Document about Personal Data Processing (art. 13, 14 of EU Regulation 2016/679)


Glossary of Terms

Personal Data is any information related to a natural person that can be used to directly or indirectly identify him/her

Processing is any operation performed on Personal Data, whether or not by automated means, such as collection, use, recording.

Data Controller is the entity that determines the purposes, conditions and means of Personal Data Processing

Data Processor is any entity that processes Personal Data on behalf of the Data Controller

Data Subject is the natural person whose Personal Data is processed by a Data Processor

Recipient is any entity to which Personal Data is disclosed

Right to be Forgotten is the right entitling the Data Subject to have the Data Controller erase his/her Personal Data, cease further dissemination and potentially have third parties cease Processing

Data Erasure is the action performed by the Data Controller to allow the Data Subject to exercise his/her Right to be Forgotten

Data Portability is the requirement for the Data Controller to be able to provide the Data Subject with a copy of his/her Personal Data in a format that can be easily read by another Data Controller

Pseudonymization is any processing of Personal Data such that it can no longer be attributed to a single Data Subject without the use of additional data


Data Subjects: e-Learning Courses students and users

Net Service SpA, with reference to the Processing of your Personal Data within the context of the services named Net Service Academy, is the Controller of this Processing, according to EU Regulation 2016/679 (or General Data Protection Regulation, or GDPR).

With this document, the Data Controller wants to inform you about the principles according to which your Personal Data will be processed, considering that this processing will be characterized by appropriacy, lawfulness, transparency and protection of your privacy and your rights.

Every Processing activity is compliant with the articles 6 and 32 of the GDPR and adopts the appropriate security measures envisaged there.

Processing purpose: Your Personal Data will be processed by computer systems and software managed also by third parties (our suppliers or sub-suppliers) with the purpose of performing functional tasks and to implement the correct functioning of the procedures envisaged by the EU Regulations on this subject. The Processing will be performed by virtue of the consent you give by approving this document and by using the system. Without this consent, you will not be allowed to access the system.

Providing your Personal Data is optional (in any case, we will not be able to check out its truthfulness) but, lacking it, we will not be able to allow you to perform the above activities.

Your Personal Data will be shared with or used by third parties who act as Data Processors. These are:

  • Stripe Inc. (credit cards processor), 510, Townsend Street, San Francisco, CA 94103, USA

  • Companies of the group Google LLC (cloud and analytics services), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (the EU model contract can be viewed here


The Data Processors and all the staff explicitly authorized by the Data Controller (Software Developers, Analysts and Back Office staff) guarantee an appropriate processing, ensuring that the rights of the Data Subject are safeguarded.

In compliance with the EU Regulation 2016/679, your Personal Data might be communicated out of the European Union. In particular, by using some Cloud services, it can be communicated to Google LLC as indicated above.

Retention time: We inform you that, in accordance with the principles of lawfulness, purpose limitation and data minimization (article 5 of the GDPR), your Personal Data will be retained 3 years since the end of the relationship.

You have the right of obtaining from the Data Controller

  • the Erasure (Right to be Forgotten)

  • the limitation

  • the update

  • the rectification

  • the portability

of your Personal Data, by sending a communication to the aforementioned contacts. We will proceed according to the regulations envisaged by the GDPR.

At any moment, you will be allowed to revoke the consent given by approving this document. Under this revocation, the Data Controller will no longer be able to guarantee the activities of the portal.

At any moment, you can object to the Processing of your Personal Data and, in general, exercise the rights envisaged by the articles 15, 16, 17, 18, 20, 21 of the GDPR.

EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the Data Subjects

  1. The Data Subject has the right of knowing about the existence of Personal Data referring to him/her, even though not yet recorded, and of obtaining that it be communicated to him/her in an intelligible format.

  2. The Data Subject has the right of knowing

    1. the sources of his/her Personal Data

    2. the purposes and the details of the Processing

    3. how the Personal Data is processed, in case of automated processing

    4. any information needed to identify the Data Processors

    5. the persons or the categories of persons to whom Personal Data can be communicated, or who can learn about it either as representatives appointed on the State territory or as Data Processors

  3. The Data Subject has the right of obtaining

    1. the update, the rectification and, when he/she has a stake in, the integration of his/her Personal Data

    2. the Erasure or the Pseudonymization of his/her Personal Data

    3. the certification that the above operations have been communicated, even in their contents, to those who Personal Data was communicated or disseminated to, except when this is impossible or requires an amount of resources blatantly disproportioned with respect to the safeguarded right

    4. the Data Portability

  4. The Data Subject has the right to file a complaint to the Competent Data Protection regulation’s body if the Data Controller does not satisfy his/her requests.


The Data Controller reserves the right to modify, update, add or remove parts of this document at its own discretion and at any moment.

The Data Subjects are held to periodically check any possible modifications.

To make this check easier, this document displays the date it was last updated.

For more information and possibilities for renunciation, please visit the website


This Policy was last updated on August 10, 2018.


Should you have any inquiry, please contact our Data Protection Officer (DPO) at:

Data Protection Officer

Net Service SpA

Via Montegrappa 4d

50122 Bologna (I)

VAT no: 04339710370

e-mail: [email protected]

tel: +39 0516241989