We hereby inform you that Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC, General Data Protection Regulation, (hereinafter “GDPR“), provides for the protection of natural persons with regard to the processing of personal data. Pursuant to the aforementioned regulation, the processing of your personal data will be based on principles of fairness, lawfulness, transparency and protection of your privacy and your rights. This information note is provided to the interested parties pursuant to Art. 13 GDPR.

Data controller

The company Boole Server Srl, based in Via Melchiorre Gioia 112/A – Milan, email: booleserversrl@legalmail.it (“Company“) as data controller hereby provides you with the following information on the processing of your personal data pursuant to Art. 13 GDPR.

Purpose of the processing and consequences if you refuse to provide your personal data

The Company processes the personal data you provide when you browse our website, request information on our services and/or products at the time of purchase and/or use, including free of charge, of one of our services and/or products by filling in the online or paper form for the purposes described below.

a) Purposes necessary for the management of your enrolment in the course or the purchase of a product
The Company processes your personal data to the extent necessary to manage your requests for information and assistance with regard to our services and/or products, the purchase and/or use, including free of charge, of our service and/or products by you. It then processes your personal data for the conclusion and fulfilment of the related agreement, including the fulfilment of all related obligations, the fulfilment of your further requests and post-sales customer service. We also process your personal data to comply with legal obligations when managing the purchase of one of our services and/or products (for example, administrative and accounting matters) and for exercising our rights in court. For these purposes, we process data such as name and surname, email, telephone number, date of birth, data on your residence/domicile (city, province, postcode and country). Providing your personal data is necessary for the aforementioned purposes and any refusal would prevent you from requesting the required service and/or product.

b) Further purposes: marketing and profiling

With your consent, which is optional, the Company uses your personal data for marketing purposes, that is, to send you promotional newsletters, commercial or advertising communications on the Company’s promotional and sales initiatives, its sales and assistance network and those of its partners, for direct sales, market research and satisfaction surveys, as well as to perform statistical analyses with anonymous data, structured in aggregate form. The marketing activities are carried out by means of automated tools (e-mail, sms, mms, newsletters) and non-automated methods (paper mail, telephone with operator), including the sending of invitations to events organized by the Company. With your consent, which is optional, the Company collects information related to your preferences, habits, lifestyle, profession and details of the services/products purchased from us, to use them for creating group and individual profiles (” profiling “) that are used for sending personalized communications and conducting market research and statistical research with anonymous data, structured in aggregate form. The customised marketing activities are carried out by means of automated tools (e-mail, sms, mms, newsletters) and non-automated methods (paper mail, telephone with operator), including the sending of invitations to events organized by the Company. In any case, you may at any time indicate the preferred contact method among those listed above, and you can object to receiving promotional communications, whether customised or not, on all or only some of the aforementioned communication channels. For marketing and profiling, the Company uses data such as name and surname, email, telephone number, data on residence/domicile (city, province, postcode and country), details of services/products purchased from us and participation in events organized by the Company. Providing your personal data for the marketing and profiling purposes indicated above is optional and any refusal will enable you in any case to request the service and/or product required.

Personal data of third parties

If, during the use of the Website you provide us with the personal data of third parties, you must ensure that the communication of data to the Company and our subsequent processing for the purposes specified in this Privacy Policy takes place in compliance with applicable legislation; for example, before providing us with the personal data of third parties, you must inform them and obtain their consent to the processing, if required by the aforementioned legislation. The Company processes the personal data of third parties only to enable the use of our products and/or services according to your requests.

Terms and legal bases of data processing

The Company processes your personal data with and without the aid of electronic tools, based on principles and procedures consistent with the purposes indicated below and in compliance with the GDPR, including in terms of confidentiality and security. Pursuant to the GDPR, your personal data are used to update and amend previously collected information. The Company processes your personal data on the basis of the following legitimacy criteria:

• fulfilment of obligations arising from a contract between you and the Company;
• fulfilment of legal obligations;
• your consent, as required;
• the legitimate interest of the Company for the protection of its rights; this legitimate interest may specifically consist of:
  • protection of its rights;
  • internal administrative purposes, such as the implementation and operation of internal sharing between departments and with associate, subsidiary, and parent companies;
  • prevention of fraud, inappropriate use of company IT systems or money laundering;
  • physical security, security of IT systems and network security.

Communication of your personal data to third parties

Personal data are accessible to our duly authorized staff on the basis of need criteria and are disclosed to third parties in the following cases:

a)  when such disclosure is required by applicable laws and regulations with respect to legitimate third party recipients of communications, such as authorities and public bodies for their respective institutional purposes, including police forces;

b)  communication to third parties in the case of extraordinary transactions (e.g. mergers, acquisitions, transfer of company, etc.);

Your personal data are also shared with our service providers, e.g. for technical and organizational services functional to the aforementioned purposes, as independent contractors, also in combined form – e.g. for the management of payments, companies specialized in market research and data processing, advertising companies, etc. We provide these entities with only the data necessary to perform the agreed services, and they act as Data Controllers, based on the instructions received from the Company.

Transfer of your personal data abroad

Your personal data may be transferred by us outside Italy to third parties established within the European Union. This transfer is free, since each country in the European Union guarantees an adequate level of data protection. However, we may also transfer your data to third countries, not belonging to the European Union, which do not guarantee the same level of data protection. Nonetheless, we assure you that this transfer to third countries will always take place in accordance with the provisions of the Privacy Code and Privacy Law, that is, through the adoption of every measure necessary to ensure the security of the transferred data. These measures may include contractual agreements based on the so called standard contractual clauses drawn up by the European Commission.

Storage of personal data

Personal data processed for the management and/or use by you, including free of charge, of one of our services and/or products, are deleted after 10 years from the end of the service and/or the purchase of the product. For marketing and profiling purposes, data are stored for the time strictly necessary for said purposes, and in any case for not more than 24 and 12 months respectively from the day they were collected. You can at any time request the deletion of data for these purposes and object to the processing of data for marketing and profiling purposes. This is without prejudice to the cases in which, in order to comply with a legal obligation, to exercise or defend its rights in court, the Company is authorized to keep the data for a different period of time.

Your rights

You may contact the Company in its capacity as Data Controller at the above addresses to obtain an updated list of our data processors (i.e. our service providers), of the persons to whom the data are disclosed, and to exercise at any time the following rights referred to in Art. 15 onwards of the GDPR; to obtain confirmation of the existence or otherwise of your data, verify their content, origin, accuracy, request their integration, updating, rectification, deletion, anonymization, request the portability of the data, the restriction of their processing, object to their processing for legitimate reasons, e.g. opposition to marketing, to a decision based solely on automated processing, including profiling, unless you have given your explicit consent to such purposes or unless the automated processing is necessary for entering into or performing a contract with the Company, or submission of a claim to the Data Protection Authority. In addition, you may, if required by a specific situation, object to the processing of your personal data when processed on the basis of the legitimate interests of the Company, unless the prevailing legitimate reasons of the Company to proceed with processing are demonstrated (e.g. the exercise or defence of a right in court).