Thank you for visiting the Website of Testbusters Imat Prep School.
Pursuant to Article 13 of EU Regulation 2016/679 (hereinafter “GDPR”), Testbusters informs you that your data will be processed in accordance with the principles of fairness, lawfulness and transparency, in respect of your fundamental rights, and complies with all applicable current regulations.
You can find all details on processing of your personal data below.
The Data Controller regarding Personal Data processing operations carried out through this Website is Testbusters S.r.l., with registered office in Via Ulpio Traiano, 17 20149, Milan – Italy. Tesbusters S.r.l. will process Personal Data in accordance with Regulation EU no. 2016/679 and national personal data protection regulations.
Nature of Data processed
Personal Data may be freely provided by the User by filling out the registration form, or, in case of Usage Data, collected automatically when using this Website.
By registering, the User consents to provide his/her Data for the performance of services and/or the purchase of products sold on this Website.
The Personal Data that this Website collects, by itself or through third parties, are: First Name, Last Name, Address, Country, Postal Code, Username, Email Address, Password, Tax code, VAT number, Usage Data, IP Address and other Navigation Data.
Failure to provide certain data (e.g. Contact Data or certain Usage Data etc.) may make it impossible for the Website to provide its services. Some Technical Navigation Data is necessary for the use of the Website, and its provision is mandatory. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or functioning of the Service.
Other Personal Data may be collected during the courses and may include educational qualifications, years of professional experience and curricular information: this Data is voluntary provided by the User, and it is not necessary for the provision of the Service;
Users are responsible for any third-party Personal Data entered in this Website and confirm that they have the third party’s consent to provide the Data to the Data Controller.
Methods and place of processing
The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. Data collected are processed by those designated to do so using paper-based, automated and remote electronic systems, following organizational procedures and modes strictly related to the purposes indicated.
The Data is processed at the Data Controller’s operating offices and possibly at the locations of external Data Processors.
The Personal Data will be processed within the territory of the European Union. Should it become necessary, for technical or operational reasons, to transfer Personal Data to external Data Processors located outside the European Union, the processing will be regulated in accordance with the provisions of chapter V of EU Regulation 2016/679. Therefore, all necessary precautions will be taken in order to guarantee protection of Personal Data.
Recipients of Personal Data
Your Personal Data will not be communicated to third parties nor disclosed. Third parties performing support activities of any type for provision of services by the Data Controller, in connection with which they perform Data processing operations, are designated as Data Processors and are under contractual obligation to comply with security and confidentiality measures for handling and processing. The identity of these third parties may be requested from the Data Controller at any time.
Personal Data may be communicated to and processed by:
-employees and/or collaborators of the Data Controller, who operate under its direct authority;
-persons or companies performing activity in outsourcing, as external Data Processors, appointed by the Data Controller (including parties assigned to perform assistance, communication, marketing, advertising, analytics, web hosting, IT services) and their employees and collaborators.
-public entities, bodies or authorities, in accordance with the applicable law or binding orders of those entities, bodies or authorities.
Retention of Personal Data
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for. The Data Controller may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
In particolare, i Dati impiegati per l’acquisto di beni e servizi saranno conservati per l’erogazione dei servizi richiesti e per l’assolvimento degli obblighi amministrativo-contabili per un tempo non superiore a 10 anni dall’ultima transazione registrata, fatto salvo un ulteriore periodo di conservazione che potrà essere imposto da norme di legge.
I Dati trattati per finalità di marketing e per sondaggi e indagini di mercato potranno essere lecitamente conservati per 8 anni dal momento in cui è stato espresso il consenso, a meno che l’Utente non comunichi precedentemente la propria volontà di revocare il consenso per tale finalità. La durata della conservazione è stabilita in considerazione della tipologia di servizi offerti e tenendo conto della frequenza media di acquisto dei clienti (con particolare riferimento al tempo medio intercorrente tra l’acquisto di prodotti finalizzati alla preparazione del test di ammissione alla facoltà di medicina e l’acquisto di prodotti finalizzati alla preparazione del concorso per l’accesso alle Scuole di specializzazione medica.)
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
Legal basis for processing
The Data Controller may process Personal Data relating to Users if one of the following applies:
-processing is necessary for the performance of the Contract with the User or any pre-contractual step;
-processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
-processing is necessary for the pursuit of the legitimate interests of the Data Controller or of a third party;
-the User has given express consent to the processing of the Personal Data provided for one or more specific purposes;
The User can always ask the Data Controller to clarify the legal basis each processing is based upon.
Purpose of processing
The Data concerning the User is collected to allow the Data Controller to:
– provide the Service;
– handle payments;
– provide information on the Service purchased by the User;
– manage requests of the User and respond to them;
– notify the User of maintenance or outage of the Website;
– carry out statistical analyses;
– comply with its legal obligations;
– respond to enforcement requests;
– protect its rights and legitimate interests, or those of its Users or third parties;
– manage complaints and any disputes;
– detect any malicious or fraudulent activity.
Personal Data may be processed for the following purposes only with express consent of the User, which may be withdrawn at any moment, by sending a request to the Data Controller via the “Contact Us” section of the Website:
– send commercial information and inform the User of new commercial offers;
– carry out market research, either internally or through third parties, specifically appointed as Data Processors.
Rights of Users
Users are entitled to exercise the following rights, at any time:
-Right to access. Users have the right to learn if Data is being processed by the Data Controller, access and obtain copy of such data and the related information (including the purposes of processing, the categories and origin of the Personal Data, the categories of recipients to whom it has been or could be disclosed, the retention period or the criteria used to determine that period, the rights which may be exercised).
-Right to rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected where it may be inaccurate or incomplete.
-Right to erasure. Users have the right to obtain from the Data Controller the erasure of their Personal Data without undue delay where the Data has been unlawfully processed, is no longer necessary for the purposes for which it has been processed, or the legal basis for processing no longer exists.
-Right to restriction of processing. Users have the right to restrict the processing of their Data where the processing is unlawful or no longer necessary for the purposes for which it has been processed. Users have the right to obtain from the Data Controller the restriction of processing, for the period necessary for the respective checks to be performed, when they dispute the accuracy of the Personal Data processed or object to the processing.
-Right to data portability. Users have the right to receive their Personal Data in a structured, commonly used, machine-readable format and, if technically feasible, obtain transmission to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
-Right to object. Users have the right to object at any moment to the processing of their Personal Data which is based on a legitimate interest pursued by the Data Controller or by third parties. In this case, the Data Controller abstains from further processing of your Personal Data unless it demonstrates the existence of legitimate and binding reasons which prevail over your interests, rights or freedoms or processing is necessary to ascertain, exercise or protect a legal right.
-Right to withdraw consent. Users have the right to withdraw consent for any of the purposes for which it has been provided where they have previously given their consent to the processing of their Personal Data.
-Right to lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Users may exercise these rights by accessing the “Contact us” section of the Website or by sending a certified email to firstname.lastname@example.org. These requests can be exercised free of charge and will be addressed as early as possible.
You can withdraw consent for marketing also by selecting the unsubscribe link included in the footer of every promotional email.
Consent for cookies may be modified by changing your browser settings.