The Data Controller is Dr Lorenzo Andaloro, P.IVA 06216500485 with registered offices in Via Francesco Furini, 10 – Firenze, which can be contacted via email at firstname.lastname@example.org or by telephone at 055.7131723.
What personal data do we process?
Personal information you provide us with
We will process the following data when you send us a request via the contact form, subscribe to the newsletter, create an account or make a purchase on the Website:
- Identifying information (name and surname, email address, address and telephone number, location);
- Information pertaining to your request which may include sensitive information relating to your health;
If the personal data requested is mandatory (for example your email address for sending the newsletter), the refusal to provide it will make it impossible for us to provide the specific services affected by the aforementioned mandatory data.
Personal data we collect automatically
Every time you access the Website, we automatically collect and process the following personal data:
- Technical information, including the Internet protocol address (IP address) used to connect your computer to the Internet, your access data, the type of browser and version, operating system and platform;
- Information about your visit to the Website, including Uniform Resource Locators (“URL”), pages you have visited or searched within the Website, page response time, download errors, duration of the visit, information on your interaction with the Website and the methods used to leave the Website;
- Information obtained through cookies used by the Company on the Website. You can learn more about cookies on the dedicated page.
What we use your personal data for
We will process your personal data for the following purposes:
- To manage the services and features of this Website;
- To detect and prevent identity fraud and fraudulent accesses and browsing;
- If you contact us for technical or commercial information or for support, to process the request and provide you with the best possible service;
Legal basis of the processing
The legal basis of the processing of your personal data according to the purposes described above is as follows:
- To carry out our relationship with you when you contact us for technical information regarding specialist appointments, illnesses and treatments.
- The processing of users’ personal data for the identification and prevention of identity fraud is necessary for the fulfilment of our legal and information security obligations.
- The satisfaction of our legitimate interest, consisting in (i) managing the services and features of the Website and (ii) if you contact our customer service, to process the request and provide the best possible service; (iii) preserving the surveillance, administration and protection of our services, contents and web pages;
- Your consent to develop a business profile about you based on the personal data you provide us with and the data we obtain through your browsing on the Website in order to analyse or predict aspects such as your personal preferences or interests, and therefore be able to consequently send you commercial communications suited to your preferences or interests. You have the right to withdraw your consent at any time by contacting us via the contact details at the beginning of this page.
We will include information about how to unsubscribe in an easy and free way in all our commercial communications. We will respond to your request as soon as possible and, in any case, within the established legal deadline.
In cases where we need your personal data to fulfil our legal or contractual obligations, the provision of this necessary personal data is mandatory. If such data is not provided, we will not be able to maintain our contractual relationship with you or fulfil our obligations.
Recipients of personal data
We can communicate your data to the competent Authorities when it is legally required, in addition to payment platforms, with the aim of detecting and preventing fraud and managing payments when you purchase a product or the provision of a service on this Website.
The Data Controller has signed contracts with suppliers for the provision of certain services (for example IT services, virtual infrastructures, cloud computing, consultancy services and integral management of digital marketing actions, substitute doctors, analysis laboratories, medical specialists, pharmacists, hospitals, private nursing homes, tax consultants, etc.), which can access and/or process personal data with our authorisation. In any case, your personal data will not be transferred to countries located outside the European Union that do not offer an adequate level of security or do not provide the appropriate guarantees of protection.
Transfer of personal data outside the EU
As part of the contractual relationship between the Data Controller and its suppliers, for some of the purposes indicated above your personal data may be transferred outside the EU, including through its inclusion in databases which are shared and managed by third-party companies. The management of the database and the processing of such data are bound to the purposes for which it was collected and is carried out in full compliance with the standards of confidentiality and security as per the applicable data protection laws. Whenever your personal data should be transferred internationally outside the EU, the Data Controller will take all appropriate contractual measures necessary to guarantee an adequate level of protection of your personal data in accordance with the provisions on the processing of personal data indicated within this policy, including, among others, the Standard Contractual Clauses approved by the European Commission.
Duration of data retention
The data will be stored for a period of time not exceeding that which is necessary for the purposes for which it was collected or subsequently processed, in accordance with the provisions of the legal obligations.
Rights of data subjects
As a data subject, you are granted the following rights regarding the personal data collected and processed by the Data Controller for the purposes indicated above: (i) the right to access, in particular requesting, at any time, confirmation of the existence of your personal data in the Company’s archives and the clear and intelligible provision of such data, as well as the right to know the origin, logic and purpose of the processing with an express and specific indication of the persons assigned to and responsible for its processing and the third parties to which your data may be disclosed; (ii) the right to obtain updating and rectification of data (except for evaluation data), deletion of superfluous data or its transformation into anonymous form, as well as the blocking of processing and definitive deletion in case of unlawful processing; and (iii) if the conditions are met, the limitation to its processing and data portability. The law also recognises your right to lodge a complaint with the Guarantor for the protection of personal data, should you detect a violation of your rights regarding the protection of personal data under applicable law.
To exercise the rights listed above or for further information about the processing of your data, contact us through the contact details at the top of the page in the paragraph “Data Controller”.
Last update 10/07/2018