1. GENERAL INFORMATION
This is to inform you that relationships established with JEA (Jazz Education Abroad) may involve the processing of personal data in accordance with the following general principles:
• all data are processed lawfully, fairly and in a transparent manner in relation to the Data subject, in accordance with the general principles laid down in Article 5 of the GDPR;
• specific security measures are observed to prevent loss of data, unlawful or incorrect use of them, modification of the data and unauthorized access.
JEA (Jazz Education Abroad)
2. SUBJECT OF THE PROCESSING
The Data Controller may collect the following types of data:
2.1. Personal data processed
The Data Controller processes personal data of contacts, visitors, clients, suppliers, candidates, employees, holders of corporate offices, website users and third parties, acquired and used in the context of the business activity carried out by the Data Controller.
The data collected relate to, for example: first name, family name, company name, personal/financial details, profession, address, telephone, email, and bank and payment references.
Los datos recabados hacen referencia, por ejemplo a: nombre, apellidos, razón social, datos del registro civil/fiscales, profesión, dirección, teléfono, correo electrónico, datos bancarios y de pago.
2.2. Cookies and browsing data
Among the browsing data collected are IP addresses or the domain names of computers used by users who connect to the website, the addresses of the resources requested, the time of the request, the method used to make the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.
3. PURPOSES AND LEGAL BASIS FOR THE PROCESSING
The personal data is processed to:
• comply with the obligations laid down by the law, by a regulation, by EU rules or by an order from the authorities;
• marketing purposes (including sales communications, promotions and invitations to events, newsletters and communications for company initiatives);
• profiling purposes, for marketing activities;
• exercise a legitimate interest as well as a Controller’s right (for example: the right to a defence in a court of law, the safeguarding of credit positions, ordinary internal operational, management and accounting requirements);
• conclude contractual relationships and grant professional appointments;
• evaluate/hire new personnel and manage the work relationship;
• fulfill pre-contractual, contractual, administrative and fiscal obligations deriving from existing relationships, as well as manage the necessary communications connected with these and safeguard the rights generated by the relationship.
The above purposes represent suitable legal bases for the lawfulness of the processing according to Article 6, subparagraph 1, points (b), (c) and (f) of the GDPR. If it is intended to carry out processing for different purposes the appropriate consent will be requested from the data subjects.
Lack of consent to the processing of personal data will render it impossible to establish a relationship with the Data Controller.
4. METHODS OF PROCESSING
Personal data are subject to processing as referred to in Article 4 paragraph 2 of the GDPR, either in paper or in electronic and/or automated form. The Data Controller will process the personal data for the time necessary to fulfill the purposes for which they were collected and the relative legal obligations.
5. SCOPE OF THE PROCESSING
The data are processed by regularly authorized and instructed internal persons in accordance with Article 29 of the GDPR. The Data Subject may request the scope of communication of his or her personal data, obtaining information on the external persons who operate as independent Data Processors or Controllers (consultants, technicians, banks, hauliers, etc.). We would also inform you that the personal data may be subject to communication between the Group’s companies and/or dissemination and/or transfer to non-EU countries.
If it should be necessary, in the context of bids/tenders or in complying with regulatory obligations (e.g. joint and several liability, laws against bribery, organized crime, money laundering, etc.) to acquire from clients/suppliers the personal data of their employees, it is agreed between the parties that JEA (Jazz Education Abroad) will be legally authorized for the processing as external Processor (Article 28 GDPR) or as an authorized person (Article 29 GDPR). In the context of this relationship JEA (Jazz Education Abroad) undertake to process these data in accordance with the requirements for compliance laid down by the GDPR, guaranteeing their possible communication to further subjects exclusively in the context of specific legal obligations.
6. RECIPIENTS OF THE DATA
The personal data may be communicated to external subjects operating as data controllers, for example, supervisory and monitoring authorities and bodies and in general public or private subjects legally authorized to request the data, such as, for example:
• Financial Administrators and other agencies and public service corporations in fulfillment of regulatory obligations.
• Financial Administrators and other agencies and public service corporations upon request of the same.
The data may be processed, on behalf of the Controller, by external subjects appointed as data processors, who carry out specific activities on behalf of the Controller, such as:
• Agents and brokers for our company.
• Shipping agents for dispatching products ordered.
• Banks for managing payments.
• Agencies, or other bodies, appointed to provide commercial information or send publicity or information material.
• Business information companies.
• Companies and legal offices for protecting rights arising from the contract.
• JEA (Jazz Education Abroad) information systems and outsourcing companies for data management and storage.
7. RIGHTS OF THE DATA SUBJECT
JEA (Jazz Education Abroad) guarantee that you can exercise at any time the rights laid down in Article 12 of the GDPR. In particular, you have the right:
• to know if the Controller holds and/or processes personal data relating to the you and to access them fully, and also to obtain a copy (Article 15 Right of access);
• to rectify inaccurate personal data or to supplement incomplete personal data (Article 16 Right to rectification);
• to erase personal data in the Controller’s possession if one or more of the grounds laid down in the GDPR applies (Article 17 Right to erasure);
• to ask the Controller to restrict the processing only of some of the personal data, if one of the reasons laid down in the GDPR applies (Article 18 Right to restriction of processing);
• to request and receive all the personal data processed by the controller, in a structured, commonly used and machine-readable format or to request that those data are transmitted to another Controller without hindrance (Article 20, Right to data portability);
• to object, wholly or in part, to the processing of personal data for purposes of sending publicity materials and market research (Article 21 Right to object);
• to object, wholly or in part, to the processing of personal data by automated or semi-automated means for profiling purposes.
• to lodge a complaint with the competent supervisory authority of the Member State in which the data subject resides or works or of the State in which the presumed infringement has taken place.
These rights may be exercised by notifying the Data Controller at the following email address: firstname.lastname@example.org