Privacy Policy – Sprint Academy

This Policy describes how our society, Sprint Academy S.r.l., processes the personal data of users concerning the browsing on the website www.sprintacademy.it (the “Site”), to inform them about which personal data are collected, how they are used, which third parties can have access to such data and how you can use your rights regarding this Treatment.

The treatment takes place in full compliance with and EU Regulation 2016/679 – “Regulation on the protection of individuals concerning the processing of personal data and the free circulation of such data” (the “Regulation”) and of Legislative Decree 196/2003 and subsequent amendments (the “Privacy Code”).

We invite you to carefully read our privacy policy. By accessing the site, you declare that you accept our privacy policy. If you do not consent to this declaration, we invite you not to access other pages of the Site.

Data Controller and Data Processors

The data controller is Sprint Academy S.r.l., in the person of its pro tempore legal representative, with headquarters in Milan, Via Friuli 51, Tax Code, VAT number, and registration number in the Milan Company Register Monza Brianza Lodi n. 10061520960, email info@sprintacademy.it (the “Owner” or the “Company”).

Some external subjects (natural and legal persons) have been appointed as Data Processors, who provide specific services or provide related, instrumental or support activities to those provided by the Company, the complete list of which can be consulted by making a specific request to the following email address: info@sprintacademy.it.

Source of personal data

Personal data are collected directly from the interested party.

Categories of data processed

When browsing the site, some personal data are processed:

a. Navigation data

When browsing the site, the owner receives and collects the identification of the navigation tool, the IP address, the operating system used, and the name of the ISP (Internet Service Provider) of the device itself, the pages visited.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing.

The data could be used to ascertain responsibility in the event of computer crimes: except for this eventuality, the data is currently not kept for more than 7 days.

b. Geolocation

In case of access to the Site via mobile device, the interested party can authorize the activation of the geolocation service. In this case, the position detection data of the devices, including specific geographical positions, for example via GPS, bluetooth, or wi-fi, may also be processed. In the absence of stated authorization, no geolocation data processing will be carried out.

The interested party may at any time interrupt or deactivate the geolocation service by changing the settings of the mobile device, referring to the relevant user manual.

c. Cookie

The Site may use some types of cookies. For further details, see the cookie policy.

d. Data provided by the interested party

In case of registration on the Site, which allows access to specific areas of the same, the interested party will be called to provide some personal data (e.g. name and surname, email address).

Furthermore, the eventual sending of communications via the Site entails the acquisition of the email address and of the additional personal data contained in the communication, which may be used by the Data Controller for communications with the interested parties.

Data retention period

The retention period of personal data:

– for the purposes referred to in point a) of the previous paragraph, it is equal to the duration of the browsing session on the Site. After this term, personal data will be destroyed, deleted or made anonymous (if not already collected anonymously);

– for the purpose referred to in point b) is equal to the period necessary to execute the specific functionality of the Site requested by the interested party;

– for the purpose referred to in point c) it is equal to that provided by law;

– for the purposes referred to in point d), is equal to the entire duration of the “Newsletter” service, until the moment when the interested party unsubscribes from the service itself.

Nature of the provision of data

The provision of data by the interested party can be mandatory or optional.

Concerning the purposes referred to in point a) of the paragraph “Purpose and legal basis of the processing”, the provision of data is mandatory. The related processing does not require the consent of the interested party, as it is based on the legitimate interest of the Data Controller.

Concerning the purpose referred to in point b), the provision of data is not mandatory, but it is necessary to have access to the specific functionality of the Site from time to time requested by the interested party. Failure to provide data would make it impossible for the data subject to have access to this specific functionality. The related processing requires the consent of the interested party.

Concerning the purpose referred to in point c), the provision of data is mandatory. Failure to provide the data would make it impossible for the interested party to access the Site. The related processing does not require the consent of the interested party.

With reference to the purpose sub d), the provision of personal data is always optional; however, failure to provide the data will not allow the provision of the “Newsletter” service. The treatment of the data by the Company for this purpose requires the prior consent of the interested party who, in any case, will have the right at any time to interrupt the processing by requesting the cancellation of the data, using the appropriate “unsubscribe” function contained in each newsletter.

Methods of data processing

Concerning the purposes indicated, the processing of personal data takes place using manual, IT, and telematic tools with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.

The Data Controller guarantees that the security and confidentiality of personal data will be protected by adequate security measures, in accordance with the provisions of the Regulation and the Privacy Code, in order to reduce the risk of destruction or loss, even accidental, of non-access data authorized or treatment not allowed or not in accordance with the purposes of the collection. In any case, the Data Controller assumes no responsibility for the data transmitted via the internet. Likewise, any and all liability of the Owner is excluded in case of opening links or other web pages connected to the Site.

The data processing will be carried out in compliance with the principle of strict necessity. Therefore, the treatment will be reduced to a minimum and in such a way as to exclude it when the purposes pursued in individual cases can be achieved through the use of anonymous data.

Scope of communication and dissemination of personal data

The personal data collected are processed by the staff in charge who needs to know them in the performance of their activities, duly appointed as the subject authorized for processing by the Data Controller, or by external data processors.

In addition, in carrying out its business, the Company, for the performance of contractual obligations or disposed by applicable laws or regulations or to fulfill specific requests

of the interested party, could communicate the personal data of the latter to subjects whose intervention is strictly functional to the execution of the contractual relationship.

For the performance of the above activities, the Company may, therefore, communicate personal data to the following subjects or categories of subjects:

– banking institutions (in the cases provided) for the management of collections and payments;

– subjects who carry out activities connected and instrumental to the execution of the contractual relationship (e.g. service and technical assistance suppliers; product delivery; transmission, packaging, transport, and sorting of communications to customers or suppliers; archiving services for documentation relating to relationships with customers or suppliers);

– public administrations and third parties in the fulfillment of legal obligations.

For this type of communication, the consent of the interested party is not necessary as the treatment is aimed at fulfilling the contractual relationship or complying with legal or regulatory obligations.

The subjects listed operate, in some cases, as external data processors or authorized, appointed for this purpose by the Company, and in other cases, as independent data controllers, in this case releasing specific information to the ‘interested. If the interested party intends to become aware, in detail, of the subjects to whom the data can be communicated, they can make a specific request at the following email address: info@sprintacademy.it.

In no case will personal data be disclosed by the Data Controller.

Transfer of data abroad

Personal data may be transferred abroad, even to countries outside the European Union, provided that the European Commission has found that these countries outside the European Union guarantee an adequate level of protection for the data being transferred.

Third-party social plugins

The Site may use social plugins provided and managed by third parties, such as Facebook.

As a consequence of this, the interested party could send to said third parties the information he is viewing on a certain part of the Site. If the interested party has not logged into his account with said third parties, they cannot become aware of his identity. Otherwise, the latter may be able to link the information relating to your visit to the Site to your account. Similarly, its interactions with the social plugin could be recorded by the latter.

The interested party can consult the privacy policy of said third parties for more information on the measures they have adopted regarding the processing of personal data.

Rights of the interested party

The interested party has the right to request the Data Controller at any time:

– confirmation that personal data concerning him or her is being processed and, in this case, to obtain access to the following information: (i) the purposes of the processing, (ii) the categories

of personal data processed, (iii) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular, if recipients from third countries or international organizations, (iv) when possible, the data retention period personal data, or, if not possible, the criteria used to determine this period, (v) the existence of a decision-making process

automated, including profiling, the logic used, the importance and the expected consequences for the data subject (right of access);

– the correction of inaccurate personal data or the integration of incomplete personal data (right of rectification);

– the cancellation of personal data in the event of (i) revocation of the consent on which the treatment is based in the absence of a different legal basis that allows the treatment itself by the Company;

(ii) opposition to the processing in the absence of any different prevailing legitimate reason for the Company to proceed with the processing itself; (iii) illegal treatment; (iv) fulfillment of a legal obligation; except if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest in the health sector, for statistical purposes, of the storage in the public interest, scientific or historical research or, for the assessment, exercise or defense of a right in court (right to be forgotten);

– the limitation of the processing of personal data (right of limitation).

Furthermore, the interested party has the right to:

– receive in a structured format, commonly used and readable by an automatic device, the personal data provided to the Data Controller and transmit these data to another data controller without impediments by the Data Controller to whom they were provided, if the treatment is based on consent and is carried out by electronic means (right to portability);

– withdraw consent to the treatment, at any time, without prejudice to the lawfulness of the treatment based on the consent given before the revocation;

– propose complaints to the competent supervisory authorities if it is believed that the treatment violates the privacy legislation.

For the exercise of their rights, as well as for any eventual information, the interested party can send an email to info@sprintacademy.it.

Changes to this privacy policy

The Owner reserves the right to update this information. Any changes will be notified to users on the home page of the Site as soon as they are adopted and will be binding upon their publication.