Logo EJS
Open Day Contattaci
COMPRA I NOSTRI CORSI BELLISSIMI
Open dayContact Us

HOME > Privacy Policy

Privacy Policy

This privacy policy is intended to provide all information on the processing of personal data carried out by Ferrari Fashion School S.r.l. when the User accesses and browses this website and/or the social pages connected to it (as better specified below).

1. INTRODUCTION – WHO WE ARE

Ferrari Fashion School Srl with registered office at Via Savona, 97, 20144 – Milan, Tax Code no. 08913130962, VAT no. (IT) 12581670960 and registration number with the Companies’ Register of 12581670960 (hereinafter, the “Controller”), owner of the website www.ferrarifashionschool.it and of the social pages connected to it (hereinafter, the “Site”), as data controller for the processing of personal data of users browsing the site (hereinafter, “Users”), provides below the privacy policy pursuant to Art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, the “Regulation”, or “Applicable Legislation”).

2. HOW TO CONTACT US?

The Controller places the utmost importance on the right to privacy and the protection of the personal data of its Users. For any information regarding this privacy policy, Users may contact the Controller at any time, using the following methods:

  • By sending a registered letter with return receipt to the Controller’s registered office at Via Savona, 97, 20144 – Milan;
  • By sending an e-mail message to privacy@ferrarifashionschool.com.

The Controller has not appointed a Data Protection Officer (RPD or DPO), as it is not subject to the designation obligation provided for by Art. 37 of the Regulation.

3. WHAT DO WE DO? – PURPOSES OF PROCESSING AND LEGAL BASIS

By browsing the Site, as well as by consulting the Controller’s social pages connected to it, the User may obtain information on the services offered by the Controller, on events organized (e.g. open days), educational offerings, news relating to the school and its campuses. Through the social pages, the User may also interact with the Controller and with its community.

In addition, the User may:

    1. Request information and guidance services, submit requests as well as participate in educational and professional activities promoted by the school, such as, for example:
      • Send requests relating to the publication of content, profiles or projects in the dedicated sections of the site (e.g. Alumni area or similar initiatives) and manage the resulting communications with the data subject
      • further information on the various courses offered by the school (hereinafter, “Course Information”);
      • book a guidance meeting to obtain detailed information or visit the campuses (hereinafter, “Open Day”);
      • request information on all scholarships (hereinafter, “Financial Aid and Scholarships”);
      • send an unsolicited application in the “Work with us” section through the “Work with us” form;
      • contact the Controller using the contact details indicated or by filling in the form, both available in the “Contact us” section (hereinafter “Contact the Controller”);
      • Interact with the Controller’s social community, (hereinafter, “Social Interaction”),

(hereinafter, collectively the “Service” or the “Services”).

In relation to the Service, the Controller collects personal data relating to Users.

In particular, Users’ personal data will be lawfully processed by the Controller for the following purposes of processing:

a) Provision of the Service: to allow the provision of the Service through the User’s browsing of the Site.

Depending on the specific aspect of the Service used, the Controller may process:

  • Browsing data: all personal data whose transmission is implicit in the use of Internet communication protocols, such as: IP addresses used by users connecting to the Site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, log files and other parameters relating to the User’s operating system and IT environment.
  • Name, surname, e-mail address, telephone number, as well as all further personal information requested within the various forms and/or communicated within the chat, as well as any additional data possibly and voluntarily communicated by the User including, where deemed necessary by the data subject/functional to the request, any data belonging to special categories pursuant to Art. 9 of the Regulation (e.g. health-related data).
  • (in the case of Social Interactions) the User’s nickname and contact details on the specific social network used, as well as comments and interactions with the content of the Controller’s social pages.

Unless the User gives the Controller specific and optional consent to the processing of their data for the further purposes provided for in the following paragraphs, the User’s personal data will be used by the Controller exclusively for the purpose of verifying the User’s identity (including through validation of the e-mail address), thereby preventing possible fraud or abuse, and contacting the User solely for service-related reasons (e.g. sending notifications relating to the services offered by the Controller). Without prejudice to what is provided elsewhere in this privacy policy, under no circumstances will the Controller make Users’ personal data accessible to other Users and/or third parties.

In certain forms, the necessary data will be marked with an asterisk: in the absence of this symbol, all requested data shall be understood as necessary.

b) administrative-accounting purposes, that is, to carry out organizational, administrative, financial and accounting activities, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations;

c) legal obligations, that is, to comply with obligations provided for by law, by an authority, by a regulation or by European legislation.

The provision of personal data for the processing purposes indicated above is optional but necessary, since failure to provide such data will make it impossible for the User to browse the site and use the Services offered by the Controller on the Site.

Without prejudice to what is provided elsewhere in this privacy policy, under no circumstances will the Controller make Users’ personal data accessible to other Users and/or third parties.

In relation to the purposes described, the following legal bases of processing are identified:

  • Management of the Service (as described in the previous par. 3, letter a)): the legal basis consists of Art. 6, paragraph 1, letter b) of the Regulation, namely the processing is necessary for the performance of a contract to which the User is party or for the implementation of pre-contractual measures adopted at the User’s request. In the case of processing personal data belonging to special categories, the legal basis consists of Art. 9, paragraph 2, letter a) of the Regulation, namely the explicit consent given by the data subject by voluntarily communicating such data to the Controller within the open fields of the forms or of the chat.
  • Administrative-accounting purposes (as described in the previous par. 3, letter b)): the legal basis consists of Art. 6, paragraph 1, letter b) of the Regulation, as the processing is necessary for the performance of a contract and/or for the implementation of pre-contractual measures adopted at the User’s request.
  • Legal obligations (as described in the previous par. 3, letter c)): the legal basis consists of Art. 6, paragraph 1, letter c) of the Regulation, as the processing is necessary to comply with a legal obligation to which the Data Controller is subject.

4. FURTHER PROCESSING PURPOSES

4.1 Marketing (sending advertising material, direct sales and commercial communication)
In the event of the user’s registration through a dedicated webform and/or the provision of consent on the occasion of another request, some of the User’s personal data (namely name, surname, e-mail address and telephone number) may also be processed by the Controller for marketing purposes (sending advertising material, direct sales and commercial communication), that is, so that the Controller may contact the User by e-mail (newsletter), post, telephone (landline and/or mobile, with automated call systems or call communication systems with and/or without the intervention of an operator) and/or SMS and/or messaging services and/or for the purposes of creating custom audiences or lookalikes on the Controller’s social pages, to propose to the User services offered by the Controller itself and/or by partners, present offers, promotions and commercial opportunities.

In the event of failure to give consent, the possibility of registering on the Site will not be affected in any way.
In the event of consent, the User may revoke it at any time by making a request to the Controller using the methods indicated in the following paragraph 8.

Specific information on e-mail communications (newsletter): the User may also easily object to further promotional communications via e-mail by clicking the appropriate link for revoking consent, which is present in each newsletter e-mail. If the User intends to revoke their consent to the sending of promotional communications by telephone, while continuing to receive promotional communications via e-mail, or vice versa, please send a request to the Controller using the methods indicated in the following paragraph 8.

The Controller informs that, following the exercise of the right to object to the sending of promotional communications via e-mail, it is possible that, for technical and operational reasons (e.g. creation of contact lists already completed shortly before the Controller received the objection request), the User may continue to receive some further promotional messages. Should the User continue to receive promotional messages after 24 hours have elapsed from the exercise of the right to object, please report the problem to the Controller, using the contacts indicated in the following paragraph 8.

Specific information on promotional activities through social networks: in particular with regard to interaction with social pages, if the User has given consent to the use of profiling cookies on the Site, the Controller may also process the User’s contact details (in particular the e-mail address) and the data communicated by the user during interaction with the social pages – such as the information provided by the user to the social media based on the privacy settings selected on that social media – in order to show the User promotional ads and content consistent with their interests, based on the preferences and consumer habits identified through cookies and/or other tracking systems of social media operators (to whose terms and conditions reference is made) and/or following the analysis that the social media themselves carry out on their users.

In particular, the Controller may show, through digital platforms, relevant marketing content and advertising based on the User’s interests, whose information regarding preferences and interests, consumer habits, spending margins, etc. has been acquired: (i) following profiling activity carried out on the Site and shared (also through APIs) with digital platforms, ; or (ii) based on the correspondence between the preferences and interests expressed by the User who visited the Site and accepted profiling cookies and the cluster of users identified by the social platform (e.g., retargeting); (iii) using the targeting tools made available by social platforms, defining the target of users potentially interested in the Controller’s services and turning to social platforms to disseminate advertising messages in a targeted manner to their users who match the defined target. If the User interacts with that advertisement on the social platform, such interaction may be evaluated for the purposes of the effectiveness of the campaign itself, where the user has accepted the use of tracking tools, such as, by way of example, the Meta or Tik Tok Pixel, installed on the Site, through cookie management tools (e.g., prospecting). Further information on the processing carried out through tracking tools is available in the Cookie Policy.

5. PROCESSING METHODS AND DATA RETENTION PERIODS

The Controller will process Users’ personal data using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the data.

The personal data of Site Users will be retained for the time strictly necessary to fulfill the primary purposes illustrated in the previous paragraph 3, or in any case as necessary for the protection in civil law proceedings of the interests of both Users and the Controller.

In the cases referred to in the previous paragraph 4, Users’ personal data will be retained for the time strictly necessary to fulfill the purposes illustrated therein and, in any case, until the User revokes their consent.

6. SCOPE OF DATA COMMUNICATION AND DISCLOSURE

The User’s personal data may be transferred outside the European Union and, in such case, the Controller will ensure that the transfer takes place in compliance with the Applicable Legislation and, in particular, in compliance with Arts. 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to appropriate safeguards) of the Regulation.

The Controller’s employees and/or collaborators appointed to manage the Site and Users’ requests may become aware of Users’ personal data. These subjects, who have been instructed in this regard by the Controller pursuant to Art. 29 of the Regulation, will process Users’ data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Legislation.

Third parties who may process personal data on behalf of the Controller as Data Processors may also become aware of Users’ personal data, such as, by way of example, providers of IT and logistics services functional to the operation of the Site, providers of outsourcing or cloud computing services, professionals and consultants. Specifically, with reference to the newsletter service, the data are also processed through the platform and IT tools offered by the “Benchmark Email” service, of the American company Benchmark Internet Group, LLC, 10621 Calle Lee, Building 141 Los Alamitos, CA 90720.

Users have the right to obtain a list of any data processors appointed by the Controller by making a request to the Controller using the methods indicated in the following paragraph 8.

7. RIGHTS OF DATA SUBJECTS

Users may exercise the rights guaranteed to them by the Applicable Legislation by contacting the Controller in the following ways:

  • By sending a registered letter with return receipt to the Controller’s registered office at Via Savona, 97, 20144 – Milan;
  • By sending an e-mail message to: privacy@ferrarifashionschool.com.

The Controller has not appointed a Data Protection Officer (RPD or DPO), as it is not subject to the designation obligation provided for by Art. 37 of the Regulation.

Pursuant to the Applicable Legislation, the Controller informs that Users have the right to obtain information on (i) the origin of the personal data; (ii) the purposes and methods of processing; (iii) the logic applied in the case of processing carried out with the aid of electronic tools; (iv) the identification details of the controller and processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as processors or persons in charge.

Furthermore, Users have the right to obtain:

  1. access, updating, rectification or, where they have an interest, the completion of the data;
  2. the erasure, the transformation into anonymous form or the restriction of data processed in breach of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
  3. certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disclosed, except where such fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right.

Furthermore, Users have:

  1. the right to withdraw consent at any time, where the processing is based on their consent;
  2. the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format);
  3. the right to object:
    1. in whole or in part, on legitimate grounds, to the processing of personal data concerning them, even if relevant to the purpose of collection;
    2. in whole or in part, to the processing of personal data concerning them for the purposes of sending advertising material or direct sales or for carrying out market research or commercial communication;
    3. where personal data are processed for direct marketing purposes, at any time, to the processing of their data carried out for such purpose, including profiling to the extent that it is connected to such direct marketing.
  4. where they believe that the processing concerning them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State where they habitually reside, where they work, or where the alleged violation occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, with office at Piazza Venezia no. 11, 00187 – Rome (http://www.garanteprivacy.it/).

The Controller is not responsible for updating all links viewable in this Policy; therefore, whenever a link is not functioning and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by such link.

keyboard_arrow_up