Context
This Privacy Policy discloses the privacy practices for the site https://celtaflorence.com (CELTA
Florence) and various related services (together referred to as the “site” from this point onwards). We are committed to protecting the processing of your data fairly and lawfully.
The owner of the site is Frameworks Education Group Ltd, a Cambridge based business registered in the United Kingdom. The site has been designed in Cambridge, UK, by the Koeakoea Creative Studio (part of Frameworks Education Group).
The site celtaflorence.com is a platform developed by Frameworks Education Group for the promotion and management of CELTA courses in Florence. All data collected via the CELTA Florence web platform is for the sole purpose of promoting CELTA courses in Florence and the liaising with CELTA candidates interested or currently enrolled in a CELTA programme in Florence.
The user information collected via this webpage belongs to the site owner (i.e. Frameworks Education Group), and will ultimately only be shared with a provider of CELTA courses in Florence, Italy, with the processing of course bookings and administering of the CELTA courses as the main purpose for the sharing of the data.
The privacy policy of the site has been updated due to the full application of EU Regulation 2016/679.
Your privacy is important to us. We have therefore developed a Privacy Policy that regulates the way we collect, use, transfer and store your personal data.
Collection and use of personal information
Personal information is data that can be used to identify or contact a specific person. You may be asked to provide your personal information whenever you come into contact with the site. The site may share this data and use it in accordance with this Privacy Policy. They may also combine this information with other data to provide and improve products, services, content and advertising materials. You are not required to provide the personal data requested by us; if you decide not to provide it, however, in many cases we will not be able to offer you our products or services or answer your questions.
Here are some types of personal data that the site may collect and use.
What personal data we collect
When you browse the site celtaflorence.com, if you fill out our online contact form or course
application forms, we may collect a series of data that are necessary for the correct registration of your query and/or booking. This data may include among other things, your name, address, telephone number, email address, contact preferences, etc.
The admin team of the site will use this information to satisfy your requests, provide you with the product or service relevant to your needs.
How we use your data personal
We may process your personal data for the purposes described in this Privacy Policy with your consent, for compliance with legal obligations to which the site is subject or in case we deem it necessary for legitimate interests pursued by the site or by third parties to whom it is necessary to provide data.
The personal data collected by us allows us to keep you updated on the announcements made by the course seller in regards to your booking and participation in the course.
We may also use personal data to develop, provide and improve our services, content and promotional materials, as well as to prevent losses and fraud. In addition, we can use them to ensure network and account security, and to protect our services for the benefit of all our users.
Personal data, including the date of birth, can be used to verify identity, facilitate user identification and determine which services are appropriate.
We may periodically use your personal information to send important notices, such as communications relating to the services offered, as well as our conditions and policies.
Since this data is important for your interaction with the course provider and seller, in principle, unless agreed otherwise, you cannot request not to receive such communications.
We may also use personal data for internal purposes, for verification, data analysis and research to improve products, services and communications with customers.
Collection and use of non-personal data
We also collect data that is in a form that does not permit direct association with a specific individual. We may collect, use, transfer and disclose non-personal information for any purpose. The following are some examples of non-personal data collected by us and their use:
- We can, for example, collect data on language, unique device identification code, reference URL, etc., in order to better understand customer behaviour and improve our products, services and advertising materials.
- We may collect data about customer activities on our website and from our other products and services. This data is aggregated and used to help us provide more useful information to our customers and to understand which parts of our website and our products and services are of greatest interest. Under this Privacy Policy, aggregated data is considered non-personal information.
- We may collect and store details about the use that users make of our services, including searches. This information can be used to improve the relevance of the results provided by our services.
- Disclosure to third parties. E.g. the site periodically makes certain personal data available to the course provider who may collaborate with the site for the supply of services, acting as the ultimate seller of the products (ie. the CELTA courses). Personal data will be shared with the seller and provider of the courses only to provide or improve its products, services and promotional materials; they will not be shared by the site with third parties for the commercial purposes of the latter.
Others
It may be necessary the site (by law, court proceedings, litigation and / or requests by public and governmental authorities within or outside your country of residence) to disclose your personal data. We may also disclose your information if we believe that, for purposes of national security, compliance with the law or other matters of public importance, it is necessary or appropriate to do so.
We may disclose your information if we believe that disclosure is reasonably necessary to apply our terms and conditions or to protect our activities or users. Furthermore, in the event of reorganisation, merger or sale, we may transfer all personal data collected by us to third parties affected by such transactions.
Data protection personal
The site takes care of the security of your personal information. For the storage of personal data by the site, information systems with limited access are used.
Integrity and retention of personal data. The site facilitates the retention of your personal data in an accurate, complete and updated manner. We will retain your personal information for the period necessary for the purposes outlined in this Privacy Policy. In deciding these periods, we carefully evaluate our actual need to collect personal data and if we believe that there is a decisive necessity, we keep them only for the shortest possible period necessary to achieve the purpose of collection,
unless a conservation period greater is required by law.
Access to personal data
On request, we will let you know the personal data about you stored by us so that you can perform any operation you require, for example requesting to correct the data if it is inaccurate or delete it if the site is not held to keep them as required by law or for legitimate business purposes. We may refuse to respond to requests that are futile / harassing, damaging the privacy of others, extremely difficult to meet or where access to data is not otherwise covered by local law. The site may also refuse to comply with requests for deletion or access to data if it considers that fulfilling this request is contrary to the legitimate use of data for anti-fraud purposes and to ensure security, as described previously.
Third party websites and services
The websites, products, applications and services of the site may contain links to websites, products and services of third parties.
Data collected by third parties, which may include geographic or contact information, are governed by their respective privacy policies. We encourage you to review the privacy policies of those third parties.
Consent to the processing of personal data
Your information will be treated in a certain manner and for the following purposes:
- Object of the treatment
The holder treats personal identification data (e.g. your name, e-mail, telephone number, and any information capable of identifying the person concerned, following “Personal data” or “data”) communicated through the first processing. - Purpose of the processing
The personal data will be processed for the following purposes:- Fulfil the pre-contractual, contractual and tax obligations deriving from existing relationships with the site and supplier of the courses;
- Fulfil the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
- To send data to external managers nominated by the owner of the site, corresponding to the categories of persons (physical or legal) listed in the treatment register;
- Allow any registration to the website, if any;
- Preventing or discovering fraudulent activities or harmful abuses committed by third parties;
- Exercise the rights of the owner of the site, for example the right to defend in court;
- Send commercial communications relating to services and products of the course supplier and seller similar to those already used, unless expressly disagree.
- Methods of processing
The processing of personal data is carried out by means of the operations indicated in art. 4 n. 2 GDPR and more precisely: collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The personal data of the person of interest shall be processed in both paper and electronic and / or automated. - Duration of treatment
The Holder will process your personal data for as long as necessary to fulfil the purposes of Article 2. with this information and no later than 10 years from the termination of the relationship and not over 2 years from the collection of personal data for any marketing purposes as per article 2, point 7 of this statement - Access to data
Your data may be made accessible for the purposes referred to in Article 2:
- to employees and collaborators of the Data Controller and / or Data Processors, as well as to the DPO (Data Protection Officer), if appointed;
- to third parties (for example: servers, providers for the management and maintenance of the website, etc. ) who carry out outsourcing activities on behalf of the owner of the site, in their capacity as external controllers, appointed by the owner.
- Storage and Data Transfer
The management and storage of personal data will be carried out on servers located within the European Union of the owner of the site and / or third-party companies appointed and duly appointed as Data Processors. In any case, it is understood that the Data Controller, where necessary, will have the right to move the server location to the European Union and / or non-EU countries. - Communication of data
Without express consent (Art. 7 GDPR), the owner of the site can communicate your data for the purposes of art. 2. to Supervisory Bodies, Judicial Authorities and to all the other subjects to whom the communication is mandatory by law for the accomplishment of said purposes. - Rights of the interested party
Under certain circumstances, by law you have the right to:
– Request access to your personal data (commonly known as a “data subject access
request”). This enables you to receive a copy of the personal data we hold about you
and to check that we are lawfully processing it.
– Request correction of the personal that we hold about you. This enables you to have
any incomplete or inaccurate information we hold about you corrected.
– Request erasure of your personal data. This enables you to ask us to delete or
remove personal data where there is no good reason for us continuing to process it.
You also have the right to ask us to delete or remove your personal data where you
have exercised your right to object to processing (see below).
– Object to processing of your personal data where we are relying on a legitimate
interest (or those of a third party) and there is something about your particular
situation which makes you want to object to processing on this ground. You also have
the right to object where we are processing your personal information for direct
marketing purposes.
– Request the restriction of processing of your personal data. This enables you to ask
us to suspend the processing of personal data about you, for example if you want us
to establish its accuracy or the reason for processing it.
– Request the transfer of your personal data to another party. - How to exercise rights
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us or email the Frameworks Education Group Data Protector Officer for this site on administration @ celtaflorence.com