The Karate Coreano Tang Soo Do Data Controller, as reported below, in order to meet the EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter '' Regulation '') and rules relating the free movement of personal data informs that it will proceed to the processing of data for purposes of proof by the sequent methods.
"Personal data processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
The data processing activity will be carried out individually (like paper forms collection) or in electronic format and in any cases with automated processing tools
1.PERSONAL INFORMATION WE COLLECT
“Personal Data” are data that identify you as an individual or relate to an identifiable individual. At touchpoints throughout your guest journey, we collect Personal Data in accordance with law, such as: Name, Gender, Postal address, Telephone number, Email address, Credit and debit card number or other payment data, limited Financial information, Language preference, Date and place of birth, Nationality, passport, visa or other government-issued identification data
2.WHERE WE COLLECT PERSONAL DATA
All the personal data processed on behalf are those that we collect in our legal entity
3.LEGAL BASIS FOR DATA PROCESSING (ART. 13.1 (C) – GDPR 2016/679)
Data will be processed lawfully, fairly and in a transparent manner in relation to the data subject according to the Art.6.1 of the Regulation:
– the data subject has given consent to the processing of his or her personal data for one or more specific purposes
and (c) - processing is necessary for compliance with a legal obligation to which the controller is subject
4.THE NON CONSENTION TO PROCESS (ART. 13.2 (E) - GDPR 2016/679)
Whether the provision of personal data is a statutory or contractual requirement and processing is necessary for compliance with a legal obligation to which the controller is subject the Controller is not obliged to take specific consent. Where the Data Subject objects to give the needed information the compliance with the commercial contract shall no longer persist
In all the other cases the data processing needs a specific permission and consent
5.DATA PROCESSORS ART. 13 PAR.1 LETTERA E – GDPR 2016/679)
According to art 13.1 (e) of the GDPR2016/679 the data processors of your personal information will be:
Data Processor and its Representatives
Data Controller and Data Protection Officer
Joint Controller (Third Part Primary Services Providers)
6.PROCESSING MODE
Personal data will be processed by design and by default from the Processor and its representatives according to art. 30,32 e 35 del RE 2016/679 with the DPO supervision
7. RIGHTS OF THE DATA SUBJECT (CHAPTER III – GDPR 2016/679) -ARTICLES FROM 12 TO 22 OF THE REGULATION
Under certain circumstances, the subjects have rights under data protection laws in relation to their personal data as follows:
-to request access to personal data (commonly known as a "data subject access request"). This enables the subject to receive a copy of the personal data we hold about it and to check that we are lawfully processing it;
-to request correction of the personal data that we hold about. This enables the subject to have any incomplete or inaccurate data we hold about corrected, though we may need to verify the accuracy of the new data the subject provides to us;
-to request erasure of personal data. This enables the subject to ask us to delete or remove personal data where there is no good reason for us continuing to process it. It also enables the request that we delete or remove the personal data where the subject has successfully exercised the right to object to processing (see below), where we may have processed the subject information unlawfully or where we are required to erase subject’s personal data to comply with local law. Note, however, that we may not always be able to comply with the subject request of erasure for specific legal reasons which will be notified to the subject, if applicable, at the time of subject’s request;
-to object to processing of personal data where we are relying on a legitimate interest (or those of a third party) and there is something about subject’s particular situation which makes the subject wants to object to processing on this ground as the subject feels it impacts on subject’s fundamental rights and freedoms. The subject also has the right to object where we are processing subject’s personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process subject’s information which override subject’s rights and freedoms;
-to request restriction of processing the personal data. This enables the data subject to ask us to suspend the processing of your personal data in the following scenarios: (a) if the data subject wants us to establish the data's accuracy; (b) where our use of the data is unlawful but the data subject does not want us to erase it; (c) where the subject needs us to hold the data even if we no longer require it as the subject need it to establish, exercise or defend legal claims; or (d) the data subject has objected to our use of data but we need to verify whether we have overriding legitimate grounds to use it;
-to request transfer of personal data to the subject or to a third party. We will provide to the subject, or a third party the subject has chosen, the personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which the subject initially provided consent for us to use or where we used the information to perform a contract with the subject; or
-to withdraw consent at any time where we are relying on consent to process the personal data collected. However, this will not affect the lawfulness of any processing carried out before the data subject withdraw the consent. If the subject withdraws the consent, we may not be able to provide certain products or services to the subject. We will advise if this is the case at the time the subject withdraw the consent.
If anyone wishes to exercise any of the rights set out above, please contact us by using the contact details set out below under "CONTACT US" below or by emailing info@karatecoreano-tangsoodo.com
None will have to pay a fee to access personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if the request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in these circumstances.
If you are not satisfied with our response to any queries or complaints you raise with us or believe we are not processing your personal data in accordance with the Data Protection laws you have the right to lodge a complaint at the Italian Data Protection Authority - Garante per la protezione dei dati personali (http://www.garanteprivacy.it/).
We would, however, appreciate the chance to deal with your concerns before you approach the DPA so please contact us in the first instance
8.DURATION OF THE PROCESSING (ART.13. 2 (A) GDPR 2016/679)
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law.The criteria used to determine our retention periods include:
The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services)
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)
9. Actors (ART.13 PAR. 2 LETTERA B GDPR 2016/679)
Data Controller
Karate Coreano Tang Soo do
00133 Roma
Tel: +39 3803480003
E-Mail: info@karatecoreano-tangsoodo.com
Data Processor
Emiliano De Santis
E-Mail: info@karatecoreano-tangsoodo.com