Privacy
Regulation EU No. 679/2016 (GDPR) provides for the protection of individuals and other subjects regarding the processing of personal data. The processing must follow principles of fairness, lawfulness, and transparency to protect the confidentiality and rights of individuals.

Data Controller
The Data Controller is Polo EASS

Operational and legal headquarters: via Domenico Fiasella, 3/16, 16121 – Genoa
VAT Number: IT01955020993
Email contact: ticass@legalmail.it
Phone: +39 010 89900601

Purposes
The personal data provided will be processed for purposes related to:

• Activities connected to the services requested by the user, in particular the registration to the site, portal, or platform and the tracking of activities carried out, in order to monitor or certify attendance, usage, or completion of content (including training), the use of the help desk and related assistance or tutoring services;
• Fulfillment of legal, accounting/administrative obligations and contract management purposes (supply of products, assistance services, management and administration of customers, orders, shipments, invoices, solvency checks, and dispute management);
• Sending communications, information, or newsletters, also related to new initiatives and/or products and services of the Data Controller, affiliated companies, partners, or customers.

The data will be processed, also through the creation and management of a central archive, with paper, IT, or telematic supports accessible by specialized and authorized personnel.

Mandatory Data Provision
The provision of personal data, essential for the supply of the requested products/services, for compliance with legal obligations, and for the establishment/continuation of the contractual relationship, is mandatory. Without these, it will be impossible to establish and/or carry out such a relationship. These data are specifically marked in the registration forms (for example with an asterisk).

The provision of other personal data is optional and generally aimed at providing better customer service (e.g., providing a phone number can be useful for assistance or contacting the user if communication via email is not possible). Any refusal to provide such data will not result in negative consequences for the customer.

Data Processing Methods
Personal data are processed (including with automated tools) for the time necessary to achieve the purposes for which they were collected. For example, certain regulations regarding mandatory training for specific professional categories or funded training (e.g., ECM, IVASS, Workplace Safety, interprofessional funds, etc.) require data retention for at least five years or impose particular obligations regarding reporting to the relevant institutions or regulatory authorities.

Specific physical and IT security measures are in place to prevent data loss, illegal or incorrect use, and unauthorized access.

Data Transfer
Personal data concerning the customer may be disclosed to companies affiliated with the Data Controller, entities, or third-party companies for the same purposes mentioned above (e.g., entities or institutions and regulatory authorities for reporting data or other information), or to external subjects for specialized services such as:

• Management of software, hardware, telematic and IT systems (e.g., web and hosting service providers, particularly Aruba S.p.A.);
• Payment and accounting services (in case of paid services/products, particularly PayPal).

The data will not be transferred or disclosed to other private entities (except as required by law or for service/product delivery purposes).

The data will not be transferred abroad, especially to non-EU countries.