Errekappa Euroterapici S.p.a. processes personal data in accordance with the provisions of European Regulation 2016/679.
The following are the contents of the company’s privacy policies
- INFORMATION ON THE PROCESSING OF PERSONAL DATA CUSTOMERS
- INFORMATION ON THE PROCESSING OF PERSONAL DATA SUPPLIERS
- COOKIE PRIVACY
IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The Data Controller is Errekappa Euroterapici S.p.A., in the person of its legal representative, with registered office in Via Ciro Menotti, 1/A 20129, Milan
CONTACT DETAILS OF THE DATA PROTECTION OFFICER (“RPD”)
The DPO designated by the Company can be contacted at the following contact details:
– mail Errekappa Euroterapici S.p.A., with registered office at Via Ciro Menotti, 1/A 20129, Milan, Italy
WHAT DATA DO WE PROCESS?
The following may be subject to processing:
1) The common personal data that may be provided by the user when he/she interacts with the features of the Site, including navigation data or requests to use the services offered on the Site (registration to any reserved areas/contests and other initiatives, use of any Apps, requests for information and reports also through contact forms, etc.).
2) Sensitive personal data such as those related to health status, i.e., belonging to special categories of personal data in accordance with Article 9 of the Regulations. Where this is the case, such processing is carried out based on the user’s consent, as well as for fulfillments related to reports of adverse events, to fulfill obligations arising from laws or regulations, or to fulfill contractual or pre-contractual obligations related to the provision of goods or services (including the request for information about our products and their proper use). In any case, the legal basis for the processing of special categories of data is Article 9.2 letters (a), (g) and (i) of the Regulations, namely: consent; or to fulfill legal obligations in a context of health or social care diagnosis, assistance or treatment, or management of health or social care systems and services; or processing carried out in connection with a public interest in the field of public health.
WHY DO WE PROCESS USER’S PERSONAL DATA AND HOW?
With the user’s consent, the Company may process the user’s common personal data to enable the use of services and functionalities on the Site and optimize its operation, to perform statistics on visits, to manage requests and reports received through the Site, for registration to any restricted areas or initiatives such as contests and the like, pursuant to Article 6.1.(a) of the Regulations. The Company may also process the user’s personal data to fulfill obligations arising from laws, regulations, EU legislation: the legal basis for processing for this purpose is Art. 6.1.(c) Regulations.
Again, with the user’s optional consent, common and/or sensitive data may be processed for the purpose of application management pursuant to Articles 6.1.(a) and 9.2.(a) of the Regulations.
The user’s common and sensitive data may also be processed for the management and fulfillment related to adverse event reporting pursuant to Articles 9.2.(a), (g) and (i) of the Regulations.
In addition, with the user’s optional consent, the common data may also be used for the purpose of institutional communications (including newsletters) or promotional activities (marketing), i.e., to send promotional material and/or commercial communications pertaining to the Company’s services, at the indicated addresses, both through traditional (such as, paper mail, operator phone calls, etc.) and automated (such as, internet communications, fax, e-mail, text messages, applications for mobile devices such as smartphones and tablets – cd. APPS – social network accounts – e.g., via Facebook – etc.). The legal basis for processing for this purpose is Article 6.1.(a) of the Regulations.
Finally, the user’s common and/or sensitive personal data may be processed by the Company to protect its rights in court or for the enforcement of Errekappa Euroterapici’s Code of Conduct (Articles 6.1.(f) and 9.2.(f). of the Regulations).
Personal data are processed by automated and non-automated means, with logic strictly related to the purposes of processing and, in any case, with methods and procedures suitable to ensure the security and confidentiality of the data.
REQUIRED AND OPTIONAL PROCESSING
The forms to be filled out on this Site include both data that are strictly necessary to handle the user’s communications and requests, marked with the symbol [*], whose failure to provide them does not allow the requests to be followed up, and data of optional conferment that are not strictly necessary to follow up the requests of the interested parties. Failure to provide the latter will not result in any consequences.
The processing of personal data of users who only visit the Site (i.e., without sending communications or using any of the available services/functions) is limited to navigation data, i.e., those for which transmission to the Site is necessary for the operation of the computer systems responsible for managing the Site and Internet communication protocols. This category includes, for example, IP addresses or the domain of the computer used to visit the Site and other parameters related to the operating system used by the user to connect to the Site. The Company collects these and other data (such as, for example, the number of visits and time spent on the Site) only for statistical purposes and in an anonymous form to monitor the operation of the Site and improve its functionality. This is information that is not collected to be associated with other information about users and identify them; however, such information by its very nature may allow the identification of users through processing and association with data held by third parties. Browsing data are normally deleted after anonymous processing but may be retained and used by the Company to ascertain and identify the perpetrators of any computer crimes committed against or through the Site. The browsing data described above are retained only temporarily in compliance with applicable regulations.
LINKS TO OTHER WEBSITES
HOW WE STORE DATA AND FOR HOW LONG?
In accordance with the requirements of Art. 5.1. (c) of the Regulations, the information systems and computer programs used by the Company are configured to minimize the use of personal and identification data; such data are processed only to the extent necessary to achieve the purposes set out in this Policy; the data will be retained for the period of time strictly necessary to achieve the purposes concretely pursued and in any case, the criterion used to determine the retention period is based on compliance with the terms permitted by applicable laws and the principles of minimization of processing, limitation of storage and rational management of archives. In order to determine the appropriate retention period for personal information stored by the site upon user consent, the owner also takes into consideration the following criteria: the specific purposes made explicit in the notice for which the site stores personal information; the type of ongoing relationship with the user (how often the user accesses their account; whether the user makes requests via contact forms; whether the user continues to receive newsletters or commercial communications; how regularly they browse the site, etc. ); any specific request by the user to delete their data or withdraw consent; the legitimate business interest of the data controller.
HOW DO WE ENSURE THE SECURITY AND QUALITY OF PERSONAL DATA?
The Company is committed to protecting the security of the user’s personal data and complies with the security provisions of the applicable regulations to prevent data loss, illegitimate or unlawful use of data and unauthorized access to the same, with particular but not exclusive reference to Articles 25-32 of the Regulations. The Company uses multiple advanced security technologies and procedures to facilitate the protection of users’ personal data; for example, personal data are stored on secure servers located in protected and controlled access locations. Users can help the Company update and keep their personal data correct by communicating any changes related to their address, qualification, contact information, etc.
WHO CAN ACCESS THE DATA?
Personal data will be made accessible only to those within the Company, and parent, associated or subsidiary companies of Errekappa Euroterapici, who have a need for it due to their job or company role. These individuals, whose number will be as limited as possible, will be appropriately instructed to avoid loss, destruction, unauthorized access, or unauthorized processing of the data themselves..
In addition, data may be disclosed, to: (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, self-employed collaborators, also in associated form; third parties and suppliers that the Data Controller uses for the provision of services of a commercial, professional and technical nature functional to the management of the Site and its functionalities (e.g. suppliers of IT services and Cloud Computing), the pursuit of the purposes specified above and the services requested by the user; (iii) third parties in the event of mergers, acquisitions, sale of a company or business unit, audits or other extraordinary transactions; (iv) the company’s Supervisory Body, domiciled with the Data Controller, for the pursuit of its supervisory and enforcement activities of the Code of Conduct of Errekappa Euroterapici. These parties will receive only the data necessary for the relevant functions and will undertake to use them only for the purposes indicated above and to process them in compliance with applicable privacy regulations. The data may also be disclosed to legitimate recipients in accordance with applicable regulations. Except for the above, the data are not shared with third parties, natural or legal persons, who do not perform any commercial, professional, or technical functions for the Controller, and will not be disseminated. The entities receiving the data will process them as Data Controllers, Data Processors or Authorized Processors for the purposes indicated above and in compliance with the applicable privacy law.
With regard to the possible transfer of data to Third Countries, including countries that may not guarantee the same level of protection provided by the applicable law, the Data Controller informs that the processing will nevertheless take place according to one of the modalities allowed by the Regulation, such as the user’s consent, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data, (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission.
The users to whom the personal data refer have the right at any time to obtain confirmation of the existence or non-existence of the same data and to know their content and origin, verify their accuracy or request their integration or updating, or their rectification, cancellation, or restriction, or to object to their processing, to complain to the supervisory authority under Art. 15 of the Regulation. In addition, pursuant to Art. 7,15,16, 17, 18, 19, 20, 21, 22, and 77 of the same Regulation, each user has the right to request information about the collection and use of his or her personal data, access to it , rectification, deletion (right to be forgotten), restriction of processing, notification in case of rectification or deletion of personal data or restriction of processing, data portability the transformation into anonymous form or the blocking of data processed in violation of the law, as well as to oppose in any case, in the cases provided for by law, their processing, to lodge complaints regarding the collection and processing of personal information to the competent Supervisory Authority, to revoke consent to the processing of personal data at any time without prejudice to the lawfulness of the processing carried out up to that moment on the basis of the revoked consent.
For any request related to the processing of personal data by the Company, to exercise the rights recognized by the applicable legislation, as well as to know the updated list of subjects to whom the data are accessible, the user may contact the Data Controller and/or the DPO at the contact details indicated above.