Terms of Service

Messaggio di informazione
Before you proceed to ILIAS you accept the following Terms of Service.

INFORMATION
PURSUANT TO ART. 13 OF THE REGULATION (EU) 2016/679


In order to make the platform increasingly optimized and geared to meet your training needs, we ask you to read the privacy policy before accessing your content.


We inform you, pursuant to Art. 13 of the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (“GDPR”) that your personal data could be processed according to the current legislative and contractual provisions.

In relation to the above, we inform you that:


1. Data Controller.

The Data Controller, that is whoever determines the purposes and means of the processing of personal data, is IMA S.p.A. (hereinafter the “Company”), and can be contacted by registered post to be sent to the Company’s headquarters in Via Emilia, 428-442 Ozzano dell’Emilia (BO), or by e-mail to: privacy@ima.it.

The Company has appointed a data protection officer (“DPO”) who can be contacted to obtain clarifications on the processing of your personal data at the following address: DATAPROTECTIONIT@ima.it.


2. Personal Data Processed.

For purposes described in paragraph 3 below, the Company will process the following personal data (“Personal Data”):

  • biographical data (e.g. name and surname);
  • email address;
  • employer company and company position;
  • learning progresses recorded within Skillgate platform, and in particular:
    • your time zone;
    • first and last access to the training course(s) made available to you;
    • number of accesses;
    • time spent consulting the course(s) and time spent on the singles modules of the course(s);
    • final result you obtain.

Data update

At any time, you can verify that the Personal Data processed for the purposes as per this information are correct and, should they be changed, you can request the update of this data, by sending an email to privacy@ima.it or by registered post to the Company’s headquarters.


3. Purposes of the processing and legal basis.

The collection and the processing of your Personal Data are carried out in order to allow you to participate remotely in the training courses purchased by your company and provided by IMA. The specific purposes of the data processing are:

  1. the performance of the existing contract with your company and the provision of the related services requested by you;

  2. the provision of first level technical support to the users;

  3. monitoring the courses in order to continually review their content and assure the progressive improvement of the quality of our offer (thanks to the analysis of the relevant KPI);

  4. the protection of the rights of the Company or of the IMA Group, both in court and out of court proceedings.

The processing of your personal data for the purposes mentioned above has its legal basis on:

  • Art. 6, para. 1 lett. b) of the GDPR – processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract – with regard to lett. a) above;
  • Art. 6, para. 1 lett. f) of the GDPR – processing is necessary for the purposes of a legitimate interests pursued by the controller – with regard to lett.b); c) and d) above.

We hereby remind you that you can object to the processing at any time by contacting the Company as per in paragraph 8 below, except in the event that the Company demonstrates the existence of prevailing, compelling, legitimate grounds for the exercise or the defence of a right, pursuant to Art. 21 of GDPR.


4. Means of data processing.

The processing by the Company of your Personal Data shall be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights, in accordance with the principles expressed by the GDPR.

Your Personal Data will be processed by IT instruments and it shall include – in compliance with the limits and conditions laid down by the privacy legislation – all the operation or set of operations necessary for the processing at issue, including communication to subjects as per para. 5 below. The processing of Personal Data shall be carried out in compliance with confidentiality and security rules provided by European regulations, by law, and other national provisions.

Processing of your Personal Data is achieved by means of the operations described in Art. 4 no. 2 GDPR, that are: collection, recording, organisation, structuring, updating, storage, adaptation or alteration, retrieval and analysis, consultation, use, disclosure by transmission, comparison, alignment, restriction, erasure or destruction.

The Company guarantees the logical and physical security of the Personal Data and, in general, the confidentiality of the Personal Data processed, implementing all the appropriate technical and organisational measures required to avoid the loss of Personal Data, the unlawful use or, in any event, the incorrect use of the same, and unauthorized access by third parties.


5. Categories of personal data recipients.

The Company, for the purposes described in paragraph 3 above, could communicate your Personal Data to:

  • employees and collaborators of IMA, who shall act in their capacity as authorized data processing personnel and/or consultants appointed by the data controller who need to process the Personal Data for the performance of their duties;
  • third parties who carry out outsourcing activities on the behalf of the Company, providing specific services as data processors pursuant to Art. 28 GDPR (“Data Processor”). For information on the names and other details of the Data Processors, you can contact IMA to the following address: privacy@ima.it or by mail to the Company headquarters.

6. Personal Data Storage Period.

Your Personal Data shall be stored for the period of time strictly necessary for the purposes of the data processing indicated in para. 3 above and in particular for the period of time necessary for the fulfilment of the contractual obligations and, in any event, for no longer than 10 years from the termination of the contractual relationship, in compliance with the applicable laws.

The Company may retain your Personal Data for longer period if it is necessary in order to defend its rights.


7. Rights of the Data Subject.

With reference to your Personal Data you can exercise, at any time, the rights pursuant to the GDPR as indicated below:

  • Right of Access pursuant to Art. 15: obtain confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the following information: the purposes of the processing, the categories of Personal Data concerned, the recipients to whom the Personal Data have been or will be disclosed,  the envisaged period for which the Personal Data will be stored, the right to lodge a complaint with a supervisory authority, the existence of the right to request from the controller rectification or erasure of Personal Data or restriction of processing of Personal Data concerning the data subject or to object to such processing and the existence of automated decision-making;
  • Right to Rectification pursuant to Art. 16: obtain from the controller, without undue delay, the rectification of inaccurate Personal Data concerning you and the right to have incomplete personal data competed;
  • Right to Erasure pursuant to Art.  17: obtain from the controller, without undue delay, the erasure of Personal Data concerning you;
  • Right to Restriction of Processing pursuant to Art. 18: ‘restriction of processing’ means the marking of stored Personal Data with the aim of limiting their processing in the future. This will imply the responsibility on the part of the Company to suspend the processing of your Personal Data;
  • Right to Data Portability pursuant to Art.  20: in the event of automated processing carried out in execution of a contract or on the basis of the explicit consent, to receive your Data in a structured, commonly used and machine-readable format;
  • Right to Object pursuant to Art. 21: object to the processing of Personal Data concerning you, unless the controller demonstrates compelling legitimate grounds for the processing;

The Company, moreover, informs you that it is possible to lodge a complaint pursuant to Art. 77 with the competent supervisory authority based on your residence, workplace or place of infringement of your rights; in Italy, the supervisory authority responsible for monitoring application of the GDPR is the Italian Data Protection Authority (“DPA”). The contact details of the national DPA are available on the website: http://www.garanteprivacy.it/.

You may exercise your above listed rights by means of a request to be sent by email to privacy@ima.it or by registered post to the Company Headquarters.

Requests relating to the exercise of your rights shall be processed without undue delay and in any event within 30 days from the receipt of the request.


Finally, we inform you that the Company reserves the right to modify or update this information also in order to comply with new obligations imposed by laws or for technical reasons.


Entra in ILIAS Home