Information on the processing of personal data ex art. 13-14 EU Reg. 2016/679
1. Recipients of this notice
This policy is addressed to all persons who use the DonK Humanitarian Medicine ODV Association e-learning platform service, hereinafter referred to as “users.”
The platform offers its services only to individuals who have already reached the age of 18. By accepting the privacy policy, you declare that you have reached the required age limit.
2. Definition of the service covered by this disclosure
This policy applies to the donkhm.network website and its mobile application DonkHM.
3. Owner of the processing of users’ personal data
The data controller is DonK Humanitarian Medicine ODV Association with its operational headquarters in Trieste, Via Besenghi 16. Email: donkisciotte@pec.csvfvg.it.
4. Compliance of the e-Learning Platform service with EU Reg. 2016/679
The Data Controller, pursuant to and for the purposes of EU Reg. 2016/679 hereinafter “GDPR” and Legislative Decree No. 196/2003 as amended by Legislative Decree No. 101/2018 ss.mm.ii., hereby informs that the aforementioned legislation provides that the processing of personal data of data subjects – in this case “users” of the platform – must be based on the principles of fairness, lawfulness, transparency and protection of confidentiality and user rights.
Therefore, users’ personal data will be processed in accordance with European and national legislative provisions and the confidentiality obligations therein.
5. Personal data being processed
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural, or social identity.
As a result of browsing the Site, the Data Controller will process Personal Data that may consist of an identifier such as a name, an identification number, an online identifier, or to one or more characteristic elements of your physical, economic, cultural, or social identity capable of making you identified or identifiable.
Other Personal Data that you freely provide in the information request forms (e.g. to obtain information about courses or for registration requests for training courses) may be processed. Any sensitive data, as referred to in Art. 9.1 Reg. 2016/679/EU, should not be processed unless explicit consent is given by the data subject.
Usage Data
The software systems responsible for the operation of the e-learning Platform service acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols or is used to improve the quality of the service offered. This is information that is not collected in order to be associated with the identity of the user, but which by its very nature could, through processing and association, allow users to be identified. This category of data includes:
- IP address or domain name of the device used by users connecting to the service,
- URI (Uniform Resource Identifier) notation addresses of the requested resources,
- The time of the request to the server,
- The method used in submitting the request to the server,
- the size of the file obtained in response,
- The numeric code indicating the status of the response given by the server,
- Information about the browser being used,
- other parameters related to the user’s operating system and computing environment.
- preferences on the content required from the e-Learning Platform service
This data is used for the following purposes:
- Process user requests correctly,
- To derive anonymous statistical information about the use of the service,
- allow software systems to adapt interfaces to the device in use,
- Establishment of liability in case of hypothetical computer crimes against DonK Humanitarian Medicine ODV Association or other users.
Data voluntarily provided by the user
Listed below are, in detail, the data that the user may voluntarily provide in order to use the features made available by the service covered by this policy:
Data collected for the creation of the User Account
- First and last name,
- Year of birth,
- profession,
- city of origin,
- email address,
- telephone number,
- facial image (for teachers only),
- Curricular information (for teachers only),
- any other information the user wishes to provide in the personal biography area,
- links to user profiles on other Internet services (example: links to one’s Facebook profile),
- User name and password for access to the personal area,
Data collected in requests for assistance
- First and last name,
- email address,
- any other personal data voluntarily provided by the user in the body of the message describing the request for assistance.
Data voluntarily provided by the user will be processed solely for the purpose of providing e-Learning Platform services, in accordance with the principles set forth in Section 5 of this policy.
The optional, explicit and voluntary sending of electronic mail to addresses with domain @donkhm.network or content transmitted through forms involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the missive. As above, it is assured that such data will also be processed solely for the purpose of providing e-Learning Platform services, in accordance with the principles set forth in Section 5 of this policy.
6. General purposes of the processing of users’ personal data
Users’ personal data will be processed for the following purposes related to the service offeredto the various services for which registration is requested from the platform and which the user requests to use:
- registration to the e-learning platform, enrollment in the training courses, participation in them and downloading the certificate of participation;
- Teleconsultation service exclusively for Doctors and Health Professionals, subject to specific authorization within the agreed terms;
- Sharing of content on the site;
- Generic request for information;
- To manage the contractual relationship with students and teachers of the training courses organized by the owner, including by publishing teaching materials, images, videos and audios of teachers on the web platform and managed by third parties, specifically designated as Personal Data Processors;
- Evolved browsing purposes or personalized content management;
- purposes inherent in the performance of a contract to which the user is a party or the execution of pre-contractual measures taken at the user’s request;
- purposes of statistical research/analysis on aggregated or anonymized data, thus with no possibility of identifying the user, aimed at measuring the operation of the service, measuring traffic and evaluating usability and interest;
- To fulfill any legal obligations, including tax and accounting when necessary, or administrative and accounting reporting activities in connection with funding obtained from public bodies and institutions (e.g., Region);
- purposes necessary for ascertaining, exercising or defending a right in judicial or extrajudicial proceedings whenever judicial authorities exercise their jurisdictional functions, as well as for ascertaining liability in case of hypothetical computer crimes to the detriment of Association DonK Humanitarian Medicine ODV or other users, in case of abuse in the use of the platform
7. Basis of legitimacy
The legal basis of the processing operations in 6 from 1 to 7 can be found in Art. 6.1 lett. b of the GDPR, as the processing operations are necessary for the provision of the requested services or for the response to the data subject’s requests.
The purpose of 6 number 98 can be found in Art. 6.1(c) of the GDPR, for fulfillment of legal obligations.
The purpose of 6 number 109 is discernible in Article 6.1(f) of the GDPR.
8. Compulsory or optional nature of conferment
The provision of personal data is understood to be optional, but failure to provide those that are indicated as indispensable will result in the impossibility of activating or taking advantage of the services provided. The platform, in application of the principle of data minimization, indicates those indispensable for the activation of the service itself
9. Place of storage
Personal data are archived and stored within the EEA and transferred neither outside it, nor to International Organizations. In particular, the holder’s data, under the terms as set out in this policy, will be archived and stored at the data centers of Aruba S.p.A. with registered office in Località Palazzetto, 4 – 52011 Bibbiena AR, VAT No.: 01573850516.
In the event that, in order to benefit from training services, a platform such as Zoom is used, for the live streaming of lectures and/or for the sharing of information materials, it should be noted that this use of services could necessarily result in the export outside the territory of the European Union of the data of the data subject (identification data, contact details, data and meta-data relating to the days, times and contents of training sessions) who requests this service. This transfer takes place on the basis of the exemption in Article 49 paragraph 1 letter b) of the Regulation, as the transfer is occasionally necessary for the performance of the training service contracted by the data subject with the Data Controller.
10. Disclosures of users’ personal data to entities operating in the context related to the Platform service
Users’ personal data will be disclosed only to competent and duly appointed parties for the purposes set forth in Section 6 and for the performance of services necessary for the proper management of the relationship, with guaranteed protection of the rights of the data subject.
Specifically, your personal data may be shared with:
- persons, companies or professional firms providing assistance and consulting in accounting, administrative, legal, tax, financial and debt collection matters relating to the provision of the Services, if applicable designated as data processors, pursuant to Article 28 GDPR;
- parties with whom it is necessary to interact for the provision of the Services (e.g. hosting providers or the developer who manages the platform); or parties delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks), designated as data processors, ex art. 28 GDPR;
- Subjects, entities, institutions including public or authorities, autonomous data controllers, to whom it is mandatory to communicate Personal Data by virtue of provisions of the law or orders of the authorities, including during inspections and audits;
- persons authorized by the Owner to process personal data under Article 29 GDPR, necessary to carry out activities closely related to the provision of the Services, who have committed to confidentiality or have an appropriate legal obligation of confidentiality (e.g., employees, collaborators, teachers and educational tutors of the Owner itself).
11. Transmission of users’ personal data to third parties operating outside the context related to the DonK HM Platform service
Listed below are, in detail, the data that the e-Learning Platform service provides to third parties:
Data provided to Google Analytics (https://analytics.google.com):
- Usage Data,
- Technical and profiling cookies (see item 13).
Data provided to Google Pagespeed insights (https://developers.google.com/speed/pagespeed/insights/):
- Usage Data,
- Technical and profiling cookies (see item 13).
Data provided to Facebook (https://facebook.com):
- Full name,
- Usage Data,
- Technical and profiling cookies (see item 13).
12. Social Network
This site may use “social plug-ins, which are special tools that allow you to embed social network features directly within the website. All social plug-ins on the site, are marked with the respective logo owned by the social network platform (e.g. Facebook and Instagram).
When you interact with the plug in or directly access the association’s profile on the social network or decide to leave a comment, the corresponding information is transmitted by the browser directly to the social network platform concerned and stored by it. For information on the purpose, type and manner of collection, processing, use and storage of personal data by the social network platform, as well as how to exercise your rights, please consult the privacy policy adopted directly by the individual social.
13. Period of data retention
In compliance with the principles of lawfulness, purpose limitation and minimization of data, in accordance with Article 5 of the GDPR, the maximum retention period of personal data collected is defined as follows: data related to the registration of attendance, 2 months after the end of the course, for the purpose of assessing the achievement of the requirements for the issuance of the certificate of participation; account registration and certificates of participation will be retained for 10 years. In any case, the Holder will process personal data for as long as necessary to fulfill contractual and legal obligations and, notwithstanding the above, subject to a longer duration for purposes of defense against abuse, in court or extrajudicial litigation.
14. Rights of the user, according to EU Reg. 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22
You have the right to obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet recorded, and their communication in an intelligible form.
The user has the right to obtain the indication:
- Of the origin of personal data;
- Of the purposes and methods of processing;
- Of the logic applied in the case of processing carried out with the aid of electronic instruments;
- of the identification details of the owner, managers and designated representative in accordance with Article 5, paragraph 2;
- Of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, as managers or appointees.
The data subject has the right to obtain:
- updating, rectification or, when interested, supplementation of data;
- the deletion of personal data (upon the occurrence of one of the conditions indicated in Article 17.1 GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article), transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
- to request and obtain – in cases where the legal basis of the processing is a contract or consent, and the processing is carried out by automated means – personal data in a structured, machine-readable format, including for the purpose of communicating such data to another data controller (so-called Right to Personal Data Portability);
- To object at any time to the processing of personal data in the event of special situations concerning him/her;
- revoke consent at any time, limited to cases where the processing is based on consent for one or more specific purposes and concerns special common data or particular categories of data. Processing based on consent and carried out prior to revocation of consent retains, however, lawfulness.
Users can then change at any time the personal data provided through the appropriate software interfaces for managing their account, which can be reached at the link https://donkhm.network/account, or, exercise this and all other rights provided in this section by contacting the data controller directly, by email, using the same address provided during registration.
If the data subject believes that there has been a violation in the processing of his or her personal data, he or she may lodge a complaint with the Supervisory Authority of the place where he or she usually resides, works or where the alleged violation occurred. In Italy, you may lodge a complaint with the Data Protection Authority.
15. Extended Cookie Policy
The e-Learning Platform service software installs technical cookies and profiling cookies on the user’s device in order to make the browsing experience more pleasant and more efficient.
What are cookies?
Cookies are small text files sent from the site to the data subject’s terminal (usually the browser), where they are stored and then transmitted back to the site on the same user’s next visit. A cookie cannot retrieve any other data from the permanent memory of the user’s device, nor can it transmit computer viruses or acquire email addresses. Each cookie is unique to the user’s web browser. Some of the functions of cookies may be delegated to other technologies.
In this policy, the term “cookies” is intended to refer both to cookies, properly so called, and to all similar technologies.
For more information on cookies, the user is invited to visit the following link: https://it.wikipedia.org/wiki/Cookie
Cookies installed by the e-Learning Platform service, through the donkhm.network site
Technical cookies
Technical cookies are used for the sole purpose of carrying out the transmission of a communication over an electronic communication network. They are not used for any further purposes and are normally installed directly by the owner or operator of the site. They can be divided into:
- navigation or session cookies, which ensure normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas); they are in fact necessary for the proper functioning of the site;
- analytics cookies, assimilated to technical cookies where used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site itself, in order to improve site performance;
- Functionality cookies, which allow the user to navigate according to a set of selected criteria (for example, language, products selected for purchase) in order to improve the service rendered to the same. Users’ prior consent is not required for the installation of such cookies (more information in the section Cookie Management below).
Profiling cookies
Profiling cookies are installed in order to create profiles related to the user and are used for the purpose of sending advertising messages in line with the preferences expressed by the user when browsing the web.
User consent is required for the use of profiling cookies.
In the case of third-party cookies, the site has no direct control over individual cookies and cannot control them (it can neither install them directly nor delete them). You can still manage these cookies through your browser settings.
Duration of cookies
Cookies have a lifetime dictated by the expiration date (or a specific action such as closing the browser) set when they are installed. Cookies can be:
- temporary or session (session cookies): are used to store temporary information, allow linking actions performed during a specific session, and are removed from the device when the browser is closed;
- persistent (persistent cookies): these are used to store information, such as login name and password, so that the user does not have to type them in again each time he or she visits a specific site. These remain stored in the device even after closing the browser.
Cookie Management
In compliance with the GDPR, you can change your consent to cookies at any time.
The Data Controller will keep appropriate track of the User’s consent through a special technical cookie. You may deny your consent or change your options regarding the use of cookies at any time. If the user initially gave consent, they can change it by sending an email to the Data Controller.
If consent has already been given but you want to change cookie permissions, you have to delete them through your browser, because otherwise those already installed will not be removed.
16. Notifications to the user in case of attacks on the system.
Stefano Bardari guarantees, as previously written, the protection of the personal data of the users concerned; however, despite the fact that the owner takes all possible comprotamental and technical measures to ensure this protection, attacks by malicious hackers, aimed at hacking the system and acquiring the personal data of users, may occur.
In the event of such a violation, the owner will notify the competent authorities and the user will be promptly informed through the contact details provided or otherwise through communication posted on the homepage of the site.
17. Updating this policy
Any updates to this policy and in any case, any changes about the current conditions regarding the processing of users’ personal data will be notified to the users themselves with a corresponding request for consent.
Users may still consult this policy at https://donkhm.network/privacy.
Last update: April 27, 2022