PRIVACY POLICY

This site is managed by CONFORM S.c.a.r.l in association with PRISM CONSULTING S.r.l.  and this Notice explains the purpose of personal data processing, the use of cookies and the manner of exercising rights granted to users.

NAVIGATION DATA

The computer systems and software procedures used to operate this website acquire, during normal operation, some personal data whose transmission is implicit in Internet communication protocols.

This information is not collated to be associated to interested parties identified, but due to its nature could, through processing and association of data held by third parties, identify users.

This category of data includes IP addresses or users’ computer domain names when connecting to the site, URI (Uniform Resource Identifiers) of requested resources, times of request, methods used to submit the request to the server, the file size obtained in response, the numerical code indicating the status of response from the server (successful, error, etc.) and other parameters regarding the operating system and computer environment.

In any case, Erudire.it does not request or collect particular personal data (such as information suitable to reveal racial or ethnic origin, political, philosophical or religious beliefs, sexual habits or health data).

DATA PROVIDED VOLUNTARILY BY USERS

The optional, explicit and voluntary sending of e-mail addresses indicated on this site involves the acquisition of the sender's address to respond to requests, and any other data included in the message.

The purposes and methods of personal data processing in this website or otherwise will conform with provisions of Regulation UE 679/2016. 

In particular, personal data provided is collected electronically and processed directly, also with the aid of electronic means, for the following purposes:

1. purposes related to the implementation of educational information services and requests for information also through the use of electronic mail; 
2. didactic purposes in the e-learning platform.

The data can be known by trainers and will not be disclosed or sold to third parties for commercial purposes. The beneficiary can apply for the cancellation of any form of personal and/or sensitive data sent by him/her and present in any part of erudire.it, by contacting us at  webmaster@conform.it

Non-sensitive information sent in various ways to erudire.it will be collected and protected as accurately as possible, always in compliance with Privacy Law (DLGS 196/2003) and in any case not in contrast with the Law on the reorganization of the discipline concerning obligations of publicity, transparency and dissemination of information by public administrations (DLGS 33/2013).
 
PERSONAL DATA

The following information is compulsory for registration:

1. Username (preferably as follows name.surname)
2. Password The password must be at least 8 characters long and must contain at least: 1 number(s), 1 lowercase letter(s), 1 uppercase letter(s)
3. Email address
4. Name
5. Surname
6. Place of birth
7. Date of birth
8. Address
9. Tax code or VAT number (for billing purposes in case of purchase of the course through Paypal)

​Other non-mandatory data

1. City/town
2. Country

Data for companies

1. Sector 
2. Company name
3. Billing address

For the completion of the registration procedure on erudire.it and subsequent storage, the data will be accessible to the site administrator and will not be transferred to third parties or used for other purposes. (The administrator is permitted to read and modify all the data contained in each user's profile, with the exception of the password)
 
During and after registration it is the faculty and responsibility of each student member to:

1. modify or integrate his/her profile with additional information to that provided during the registration phase;
2. decide to make his/her e-mail address visible to all members registered in erudire.it

Sensitive data, that is "data suitable to reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, unions, associations must not be included in one's profile and interventions. or organizations of a religious, philosophical, political or trade union nature, as well as personal data capable of revealing one’s state of health and sexual life" should not be included in your profile or in your interventions. This data will be immediately deleted and not considered.
 
The logs of participation in forums and the use of resources are visible only by teachers of the courses in which you are registered and by the system administrators. Through the moodle interface it is possible to unsubscribe from the course at any time. To delete your personal data from the online platform database, please contact the system administrator at webmaster@conform.it
 
PERSONAL DATA AND COOKIES

This e-learning site uses cookies that help provide the services requested. A cookie is a small file that a site can send to the user’s computer and that visualises its pages. Cookies are generally used by websites to facilitate navigation (e.g. by memorising the username of a user, so as to not have to re-input it every time). Only a website that has created cookies can read the information contained therein. 
The computer systems used to operate the erudire.it e-learning platform (with the possible implementation of other platforms for tracking the activities carried out by students such as https://www.watershedlrs.com/ o  https://rusticisoftware.com/ ) during normal browsing, acquire some personal data whose transmission is connected to the use of Internet communication protocols (IP addresses, domain names of the computers used by users who connect to the site, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server, etc.) and other parameters relating to the operating system and the user's computer environment.
 
This data is used for the sole purpose of obtaining anonymous, statistical information on the use of the site and to check its correct functioning and the state of use of the course or courses followed. The data could also be used to ascertain responsibility in case of hypothetical computer crimes against the site.
 
MOODLE COOKIES
 

Moodle is a CMS LMS (Learning Management System) or an Open Source software (under GNU/GPL license) designed to create virtual classes that allow effective and engaging learning experiences on the net.

To use the Moodle erudire.it platform, your browser (Google Chrome, Internet Explorer, Mozilla Firefox, Safari, Opera, etc.) must be configured to accept cookies.

 
E-learning sites created with Moodle use two types of cookies.

1. The first is a session cookie called MoodleSession. It is essential that your browser is configured to accept this cookie in order to guarantee the validity of its authentication by navigating between the pages while maintaining your login. When you log out of the Moodle site or close your browser, the MoodleSession cookie is deleted.
2. The second cookie, generally called MOODLEID is only used to remember your username in the browser. Thanks to this cookie, when you return to view the Moodle site, you will find the login page field already filled in with your username. There are no problems if you refuse to accept this cookie, the only drawback will be having to re-enter your username on the login page.

THIRD-PARTY COOKIES

When visiting a website you may receive cookies from the site visited ("owners") and from websites maintained by other organizations ("third parties"). An example on our site is the presence of "social plugins" for Facebook, Twitter, Instagram, Youtube, Vimeo and LinkedIn. These are parts of the page visited generated directly by these sites and integrated into the site host page. The most common use of social plugins aims to share content on social networks.

The presence of these plugins involves the transmission of cookies to and from all sites operated by third parties. The management of the information collected by "third parties" shall be governed by the relevant information that you are asked to refer to. To ensure greater transparency and convenience, here follow web addresses concerning information and ways to manage cookies.

Facebook information
Facebook configuration (log in to your account. Privacy section)

Instagram information

Twitter information
Twitter configuration

Linkedin information
Linkedin configuration

Google+ information
Google+ configuration

YouTube information
YouTube configuration 

DATA SECURITY

Your account information is protected by a password to guarantee the confidentiality and security of your access data. In any case, users are invited to take all precautionary measures to protect their personal data by frequently changing their password, using a combination of letters and numbers, and should be sure to use a secure browser and not to communicate the Username and Password for access to the Moodle platform erudire.it. to anyone.

MINORS AND PRIVACY
The Moodle Erudire.it platform is also intended for use by minors under the age of 18 as it features purely educational and cultural content. However, during the registration phase, you are requested to specify your age to determine if it is greater than the age of  digital consent, i.e. the age at which an individual can accept terms and conditions and legally consent to the storage and processing of his/her data.

ACCEPTANCE OF THE REGULATIONS OF THE ERUDIRE E-LEARNING PLATFORM
By continuing to browse, you accept the use of cookies and what is regulated in this report. The user, teacher or student, is required to comply with the regulations and take note of subsequent updates and has the right to have his/her data deleted from the database of the online platform by contacting the system administrator if he/she no longer wants to accept the platform regulations.

EXERCISE OF USER RIGHTS

GENERAL ASPECTS

In accordance with the provisions of the GDPR, the Data Controller facilitates the exercise of the rights of the individual concerned, bearing in mind that the related interactions and communications must always respect the following criteria:

1. concise form,
2. transparent,
3. intelligible and easily accessible, with simple and clear language, in particular in the case of information intended specifically for minors.

Information is provided in writing or by other means, including, where appropriate, by electronic means. Although it is foreseen that upon express request by the interested party, information can be provided orally, the Data Controller, except in specific cases, tends to prefer the written form.

TERMS AND TIMING

The Data Controller provides the interested party with information relating to the action taken regarding a request without undue delay and, in any case, at the latest within one month of receiving the request.

In accordance with the provisions of the GDPR, this term can be extended by two months, if necessary, taking into account the complexity and the number of requests: in this case, the Data Controller will inform the interested party of this extension, and the reasons for the delay, within one month of receiving the request.

If the interested party submits the request by electronic means, the information is provided, where possible, by electronic means, unless otherwise indicated.

EXERCISABLE RIGHTS

The interested party has the right to obtain confirmation that personal data concerning him or her is being processed.

Furthermore, the interested party has the right to obtain access to personal data as well as to the following information:

1. the purposes of the treatment;
2. the categories of personal data in question;
3. the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular if recipients from third countries or international organizations;
4. when possible, the retention period of the personal data foreseen or, if not possible, the criteria used to determine this period;
5. the existence of the right of the interested party to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him/her or to oppose its treatment;
6. the right to lodge a complaint with a supervisory authority;
7. if the data is not collected by the interested party, all information available on its origin;
8. the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such treatment for the interested party.

If personal data is transferred to a third country or to an international organization, the interested party has the right to be informed of the existence of adequate guarantees pursuant to article 46 relating to the transfer. The Data Controller provides a copy of the personal data being processed, and if the interested party requests further copies, he/she can charge a reasonable fee for costs based on administrative costs.

The interested party also has the right to obtain the correction of inaccurate personal data concerning him/her without undue delay, and taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

The interested party has the right to obtain from the data controller the cancellation of personal data concerning him/her without undue delay and the data controller has the obligation to delete personal data without undue delay, if one of the following reasons exists:

1. personal data is no longer necessary with respect to the purposes for which it was collected or otherwise processed;
2. the interested party revokes the consent and if there is no other legal basis for processing (for example, a legal obligation);
3. the interested party opposes the processing and there is no prevailing legitimate reason to proceed with the processing (for example, a legal obligation);
4. personal data has been unlawfully processed;
5. personal data must be deleted in order to fulfil a legal obligation under Union or Member State law to which the data controller is subject;
6. personal data has been collected in relation to the offer of information society services.

If the Data Controller has made personal data public and is obliged to delete it, taking into account the available technology and implementation costs, he/she adopts reasonable measures, including technical measures, to inform the data controllers who are processing the personal data of the request of the interested party to delete any link, copy or reproduction of personal data.

The interested party has the right to obtain the limitation of processing by the data controller when one of the following hypotheses occurs:

a) the interested party disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;

b) the treatment is unlawful and the interested party opposes the cancellation of personal data and instead requests that its use be limited;

c) although the data controller no longer needs it for processing purposes, personal data is necessary for the interested party to ascertain, exercise or defend a right in court;

d) the interested party has opposed the processing pursuant to Article 21, paragraph 1, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.

If the treatment is limited, this personal data is processed, except for storage, only with the consent of the interested party or for the assessment, exercise or defence of a right in court or to protect the rights of another natural or legal person or for reasons of significant public interest of the Union or a Member State.

The interested party who obtained the limitation of treatment is informed by the data controller before said limitation is lifted.

The data controller will inform each of the recipients who have provided their personal data of any corrections or cancellations or limitations of the processing carried out, unless this proves impossible or involves a disproportionate effort. The data controller will communicate these recipients to the interested party if the interested party should request it.

The interested party has the right to receive personal data concerning him/her provided to a data controller in a structured format, commonly used and readable by an automatic device, and has the right to transmit this data to another data controller without impediments by the data controller to whom it was provided if:

1. the processing is based on consent pursuant to Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), or on a contract pursuant to Article 6, paragraph 1, letter b); and the processing is carried out by automated means.
2. In exercising their rights relating to data portability pursuant to paragraph 1, the interested party has the right to obtain the direct transmission of personal data from one data controller to the other, if technically feasible.
3. The exercise of the right referred to in paragraph 1 of this article is without prejudice to Article 17. This right does not apply to the processing necessary for the performance of a task in the public interest or connected to the exercise of public authority of the data controller.

The request to exercise rights can be exercised by sending an email to the address above.

CHANGES TO THE PRIVACY POLICY

Considering that the state of improvement of the automatic control mechanisms does not currently make them free from errors and malfunctions, it is specified that this information may be modified in whole or in part and the user is requested to consult the current version from time to time to check for any changes.