Latest update: May 2023
Privacy Law (in particular EU Regulation 2016/679, the “General Data Protection Regulation” – hereinafter referred to as “GDPR”, as per English acronym) requires us, to provide you with the following information on the processing of your Personal Data, pursuant to Articles 13 e 14 of the GDPR.
“The “Processing of Personal Data”, in simple terms, is any operation concerning any “information relating to an identified or identifiable natural person”.
You, as the “natural person to whom the Personal Data relates”, are defined as a “Data Subject”, and are entitled to receive the following information about who we are, what Personal Data we process, why, how and for how long we process it, and what obligations and rights you have in this respect. Definitions of the terms and expressions used can be found at the end (the Glossary).
|Who are we (“Data Controller”)?|
|Shield Higher Education Limited, an enterprise duly incorporated under the Laws of Malta, with registered offices in Level 5, Carolina Court, Giuseppe Cali Street, Ta’Xbiex, XBX 1425, Malta, Company Registration Number C-102836, VAT Number MT29530419, duly represented by Mr. Riccardo Ocleppo, and owner of the commercial brand “OPIT – Open Institute of Technology (hereinafter also just “OPIT“, or “Company“, or ” Data Controller“).|
|What categories of Personal Data do we process?|
|We process common personal data (e.g. first name and surname, fiscal codes, telephone numbers, address, email, images, other documents necessary to verify the requirements of the specific training selected etc.) of Students that have entered or are willing to enter into a Contract with Open Institute of Technology to the minimum extent necessary to achieve each of the Purposes set out below.
|Why do we process Personal Data (Purpose) and on what is the Processing (Legal Basis) of each category of Data based?|
|#||Purpose||Categories of Personal Data||Legal Basis|
|3||Assess Student satisfaction, e.g. by sending to the students satisfaction questionnaires, based on its own legitimate interest in assessing the quality of the products and services provided (Art. 6 § 1.f GDPR)||Common||The need to adopt pre-contractual measures on your request (art. 6 § 1.b GDPR)|
|4||Comply with obligations under applicable legislation and/or orders issued by authorities, on the basis of the need to fulfil legal obligations (art. 6 § 1.c GDPR)||the Common||The need to fulfill legal obligations (art. 6 § 1.c GDPR)|
|5||To establish, exercise and/or defend a right in the competent courts, on the basis of our legitimate interest in defending one of our rights against the Data Subject and/or the need to pursue this purpose in court (art. 6 § 1.f GDPR)||Municipalities||Our legitimate interest in defending our right (art. 6 § 1.f GDPR)|
|To whom we disclose the Data (Categories of Recipients) ?|
|The following categories of persons, to the minimum extent necessary to achieve each Purpose, on the basis of Applicable Law and/or a contractual agreement with the Data Controller:
a) subjects required to perform the Contract or related to some other contract, acting as Data Processor or as autonomous Data Controllers (e.g. IT services suppliers, bankers, delivery services, commercial agency, accountants, tax and fiscal experts, lawyers, etc.);
b) natural persons authorised by the Data Controller, bound to confidentiality obligations or under legal duty of confidentiality;
c) possible partners involved in realising the training programmes; recruitment agencies, companies and professionals interested in selecting personnel; Professionals, Companies and institutions for allowing them to attend educational and experiential courses or training held outside OPIT;
d) in the case of persons who are the recipients of sponsorships and grants (for example, scholarships covering the costs of attending the courses in part or in total) from third parties, the latter may be given personal data regarding the participants and their training programme;
e) public Administrations or organisations, if and to the extent required by the Applicable Law or their orders, or in order to exercise, defend or assess a right in court, or defence of the State, its security or the prevention and investigations of offences.
|Do we transfer Personal Data outside the European Union?|
|For some internal document management activities we use IT services provided by companies established outside the European Economic Area (e.g. USA. In this case, the transfer is carried out on the basis of standard contractual clauses and additional measures to ensure data protection).
In any case, we ensure that data transfers are only made to countries that guarantee an adequate level of protection, for which there is an adequacy decision by the European Commission, or on the basis of one of the other guarantees provided for in Chapter V of the GDPR.
Further information on transfers of personal data outside the European Economic Area is available by writing to the Data Controller.
|How long do we retain the Data?|
|The maximum period for which Personal Data will normally be retained will be no longer than ten years from the date of termination of the Contract or the last activity in favour of the Student, unless Applicable Law or the assessment, exercise or protection of a right requires it to be retained for a longer period or permits it in order to protect its rights and/or legitimate interests. For marketing purposes we will hold your data until you object to the processing.|
|Are you obliged to provide us with Personal Data?|
|The disclosure of Data by the Data Subject is obligatory, to the minimum extent necessary to respond to requests, for the management of the contractual relationship and for the fulfilment of obligations arising from Applicable Legislation.
The provision of your data under purposes n. 2 and n. 3 is always optional.
|What happens if you refuse to communicate your data?|
|If you do not provide us with data for contractual purposes we will not be able to provide the services, or we will not be able to guarantee the safe provision of the services.
If You refuse (initially or subsequently) the processing for Marketing purposes You will not (or can no longer) be informed about news related to our activities, nor benefit from any promotions, discounts or bonuses.There is no refusal of communication for the purpose n. 5 and 6.
|What rights do you have as a “Data Subject”?|
|You have the right to:
a) access the data held by the Controller, and to ask for a copy, unless the exercise of the right violates the rights and freedoms of other natural persons;
b) request the rectification of incomplete or inaccurate data;
c) request the erasure of the data, subject to the exclusions or limitations established by the Applicable Law;
d) request a list of the data processors, with further data useful for their identification;
e) request the restriction of processing, if the conditions are met and subject to the exclusions established by the Applicable Law;
f) request data portability (i.e. commonly used and machine-readable format, so that they can be transmitted to another Data Controller without hindrance), to the extent that the processing is based on consent or on the need to perform a contract, where technically possible and except where the exercise of the right infringes the rights and freedoms of other natural persons;
g) lodge a complaint with the Data Protection Authority of your country, or of the place where the alleged violation occurred.
Right to object
You can object the processing based on the legitimate interest of the Data Controller, at any time for reasons connected to your particular situation (e.g. damage to honor, reputation, decency), subject to the demonstration by the Data Controller of a legitimate interest binding and prevailing pursuant to art. 21.1 GDPR, and unless the processing is necessary for the assessment, exercise or defense of a right in court.
|Who can you contact with questions or to exercise your rights?|
|You can contact us at the following e-mail address: email@example.com.|
“Applicable Law”: any provision of laws and regulations, applicable to the processing of personal data through the Site.
“Student”: the individual or entity who enters into the Contract.
“Contact Form”: means any online form provided by us through the Site, composed of one or more pages, through which the Visitor can send information or make requests.
“Data Processor“: “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”, as defined in Article 4, sub-paragraph 1, no. 8, of the GDPR and the UK GDPR.
“GDPR“: Regulation (EU) 2016/679 “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”.
“Personal Data“: any information relating to an identified or identifiable natural person (“Data Subject“); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing“: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Recipient“: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
“Restriction of processing“: “the marking of personal data stored with the aim of limiting their processing in the future.
“Supervisory Authority”: the independent public authority in charge of monitoring the application of the privacy law.
Check our Modern Computer Science courses
- Eu accredited
- Fully remote