or granted to anyone, unless otherwise provided by law or specific and further consent from the interested party.
4. Processing methods
In relation to the indicated purposes, the processing of personal data takes place using manual, IT and telematic tools with logic strictly related to the purposes themselves and in any case in order to guarantee the security and confidentiality of the data in compliance with the legislation mentioned in the epigraph.
The existence of automated decision-making processes, including profiling, is excluded.
5. Transfer of data to non-European countries:
Some personal data may be transferred to countries of the European Union and to third countries which guarantee an adequate level of protection substantially equivalent to that ensured within the Union, on the basis of an adequacy decision by the European Commission. QSA ensures that the electronic and paper processing of personal data by the recipients takes place in compliance with the Applicable Law.
6. Personal data retention period:
The collected data will be kept in a form that allows the identification of the interested parties for a period of time not exceeding the achievement of the purposes for which they are processed ("conservation limitation principle", art.5, EU Reg. 2016/679 ) or on the basis of the deadlines established by law.
7. The rights of the interested party:
In your capacity as an interested party, you can assert the rights referred to in articles 15 and following of EU Regulation 2016/679 listed below:
· Rights of access, rectification and deletion of data, portability, limitation of treatment and withdrawal of consent given.
· In accordance with EU Regulation 2016/679, you have the right to request the Data Controller to access your data, as well as to rectify or cancel them. Within 30 days of submitting the request, you will be provided with written feedback, including via electronic means.
· You also have the right to oppose the processing or to request the limitation of the same, for legitimate reasons and in the cases provided for in the articles. 18 and 21, EU Reg. 2016/679.
· You may revoke your consent to the processing of data provided for the purposes specified in this statement at any time.
· Finally, you can exercise the right to data portability by requesting the Data Controller to transmit them to another Data Controller.
· Right to lodge a complaint with the Supervisory Authority: you can contact the Supervisory Authority by proposing a complaint, if you believe that your data is being processed illegitimately and contrary to the relevant legislative provisions.
To exercise the rights indicated above, it will be sufficient to use one of the Data Controller's contact details indicated in point 1 or use the appropriate contact form.