APPOINTMENT AS A DATA PROCESSOR

This agreement forms an integral and substantial part of the Terms of Use of the Platform and is stipulated between the User and the company Lim-e S.R.L, with registered office in Piazza Garibaldi 12, Sustinente, Mantova, 46030, Italy, VAT number 02561220209. The terms used here in bold have the meaning assigned to them in the relevant Terms of Use of the Application, unless otherwise defined in this document.

Given that:

  • Lim-e provides users with a digital platform that allows the creation of a virtual learning environment for the exchange and sharing of information and User Content;

  • The User, with reference to the data and information of third parties treated by him and placed on the Platform, is required to adequately inform the persons involved in the registrations and obtain their explicit consent to the processing by providing adequate information pursuant to art. 13 of the European Regulation n. 679/2016;

  • the User is placed, with respect to such data, as independent Data Controller, assuming all the obligations and responsibilities related to it by limiting Lim-e from any objection, claim or other that should come from third parties in reference to such hypotheses treatment.

  • Considering that the execution of the Contract and the Services implies the need to process, in the name and on behalf of the Data Controller, personal data subject to the application of EU Regulation 2016/679;

In consideration of the above, pursuant to art. 28, EU Reg. 2016/679 of 27 April 2016, “General Regulation on Data Protection” (defined in the following “Rules” or “GDPR“), with the hereby the User (in the present appointment deed also called “Holder“) appoints the Company responsible for the processing (in the present appointment deed also called “Responsible“) for guarantee compliance with the provisions of the GDPR in relation to all the processing performed by the Data Controller on behalf of the Data Controller in connection with the provision of the Services.

The present appointment as Data Processor will have a duration equal to the Contract to which it refers and must be considered revoked by right, at the expiry of the same, including any renewals – even tacit – or in any case, the termination, for any reason, of the contractual relationship, with effect from the date of such termination.

The Services provided by the Manager, compatibly with the technical specifications of the same, allow the Owner to process the data according to timelines and procedures that it has set and independently managed, subject to the applicable provisions of law. The scope of the appointment is related solely to the processing of personal data entered and/or transmitted independently by the Data Controller through the Service and within the same, and in any case in compliance with the purposes for its correct delivery by the Manager, as provided from the applicable legislation.

It is understood that, pursuant to and in accordance with Legislative Decree 70/2003, the Company, in the provision of the Services, is not responsible for the information stored at the request of the Data Controller and processed on its behalf, nor is it subject to a general obligation surveillance of the information it transmits or stores, or to a general obligation to actively seek facts or circumstances that indicate the presence of illegal activities.

DATA PROPERTY AND CONTROL

All third-party data entered into the Platform, in particular relating to students and teachers including all copies of such data or any other document or material recorded during the lessons and transmitted to the Supplier are and remain under the control of the Owner who provided such data.

COMMITMENTS OF THE PERSON RESPONSIBLE FOR TREATMENT

By virtue of this document, the Data Processor undertakes to:

    1. to carry out the processing only within the limits necessary for the execution of the Services, for the uses established in the Contract and as otherwise permitted by the Regulations, including, without limitation, to facilitate student learning. The foregoing limitation does not apply to anonymous personal data.

    2. to follow the instructions from time to time given in writing by the Data Controller, unless the Manager is required to act differently in accordance with legal obligations (as provided for in Article 29 of the GDPR).

    3. to assist the Data Controller with appropriate technical and organizational measures, to the extent that this is possible, in order to satisfy the Owner’s obligation to comply with the requests for the exercise of the rights of the data subject referred to in Chapter III of the GDPR , including:

      • right of access and information;

      • right of rectification;

      • right to cancellation (“Right to be forgotten”);

      • right to transfer;

      • right to limit the processing;

      • right to portability;

      • right of opposition.

    4. to assist the Data Controller in ensuring compliance with the obligations set out in Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to the Data Processor.

    5. upon the Data Controller’s choice, cancel or return all personal data after the provision of the Services related to the processing has ended, canceling any existing copies.

    6. make available to the Data Controller all the information necessary to demonstrate compliance with the obligations indicated in letters A) to E) and allow the auditing activities, including any inspections, carried out by the Data Controller or by another person appointed by the person in charge.

    7. immediately inform the Data Controller if, in his opinion, an instruction violates the GDPR or other provisions, national or Union, related to data protection.

    8. The Data Controller authorizes from now on the Manager to resort to other managers, who will be required, through a contract or another legal act, the same obligations in terms of data protection or in any case obligations not lower than those provided for in this act, providing in particular, sufficient guarantees to put in place suitable technical and organizational measures so that the treatment meets the requirements of the Regulation. In particular, the Manager will use the following other managers:

      • DigitalOcean, LLC hosting service provider;

The Data Controller will inform the Data Controller of any planned changes concerning the addition or replacement of other data controllers, thus giving the Data Controller the opportunity to object to such changes. In case of non-opposition within 30 days from receipt of a specific communication from the Manager, the modification or replacement will be considered accepted.

    1. adopt security measures appropriate to the risk level of the treatment referred to in articles 32 and following of EU Reg. 2016/679;

    2. inform the Owner without any undue delay of any personal data breach suffered in relation to the processing of data carried out on his behalf;

    3. immediately report and lend to the Owner all necessary assistance in case of request for access to personal data by an interested party or a control body, a regulatory or judicial authority;

    4. comply with an obligation of confidentiality with respect to the data received and ensure that the persons authorized to process personal data have committed to confidentiality or are otherwise required by law to comply with a confidentiality obligation;

    5. transferring personal data to countries outside the EU or to the European Economic Area only with the authorization of the Data Controller; the Data Controller authorizes the transfer to third countries that guarantee an adequate level of protection on the basis of an adequacy decision of the European Commission.

    6. The Data Controller is aware of the duties due to it pursuant to the provisions of article 12 of the GDPR and therefore confirms that it has provided to the interested parties the information and communications referred to in Articles 13, 14 and 15 to 22 and Article 34 of the GDPR in a concise, transparent, intelligible and easily accessible form, with a simple and clear language. The Data Controller also guarantees compliance with the conditions of lawfulness of the processing referred to in Article 6 of the GDPR including having obtained all the consents necessary for the execution of the treatment entrusted to the Manager or in any case having an appropriate legal basis.

      ATTACHED 1

      The data processed by the Data Controller on behalf of the Data Controller may include any data and information collected by the Supplier or provided by the User (students, parents / parental authority, professors) included, but not limited to images, voice recordings, documents, exercises , ratings, photos, voice recordings, documents.

      Among the security measures that the Manager has prepared:

      • Sending a report. The user can report a content at any time and Lim-e will remove it if it is actually harmful.

Close Menu