Paideia Institute Policy on Privacy & Data Protection



The Paideia Institute for Humanistic Study values your privacy and actively seeks to preserve the privacy rights of anyone who shares information with us. Your trust is important to us and we believe you have the right to know how information submitted through our website is handled. As an explanation of The Paideia Institute's online information policy and practices and to assist you in better protecting your privacy, we provide the following privacy notice.

Pursuant to the provisions of the EU Regulation 2016/679 (“Regulation on the protection of natural persons with regard to the processing of personal  data and on the free movement of such data”, hereinafter “the EU GDPR”), we hereby inform you that The Paideia Institute for Humanistic Study, Inc. (hereinafter referred to as “The Paideia Institute”) is the Data Controller of your personal data and, in such capacity, pursuant to Section 29 of the above Law, of the processing of your personal data and information, is required to provide you with the following information.

1. All personal data you have provided to The Paideia Institute, as well as any entity from whom personal data are collected,  and all the further data provided in order to allow the performance of all applicable legal obligations related to the contractual relationship with you will be handled by The Paideia Institute in accordance with its policies and  with the aforementioned law and EU GDPR, and with the principles of fairness, ethics, lawfulness, transparency, purpose limitation, accuracy, storage limitation, integrity and confidentiality and accountability, as well as the utmost protection of your privacy; sensitive data processing will only take place in relation to data  regarding your health condition or judicial data, if and whenever applicable. 

The EU GDPR Regulation aims to ensure that personal-data processing takes place in a manner that respects the fundamental rights and liberties of natural persons, especially the right to personal-data protection. “Data Processing” means any operation or set of operations, performed with or without the support of automated processes, and applied to personal data or to sets of personal data, including: collection, recording, organization, structuring, retention, adjustment or modification, excerpting, review, use, disclosure via submission, dissemination or any other means of making such data available, comparison or mining, limitation, erasure, or deletion.

2. All data shall be processed exclusively for Paideia Institute institutional and administrative purposes, connected or related to the activities carried out by The Paideia Institute, in connection with your contractual relationship with The Paideia Institute (location: Viale di Trastevere 203, 00153 Rome, Italy). 

Some personal data (first and last name, email address, telephone number, mailing address) are collected and filed by The Paideia Institute pursuant to previous communications, personal contacts, terminated/completed academic enrollments or contracts, registrations on our website, voluntary email correspondence, published or public-domain mailing lists and services. These shall be processed in accordance with your wishes. 

Moreover, The Paideia Institute may process sensitive and ID-related data, including: first and last name; Social Security Number; place and date of birth; home address; email address; phone number; passport number; IP address; image/likeness; credit-card number; digital ID; account name or nickname; educational background; school/university record, etc.

Personal data shall be accurate, complete, and tailored to the purposes for which they are collected and thereafter processed.

In  particular the personal data supplied or collected will be processed for the following purposes: 

a. To fulfill the obligations established by any applicable law, including the regulations or the European Union Law, with specific reference to labor, tax, custom, social security contributions requirements,  formalities, and the like. 

b. To execute the contractual obligations with reference to your contract with The Paideia Institute (including but not limited to: price/fee/compensation payments, your health and safety protection), any sensitive data will only be processed for the purpose of fulfilling any applicable obligations established by Italian law, by national regulations or other European Union laws. Sensitive data regarding judicial measures which may have been provided to Paideia Institute by public bodies will be processed only for the purposes of guaranteeing your safety and complying with any applicable mandatory provision of Italian or EU law.

c. To register the user to access content and applications on The Paideia Institute’s website.

d. To handle informational requests on The Paideia Institute, contact requests, donation requests, providing services.

e. To send marketing communication and correspondence regarding any upcoming fundraiser or development effort as well as other Paideia Institute activities/events, publications, informational or promotional communications, newsletters, surveys — both in print and via automated instruments (such as e-mail).

3. Submittal and processing of personal data is necessary in order to achieve the purposes above specified. 

4. Any refusal will make it impossible to carry out the necessary activities and the correct legal and  administrative management of all actions necessary to accomplish the contractual obligations of The Paideia Institute towards you, as well as the obligations imposed by law.

5. Data will be collected and processed automatically and/or manually in compliance with the provisions of Articles 11 and 31 of the Italian Personal Data Protection Code and by adopting the related minimum safety measures, securing strictly monitored access. Our processing of your personal information is carried out in conformity with subsections (a), (b), (c) and (f) of Art. 6, paragraph 1 of the EU GDPR Regulation and with Art. 9, paragraph 2 of the EU GDPR.

Data processing shall be completed manually and/or using automation, including with the support of electronic/online and automated instruments, in compliance with the security criteria set forth under Art. 32 of EU Regulation 2016/679, and Attachment B to the Privacy Act (Art. 33-36 of the Act), and shall be performed by duly appointed persons, in compliance with Art. 29 of EU Regulation 2016/679. Personal data shall be included in any Entries or Logs/Registers required by law for the aforementioned purposes.

6. Data processing will take place, according to the aforementioned criteria, only within those premises of The Paideia Institute which are exclusively dedicated to contracts and bookkeeping, for the purposes above specified, by persons officially appointed to this task. The personal data you have provided, with the exception of sensitive data, may be transferred overseas pursuant to the terms, conditions and limits specified by Title VII of the Italian Legislative Decree n. 196/2003. 

7. In particular, your data may be communicated, in compliance with the rules above indicated, to public or private subjects to whom they may be necessary in order to fulfill obligations set forth by national laws, regulations, and EU laws; sensitive data may be communicated to public bodies and authorities and to private subjects (such as other employees with specific duties for your contract with The Paideia Institute, external CPAs, labor consultancy/payroll and law firms, security supervisors,  etc.) only for the purposes of fulfilling obligations set forth by national laws, regulations, and EU laws. 

The following is a specific list of by category of persons who might have access to your personal data:

- Staff/associates of The Paideia Institute appointed as Data Processors;

- Persons engaged by The Paideia Institute to execute and manage the services provided, appointed as Data Supervisors/Processors;

- The Data Protection Officer (DPO).

Outside the foregoing cases, disclosure of personal data to third parties shall only take place with the data subject's express consent. Please note, furthermore, that personal data shall not be subject to dissemination, unless specifically authorized by statute and/or regulations, or with the data subject's express consent.

8. The Data Controller, under the law and with particular reference to the safety obligations related to the automatic processing of your data, is The Paideia Institute. 

9. All data will be processed by Paideia Institute in its capacity as Data Controller with the supervision of Dr. Marco Romani in his capacity as Data Protection Officer, available in compliance with art. 7 of Legislative Decree 196/2003, whom you can reach at the following contacts: 

- telephone: +39 065-833-0040; 

- email: [email protected].

10. You will be able to exercise any and all other rights foreseen by Art. 7 of Legislative Decree n. 196/2003  reproduced hereunder in its entirety: 

“1. The data subject has the right to obtain confirmation of the existence or not of personal data regarding  him or her, even if not yet recorded, and their communication in intelligible form. 

2. The data subject has the right to obtain indication: a) of the origin of the personal data; b) of the ends and methods of its processing; c) of the logics applied in the event of processing being carried out with the aid of electronic equipment; d) of the identification data of the controller, of those responsible and the appointed representative as per Art. 5, paragraph 2; e) of the organizations and categories of organizations to whom personal data can be communicated or who are likely to get to know them in their capacity as designated representatives, officers, or appointees.

3. The data subject has the right to obtain: a) the update, the rectification or, if he or she as interest to, the integration of the data; b) the cancellation, transformation in anonymous form or the blockage of any data processed unlawfully, including those whose storage is not necessary in relation to the aims for which the  data were collected or later processed; c) a statement that the operations indicated at letters a) and b), including their content, have been made known to those to whom the data have been communicated or released, except in the case of this being found to be impossible or requiring the use of means which are clearly disproportionate to the protected right.

4. the data subject has the right to completely or partially oppose: a) for legitimate reasons, the processing  of personal data regarding him/her even if relevant the aims of their collection; b) the processing of  personal data regarding him/her for the purpose of sending publicity material, direct sales or for carrying  out market research or commercial communications.” 

You may exercise your rights under Article 7 of the Privacy Act and under Articles 15-22 of the EU GDPR Regulation at any time, by contacting The Paideia Institute (via postal mail to Viale di Trastevere 203, 00153 Rome, Italy; or via e-mail to [email protected]). You have the right to:

A. Access your personal data; 

B. Obtain information on processing purposes, the categories of personal data, the recipients or categories of recipients to whom personal data are or shall be disclosed, and if possible the retention period for the same; 

C. Secure data correction. Secure data erasure, except for data contained in documents which must be kept by the university as part of its activity, and only in the case of a legitimate reason for requesting erasure;  

D. Secure processing limitation(s);  

E. Be alerted by the Data Controller in case of personal-data correction or cancellation; 

F. Data Portability: obtain your data from a data controller in a structured, machine-readable, commonly used format, and have them forwarded to another data controller without delay;  

G. Object to processing at any time, including for direct-marketing data processing;  

H. Object to decisions being predicated on data mining, including profiling, on any natural person. 

I. File a complaint with the Data Protection Authority, following the procedure and instructions posted to the Authority's official website:

You can read The EU GDPR Regulation 2016/679 at: 

11. Please be also informed that: 

a. Your personal data can be stored for up to ten years.

b. You can withdraw your consent, if granted below, at any time and even only orally, but this will not affect the lawfulness of processing your personal data based on your consent before withdrawal.

c. You have legal rights and remedies against any breach of your personal privacy according to articles from 77 to 84 of the EU GDPR. 

12. The Data Controller is The Paideia Institute for Humanistic Study, Inc., with offices at Viale di Trastevere 203, 00153 Rome, Italy. The Data Protection Officer (DPO) presently in office is Dr. Marco Romani (telephone: +39 065-833-0040; e-mail: [email protected]).

13. Retention period for data and other information

Pursuant to Art. 13, paragraph 2, subsection (a) of the EU GDPR, please be advised that, in compliance with the principles of lawfulness, purpose limitation, and data minimization set forth in Art. 5 of EU Regulation 2016/679, the retention period shall be for no longer than required to achieve the purposes for which they were collected and processed, in accordance with any time periods set by law. Such retention shall be without prejudice to any statutory five- or ten-year retention terms as may apply to a civil, accounting, or tax-related duties.

For the purposes appearing in point 2, subsection (e), the retention period shall be ten (10) years from the most recent consent. Pursuant to Art. 13, paragraph 1, subsection (f) of the EU GDPR, please be advised that data collected may be transferred to an EU member state, to a non-EU country (specifically, the United States of America), as well as to international organizations, insofar as permitted by Art. 44 et seq. of the EU GDPR.

14. Optional or mandatory nature of consent for the pursuit of certain purposes

In those cases illustrated above (i.e., required third-party disclosures) and pursuant to the Privacy Act and the EU GDPR, the Data Controller is under no duty to acquire explicit consent to process the relevant personal data. Such processing shall be for primary purposes under Art. 24 of the Privacy Code and Art. 6 of the EU GDPR. 

No explicit consent from the data subject shall be required, either because such processing is required to discharge a statutory, regulatory duty (in Italy or the EU), or because processing is necessary for contract performance and management, or to comply with a specific request submitted by the data subject, or, finally, because such processing is done for administrative and accounting purposes. Should the data subject not wish to submit such requested data (necessary for the reasons described above), it may be impossible to fulfill the requests. For contractual and other, distinct purposes, personal data processing may only be performed with the data subject's express consent.

15. Information collected on this website and how it is used

The website and the Paideia Institute's Learning Management System automatically collect general information that does not identify you personally. This includes the Internet Protocol (IP) address of the computer you are using; the web page from which you entered our website; browser used; date and time. To collect this data, we use the following services: Google Analytics; Plume Learning Analytics, Cloudflare; Sendgrid; Meta pixel; Twitter Tweet button and social widgets; Meta Events Manager; Shopify; 123Formbuilder; Direct registration. These services help us focus on the needs and interests of our visitors and learners, and improve the overall functionality of our web-based tools. No other information is collected through our official websites except when you deliberately send it to us (for example, by sending us an email or filling out an online form).

16. Security

At The Paideia Institute we are committed to ensuring the security of your information and have put in place the necessary physical, technical, and administrative safeguards to prevent unauthorized access to any information we collect. All information gathered on The Paideia Institute website is encrypted.

17. Third Party Sites

The website provides links to external sites as a convenience. Please note that The Paideia Institute is not responsible for the content or privacy policies of any external sites.

18. Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below:

The Paideia Institute for Humanistic Study, Inc.

Viale di Trastevere 203, 00153 Rome, Italy 

Email: [email protected]