Privacy Policy on the Processing of Personal Data in Accordance with Hungarian Act CXII of 2011 on Informational Self-Determination and Freedom of Information.

The company Tanox Productions KFT, VAT: HU32362604, with headquarters in Budapest (Hungary), Mókus utca 14/A, e-mail (hereinafter the “Owner” or “Siffredi Academy”) as Data Controller is pleased to inform you about the use of your personal data carried out through the site https://siffredi.academy and the related dashboard/reserved area (hereinafter also “the Site“), as well as to inform you of your rights as an interested party treatment.
The GDPR requires that the processing of individual data is based on the principles of correctness, lawfulness, transparency and protects the confidentiality and rights of the individuals concerned. To read the Hungarian privacy law (Act CXII of 2011 – “Privacy Act”), in its latest version, you can consult the following site: https://www.naih.hu/about-the-authority/act-cxii- of-2011-privacy-act
To view the text of the GDPR you can consult the following site: https://eur-lex.europa.eu/legal-content/hu/TXT/HTML/?uri=CELEX:32016R0679&from=HU

1. DATA CONTROLLER

The data controller is the company Rocco Siffredi KFT, as indicated above. It is possible to contact the Data Controller by e-mail at info@siffredi.academy.

We inform you that, regarding the exercise of your rights listed in point 4 of this information notice, you can contact the Data Controller by writing to the e-mail address: privacy@siffredi.academy

2. PURPOSE OF THE PROCESSING, METHODS OF PROCESSING, LEGAL BASIS, DATA RETENTION PERIOD

The processing of the data requested from you will be carried out as follows:

PROCESSING OF PERSONAL DATA AS DATA CONTROLLER
PURPOSE OF THE TREATMENT		LEGAL BASIS	DATA RETENTION TIMES
1	Navigation on the site https://siffredi.academy	Prevailing legitimate interest of the Owner to allow navigation on the Site	For the entire duration of navigation and use of the Site
2	Guarantee the security of the networks and information relevant to the Site by using, to a strictly necessary and proportionate extent, personal data relating to web traffic (IP addresses, e-mails, logs, etc.)	Prevailing legitimate interest of the Owner to guarantee the security of the networks and information relevant to the Site	For 6 (six) months from data collection
3	Allow registration in the reserved area/dashboard of the Site	Contract execution	For the entire duration of the service contract with the Siffredi Academy
4	Allow the provision of services by Siffredi Academy (e.g. provide video courses)	Contract execution	For the entire duration of the service contract with the Siffredi Academy
5	Allow the sending of informative newsletters relating to initiatives of the Siffredi Academy	Consent	Up to 24 months from the collection of consent, always revocable
6	Allow the sending of marketing communications via e-mail regarding commercial initiatives of the Siffredi Academy	Consent	Up to 24 months from the collection of consent, always revocable
7	Obligations deriving from laws, regulations and community legislation	Regulatory obligation	For the entire duration required by applicable laws
8	Statistical analysis and market research in anonymous and/or aggregate form	Prevailing legitimate interest of the Data Controller necessary to carry out statistical analyzes and market research in anonymous and/or aggregate form	24 (twenty-four) months from data collection
9	Possible assessment, defense or exercise of a right in court	Legitimate interest of the Owner considered prevalent for self-protection or protection of a third party in court	For the entire limitation period established by applicable law

With reference to the methods of processing your personal data, the Siffredi Academy informs you that the processing described above will be carried out exclusively in electronic format and in compliance with the security measures required by current legislation (involving the use of software, hardware, networks duly protected IT systems).

3. RECIPIENTS OF THE TREATMENT

The Data Controller may in turn communicate your personal data to the following subjects, to the extent strictly necessary to achieve the aforementioned purposes, all based in the European Community/European Economic Area (unless otherwise indicated):

To authorized persons of the Data Controller;
To coordination, supervision and management bodies of national and foreign Internet networks, as well as communication and telephone networks;
To the companies and professionals that the Owner uses for consultancy or assistance in carrying out his business activities, as well as in the management of the website, in particular with regard to suppliers of professional services (webmaster, administrative, fiscal, legal, employment law, service providers for sending newsletters, etc.);
To third parties of the Public Administration (e.g. public bodies or state authorities) if this is necessary for carrying out the Data Controller’s activity based on the aforementioned purposes;

All communications of personal data will take place in full compliance with the security and protection measures required by current legislation and, unless otherwise indicated, the data will not be transferred or processed outside the European Community or in countries not considered adequate by the relevant community legislation of data protection. In the event that it is necessary to transfer personal data outside the European Union, this will be done in accordance with the legal conditions established by the GDPR.

In particular, for transfers to the United States, the adequacy decision called “EU-US Data Privacy Framework” will be followed or the standard contractual clauses approved by the European Union will be adopted. These measures are aimed at ensuring that the level of protection of personal data transferred is equivalent to that guaranteed within the European Union, in accordance with the principles and rights established by the GDPR.

We inform you that the Data Controller has carefully defined the relationships with third parties (e.g. VerifyMyAge, Azure Active Directory B2C, Cloud Flare, Register.it, Vendo) who are qualified as Data Processors or independent Data Controllers. With regard to relations with the Data Processors, Siffredi Academy has taken steps to regulate a contract or other legal act in accordance with Union or Member State law, which binds the Data Processor to Siffredi Academy (as Data Controller ) and which stipulates the subject matter regulated and the duration of the processing, the nature and purpose of the processing, the type of personal data and the categories of interested parties, the obligations and rights of the data controller.

You can request a list of data controllers by contacting the owner at the email address privacy@siffredi.academy

4. YOUR RIGHTS AS AN INTERESTED PARTY IN THE PROCESSING

The Data Controller informs you that you can always assert the rights to which you are entitled as an interested party in the processing. These rights are indicated in the articles. 15-22 GDPR and are reported below:

right to request access to personal data, requesting confirmation or otherwise of their existence as well as the rectification or cancellation of the same or the limitation (temporary blocking) of the processing that concerns you;
RIGHT TO OBJECT AT ANY TIME TO THEIR PROCESSING FOR REASONS RELATED TO YOUR SPECIAL SITUATION IN CASE: I) OF PROCESSING NECESSARY FOR THE EXECUTION OF A TASK OF PUBLIC INTEREST OR RELATED TO THE EXERCISE OF PUBLIC POWERS, OR II) IN CASE OF PROSECUTION OF LEGITIMATE INTEREST OF THE HOLDER;
if consent has been provided for one or more specific purposes, the right to withdraw such consent at any time;
right to portability of personal data (for those with a legal basis of contractual or consensual execution) by request to the owner, by means of communication of a file in a commonly used format, or similar open interoperable format, depending on the type of data requested;
right to lodge a complaint with the following Supervisory Authority: Hungarian National Authority for Data Protection and Freedom of Information – NAIH (https://naih.hu/). We remind you that you still have the right to alternatively lodge a complaint with the competent supervisory authority of the Member State where you habitually reside (e.g., if in Italy, with the Guarantor for the protection of personal data, www.garanteprivacy.it), work or of the place where the alleged violation occurred.

We also remind you that it is possible to contact the Data Controller to request information on the balancing test inherent to legitimate interest in cases where this legal basis is used for the processing of your data (processing numbers 1,2,8,9 indicated in the table in point 2 of this information).

5. SOURCE OF DATA COLLECTION AND TYPE OF DATA PROCESSED

The data collected by Siffredi Academy as Data Controller are those collected while browsing the Site and following the completion of the form on the Site for registration, access to the dashboard/reserved area and purchase of courses. . These data belong to the category of common data by way of example:

IP address
name and surname
email address
password
nation
city

The data provided by you directly and processed by Siffredi Academy as data controller are common data pertinent to the aforementioned purposes, such as identification and contact data (including the IP address for accessing the Site).

In order to verify the age of visitors to the Site and those who intend to use the services present therein, so as to fulfill the regulatory obligations established by current legislation, Siffredi Academy – as data controller – uses the age verification provided by the VerifyMyAge supplier to whom the Owner can request the result of the age verification of visitors to the Site. For further information on the privacy policy of VerifyMyAge, we invite you to consult the website: https://www.verifymyage.co .uk/privacy

Any personal data provided by you relating to third parties, by accepting this information, you declare that you have all necessary authorization to communicate such data to the Data Controller.

The Siffredi Academy informs you that, for the purposes indicated above, personal data belonging to particular categories will not be processed (so-called “sensitive data” such as data relating to the state of health, sexual orientation, or data revealing racial or ethnicity, religious and philosophical beliefs, political opinions, trade union membership). In the event that it is necessary to process data belonging to particular categories for other and different purposes from those indicated above, the Data Controller will be responsible for providing you with adequate information containing information on the methods of processing, the legal bases adopted, the rights to which you are entitled and everything as required by the GDPR and applicable legislation.

6. HOW DO WE USE COOKIES TO PROCESS YOUR DATA?

Cookies are, as a rule, strings of text that the websites/apps (so-called publishers or “first party”) visited by the user or different websites or web servers (so-called “third parties”) place and store within a terminal device available to the user (so-called “active” identifiers). The possible typologies are the following:

Cookies and other technical identifiers: are used for the sole purpose of transmitting a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the contractor or user to provide this service. They do not require the acquisition of consent, but must be indicated in the information.
Analytics cookies, including third-party ones: they are comparable to cookies and other technical identifiers (without consent) only if: they are used solely to produce aggregate statistics and in relation to a single site or a single mobile application; for third parties, at least part of the IP address is masked, if relevant and as far as possible; third parties refrain from combining analytics cookies, thus minimized, with other processing (customer files or statistics of visits to other sites, for example) or from transmitting them to further third parties. The owner who carries out on his own the mere statistical processing of data relating to multiple domains, websites or apps attributable to him can also use the unencrypted data, in compliance with the constraints of these purposes.

This may also include GOOGLE ANALYTICS cookies, a web service provided by Google Ireland Ltd. (based in Ireland), to analyze user behavior in the use of our website (aggregated statistics). The information on the usage behavior of our website, collected through these cookies (including the IP address, if applicable, while respecting the least possible use of personal data), may also be transmitted to a Google server in the United States and stored on the latter. However, your IP address on the web app website is “pseudonymised” (i.e. partially masked) before being transmitted to Google – this could, however, involve the risk of extra-EU/EEA transfer of personal data. Google will then use this information aggregated to analyze the use of our website, to create reports on the activities on the site for us as managers and to provide further services related to the use of the site itself. It is however possible to install the add-on in your browser to deactivate Google Analytics and thus significantly limit any processing, available here: https://support.google.com/analytics/answer/181881?hl=it. For further information on this cookie, see here: https://www.google.it/policies/privacy/partners.

Cookies and other tracking identifiers with a non-technical function: used to trace specific actions or recurring behavioral patterns to specific, identified or identifiable subjects in the use of the features offered (patterns) for the purpose of grouping the different profiles within homogeneous clusters of different sizes, so that it is also possible to modulate the provision of the service in an increasingly personalized way, as well as send targeted advertising messages, i.e. in line with the preferences expressed by the user when browsing the net; this may include any remarketing and retargeting cookies, i.e. used to communicate and optimize advertisements based on the user’s previous use of this website (or third parties); are subject to specific user consent.

This website/app may use all or only some of these types of cookies. To have an updated list (with any relevant third party suppliers of cookies, duration of cookie storage, link to the privacy policy of third parties, etc.) you can consult the relevant and updated COOKIE POLICY. You can use the banner and related functions, made available to the user, to select/deselect the desired cookies, grant or revoke your consent, etc. To disable cookies using your browser settings, you can consult the following guide for free: https://www.wikihow.it/Disattivare-i-Cookie.

7. CHANGES TO THE INFORMATION

This Privacy Policy may be subject to changes and updates if changes are made to the way we process your data or to the other information provided herein. Any changes will guarantee, in any case, full protection of your rights. Before the processing of personal data begins according to the new methods, you will be promptly informed through the contacts provided to us and you will be guaranteed the exercise of all the rights provided for by the law and regulations in force.

Last update: January 2024.

This English translation of the privacy policy document is provided for convenience only. The official and legally binding version is the Italian document. In the event of any discrepancies or conflicts between the English translation and the Italian version, the Italian version shall prevail.