PRIVACY POLICY
NOTICE REGARDING THE PROCESSING OF PERSONAL DATA THROUGH THE BROCHURE DOWNLOAD, INFORMATION REQUEST, AND COURSE REGISTRATION FORMS (pursuant to Article 13 of Regulation (EU) 2016/679 – “GDPR”)
This policy describes how we process the personal data of users (the“Users”) of the BigRock S.r.l. website (www.bigrock.it, the“Site”) who interact with the forms for downloading brochures, requesting information, and enrolling in courses (the“Forms”).
1. DATA CONTROLLER AND DATA PROTECTION OFFICER
1.1 - Data Controller
The Data Controller is BigRock S.r.l., with registered office at Via Sile 41, 31056 Roncade (TV), Tax ID/VAT No. 03483440230 (hereinafter“BigRock”or the“Data Controller”).
1.2 - Data Protection Officer (DPO)
As of today, the Data Controller has not appointed a Data Protection Officer (DPO).
For any inquiries regarding the processing of personal data, you may contact the Data Controller at the following email address: privacy@bigrock.it
2. CATEGORIES OF PERSONAL DATA PROCESSED
2.1 - Data voluntarily provided by the user
- The Data Controller processes personal data provided directly by Users via forms managed through the Zoho Forms and Zoho CRM platforms. Such data includes, but is not limited to: first and last name, email address, phone number, information regarding educational interests, as well as any additional data entered in the free-text fields of the forms or provided during counseling sessions, including via WhatsApp or chatbots.
2.2 - Data of Minors
If a minor enrolls in a course, the Data Controller may also process the personal data of the parents or legal guardians, as requested during the registration process.
The processing is carried out in accordance with Article 8 of the GDPR and applicable national legislation.
2.3 - Browsing Data and Tracking Tools
The Website’s IT systems automatically collect certain personal data, such as IP addresses and information about the browser and device used. The Site also uses cookies and tracking tools, including Meta Pixel, TikTok Pixel, Google Ads Tag, and Amazon advertising tools, for statistical, performance analysis, and marketing purposes. Such processing takes place exclusively upon the User’s express consent via the cookie banner, as indicated in the Cookie Policy available on the Site.
3. PURPOSE OF PROCESSING, LEGAL BASIS, AND RETENTION
3.1 - Response to Requests and Guidance Activities
Personal data is processed for the following purposes:
– respond to user requests
– send the requested brochure
– provide information about courses
– provide guidance (including by phone or messaging)
Legal basis: implementation of pre-contractual measures (Art. 6, para. 1, letter b GDPR)
Retention period: up to 24 months from collection
3.2 - Course Registration Management
The data is processed for the purpose of managing registrations.
Legal basis: pre-contractual measures (Art. 6(1)(b) GDPR)
Retention: up to 12 months in the event of non-registration
3.3 - Educational Activities and the Use of Digital Platforms
In connection with the delivery of courses, whether online or in person, BigRock S.r.l. may use digital platforms to manage educational activities, including, for example, Google Classroom or similar tools, for sharing materials, communications, exercises, and educational content.
Classes may be recorded for educational and documentation purposes and to allow students to access content asynchronously. Recordings may include images, audio, and student participation.
Such content is accessible exclusively to enrolled and authorized users.
Legal basis: performance of the contract or pre-contractual measures (Art. 6(1)(b) GDPR) and the Data Controller’s legitimate interest in organizing and improving the educational offering (Art. 6(1)(f) GDPR).
Retention: for the duration of the course and, where necessary, for a subsequent limited period proportionate to the educational purposes.
3.4 - Direct Marketing
With your consent, your data may be used to send promotional communications regarding BigRock srl’s courses, events, and initiatives via email, phone, or text message.
Legal basis: consent (Art. 6, para. 1, letter a of the GDPR)
Retention: until consent is revoked and in any case no longer than 24 months
3.5 - Profiling and Personalization
With your consent, your data may be used to analyze your preferences and interests in order to send you personalized communications.
Legal basis: consent (Art. 6(1)(a) of the GDPR)
Retention: until consent is withdrawn and in any case no longer than 12 months
3.6 - Soft spam
The Data Controller may send communications regarding services similar to those already requested or purchased, in accordance with Article 130, paragraph 4, of the Privacy Code.
Legal basis: legitimate interest (Article 6(1)(f) of the GDPR)
The User may object at any time.
3.7 - Website Security and Operation
Browsing data is processed to ensure the security and proper functioning of the Website.
Legal basis: legitimate interest
Retention: for the time strictly necessary
3.8 - Legal Obligations and Protection of Rights
Data may be processed for the following purposes:
– comply with legal obligations
– protect the rights of the Data Controller
Legal basis: legal obligation or legitimate interest
Retention: in accordance with legal requirements
The provision of data for pre-contractual purposes is required; otherwise, we will not be able to provide the requested services.
4. METHODS OF PROCESSING AND RECIPIENTS
4.1 - Methods of processing
Data processing is carried out using manual and computerized tools in accordance with the principles of lawfulness, fairness, transparency, and security.
4.2 - Recipients of the data
The data may be processed by authorized personnel of BigRock srl and by third parties that provide services essential to the Data Controller’s activities, appointed as Data Processors pursuant to Article 28 of the GDPR, including, but not limited to: Zoho (form and CRM management), Woztell (WhatsApp integration), and telephone guidance and recall services.
4.3 - Automated decision-making processes
The Data Controller does not use fully automated decision-making processes that have legal effects on the Data Subject.
5. TRANSFER OF DATA OUTSIDE THE EU
Certain processing activities carried out by technology providers may involve the transfer of personal data outside the European Economic Area. Such transfers are conducted in accordance with Articles 44 et seq. of the GDPR, based on adequacy decisions by the European Commission, through the use of Standard Contractual Clauses, or, where applicable, in accordance with the EU-U.S. Data Privacy Framework.
6. RIGHTS OF DATA SUBJECTS
6.1 - Rights that may be exercised
Users may exercise at any time the rights provided for in Articles 15–22 of the GDPR, including the right of access, rectification, erasure, restriction of processing, and objection to processing—in particular for marketing or profiling purposes—as well as the right to data portability.
6.2 - Operating Procedures
Requests can be sent to privacy@bigrock.it
This is without prejudice to the right to file a complaint with the Italian Data Protection Authority.
7. SPECIFIC PROVISIONS
7.1 - Messaging
For communications via platforms such as WhatsApp, you can withdraw your consent at any time (e.g., by sending “STOP”).
7.2 - Links to third-party websites
This policy does not apply to third-party websites accessible via links on the Site.
