INDICATIONS FOR APPLICATION OF CONSENT
The European regulation (UE) 679/2016 (General Data Protection Regulation, GDPR), has introduced rules for the guardianship of natural persons in relation to the personal data processing. The Centro Universitario Internazionale, a training, research and university cooperation organization recognized with Ministerial Decree 29/03/1996, based in Via Divisione Garibaldi, 23; 52100 Arezzo-IT-VAT. 0139941051, Fiscal Code 04331000481 (hereafter CUI) which provides services of psychological and cognitive evaluation for companies and people living in any places of different ages and occupational conditions (students, workers, citizens in general)has adjusted the level of security in the processing of data received.. To provide their own evaluation services the CUI treats data as much by his own account as in favor of third party bodies (companies, recruitment companies, employment agencies, schools, universities, etc.)
- To learn how CUI treats the data given by you: see Points 2.1, 2.1.1. and 2.2. of the present information.
- To learn how third party bodies treat the data given by you as a whole: see point 2.4 of the following text and the additional information that third party bodies have communicated to you.
- To know how to exercise your rights guaranteed by the GDPR: Read point 8 of this information.
At the end of the reading you can express your consent or deny the consent to the data treatment as indicated.
- INFORMATION COLLECTED BY CUI AND BY THIRD PARTY BODIES
- MAINTAINING DATA FOR SPECIAL PURPOSES
- SAFETY AND RISKS
- SERVICES FOR PERSONS UNDER THE AGE OF 18
- RESPONSIBILITY FOR THE DATA PROCESSING
- REQUEST FOR CONSENT TO INFORMATION
The European Regulation (EU) 679/2016 (General Data Protection Regulation, GDPR) has introduced rules for the guardianship of natural persons in relation to the treatment of personal data. This privacy information is adopted in accordance with that regulation and applies to all products, services, websites and "app" offered by the owner of the treatments which is the Centro Universitario Internazionale, a training, research and University cooperation recognized with Ministerial Decree 29/03/1996, based in Via Divisione Garibaldi, 23; 52100 Arezzo-IT-P. VAT 0139941051, Fiscal Code 04331000481 (hereafter CUI), through the software "Originalskills" and "Integrityview".
In this document the Software (Originalskills, Integrity View), Websites (Originalskills.com, Skillview.info, studentsoftskills) and "App are called "Services” or “Originalskills". Except where differently specified, services are provided by CUI. CUI is the creator and curator of evaluation scientific contents in work and private field and is helped by the technological partner Webratio SRL for the Computer Management of the Services aimed at companies and private citizens.
- TYPOLOGY OF DATA TREATED IN THE PROVISION OF SERVICES
With the term "personal information", or simply “information”, it is made refer to the user personal information collected through the databases of the software predisposed by CUI and elaborated with automatic systems for contextualized evaluation purposes (services for the employment, for the school), of personal development and training.
Third party body. The data and information collected with the services are used directly by third party bodies, CUI customers. Are third party bodies the companies (including consulting and selection societies; supply companies, employment agencies), universities, non-profit organizations, schools, professionals, psychologists, etc. who use CUI services to provide services to their own customers& users. CUI's business partners are also third party bodies.
Each third party body has direct access to the evaluation data produced and information of its clients/users through an account provided by the CUI with passwords encrypted. Each third party body is therefore responsible for the data processing resulting from the algorithmic elaboration and of the information that have to do with this data through the CUI’s services.
Access to third party bodies data. Given the nature of the professional service offered (support of evaluation in the activities of selection, evaluation and development of the employees) CUI’s specialized personnel can have access to the data of third party bodies only for reasons related to the technical and scientific advice specifically required by them.
CUI’s account and services towards third party bodies.
CUI can manage its own accounts and give accounts to provide services to its clients (usually third party bodies) and private citizens. On its own account CUI can directly manage accounts to provide questionnaires and tests to private citizens, coaches, business employees, professionals, job seekers, juniors, college students, etc. This is for both scientific research and professional services.
Data and personal information collected by CUI are used for scientific research and optimization of the services provided.
- INFORMATION COLLECTED BY CUI AND BY THIRD PARTY BODIES
CUI has accounts to provide its own services (questionnaires and data collection forms) to citizens (direct beneficiaries). Through the services CUI also provides accounts to third party bodies that provide questionnaires and data collection forms to their own candidates, users, correspondents, and direct beneficiaries.
Who are third party bodies.
Third party bodies are the ones who have an account as part of CUI’s services (as said before, Originalskills,Integrityview) and uses that account to directly supply questionnaires and data collection forms and should introduce a further text for the processing of data. Third party bodies can appoint contributors who provide questionnaires and data collection forms. Passwords of these contributors are also encrypted.
Who are the candidates
Candidates/users/correspondents are those who fill out a questionnaire and the relative form managed by an Originalskills service in the field of activities, e.g. research and selection; evaluation; analysis of the training gap; school and university orientation, etc. Candidates provide data for specific purposes and the information and data given are minimized to provide the services. Additional information (including the CV to be attached) is at the discretion of the candidates.
Who are the direct beneficiaries of the services (private/professional/employees/students).
Direct beneficiaries of the services are those who accept to receive information, in the form of a report elaborated directly by algorithms specifically made, on their personal characteristics having filled out questionnaires or forms that are elaborated automatically by the system. The information and data provided are name and surname, sex and sometimes year of birth. Candidates, users, correspondents, direct beneficiaries are the "interested in the treatment".
Who are website visitors
Website visitors are those who visit one of CUI’s websites simply stimulated by curiosity or to receive information about the services offered.
- DATA COLLECTION AND INFORMATION
Data collected by services (Originalskills, Integrityview, websites) are introduced directly and voluntarily by the candidates and by the direct beneficiaries to receive the required services. For example, candidates filling out the Skill View questionnaire respond to 120 questions that international literature considers to be particularly indicated to describe people's characteristics. The candidates, therefore, are "self-evaluated” through a questionnaire verified same for everyone.
Data elaboration for scientific purposes
The elaboration of the "auto-evaluations" results is developed based on specific automated statistical methodologies. Finally, the statistical reading of the answers isn’t done at the level of an individual question, but through the associated questions by affinity of the investigated parameter. For example, level of initiative is studied by grouping all the questions that measure initiative and not based on the responses of each individual specific question. Data contribute to the definition of test statistical standards.
The data of the answers are collected and then they are used to improve tests statistical standards, as indicated by the specialized literature in the field of the psychometry. The sex variable is important and statistically founded for the correct supply of services. Other information (study title, years of experience) are collected for a better punctualization of the average characteristics of the profiles. In any case, the data used for the analyses carried out in the research site does not reach the person who has completed the questionnaire.
2.1.1. Necessary data to provide the services
Data provided by the user for the provision of services cannot be anonymous. The same data are those strictly necessary to provide the services (for example: name, surname, age, sex, e-mail.). Candidates/correspondents/users who do not wish to communicate their data explicitly waive to benefit from the services of CUI and of third party bodies. In this case they must deny the consent to the processing of the data.
2.1.2. Logging of navigation data
Data relating to:
- Flow of navigation are memorized.
For more information on the data collected by Google through the Analytics Services refer to the following address (Https://www.google.com/intl/it_ALL/analytics/learn/privacy.html).
2.1.3. E-mail marketing
E-mails sent by Originalskills or by the other operators through our services include information collection systems related to the opening of messages and hypertext connections inside. Such information as for example the number of users who have opened the messages are used for statistical purposes and to assess the interest of the recipients in relation to the object of the message sent.
For the sending of this type of communications, CUI is supported in external systems like Mailchimp. For further information on the privacy policies applied by this operator, refer to the following address (https://mailchimp.com/legal/privacy/)
- DATA CONSERVATION
It’s up to andidates or services beneficiaries indicate eventual inaccuracies in the personal data and curriculum to carry out their correction by third party bodies or CUI. CUI’s data base collects information and answers to questionnaires.
This database uses algorithms of its own to elaborate the answers given to questionnaires.
Answers to questionnaires or other forms provided by candidates/users/correspondents are used by CUI for scientific research and statistical purposes and this also in the interest of those subjects who benefit from the Services and the professional and scientific community that uses certified systems for the staff evaluation. Data are treated to ensure adequate treatment safety. Data retained for scientific research may not in any way be used for other purposes including commercial purposes. Obviously, the data cancelled by CUI in their own accounts or by third party bodies they are automatically cancelled also from the necessary database for scientific research. Data used before its cancellation anyway have been used for the statistical standards. They are part of the anonymous reference sample of the rules. (See 2.1)
- Data conservation by third party bodies
Data and information collected by third party bodies through their accounts are retained by them in view of their privacy policies, in terms of proportionality and need. CUI has on behalf of its own clients and direct beneficiaries and makes available to each third party body, functionalities to visualize the date of start of the treatment of the data, with the relative consent, updating of data and cancellation of the data that are no longer necessary for the purposes of treatment envisaged by the service.
- INFORMATION FROM THE ACCOUNTS OF THIRD PARTY ENTITIES AND PAYMENTS MANAGEMENT
Before you can use CUI’s services it is necessary that third party bodies apply for an account. With the registration of an account, third party body data and e-mail address provided voluntarily are collected.
2.3.1. Account Settings
With the account configuration, communication services (technical, service update, marketing) between the CUI and the account holder are accepted.
2.3.2. Payment Services
The use of some payment services and e-mail marketing will also determine the collection by CUI of some data: who makes a payment through online services, is invited to provide data for billing, as the name, surname, address, e-mail address. The other data requested by the operator charging the amounts for the supply of services (for example Pay Pal) are treated by the same operator charged with the charge. The one who provides a physical billing address (with e-mail, Certified e-mail) implicitly accepts that such address is considered the seat of the account holder (Third party body) or billing residence/address for beneficiaries.
2.4. ACCOUNT MANAGEMENT BY THIRD PARTY BODY
When third party body registers to the services, CUI requires public domain commercial information for billing and communication. CUI consents to third party bodies to manage in autonomy the data and information that have been provided by their candidates/users/correspondents and direct beneficiaries. CUI shall not use such data for its own purposes, nor will it send e-mails to direct candidates and beneficiaries, unless otherwise indications sent to CUI.
2.4.1. Data of research/forms/requests/questionnaires.
CUI provides automatic analysis tools (processing algorithms) for the benefit of third party body. The use of data and information collected in the account remain responsibility of third party body, in respect of the rules in force in the subject of privacy.
2.4.2. Autonomy of data disposal by third party bodies.
CUI services offer several options to third party bodies to remove data and information from your final candidates and beneficiaries.
2.4.3. Information shared by CUI and third party bodies .
CUI does not share the information and personal data of third party bodies and the final beneficiaries with external third party bodies. CUI services consent third party bodies to share information with other clients. CUI remains outside the relationships between third party bodies and their clients (public and private).
We remember that Originalskills and Integrityview allow third party bodies and their administrators to share data and information with other members of their work team. Administrators of the account provided (third party bodies with an account) will be responsible for giving the user name and password for the access of its members.
CUI can transmit to third party bodies and final beneficiaries information regarding services provided (Web address variations, system improvements, technical deepening, scientific information, etc.) also in relation to reports generated by the system and the portability of these reports by the final beneficiaries.
2.4.5. Certified partners
To provide services, CUI relies on certified partners (which are treated the same as third party bodies) also to facilitate the activity of advising companies, universities, schools, final beneficiaries, etc. Certified Partners attend courses to be a partner and their data are maintained by CUI in a searchable register at the CUI website. Partners shall accept in advance the publication of their data on CUI's websites (e.g. logos and names of the staff using the services).
2.4.6. Closing and canceling the account
Third party body that has acquired an account at CUI maintains it indefinitely up to his reversal, that shall be sent to the CUI also by email. After having received revocation by third party body, CUI eliminates the account.
The account holder is responsible for the data and can independently control, according to the privacy policies, time period of preservation of data provided by the candidates/users/correspondents and direct beneficiaries.
The account of third party body offers options to eliminate data at the account level (all data present in the account) and at the level of candidates/users/correspondents and of final beneficiaries.
The data provided to the CUI for scientific research activities and optimization of services are retained for these purposes exclusively anonymously.
- DATA MAINTAINING FOR SPECIAL PURPOSES
Data treated for the purposes indicated above and to provide the services deriving from contractual obligations, may be maintained for legal purposes or by provisions imparted by authorities legitimized for this purpose and by bodies of surveillance and control. Data from third party bodies and final beneficiaries can be maintained by CUI to:
-Respect any applicable laws, regulations, legal procedures or applications by governmental entities;
-Respect regulations applicable by authorities, as an eventual investigation of possible violations;
-Record, prevent or otherwise resolve problems related to fraud, security or technical nature;
-Safeguarding the rights, property or safety of our users, of the public or of Originalskills and/or as requested or consented by the law.
4. SAFETY AND RISKS
4.1. Application protection
Access to the account of third party body is consented to the person in charge only through the usage of credentials of authentication as user name or password.
Password at the beginning is provided by CUI and successively the user responsible for the account can modify it through the password modification function.
All passwords are encrypted using a non-reversible algorithm, so only the user account manager is aware of your password.
The person in charge of Originalskills account on behalf of third party body has the power to create secondary accounts, with access to reduced functionalities depending on the type of user, for which it has the power to set a password. This password can be changed by the user of the secondary account with the same modalities described above.
4.2. System protection
Originalskills platform resides in cloud servers based on Amazon services and managed by technical Webratio personnel, that periodically updates the servers and the technologies used in order to guarantee always the maximum security.
4.3. Access by Scientific Experts
CUI designates the authors of the tests and investigators specifically commissioned by CUI, as subjects authorized to access the data board to optimize calculations, benchmarks, norms and to update statistics by country, language and professional categories. For this purpose, only user name and password are given.
4.3.1. Scientific support to third party bodies
Authorized service personnel, by specific request of third party body, can make access to the account of third party body as administrator of the system, for purposes of support in the use of the service and in the results interpretation of test elaborations.
4.3.2. Technical support
Authorized Webratio technical personnel, by specific request of the third party body, can access the account of the third party body through an access procedure as system administrator, for purposes of technical support and identification of problems detected by third party body in the use of the system or software updates because of errors.
4.4 Modification or disappearance of data
Candidate/user/Correspondent's own data may contain errors (name/surname investment, erroneous date of birth, missed email, etc.) that third party body or CUI can correct by accessing the system, but this only after written communication in such sense by the interested party.
4.5. Action plan in case of criticality
In case of security criticality, such as theft of system data thanks to the fact of exploiting an unfamiliar vulnerability, the intervention plan provides for the following steps:
- Determination of the problem by Webratio technical team;
- Determination of problem criticality;
- Notification of everything that occurred to interested entities (authorities, third party bodies involved);
- Planning of necessary interventions for the problem resolution, also based on its criticality;
- Problem resolution compatible with planning;
- Issue of the update version that resolves the identified criticality;
- Communication of problem resolution to interested figures.
- SERVICES FOR PERSONS UNDER THE AGE OF 18
CUI Services can have as users/correspondents also persons under the age of eighteen. These people use questionnaires specifically designed for their age and for reasons of school orientation, work and to know better their own characteristics by means of tests studied and certified for such use. Originalskills consents to the schools and the final beneficiaries (students) to be able to benefit from the services of auto-evaluation for school, personal and professional orientation.
Third party bodies who are the owners of such services (especially schools, training bodies, etc.) are obliged to keep on their own account the data of minors for the exclusive purposes of supplying the self-assessment services. These bodies must directly monitor data acquired by them and will be responsible for the cancellation or maintenance according to the lawful purposes of its activities.
- RESPONSIBILITY FOR THE DATA PROCESSING
All data responses at individual level are controlled by third party body. CUI can have own accounts. CUI is responsible for the data of users/correspondents and beneficiaries directly collected.
CUI is not responsible for the data and information collected autonomously by third parties.
Candidates/users/correspondents and final beneficiaries (those interested) who benefit from CUI, third party bodies and CUI partners services have the right to:
- Be informed
- Limiting treatment
- Data portability
If they consider it necessary for the protection of their data and the information provided, the candidates/users/correspondents and final beneficiaries who have entered data in both the CUI accounts and of third party body must write to exercise their rights to: Info@originalskills.com
Furthermore, we remember that Originalskills allows to export the replies data from the system in several formats, then to make the relative backup or to use them with other applications always in the scope of the services.
- Data conservation of third party body
Candidates/users/correspondents and final beneficiaries should be directed to third party body to know for how long their answers and information will remain memorized in the services used by the same third party body.
Drafting date May 24, 2018
9. REQUEST FOR CONSENT TO INFORMATION
The undersigned declares to have read and understood that for the execution of the services the Centro Universitario Internazionale, a training, research and University cooperation organization recognized with Ministerial Decree 29/03/1996, based in Via Divisione Garibaldi, 23; 52100 Arezzo-IT-VAT. 0139941051, (CUI) has the need to treat the data with the modalities indicated in points 1 to 8 of the present information.
The undersigned is aware that in the absence of granting of the data and information required by personal registration form, questionnaires and other forms proposed in this application and in the related websites is not possible for CUI to provide the services indicated in this information clause.
The undersigned freely expresses consent in the manner indicated: