Information on the processing of personal data
DAN Instructor

(General Data Protection Regulation – GDPR 2016/679)

This information note concerns natural persons and natural persons operating in the name and on behalf of legal persons in accordance with Art. 13 of GDPR 679/2016 – “European Regulation on the Protection of Personal Data”.

1. Contact details of the Controller

The Data Controller is DAN (Divers Alert Network) Europe, responsible for a legitimate and correct use of personal data, and that can be contacted for any information or request here:

Data Controller: DAN (Divers Alert Network) Europe
Legal headquarters: DAN Building, Level 1, Sir Ugo Mifsud Street Ta’ Xbiex, XBX 1431 Malta
Operations office: Contrada Padune 11, 64026 Roseto degli Abruzzi (TE)
Italian Fiscal Code: 91003700670

Contacts:

Telephone: +39 085 89 03 333
e-mail [email protected]
Certified e-mail: [email protected]


You are also entitled to contact the person responsible for Data Protection for any information or requests about your personal data, or to point out any disservice or problem you may have identified.

DAN (Divers Alert Network) Europe has appointed as Data Protection Officer Dr. Diletta Simonetti reachable at the following contacts:
 

Telephone: +39 347 1493431
e-mail: [email protected]

 

2. Purpose of the processing and legal basis

We inform you that the personal data that you provided and that was acquired by DAN (Divers Alert Network) Europe will be treated in compliance with guarantees for confidentiality and safety measures provided for by current regulations, also with the aid of electronic systems directly eand/or through third parties, for the purposes listed below with the current legal basis:

  PURPOSES DATA USED LEGAL BASIS
 1  Purposes strictly connected to the contract between DAN (Divers Alert Network) Europe and the DAN Instructor
  • Biographical and contact data

  • Payment data

  • Data about education

Contract  to which the data subject is a party
 2 Purposes connected to the fulfillment of tax liability and other legal obligations.
  • Biographical and contact data

  • Payment data

  • Data about education

Member State Regulation

Regulations relating to tax and accounting

 3 Purposes connected to the exercise of the rights of the Controller, such as, for example, the right of defense in legal proceedings.
  • Biographical and contact data

  • Payment data

  • Data about education

Legitimate interest
 4 Commercial, direct and indirect marketing, as well as market research for the purpose of transmission of communications and informative and promotional material
  • Biographical and contact data

  • Data that allow to identify consumption habits of data subjects

  • Data about education

Consent art.22, section 2, subsection c – EU Reg. 679/2016 - GDPR
 5 Surveys and client satisfaction questionnaires conducted
  • Biographical and contact data

  • Data that allow to identify consumption habits of data subjects

  • Data about education

Consent art.22, section 2, subsection c – EU Reg. 679/2016 - GDPR
 6 Profiling purposes for the analysis of consumer choice and preference, in order to send promotional and informative material
  • Biographical and contact data

  • Data that allow to identify consumption habits of data subjects

  • Data about education

Consent art.22, section 2, subsection c – EU Reg. 679/2016 - GDPR

 

 

3. Mandatory or voluntary nature of disclosure of personal data and consequences of the refusal to provide data

Providing data for purposes stated in item number 1, 2 and 3 is not optional but required for the contract's execution between the parties. Therefore, refusal to disclose such data may result in DAN (Divers Alert Network) Europe not being able to perform the contract with the DAN Instructor.

Providing data for purposes stated in points 4, 5 and 6 is optional and data may be transferred upon prior written consent; in the case consent is not given, in the absence of consent your data will not be treated for the purposes described in such items.

 

4. Retention period

The data processed for the purposes referred to in items 1, 2 and 3 will be retained for the period of time necessary in pursuit of the above-mentioned purposes and will not be retained any longer than the statutory retention period (currently 10 years from the termination of the contractual relation/appointment). In the event of pending proceedings, data will be processed until settlement.

Data acquired for the purposes referred to in item 4 (direct and indirect marketing, as well as market research purposes) and in item 5 (surveys and questionnaires for client satisfaction and statistical purposes) will be processed for as long as it is needed for the above-mentioned purposes and for a maximum period of 2 years from collection.

Data collected for the purposes referred to in item 6 (profiling) will be processed for as long as it is needed for the above-mentioned purposes and for a maximum period of 1 year from collection.

 

5. Recipients and transfer of data outside the EU

Your data can be communicated, in addition to the staff responsible for data processing, to the following subjects:

  1. private and public subjects for the fulfillment of administrative and legal practices in compliance with the provisions of EU Reg. 679/2016;
  2. institutional bodies, professional bodies and other public authorities;
  3. consultants and companies that aid the company with respect to IT services and infrastructures;
  4. professionals, service providers, and consultants that aid the company with respect to financial, business, legal, and medical services;
  5. banks and credit institutions;
  6. insurance undertakings and companies;
  7. health care providers, medical and paramedical staff;
  8. users of the DAN (Divers Alert Network) Europe platform and providers;
  9. other Instructors, trainers and external partners of the DAN (Divers Alert Network) Europe network.

Your data can be transferred outside the European Economic Area. In this case, DAN (Divers Alert Network) Europe ensures that your personal data are processed by the parties to whom data are transferred in accordance with the principles mentioned in Art. 45 of the GDPR 2016/679 concerning the existence of an adequacy decision by the European Commission or in the absence of those decisions, under appropriate safeguards pursuant to Art. 46 of the GDPR 2016/679 or in compliance with point (b) of the first subparagraph of Art. 49 - transfer necessary for the conclusion of a contract concluded between the data subject and DAN (Divers Alert Network) Europe. Further details and a copy of data can be obtained by contacting the Controller as specified in item 1.

Data will not be disclosed to anyone else or in any other way.

 

6. Subject's rights

As data subject you are entitled to the rights listed below, as well as the right to lodge a complaint with the Supervisory authority. You can exercise those rights by sending a request to the Controller as referred to in item 1.

GDPR regulatory ref. Subject’s rights
Art. 15 - Right of access You have the right to obtain from the Controller confirmation as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and to the information related to processing.
Art. 16 - Right to rectification You have the right to obtain from the Controller without undue delay the rectification of your personal data if they are inaccurate. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Art. 17 - Right to erasure (right to be forgotten) You have the right to obtain from the Controller the erasure of your personal data without undue delay and the Controller has the obligation to erase personal data without undue delay.
Art. 18 - Right to restriction of processing

You have the right to obtain from the Controller restriction of processing where one of the following applies:

a) the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data;

b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Art. 20 - Right to data portability You have the right to receive your personal data, which you have provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided. In exercising your right to data portability you have the right to have the personal data transmitted directly from one Controller to another, where technically feasible.
Art. 21 - Right to object You have the right to object, on grounds relating to you particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. If you have given consent for one or more specific purposes, you have the right to withdraw consent at any time.
Art. 22 - Right not to be subject to automated individual decision-making, including profiling You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern you or similarly significantly affects you.

 

 

7. Profiling

If you give consent to data processing for profiling purposes, data will be processed with data processing equipment that will create your commercial and behavioural profile using a crosscheck method. This processing method has, as expected consequences, for example, the transmission of highly profiled commercial communications, the transmission of informative material, the transmission of invitations to events that are considered to be of interest.

The data subject has, in any event, the right to obtain human intervention in the decisions on the part of the Controller, to express his or her point of view, to receive an explanation to the decision taken and to contest the decision.