This privacy notice is provided by H-International School S.r.l., with its registered office at Via Olivetti 1, 31056 – Roncade (TV), Tax Code and VAT Number 03888620261 (hereinafter “H-IS”), to describe the processing of personal data of visitors and users (collectively, “Users”) of the website https://courses.h-farm.com (the “Website”) owned by H-IS, as well as - in case of enrolment in the services offered by H-IS - the processing of personal data through the App Summer Academy (hereinafter “App”). The information contained in this document is provided in compliance with EU Regulation 2016/679 – GDPR, Legislative Decree 196/2003 as amended, and the measures issued by the competent Authorities regarding the personal data protection. 

H-IS may modify this privacy notice to adapt it to future expansions or future changes of the Site, the App, and/or the services offered. In the event of substantial modifications, H-IS will publish a notice on the Site and/or will send a notification by e-mail to notify the variations and to collect possible request to exercise the rights recognised by the legislation on the protection of personal data.

1.     DATA CONTROLLER

The controller of the personal data of Users collected through the Website is H-IS. The controller can be contacted at the following addresses: summeracademy@h-farmschool.com or at the H-IS registered office at Via Olivetti 1, Roncade - 31056 (TV).

2.     DATA COLLECTED AND PURPOSE OF PROCESSING

2.1 Browsing data

Each time the Site is accessed, the systems automatically record and analyse the access data (e.g. IP address of the provider, information on the used browser, pages visited, date, time, and duration of each visit). The information is automatically collected by the Site and does not require any action by the User.

Cookies

The Website uses cookies and similar tracking technologies to collect and store data relating to users’ access to, use of, and interaction with the Website.

For further information regarding the use of cookies, please refer to the extended Cookie Policy available on the Website.

2.2 Data communicated by Users

By filling in the "Contact us" forms on the Site, or by sending a request to H-IS through the contact information indicated on the Site, Users communicate to H-IS some personal data such as, for example: name, surname, e-mail address, phone number (optional), country of origin (optional), age and any other information voluntarily inserted by the User in the message box.

Data that are absolutely necessary in order to perform the activities requested from time to time are marked with an asterisk.

Users are requested not to communicate personal data of third parties to H-IS, unless it is necessary (for example, in the event that the User is a parent requesting more information on H-FARM Summer Academy in the interest of their minor child): in this case, we remind you that it is the User's responsibility to fulfil the legal requirements concerning the protection of personal data and, in particular, to inform third parties of the communication and to obtain their consent, if necessary. 

2.3 Data required for the purchase of H-FARM Summer Academy courses

The Site, in the event of the purchase of a course, school and/or workshop as part of the Summer Academy as well as in the case of transmission of specific requests from Users, requires the latter to communicate specific personal data of the purchaser, such as: 

(a)  first name, surname, e-mail, phone number, residential address, date of birth, social security number, ID document of the User making the purchase (the "Billing Data");

(b)    first name, surname, gender, age (or age bracket), date of birth, ID document and National Health Service card of the H-Farm Summer Academy participant, (the "Participant Data");

(c)    in addition, H-IS, where necessary, also requests the disclosure of data relating to the health of the course/school/lab participant, and, in particular, information regarding dietary and/or medical needs and/or the existence of certified educational needs (e.g. dyslexia) or other information useful/needed to make the participant’s stay as pleasant as possible (the "Sensitive Data").

2.4 Data Required for the Safety of Participants and Facilities

Images recorded by the video surveillance system located in the external perimeter areas and at each School building of the Venice Campus (the ‘Images’). The areas under video surveillance are indicated by specific signs visible before entering the area concerned. For more information on the characteristics of the processing carried out through video surveillance systems, please refer to the extended information notice on video surveillance, available in Annex 1. 

Data, if marked with an asterisk, are necessary in order to finalise the User's request for enrolment in the H-Farm Summer Academy. 

We recommend that Users only communicate Data that are up-to-date, relevant, and not exceeding the specific processing’s purposes.

Any unnecessary Data will be immediately deleted or anonymised.

The browsing data (par. 2.1), the data provided by Users (par. 2.2), and the data required for the purchase of the H-Farm Summer Academy courses/schools/labs (par. 2.3) are collectively referred to below as “Data.”

3.     PURPOSE OF PROCESSING AND RECIPIENTS OF DATA

The Data will be processed by H-IS, in strict compliance with applicable legislation and the guidance of the Data Protection Authority, for the following purposes.

 3.1 Navigation data 

Navigation data will be used:

(i)   in order to monitor the proper functioning of the Site;

(ii)  in an anonymous and aggregate form, for statistical purposes related to understanding how Users use the Site, to improve the ease of access and increase its attractiveness,

(iii) as well as to detect technical problems as soon as possible.

Such processing has its legal basis in the legitimate interest of H-IS in improving its digital services, especially in relation to the use of the Site.

3.2 Responding to contact requests

The Data provided by sending a request to H-IS by filling in the appropriate form in the "Contact Us" section of the Site will be processed to respond to requests for information on H-Farm Summer Academy courses/schools/labs transmitted by the User and, if necessary, to provide assistance to H-IS Users.

These data, if marked with an asterisk, are necessary in order to follow up and answer requests from Users.

The processing, therefore, finds its legal basis in the need to implement pre-contractual measures at the request of the data subject.

3.3 Purchase and attendance of H-Farm Summer Academy courses

The Billing Data collected during the checkout on the selected payment gateway (see par. 4, letter A of the Terms and Conditions of Use of the H-IS service) will be processed to complete the purchase of the H-Farm Summer Academy course/school/lab and to enable the payment of the fees required from the User.

For each provider, please refer to the Terms and Conditions of Use of the respective platform and the information regarding the processing of personal data by each provider.

The Participant Data collected through the completion of the required fields during the purchase of courses/schools/labs on the Website will be processed upon acceptance of the Terms and Conditions of Use of the H-IS service and the Summer Academy 2026 Code of Conduct. Additional information necessary to enable the best use of the service by the participant will be collected afterwards to finalize the enrolment and contracting phase through Zoho Form.

The provision of such data is necessary to complete the purchase of H-Farm Summer Academy courses, therefore, in the event of refusal or failure to provide the requested data, H-IS will be unable to process the User’s requests and provide the requested service.

This processing has its legal basis in the need to execute a contract to which the data subject is a party (the contract signed between H-IS and the User with the acceptance of the Terms and Conditions relating to participation in the course), pre-contractual measures taken at the request of the data subject and in compliance with legal obligations.

The Sensitive Data collected through the registration form is processed solely to enable the participant to attend the H-Farm Summer Academy effectively and to allow H-IS to provide appropriate learning support as well as any related services (e.g., canteen) while ensuring the participant’s health is respected, based on the specific needs reported.

 The Sensitive Data, along with the Purchase Data and Participant Data, will then be stored on the Zoho infrastructure and it includes all the companies listed herein (“Zoho”). The storage and management of Data will be carried out trough the services provided by Zoho, subject to acceptance of Zoho’s privacy policy, as this system is used by H-IS for the administrative and organizational management of the experience. The Data will be processed and stored to allow H-IS to manage the H-FARM Summer Academy participant’s dietary, medical, and educational needs during the H-FARM Summer Academy course.

For information regarding the use of cookies and the processing of personal data through the App, please refer to the App’s privacy policy (Zoho’s privacy policy).

 The processing of Sensitive Data through Zoho is based on the need to protect a vital interest of the participant, as well as on the explicit consent provided by the adult participant or, in the case of a minor participant, by the person exercising parental responsibility, at the time of completing the registration and purchase form for the H-FARM Summer Academy course/school/lab at H-IS.

Subsequently, the User will be able to download the Summer Academy app via the App Store or Play Store.
The App, developed and managed by the company Toddle, will allow the User/Consumer – on an optional basis – to have organizational information at hand, access staff contact details, and receive photos, projects, and final certificates related to the experience. All information regarding the processing of personal data via the App is contained in Toddle’s privacy policy, which the User/Consumer may review upon first access to the App, with the option of providing consent – either immediately or at a later stage – to the processing of optional data, including, where applicable, data belonging to the special categories referred to in Article 9 of Regulation (EU) 679/2016.

For further information regarding the use of cookies and the processing of personal data through the App, Users are invited to consult the privacy policy made available by Toddle.

3.4 Receipt of newsletters

The Data provided in order to subscribe to the H-IS newsletter, by filling in the appropriate form in the "Subscribe to our newsletter" section will be processed, subject to the User’s consent, to allow the User to benefit from the newsletter service and, therefore, to send the newsletter with commercial and promotional contents (which will be transmitted by e-mail) concerning the activity of H-IS and its most important news, courses/schools/labs offered by  the latter, as well as fairs and events in which H-IS will participate.

Data communication occurs on a voluntary basis: any refusal will result in the impossibility for H-IS to send the newsletter to the User but will not affect the navigation on the Site and/or the purchase of courses/school/lab. The processing of Data for sending newsletters with commercial content has its legal basis in the consent of the interested party (User).

Users may revoke their consent at any time and cancel their subscription to the newsletter service by following the procedure indicated in each newsletter or by sending a specific communication to H-IS, at the address indicated in article 6 below, expressing their intention to unsubscribe from the newsletter service and to cancel the Data held by H-IS.

3.5 Ensure the safety of participants and company premises

4.     DISCLOSURE AND RECIPIENTS OF DATA

The Data may be accessed and disclosed, for specific purposes, to the following categories of subjects:

1. employees and/or collaborators specifically designated as authorized personnel for data processing (e.g., administrative, accounting, and IT staff);
2. educators and other collaborators working for H-IS who are directly involved in the organization and management of the courses/schools/labs to provide appropriate support to participants, respecting their educational and personal needs;
3. subsidiaries and affiliated companies of H IS;
4. Data may also be disclosed to the same group to which the School belongs for internal administrative purposes. Processing will be based on the Data Controller's legitimate interest, having also assessed the reasonable expectations of the data subjects;
5. for newsletter distribution;
6. to enable access to and use of the features of the H-IS App by the company Toddle (only for students enrolled in activities held at the Venice Campus), acting as the App provider and data processor pursuant to Article 28 of the GDPR, as well as by Toddle’s employees and collaborators who are duly instructed to process personal data in compliance with the applicable regulations.
7. for administrative purposes, the collection of data through forms, and the storage of Sensitive Data, by the company Zoho Corporation B.V., headquartered at Beneluxlaan 4B, 3527 HT UTRECHT, The Netherlands, which includes all the companies listed here (“Zoho Group”). Zoho operates as a data processor under Article 28 GDPR, with its employees and collaborators appropriately trained to process personal data in compliance with applicable regulations;
8. regarding Sensitive Data, public and private entities involved in organizational and management activities and/or providers of ancillary services necessary to meet the specific needs of participants (e.g., dietary requirements).
9. To H-International School Vicenza S.r.l., with its registered office at Borgo Santa Lucia 51, 36100 Vicenza (VI), Tax Code/VAT No. 02797260243, and to H-International School Rosà S.r.l., with its registered office at Via Segafredo F. 50, 36027 Rosà (VI), Tax Code/VAT No. 02351400243, with regard to the personal and sensitive data of participants enrolled in activities taking place respectively at the Vicenza Campus and at the Rosà Campus. H-International School Vicenza S.r.l., with its registered office at Borgo Santa Lucia 51, 36100 Vicenza (VI), Tax Code/VAT No. 02797260243, and H-International School Rosà S.r.l., with its registered office at Via Segafredo F. 50, 36027 Rosà (VI), Tax Code/VAT No. 02351400243, act as data processors pursuant to Article 28 of the GDPR, together with their duly instructed employees and collaborators. All information relating to the processing of personal data is contained in the privacy policies of H-International School Vicenza and H-International School Rosà.

These subjects – except for the persons referred to in subparagraph A who act, on behalf of the owner, as data processors – will process the Data either as independent data controllers, or as data processors; In the latter case, these subjects will act by virtue of specific written assignment given to them by H-IS.

The complete list of Data recipients is kept at the H-IS headquarters and is available upon request, which can be submitted to the contacts provided in Section 7 below.

5.     PLACE OF PROCESSING AND TRANSFER OF DATA ABROAD

The processing of personal data shall be carried out at the premises of H IS, and such data shall be stored on servers and/or in archives located within or outside the European Union. 

Any transfer of personal data outside the European Union shall take place solely to countries ensuring a level of protection of personal data essentially equivalent to that guaranteed under European Union law or, in any event, subject to the implementation of appropriate safeguards pursuant to Article 46 of GDPR, aimed at ensuring a level of data protection essentially equivalent to that afforded within the European Union.

6.     DATA PROCESSING METHODS AND RETENTION PERIODS

The Data will be processed using manual and electronic tools, in compliance with the technical, IT, and organizational security measures adopted by H-IS.

Browsing Data will not persist for more than 7 (seven) days and will be deleted immediately after their aggregation (except in cases where judicial authorities require data for crime investigation purposes).

Billing Data will be stored on Zoho and processed for the period necessary to comply with tax, accounting, and regulatory obligations related to the sale of H-Farm Summer Academy courses/schools/labs, which is 10 years from the date of collection by H-IS.

Participant Data and Sensitive Data will be stored on Zoho and processed for the duration of the H-Farm Summer Academy course/school/lab and for 24 months following the conclusion of the educational/training activities for archival purposes. The account will be deactivated if no access is made for a period exceeding 36 months from the date of the last purchase.

Data collected to respond to User requests and for newsletter distribution will be stored and processed for up to 24 months from the receipt of the last contact request and, in the case the User has consented to receive the newsletter, from the provision of such consent.

7.     USER RIGHTS AND CONTACT DETAILS

The User may, at any time and to the limits to which the rights are applicable:

1.     obtain access to their personal data;

2.     request the rectification, deletion or restriction of the processing of personal data;

3.     where applicable, receive in a structured, commonly used and machine-readable format the personal data concerning him/her that he/she has provided to H-IS, as well as request that such data be transmitted to another data controller (right to data portability);

4.     where applicable, withdraw consent, at any time and without prejudice to the lawfulness of the processing based on the consent previously given;

5.     file a complaint with the Data Protection Authority, or appeal to the competent judicial authority. 

Requests to exercise the above rights should be sent to one of the following addresses: 

●      via e-mail, to: summeracademy@h-farmschool.com;

●      via registered letter with return receipt, to H-International School S.r.l., 31056 - Roncade (TV), Via Olivetti 1.

Requests concerning the recipients of the Data, as well as requests for clarification of this information notice, may also be addressed to the same addresses.

8.     LINKS TO OTHER WEBSITES

This information on the processing of personal data is provided exclusively in relation to the Data collected through the Site and with reference to the purposes identified in point 3, and not also for any other websites consulted and/or consultable through links and/or widgets (e.g. social networks): these additional websites will process the Data as autonomous controllers and in accordance with their respective disclosures, the consultation of which by Users is expressly recommended.

ANNEX 1
TO THE PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA

H-Farm S.p.A., with registered office in Via Sile 41, Roncade (TV), 31056, tax code and VAT number 03944860265, H-Farm Education S.r.l., with registered office in Via Sile 41, Roncade (TV), 31056, Tax Code and VAT No. 04594110266, and H-International School S.r.l., with registered office in Via Adriano Olivetti 1, Roncade (TV), 31056, tax code and VAT number 03888620261, hereinafter collectively referred to as the ‘Joint Controllers’ or the ‘Companies’, and each “Party” or ‘Joint Controller’, jointly manage the video surveillance system at the Central Campus in Roncade located in Roncade (TV), at Via Sile 4, 6, 41 and 51, Via Piovega 23, and Via Adriano Olivetti 1 (the ‘Campus’).

In this regard, pursuant to Article 26 of the GDPR, the Joint Controllers have regulated – in a transparent manner, through a joint controller agreement (the ‘Agreement’) – their respective responsibilities regarding compliance with the obligations arising from the GDPR, with particular regard to the exercise of the rights of the data subject and their respective functions of communicating the information referred to in Articles 13 and 14 of the GDPR. The essential content of the Agreement is available at the bottom of this policy.

The CCTV cameras are located around the perimeter, at the entrance and in some internal areas of the Campus buildings (located as shown on the map at the following link: https://drive.google.com/drive/u/0/folders/1QicrEuNAPqJHohmipvx5bBgU6qsrNJbR): They operate 24 hours a day and can therefore record anyone who enters the perimeter of the building area, reception areas, entrances and exits (including emergency exits), as well as certain specific internal areas (e.g. the corridor where some lockers are located). The images may include employees, managers, students – including minors – of the Joint Controllers, as well as visitors passing within the range of the cameras.
The system is installed to capture only images that are essential for security purposes, and the cameras are directed towards areas considered most at risk of theft and/or damage or where such incidents have already occurred in the past (limiting the angle of the shots and avoiding detailed images as far as possible).
The cameras, all of which are visible, are indicated by special signs, drawn up in accordance with the provisions of the “Provision on video surveillance” adopted by the Data Protection Authority on 8 April 2010 and the European Data Protection Board's Guidelines 3/2019 on the processing of personal data through video devices adopted on 29 January 2020, and are positioned in such a way as to limit the viewing angle to the area actually to be protected.

1. Joint controllers
For the purposes of this Policy, the joint controllers are the companies that manage the video surveillance system on campus, as defined above.
Data Protection Officer
The Data Protection Officer (DPO) appointed by the joint controllers is LCA Servizi S.r.l. and can be contacted at the following addresses:
- Via della Moscova, 18, 20121, Milan;
- e-mail: dpo@h-farm.com; or
- at the certified e-mail address: lcaservizi@pec.lcaservizi.it.

2. Data processed
The Joint Controllers process personal data – such as images collected through the video surveillance system of those who access the Joint Controllers' premises located on the Campus – including those who accidentally pass within the range of the cameras, in strict compliance with the applicable legislation on the protection of personal data, as well as the instructions and measures of the Data Protection Authority. Such personal data are jointly defined as the ‘Data’.

3. Purpose and legal basis of processing
The Joint Controllers process the Data for the following purposes and on the following legal bases:
Legitimate interest (Company security)
The Data will be processed for the sole purpose of ensuring the safety of persons and property on company premises and for the purpose of preventing damage and harm that the Joint Controllers may suffer as a result of illegal activities carried out on their premises aimed, even indirectly, at causing damage to the same (such as, by way of example, theft, robbery, damage, sabotage of equipment, vandalism, etc.).
Video recordings, which may contain Data, are processed for the same purpose and, therefore, are viewed only when necessary (e.g. following unauthorised access to the Joint Controllers' premises, or theft, to identify the offender) and may, in this context, be transmitted to police and public authorities to prosecute the perpetrators of offences and ensure the protection, including judicial protection, of rights.
This processing has its legal basis in the legitimate interest of the Joint Controllers in the security of company assets and, following the balancing exercise carried out by the Joint Controllers, prevails over the interest of visitors in not being identifiable, taking into account the mere possibility of identification, as well as the organisational and security measures adopted by the Joint Controllers to protect the data subjects.
The processing described above is necessary: any refusal, partial or total, to provide the Data for these purposes will make it impossible to access the company premises and/or the surrounding spaces and areas.

4. Data Recipients
The Data will be processed by persons authorised to do so, to whom the Joint Controllers or the individual Joint Controller have given adequate operating instructions with particular reference to the security measures adopted, assigning authentication credentials that allow them to carry out, depending on the tasks assigned to each, only the operations within their competence. These individuals are restricted in their ability to view the images recorded by the video surveillance system, both in real time and at a later time, as well as to delete or duplicate them.
Third-party recipients of the Data – independent data controllers or duly designated data processors – belong to the following categories:
A. external parties operating as independent data controllers, such as, for example, supervisory and control authorities and bodies and, in general, parties, including private individuals, who are entitled to request the Data (such as accountants and legal advisers), public authorities who expressly request it for administrative or institutional purposes, in accordance with current national and European legislation;
B. entities unrelated to the Joint Controllers that provide services to them (e.g. IT service providers for the management of databases, including contact and e-mail databases, security companies and companies offering installation, assistance and maintenance services for video surveillance systems, digital service providers and IT consultants providing technical assistance to the Companies); these parties have been specifically appointed as data processors and their names are available on request from the Joint Controllers, using the contact details indicated in Paragraph 7 below.

5. Data retention period
Video surveillance recordings will be retained for a maximum period of 48 hours. At the end of this period, the recordings will be automatically deleted by overwriting, rendering the deleted data unusable.
The Data will be stored for longer periods only if necessary to allow investigations by the police and public authorities, as well as for legal protection purposes.

6. Transfer of data to third countries
In the context of the processing operations in question relating to the Data Subjects' Data, the Joint Controllers will not transfer data outside the European Union.
Should this occur, the Joint Controller transferring the data will adopt adequate safeguards in accordance with the applicable laws and regulations on the protection of personal data, in order to ensure that your Data is adequately protected: in particular, such transfers will take place, on a case-by-case basis, after verification of the standard contractual clauses (Standard Contractual Clauses) approved by the European Commission pursuant to Article 46, paragraph 2, letters c) and d) of the GDPR or the binding rules for the company referred to in Article 47 of the GDPR or, in the absence thereof, pursuant to one of the derogatory measures referred to in Article 49 of the GDPR.

7. The rights of the data subject
The subjects recorded by the Joint Controllers' video surveillance system, as data subjects (i.e., subjects to whom the Data refer), are entitled to the rights conferred by the GDPR. In particular, pursuant to Articles 15-22 of the GDPR, data subjects have the right to request and obtain, at any time, access to their personal data, information on the processing carried out and, where applicable, the rectification and/or updating of personal data, erasure and restriction of processing. In addition, they also have the right to object to the processing and to request, in the cases provided for, the portability of the data (i.e., to receive personal data in a structured format commonly used and readable by automatic devices). Finally, data subjects always have the right to withdraw their consent at any time (this will not, in any case, affect the lawfulness of the processing carried out on the basis of the consent given prior to the withdrawal) and to lodge a complaint with a supervisory authority (in Italy: the Garante per la Protezione dei Dati Personali).
The above rights may be exercised at any time by sending a simple request to the Companies:
· by post, to the address Via Sile 41, Roncade (TV); or
· by email: legal@h-farm.com

ESSENTIAL CONTENT OF THE JOINT CONTROL AGREEMENT
between H-Farm S.p.A., H-Farm Education S.r.l. and H-International School S.r.l.,
pursuant to Article 26 of Regulation (EU) 2016/679 (the ‘GDPR’)

H-Farm S.p.A., H-Farm Education S.r.l. and H-International School S.r.l. (hereinafter referred to as the ‘Joint Controllers’) have entered into a joint controller agreement (the ‘Agreement’) whereby they have jointly determined the purposes and methods of processing images of students, employees, collaborators, managers and visitors (the ‘Data Subjects’) recorded by the video surveillance systems installed at the Central Campus in Roncade located in Roncade (TV), at Via Sile 4, 6, 41 and 51, Via Piovega 23, and Via Adriano Olivetti 1 (the ‘Campus’).
In particular, the Agreement – the essential content of which is described below – regulates:

1.        the categories of personal data collected and processed in accordance with the Agreement, namely images recorded by the video surveillance system of those who access the Campus premises, including those who accidentally pass within the range of the cameras (collectively, the ‘Personal Data’);

2.       the methods of acquisition and the tools used to process Personal Data: processing may be carried out using automated methods designed to store, process and transmit Personal Data and will be carried out using technical and organisational measures appropriate to ensure the security, confidentiality, integrity, availability and resilience of IT systems, as well as reasonable measures to promptly delete or rectify data that is inaccurate in relation to the purposes for which it is processed;

3.       the division of tasks between the Joint Controllers in relation to individual data processing activities and the allocation of respective responsibilities: specifically, the Joint Controllers share and process Personal Data for the sole purpose of ensuring the security of Data Subjects and company premises. The Joint Controllers shall comply with the information obligations towards Data Subjects pursuant to Article 13 of the GDPR;

4.       the adoption of technical and organisational security measures to ensure the security of personal data, as required by Article 32 of the GDPR, taking into account the nature of the processing and the information in their possession. The measures must ensure the confidentiality, integrity, availability and resilience of the systems and services that process the data, also allowing for rapid recovery in the event of physical or technical incidents. Any changes to security measures, following regulatory updates or changes in risks and technologies, must be adopted after risk analysis. In addition, the Joint Controllers must adopt procedures to regularly verify the effectiveness of the security measures adopted;

5.       the methods of fulfilling the obligations arising from privacy legislation and any guidelines and codes of conduct applicable from time to time (for example, the communication of the information referred to in Articles 13 and 14 of the GDPR; the response to any requests from Data Subjects; the communication of any data breaches to the Data Protection Authority and/or Data Subjects).

The Joint Controllers also undertake to treat all material exchanged between them as strictly confidential and to use such information only for the purposes set out in the Agreement and/or for the fulfilment of legal obligations, as well as provisions issued by the Data Protection Authority or other authorities legitimised by law.

Complaints and requests to exercise rights submitted by Data Subjects will be handled by the Joint Controllers according to their respective areas of competence, in compliance with the GDPR and any other legislation applicable from time to time to the processing of personal data. Data subjects may exercise their rights vis-à-vis the Joint Controllers pursuant to Article 26, paragraph 3 of the GDPR, by acting before the Data Protection Authority and/or other competent authority, as well as vis-à-vis each Joint Controller, independently of the other, at the following addresses:

H-Farm S.p.A.
e-mail: privacy@h-farm.com
via Sile 41, 31056, Roncade (TV)
H-Farm Education S.r.l.
e-mail: privacy@h-farm.com
via Sile 41, 31056, Roncade (TV)
H-International School S.r.l.
e-mail: office.ve@h-is.com
via Adriano Olivetti 1, 31056, Roncade (TV)