Privacy Policy

Pursuant to Regulation EU 2016/679 ("GDPR") and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, Schola Mastro provides the following information on the processing of personal data. Note: The Italian version is the authoritative legal text.

Last updated: 29/04/2026

1. Data Controller

The Data Controller is:

Name: Schola Mastro
Registered address: Via Fieschi, 8, Genova
VAT no.: 01535750994
Email: info@schola-mastro.it

3. Types of data processed

3.1 Navigation data

The systems operating the website automatically collect certain personal data inherent in internet communication protocols: IP addresses, browser type, operating system, domain name, visited URLs, and request timestamps. This data is processed for security and anonymous statistical purposes only and is not linked to identified users.

3.2 Contact and pre-enrolment data

Via the contact form and WhatsApp communications, the following data is collected: full name, email address, phone number, region of residence, course of interest. This data is provided voluntarily by the user.

3.3 Course enrolment data

To formalise enrolment and issue the professional certificate, the following data is collected: codice fiscale (tax code), date and municipality of birth, full personal details, identity document copy. Required to comply with Law 174/2005, Law 1/1990 and Liguria regional regulations.

3.4 Assessment and training data

During the training programme, the following data is processed: exam results, grades, attendance percentage, placement hours. Required to certify programme completion and issue the professional qualification certificate.

3.5 Certificate register data

Data relating to issued certificates — holder name, course, date of issue, unique code — is registered in the public verification system. Maintaining this register is a statutory obligation under accredited vocational training regulations.

4. Legal basis and purposes of processing

Processing is based on the following legal grounds under Art. 6 GDPR:

Contact data (enquiries): pre-contractual measures at the data subject's request (Art. 6.1.b GDPR); consent (Art. 6.1.a GDPR) for commercial communications.
Enrolment and training data: performance of the training contract (Art. 6.1.b GDPR).
Assessment and certificate data: compliance with legal obligations (Art. 6.1.c GDPR) under Law 174/2005, Law 1/1990 and Liguria regional regulations.
Certificate register data: legitimate interests of the Controller (Art. 6.1.f GDPR) — public verifiability of certificates is essential to the legal recognition of the professional qualification.
Navigation data: legitimate interests of the Controller (Art. 6.1.f GDPR) for security and proper functioning of the website.

5. Processing methods

Personal data is processed using automated and manual tools, with appropriate technical and organisational measures to ensure security, integrity and confidentiality under Art. 32 GDPR. Access is limited to authorised personnel. Data is not disclosed to the public.

6. Retention periods

Data is retained for the following periods:

Navigation data (server logs): maximum 6 months from collection.
Contact data (leads not converted to enrolment): 24 months from last contact.
Enrolment and training data: 10 years from programme completion, in accordance with legal obligations for professional certificates.
Certificate register: retained indefinitely, to guarantee public verifiability of professional qualifications over time.

8. International transfers

Some technical suppliers may operate outside the European Economic Area. In these cases the transfer is protected by:

European Commission adequacy decision under Art. 45 GDPR, for recognised adequate countries.
Standard Contractual Clauses (SCC) under Art. 46 GDPR, for countries without an adequacy decision.

9. Data subject rights

Under Arts. 15-22 GDPR, you have the right to:

Access your personal data (Art. 15 GDPR)
Rectification of inaccurate or incomplete data (Art. 16 GDPR)
Erasure ('right to be forgotten') (Art. 17 GDPR), subject to limitations for legally retained data
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection to processing (Art. 21 GDPR)
Withdrawal of consent at any time, without affecting the lawfulness of prior processing (Art. 7.3 GDPR)

To exercise these rights, write to:

privacy@schola-mastro.it

10. Right to lodge a complaint

You have the right to lodge a complaint with the Garante per la Protezione dei Dati Personali if you believe that the processing of your personal data violates the GDPR or applicable national law.

Garante per la Protezione dei Dati Personali — www.garanteprivacy.it

11. Automated decision-making

Schola Mastro does not carry out automated decision-making or profiling of data subjects under Art. 22 GDPR.

12. Cookies

For details on cookies and tracking technologies used, and consent management, please refer to the Cookie Policy.

13. Changes to this policy

Schola Mastro reserves the right to modify this policy for regulatory compliance or as services evolve. The date of last update is shown at the top of this page.