Privacy policy

Privacy policy in accordance with Art. 13 of European Data Protection Regulation no. 2016/679

This page describes how the website is managed with respect to the processing of personal data of users who visit it. The processing of users’ personal data will be carried out in accordance with applicable legislation, with particular reference to EU Regulation 2016/679 and Italian laws and regulations (hereinafter the “Applicable Privacy Regulations”). This policy is given to those who interact with the web services accessible electronically at the address: www.ied.it (hereinafter also referred to as the “Website”). The privacy policy is provided only for this website and not for other websites that may be viewed by the user by clicking on links.
In accordance with art. 13 of the European Data Protection Regulation no. 2016/679 regarding the protection of personal data, we inform you that the data collected will be processed by

• ISTITUTO EUROPEO DI DESIGN S.p.A.,
• I.L.E.M. S.r.l.,
• ISTITUTO EUROPEO DI DESIGN SL (hereinafter “IED Spain”)
• ISTITUTO EUROPEO DI DESIGN – ESCOLA LTDA. – EPP (hereinafter “IED Brazil”), parent of ISTITUTO EUROPEO DI DESIGN-BRASIL (also “IED RIO”) and ISTITUTO EUROPEO DI DESIGN – SÃO PAULO (IED-SÃO PAULO) (also “IED São Paulo”)

as independent Data Controllers, in compliance with current laws. The updated list of internal and external data processors is available from the Data Controller, where required by applicable laws.
Each independent data controller carries out the processing of user data for the courses it provides. The specification of the organisation that provides the course and therefore acts as the controller of the data managed is described in the privacy policy of the course itself. As the manager of the website, Istituto Europeo di Design S.p.A. collects the data of those interested in the courses and transfers them to the independent data controllers that provide the courses, responding to users’ requests for information and/or proceeding with enrolments as they are submitted.
In view of the foregoing, the user is informed of the fact that the Data Controllers for each area are as follows:

• ISTITUTO EUROPEO DI DESIGN S.p.A., with registered office in Milan, Via Bezzecca 5, in the person of its legal representative pro tempore.
• I.L.E.M. S.r.l., with registered office in Como, Via Petrarca 9, in the person of its legal representative.
• ISTITUTO EUROPEO DI DESIGN SL, with registered office at C/ Flor Alta 8, Madrid 28-MADRID, in the person of its legal representative.
• ISTITUTO EUROPEO DI DESIGN – ESCOLA LTDA. – EPP, with registered office in R Maranhao, Andar 9, CJ.93, São Paulo, in the person of its legal representative.
• ISTITUTO EUROPEO DI DESIGN-BRASIL, with registered office in Av. Joao Luis Alves, Rio De Janeiro, in the person of its legal representative.
• ISTITUTO EUROPEO DI DESIGN – SÃO PAULO (IED-SÃO PAULO), with registered office in R Maranhao, Andar 9, CJ.93, São Paulo, in the person of its legal representative.

Data Protection Officer for the processing carried out by Istituto Europeo di Design S.p.A. and I.L.E.M. S.r.l. is Ecoconsult S.r.l., with registered office in Milan, Via Goldoni, 1, which can be contacted at dpo@ecoconsult.it.
At any time you can exercise your rights under articles 15-22 of the Regulations, including the erasure of data or objection to their use, by sending an email to privacy@ied.it. To exercise your rights with the autonomous data controllers IED Spain and IED Brazil you must refer to the privacy policies published on their websites.

TYPES OF DATA PROCESSED

Browsing data:
During normal operation, the software procedures responsible for the operation of this website acquire some personal data that are then implicitly transmitted by means of internet communication protocols. By their very nature, such information could, through association with and processing of data held by third parties, allow the identification of users/visitors (e.g. IP address, domain names of computers used by users/visitors connecting to the website, etc.). These data are used only for statistical purposes (and are therefore anonymous) and to check the correct operation of the website. No data deriving from the web service are disclosed or disseminated. The data could be used to ascertain responsibility in case of any computer crimes against the website. With the exception of this eventuality, data on web contacts are not kept for more than seven days.
Data provided voluntarily by the user:
Except as specified for browsing data, users/visitors are free to provide their personal data through the contact forms on the website. The personal data provided (name, surname, email address, telephone number and other personal data and residence/home) will be used exclusively to respond to their requests or for the provision of a specific service. Failure to provide data relating to fields marked with an asterisk may make it impossible to use the service offered.
Specific summary privacy policies will be included or displayed on the pages of the website set up for particular services on request or for the management of specific courses by the independent data controller that manages the course.
Cookies:
The complete policy regarding the processing of data using website cookies is available at the following link: https://www.ied.it/informativa-sulle-cookie-policy.

LEGAL BASIS AND PURPOSES OF THE PROCESSING
The European Regulation on the Protection of Personal Data confirms that any processing must be based on specific principles of lawfulness. The grounds for the lawfulness of the processing are, among others, consent, performance of contractual obligations, vital interests of the data subject or third parties, legal obligations the data controller is subject to, public interest or exercise of public authority, prevailing legitimate interest of the data controller or third parties to whom the data are disclosed.
In this case, each Data Controller collects and processes Users’ personal data for the following purposes:
Use of the user’s personal data, provided by the latter, for the purpose of managing the User’s requests submitted through the Website as well as to respond to and process them on the basis of what was requested (e.g. information request and/or online enrolment request and/or request for an interview).

RECIPIENTS
In addition to the Data Controllers, categories of managers and authorised persons involved in the corporate aspect of the Website may have access to the data. Moreover, the Data Controllers may use external parties (like third-party technical service providers, hosting providers, cloud services, IT companies) that may be appointed as external Data Processors. The updated list of the Data Processors can always be requested from the Data Controllers. The data processed by the Data Controllers will not be disclosed.

TRANSFER OF DATA TO A THIRD COUNTRY
The European Data Protection Regulation provides for the obligation to inform data subjects in the event of the transfer of their data to third countries (not belonging to the EU or the European Economic Area: Norway, Iceland, Liechtenstein) or international Organisations.
The Data Controllers inform the data subjects that disclosures and/or transfers of data to third countries may be made. More specifically, this will occur only in the event that a request is made through the pages of the Website to express the user’s interest in being informed about a course run by the independent data controller IED Brazil and/or to be enrolled there and/or to conduct interviews related to it.

DATA RETENTION
The data collected for the purposes specified above will be kept for the time necessary to carry out the operations they were acquired for. The storage period will be determined on the basis of the assessment of the individual operation and will in any case take place in compliance with the principles of necessity, purpose, relevance and restraint established pursuant to the Regulation.

METHOD OF PROCESSING
The processing is carried out by means of automated tools (e.g. using electronic procedures and tools) and/or manually (e.g. on paper) for the time strictly necessary to achieve the purposes the data were collected for, and in any case in accordance with current relevant legislation.

USERS’ RIGHTS
Pursuant to the Applicable Privacy Policy, Users shall have the right to:
– Be informed of the purposes and methods of the processing of their personal data.
– Access to their personal data.
– Obtain a copy of their personal data if they are stored in countries outside the European Union, and to obtain an indication of the place where such personal data are stored or transferred.
– Request the correction, updating or completion of their personal data.
– Request the deletion, anonymisation or blocking of the processing of their personal data.
– Whole or partially object to any processing carried out through automated decision-making processes, including profiling.
– Withdraw their consent to the processing, where given, free of charge and at any time, it being understood that withdrawal of consent does not affect the lawfulness of processing based on consent that was given before withdrawal.
– Contact the Data Protection Officer of the Data Controller.
– Lodge a complaint with the Personal Data Protection Authority.
– Data portability, i.e. the right to receive one’s personal data in a structured format that is commonly used and machine-readable, and the possibility of being able to transmit them to another controller free of charge and unhindered, where applicable.
– Request the restriction of the processing of their personal data, where applicable.
At any time Users can exercise their rights under articles 15-22 of the Regulation, including the erasure of data or objection to their use, by sending an email to privacy@ied.it, it being expressly understood that in this case the Data Controller may not be able to provide the services requested by the user. To exercise your rights with the autonomous data controllers IED SL and IED Brazil you must refer to the privacy policies published on their websites.

COMPLAINTS
Complaints regarding the processing can be lodged with the competent Authority:
Garante sulla Protezione dei Dati personali
Piazza di Monte Citorio n. 121
00186 ROME
Fax: (+39) 06.69677.3785
Telephone: (+39) 06.696771
Email: garante@gpdp.it

CHANGES AND UPDATES
This Policy is applicable from 25/05/2018 and was updated on 22/05/2019.