fbpx

Privacy Policy

Privacy Policy

Privacy Policy for https://mileschool.it/

Data Controller
Mile srl
VIA FRANCESCO OLGIATI 14, 20143 Milano
Email of Data Controller: info@pec.mileschool.it

Privacy Manager
Sig.ra Silvia Gatti
VIA FRANCESCO OLGIATI 14, 20143 Milano
Email of Privacy Manager: privacy@mileschool.it

School DPO
Sig. Marco Casati
Email of DPO: dpo@consulentegdpr.eu

 

Types of data collected

Among the Personal Data collected by this site, either independently or through third parties, there are: Usage data; Cookies; e-mail; first name; surname.

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data is collected.

Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using this Site. Please consult the Cookie Policy.

Any use of Cookies - or of other tracking tools - by this site or by the owners of third party services used by this site, unless otherwise specified, has the purpose of providing the Service requested by the User, in addition to further purposes described in this document and in the Cookie Policy.

The User assumes responsibility for the Personal Data published or shared through this site or sites accessible from it and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.

 

Method and place of processing of the collected data

Processing methods

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.
In addition to the Data Controller, other subjects involved in the organization of this institute (administrative and technical staff) and external subjects (such as third party technical service providers, hosting providers, IT companies, appointed as Data Processors by the Data Controller) have access to the Data. Updated list of Managers can always be requested to privacy@mileschool.it

 

Legal basis of the processing
The Owner processes Personal Data relating to the User if one of the following conditions exists:

  • the User has given consent for one or more specific purposes; Note: in some jurisdictions the Data Controller may be authorized to process Personal Data without the User's consent or another of the legal bases specified below, as long as the User does not object ("opt-out") to such treatment. However, this is not applicable if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
  • the processing is necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures;
  • the processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
  • the processing is necessary for the performance of a task of public interest or for the exercise of public authority vested in the Data Controller;
  • the processing is necessary for the pursuit of the legitimate interest of the Data Controller or of third parties. However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.

 

Place
The Data are processed at the headquarters of the owner of the Data Controller and within cloud systems resident in the Italian territory.

 

Retention period
The Data are processed and stored for the time required by the purposes for which they were collected.
Therefore:

  • Personal Data collected for purposes related to the execution of a contract between the Owner and the User will be retained until the execution of this contract is completed.
  • Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until this interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Owner in the relevant sections of this document or by contacting the Owner.

When the processing is based on the User's consent, the Data Controller can keep the Personal Data longer until such consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this term the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

 

Purpose of processing the collected data
The User Data are collected to allow the Owner to provide its Services, as well as for the following purposes: Displaying content from external platforms, Contacting the User, Statistics and Monitoring of the infrastructure.
To obtain further detailed information on the purposes of the processing and on the Personal Data concretely relevant to each purpose, the User can refer to the relevant sections of this document.

 

Details on the processing of Personal Data
Personal Data are collected for the following purposes and using the following services:

User services (Parents and Students) - Platform external to the School

ClasseViva of Spaggiari Group (External supplier appointed as Data Processor)

  • The Electronic Register is based on the Cloud and can also be used by APP; the software is used for the management of canonical activities (absences, delays, early exits), it also allows the school-family communication and the innovative reorganization of teaching using the best possible technologies.

 

User rights
Users can exercise certain rights with reference to the Data processed by the Data Controller.

In particular, the User has the right to:

  • withdraw consent at any time. The User can revoke the consent to the processing of their Personal Data previously expressed.
  • oppose the processing of their data. The User can oppose the processing of their data when it occurs on a legal basis other than consent. Further details on the right to object are indicated in the section below.
  • access their data. The User has the right to obtain information on the data processed by the owner, on certain aspects of the processing and to receive a copy of the data processed.
  • verify and ask for rectification. The User can verify the correctness of their Data and request its updating or correction.
  • obtain the limitation of the treatment. When certain conditions are met, the User can request the limitation of the processing of their Data. In this case, the Data Controller will not process the Data for any other purpose than their conservation.
  • obtain the cancellation or removal of their Personal Data. When certain conditions are met, the User can request the cancellation of their Data by the Owner.
  • receive their data or have them transferred to another owner. The User has the right to receive their data in a structured format, commonly used and readable by an automatic device and, where technically feasible, to obtain their unhindered transfer to another owner. This provision is applicable when the Data is processed with automated tools and the processing is based on the User's consent, on a contract to which the User is a party or on contractual measures connected to it.
  • propose a complaint. The User can lodge a complaint with the competent personal data protection supervisory authority or take legal action.

 

Details on the right to object
When Personal Data is processed in the public interest, in the exercise of public authority vested in the Owner or to pursue a legitimate interest of the Owner, the User will have to discuss with the owner.

 

How to exercise your rights
To exercise the User's rights, Users can direct a request to the contact details of the Privacy Manager indicated in this document. Requests are processed as soon as possible.

 

Legal references
This privacy statement is drawn up on the basis of multiple legislative systems, including articles. 13 and 14 of Regulation (EU) 2016/679.
The same can be modified for the needs of this institute or in the event of changes to the aforementioned rules.