Collection and use of personal information
Personal information is data that can be used to identify or contact a specific person.
Here are some types of personal data that European Academy of Creativity SL may collect and use.
What personal data we collect
- When you browse the site www.eacbarcelona.eu we may collect a series of data, including name, address, telephone number, email address, contact preferences, device identification codes, IP address, location information, and credit card information.
- European Academy of Creativity SL will use this information to satisfy your requests, provide you with the product or service relevant to your needs.
- In certain circumstances, you may be asked for a valid identification document, to handle reservations or on the basis of statutory obligations.
How we use your data personal
- The personal data collected by us allows us to keep you updated on the announcements of the latest products of European Academy of Creativity SL , and on upcoming events. If you do not want to be included in our mailing list, you can unsubscribe at any time in the specific section.
- We also use personal data to develop, provide and improve our products, services, content and advertising materials, as well as to prevent losses and fraud. In addition, we can use them to ensure network and account security, and to protect our services for the benefit of all our users. Your data will be used for anti-fraud purposes in case it is required by conducting an online transaction with us. We limit our use of data for anti-fraud purposes to what is strictly necessary and within the recognized limits of our legitimate interests to protect our customers and services. For some online transactions, we may also verify the information you provide to us by consulting publicly accessible sources.
- Personal data, including the date of birth, can be used to verify identity, facilitate user identification and determine which services are appropriate.
- We may periodically use your personal information to send important notices, such as communications relating to the services offered, as well as our conditions and policies. Since this data is important for your interaction with European Academy of Creativity SL, you cannot request not to receive such communications.
- We may also use personal data for internal purposes, for verification, data analysis and research to improve products, services and communications with customers of European Academy of Creativity SL.
Origin of your personal data collected from other sources
European Academy of Creativity SL may have received your personal data from other people who have shared their content with you using products European Academy of Creativity SL. For research and development purposes, we can use data sets containing images or other data that could be associated with a person in order to identify it. When we acquire these data sets, we do so in accordance with the applicable laws in the jurisdiction in which the data set is hosted. During the use of such data sets for research and development, no attempt is made to identify the person to whom the data belongs.
Collection and use of non-personal data
We also collect data that is in a form that does not permit direct association with a specific individual. We may collect, use, transfer and disclose non-personal information for any purpose. The following are some examples of non-personal data collected by us and their use:
- We can, for example, collect data on profession, language, postal code, telephone prefix, unique device identification code, reference URL, in order to better understand customer behaviour and improve our products, services and advertising materials.
- We may collect and store details about the use that users make of our services, including searches. This information can be used to improve the relevance of the results provided by our services.
Disclosure to third parties
European Academy of Creativity SL may periodically make certain personal data available to strategic partners who collaborate with European Academy of Creativity SL for the supply of products and services or which help European Academy of Creativity SL in selling to customers. Personal data will be shared by European Academy of Creativity SL only to provide or improve its products, services and advertising materials; they will not be shared with third parties for the commercial purposes of the latter.
It may be necessary for European Academy of Creativity SL (by law, court proceedings, litigation and / or requests by public and governmental authorities within or outside your country of residence) to disclose your personal data. We may also disclose your information if we believe that, for purposes of national security, compliance with the law or other matters of public importance, it is necessary or appropriate to do so.
We may disclose your information if we believe that disclosure is reasonably necessary to apply our terms and conditions or to protect our activities or users. Furthermore, in the event of reorganization, merger or sale, we may transfer all personal data collected by us to third parties affected by such transactions.
Data protection personal
European Academy of Creativity SL takes care of the security of your personal information. For the storage of personal data by European Academy of Creativity SL, information systems with limited access are used, located in facilities that take physical security measures. The data is stored in encrypted form, even in cases where we use third-party storage solutions.
Existence of automated decision-making procedures, including profiling
European Academy of Creativity SL does not make any decisions regarding the use of algorithms or profiling that significantly affects you.
Integrity and retention of personal data
Access to personal data
You can help ensure that your preferences and contact information is accurate, complete and up to date by accessing the site www.eacbarcelona.eu. We will grant you access to the other personal data stored by us and we will provide you with a copy so that you can perform any operation you require, for example requesting to correct the data if it is inaccurate or delete it if European Academy of Creativity SL is not held to keep them as required by law or for legitimate business purposes. We may refuse to respond to requests that are futile / harassing, damaging the privacy of others, extremely difficult to meet or where access to data is not otherwise covered by local law. European Academy of Creativity SL may also refuse to comply with requests for deletion or access to data if it considers that fulfilling this request is contrary to the legitimate use of data for anti-fraud purposes and to ensure security, as described previously.
Third party websites and services
The websites, products, applications and services of European Academy of Creativity SL may contain links to websites, products and services of third parties.
Data collected by third parties, which may include geographic or contact information, are governed by their respective privacy policies. We encourage you to review the privacy policies of those third parties.
Our company-wide commitment to your privacy
To make sure that your personal data is secure, we communicate our privacy and security guidelines to employees of European Academy of Creativity SL and strictly apply privacy protection measures within the company.
Informative EX 13 Reg. UE n. 2016/679 and consent ex 7 Reg. UE n. 2016/679
To the processing of personal data
European Academy of Creativity SL (hereinafter “Holder”), as the data controller, informs you pursuant to art. 13 EU Regulation n. 2016/679 (hereinafter, “GDPR”) that information will be treated in a certain manner and for the following purposes:
1. Object of the treatment
The holder treats personal identification data (in particular, your name, social security number, name, VAT number, e-mail, telephone number, IBAN and any information capable of identifying the person concerned, following “Personal data” or “data”) communicated through the first processing.
2. Purpose of the processing
The personal data will be processed:
For the following Purposes:
- Fulfil the pre-contractual, contractual and tax obligations deriving from existing relationships with the Owner;
- Fulfil the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
- To send data to external managers nominated by the Owner, corresponding to the categories of persons (physical or legal) listed in the treatment register;
- Allow any registration to the website and to the newsletter, if any;
- Preventing or discovering fraudulent activities or harmful abuses committed by third parties;
- Exercise the rights of the owner, for example the right to defend in court;
- Send commercial communications relating to services and products of the Owner similar to those already used, unless expressly disagree.
3. Methods of processing
The processing of personal data is carried out by means of the operations indicated in art. 4 n. 2 GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The personal data of the person of interest shall be processed in both paper and electronic and / or automated.
4. Duration of treatment
The Holder will process your personal data for as long as necessary to fulfil the purposes of Article 2. 1 with this information and no later than 10 years from the termination of the relationship and not over 2 years from the collection of personal data for any marketing purposes as per article 2, point 7 of this statement
5. Access to data
Your data may be made accessible for the purposes referred to in Article 2:
- to employees and collaborators of the Data Controller as Data Processors and / or Data Processors, as well as to the DPO (Data Protection Officer), if appointed;
- to third parties (for example: servers, providers for the management and maintenance of the website, suppliers, lenders, professional offices, service co-operatives, etc. ) who carry out outsourcing activities on behalf of the Owner, in their capacity as external controllers, appointed by the owner.
6. Storage and Data Transfer
The management and storage of personal data will be carried out on servers located within the European Union of the Owner and / or third-party companies appointed and duly appointed as Data Processors. Currently the servers are located in Italy. The data will not be transferred to outside the European Union. In any case, it is understood that the Data Controller, where necessary, will have the right to move the server location to Italy and / or the European Union and / or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for European Commission.
7. Communication of data
Without express consent (Art. 7 GDPR), the owner can communicate your data for the purposes of art. 2. to Supervisory Bodies, Judicial Authorities and to all the other subjects to whom the communication is mandatory by law for the accomplishment of said purposes. Your data will not be distributed.
8. Rights of the interested party
In your capacity as an interested party, you have the rights set forth in art. 15 GDPR and precisely the rights of:
the. Obtaining confirmation of whether or not personal data concerning you, even if not yet recorded, and their communication in intelligible form; ii. obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of the owner, of the responsible persons and, in the case described by the combined disposition of the articles. 3, parag. 2 e. 27, par . 1, GDPR, of the representative established in the Union ; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, managers or agents; iii. obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data has been communicated, except in the case in which this fulfilment proves impossible or involves a use of means manifestly disproportionate to the protected right; iv. object, in whole or in part: a) for legitimate reasons the processing of personal data, pertinent for collection purposes; b) the processing of personal data for purposes of sending advertising materials or direct selling or for carrying out market research or commercial communications through the use of automated calling systems without human intervention by email and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication. Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Supervisory Authority.
9. How to exercise rights
You can at any time exercise the rights referred to in Articles 16-21 of the GDPR by sending:
- a registered letter to the European Academy of Creativity SL, Rambla de Catalunya 15 08007 Barcelona Spain, the attention of Alessandro Pumpo or
- an email at firstname.lastname@example.org
10. Owner, manager and person in charge, Data Protection Manager
The data controller is:
European Academy of Creativity SL
Rambla de Catalunya 15
in person of the legal representative Alessandro Pumpo.
The updated list of data processors and persons in charge of processing them is kept in the possession of the Data Controller and can be consulted upon written request.
11 . Changes to this Information
This Information Notice, which consists of four pages, may vary.
12. Right torecall consent
The data controller informs you that, pursuant to art. 7, paragraph 3, GDPR, you have the right to withdraw your consent at any time.