Information on the processing of personal data
pursuant to Articles 13 – 14 of Regulation 2016/679/EU
La normativa vigente, con particolare riferimento al Regolamento UE 2016/679 del 27 aprile 2016 relativo alla protezione delle persone fisiche con riguardo al trattamento dei dati personali, nonché alla libera circolazione di tali dati (Regolamento generale sulla protezione dei dati personali, di seguito “GDPR“) e al D.Lgs. 30 giugno 2003, n. 196 e s.m.i. (di seguito, “Codice Privacy“), prescrive che il trattamento dei dati personali si svolga nel rispetto dei diritti, delle libertà fondamentali, nonché della dignità delle persone fisiche, con particolare riferimento alla riservatezza, all’identità personale e al diritto alla protezione dei dati personali, assicurando che i dati siano trattati in modo lecito e secondo correttezza. Alla luce di quanto sopra, MEDICX Società Benefit S.r.l., con sede legale in via dei Valtorta, 47 – 20127 Milano (MI), in qualità di titolare del trattamento (di seguito, la “Società”). Le fornisce le seguenti informazioni riguardanti il trattamento dei Dati Personali, come di seguito definiti, raccolti e trattati tramite:
-
il nostro sito web (di seguito, il “Sito”);
-
le pagine della Società presente sui social network (ad es., Instagram, Facebook – di seguito, i “Social”).
La presente informativa può essere modificata, integrata o aggiornata periodicamente, anche in considerazione di eventuali modifiche della normativa applicabile o di provvedimenti delle autorità competenti.
1.
WHAT PERSONAL DATA CONCERNING YOU MAY BE PROCESSED
“ Personal Data ” or “ Data ” means any information that can directly or indirectly identify you, as described below.
contact details, such as email addresses and any other identifiers and/or contact details you provide spontaneously in the context of requests for information and/or other communications (hereinafter, “ Contact Details ”);
navigation data (such as technical data relating to the connection, including IP addresses or domain names of the computers used to connect to the Site, the URI addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server, etc.), including information collected via cookies, the information for which can be consulted at the following address Cookie Policy (hereinafter, “ Navigation Data ”);
data relating to the social accounts you may use to access the Company's social pages, as well as other data you provide to such social networks, which may be communicated based on the privacy preferences you have set on them (hereinafter, " Social Data ");
other data, other than contact data, that you may spontaneously transmit in the context of requests for information (hereinafter, “ Other Data ”).
2.
FOR WHAT PURPOSES CAN YOUR PERSONAL DATA BE USED AND ON WHAT BASIS OF LEGALITY?
The Data will be processed for the following purposes:
A. Use of the Site.
Your Browsing Data will be processed by the Company to enable the correct functioning of the Site's features and to analyze web traffic relating to the Site itself, also to improve your experience and that of other users.
Legal basis for processing: legitimate interest in providing, verifying, and improving the Site's user experience (Article 6, paragraph 1, letter f), GDPR). Providing Browsing Data is mandatory for data processed using so-called "technical cookies" (further described in the Cookie Policy) and for technical connection data, while providing it is optional for any additional Browsing Data and/or Social Media Data, which depends on your consent to the installation of categories of cookies other than "technical cookies." Failure to provide such optional data may make it impossible to improve your Site's user experience.
B. Requests for information / other communications.
Your Contact Data, Browsing Data, and Other Data will be processed to respond to your requests for information and/or any other communications sent to the Company.
Legal basis for processing: performance of a contract to which the data subject is party (Article 6, paragraph 1, letter b), GDPR). Providing Contact Data, Browsing Data, and Other Data is optional, but without it, we will not be able to respond to your requests for information.
C. Aggregate analysis and product/service improvement.
Your Browsing Data and Social Media Data will be processed in aggregate form. This will exclude your personal identification and will allow us to analyze and improve our services, measure interest and satisfaction with our products, and effectively manage resources.
Legal basis for processing: legitimate interest in improving our services and managing relationships with users (Article 6, paragraph 1, letter f), GDPR).
D. Purposes related to the need to protect rights, including those of the interested party.
Your data will be processed by the Company to protect its rights, including with respect to any requests or to take legal action against the data subject or third parties. Furthermore, it will be used to demonstrate that we have responded to any requests to exercise one or more of the data subject's rights, as described in detail in Section 7 of this policy.
Legal basis for processing: legitimate interest in protecting rights (Article 6, paragraph 1, letter f), GDPR).
E. Fulfillment of legally binding requests to comply with legal obligations, regulations, or provisions/requests from competent authorities, including supervisory authorities.
Your Data may be processed to fulfill a legal obligation and/or provisions/requests from the competent authorities, including supervisory authorities.
Legal basis for processing: legal obligations to which the Company is subject (Article 6, paragraph 1, letter c), GDPR).
For processing operations based on the legitimate interests of the Company or third parties, the balancing of interests analysis has determined that the interests, rights, or fundamental freedoms of the data subject do not prevail. In any case, the data subject may object to this processing, unless the Company demonstrates that the processing is essential to the Company.
3.
FROM WHICH SOURCES CAN DATA BE COLLECTED AND IN WHAT WAY?
The Data may be collected by the Company through:
your use of the Site and/or Social Media;
communications sent by you, including any requests for assistance and/or information, even through channels other than those indicated on the Site or on the Social Pages.
The Data may be updated and/or integrated based on information collected directly from you.
4.
HOW WE KEEP YOUR PERSONAL DATA SAFE AND FOR HOW LONG
Your data will be processed in accordance with the principles of fairness, lawfulness, and transparency and may also be processed using automated methods .
In any case, processing will be carried out using appropriate technical and organizational measures to guarantee confidentiality and avoid the risk of loss, alteration of data, unauthorized access, and disclosure.
We limit access to your data only to those who need to use it for relevant purposes, who are specifically authorized, trained, and have received specific instructions.
We retain your data only for as long as strictly necessary to achieve the purposes for which it was collected or for any other related legitimate purpose. Therefore, if the data is processed for two different purposes, we will retain such data until the purpose with the longest retention period ceases; however, we will no longer process the data for the purpose for which the retention period has expired. Data that is no longer necessary, or for which there is no longer a legal basis for its retention, is irreversibly anonymized (and may be retained as such) or securely destroyed.
Below we report the retention periods in relation to the different purposes listed above:
A. Use of the Site.
The data processed for this purpose will be retained for a period of no more than one year.
B. Requests for information / other communications.
The data processed for this purpose will be retained for a period of time not exceeding one year from the conclusion of the individual response to your communication, without prejudice to your right to object in the manner set out in paragraph 7 of this notice.
C. Aggregate analysis and product/service improvement.
The data processed for this purpose will be processed in aggregate and anonymous form for the time necessary to achieve the purposes described in this policy.
D. Purposes related to the need to protect rights, including those of the interested party.
The data processed for this purpose will be retained for the entire duration of the relevant proceedings, and in any case for the time deemed reasonably necessary by the Company to protect its respective rights, including in relation to the relevant limitation periods.
With particular reference to data retained to provide proof of response to the interested party, such Data will be retained for a period of five years from the last request from the interested party, or from the last communication interrupting the limitation period.
E. Fulfillment of legally binding requests to comply with legal obligations, regulations, or provisions/requests from competent authorities, including supervisory authorities.
The data processed for this purpose will be retained for the entire duration of the proceedings before the relevant competent authorities, in addition to the relevant statute of limitations.
5.
WHO WE MAY SHARE YOUR PERSONAL DATA WITH
Ai Dati possono avere accesso i soggetti debitamente autorizzati e istruiti.
Per lo svolgimento di talune delle attività di trattamento dei Dati, la Società potrà comunicare gli stessi alle seguenti categorie di soggetti esterni, i quali tratteranno tali Dati in qualità di titolari autonomi del trattamento oppure in qualità di responsabili del trattamento, regolarmente designati dalla Società in conformità alla normativa vigente (a seconda del ruolo che svolgono in relazione al trattamento):
-
altre società del Gruppo Covisian, del quale la Società fa parte (di seguito, il “Gruppo“), nell’ambito dei relativi rapporti di Gruppo;
-
consulenti e fornitori esterni quali cloud service provider, IT provider o hosting provider;
-
studi professionali, specialmente ove necessario per la tutela dei diritti della Società;
-
forze di polizia, e altre amministrazioni pubbliche, in adempimento di obblighi previsti da leggi, da regolamenti o dalla normativa applicabile.
Per conoscere la lista dei responsabili del trattamento o degli altri destinatari dei Dati si può fare richiesta alla Società avvalendosi dei dati di contatto menzionati al successivo paragrafo 9 “Contatti”.
6.
INTERNATIONAL TRANSFERS
The Company does not transfer your data to countries outside the European Economic Area (EEA) (hereinafter the " Third Countries ") whose data protection laws may provide different standards than those of the EEA. If such a transfer occurs, the Company will ensure that all your data accessible outside the EEA is treated with appropriate safeguards.
In any case, where such transfer is necessary, the Company will take care to specify in advance the destination Third Country, as well as the guarantees adopted for the transfer of Data to that Country.
7.
YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
You have the right, provided the conditions are met:
access to the data concerning you, as well as their rectification ;
to the deletion of the Data;
to the limitation of processing;
within the limits of the Data processed for contractual purposes and/or on the basis of your consent, and processed using automated methods, the receipt of such Data in a structured, commonly used and machine-readable format (portability) and/or the transmission of the same to another data controller (so-called " portability ").
to the right to object , at any time, for reasons related to his/her particular situation, to the processing of Data by the Company for the pursuit of its legitimate interest, for the purposes set out above under 2.a (browsing experience), 2.c (aggregate analysis and improvement of products/services), and 2.d (protection of rights).
To exercise your rights, you may contact the Company at the following address: privacy@medicx.it .
You may submit complaints or reports to the Italian Data Protection Authority (www.gpdp.it), or take legal action.
8.
DATA PROTECTION OFFICER
The Company has designated a Data Protection Officer (" DPO ") who, by law, is responsible for overseeing the company's compliance with applicable regulations. The DPO can be contacted at the email address listed in the following section 9, "Contacts."
9.
CONTACTS
The Company's contact details are as follows: MEDICX Società Benefit Srl, with registered office at Via dei Valtorta, 47 – 20127 Milan (MI) | e-mail: privacy@medicx.it .
The contact details of the Company's DPO are as follows: dpocorporate@covisian.com .