Last update: 25th of May 2018
POLICY NOTICE SUMMARY
- FIELD OF APPLICATION
- LEGAL BASIS
- WHAT THIS POLICY NOTICE IS NOT REFERRING TO
- POLICY NOTICE UPDATE
- PERSONAL DATA TREATMENT CONTROLLER
- WHAT PERSONAL DATA ARE COLLECTED
- PERSONAL DATA PROVIDED FREELY AND AT USERS OWN DISCRETION
- PERSONAL DATA THAT ARE PROVIDED TO USE SERVICES THAT ARE PROTECTED WITH ACCESS CREDENTIALS
- BROWSING DATA
- NEWSLETTER SUBSCRIPTION
- PERSONAL DATA RECIPIENTS
- PERSONAL DATA LOCATION AND POTENTIAL TRANSFER
- PERSONAL DATA PROTECTION
- PERSONALIDURATION OF PRESERVATION OF PERSONAL DATA
- USERS RIGHTS
- AUTOMATIZED DECISIONAL PROCESS
FIELD OF APPLICATION
The Data Controller strictly respects the privacy of all the users that access to the website www.mdct.net or to the related services (below indicated in its entirety as “Platform”) through every laptop, desktop, app, mobile device, platform or any other access and usage method.
This page provides a detailed, transparent and comprehensive description of the policies of this Platform with regard of the processing of the personal data of its users.
This policy is aimed to describe in a transparent, detailed and exhaustive way that personal data are
By using the Platform, the user acknowledges that he/she is aware that personal data will be treated as described in the Policy.
WHAT THIS POLICY NOTICE IS NOT REFERRING TO
This Policy Notice does not refer to third parties services (that may or may not be accessible through direct link on the Platform) nor to third parties treatment policies for personal data of the users.
We suggest users to read carefully on third parties websites their policies for personal data collection, protection and potential disclosure.
The Data Controller has no control and no responsibility on third parties behavior. Data Controller declines any responsibility of personal data treatment that can occur through third parties services or websites.
POLICY NOTICE UPDATE
The Privacy Notice can be modified or integrated in order to ensure compliance with the existing laws. The Privacy Notes can also be updated in order to adapt to any potential technical modification or improvement applied by the Platform or to any potential change in the purpose or in the modalities of personal data treatment.
The Data Controller will inform you about any potential change through dedicated advices, but we suggest you to verify periodically this page in order to be updated.
Data Controller will publish promptly any update on this page, including the date of the update, and they will be effective immediately after their publication.
PERSONAL DATA TREATMENT CONTROLLER
Personal Data Controller through the Platform is Springer Healthcare Italia Srl which registered office is located in Milano (MI), street Pier Candido Decembrion. 28, registration number 07103410960, e-Mail: email@example.com(defined as the “Data Controller”).
You can contact Data Controller at the following email address firstname.lastname@example.org.
WHAT PERSONAL DATA ARE COLLECTED
When you will use the Platform, we will collect your data only if you will send them to us directly or through automatic systems that allow the normal performance of the Platform. Some personal data are mandatorily needed to identify you, others are not mandatory, but can be needed to access certain services of the Platform.
In particular, we may collect the following categories of Personal Data:
- PERSONAL DATA PROVIDED FREELY AND AT USERS OWN DISCRETION
This section refers to all the data provided by users freely and at their own discretion (in example when user sends an eMail to our email address indicated on the platform or when users fills our contact form)
In addition to user’s email address, needed to provide and answer, Data Controller will acquire the other potential personal data included in the email communication.
This data is not disclosed or communicated to third parties in any way, nor will it be used to define user’s profile or personality, for purposes directly or indirectly related with commercial or advertising interest. It is exclusively stored for the purposes of correspondence.
- Personal data user can provide freely and at his/her own discretion are: Data related to users’ Platform usage modes;
- Identifying data as name, surname, phone number, e-Mail or other information that users will send through forms on the Platform;
- Information user will provide when registering to the newsletter; information related to browsing, including technical and/or profiling cookies, etc.
- Identifying data as name, surname, phone number, eMail – where requested to perform specific services or the subscription to events;
- Users browsing data on the Platform.
Legal basis of the treatments is the contract fulfilment (art. 6.1-b of Regulation) or, depending from the cases, the legitimate interests pursued by Data Controller (art. 6.1-f of Regulation).
- PERSONAL DATA PROVIDED TO USE SERVICES THAT ARE PROTECTED WITH ACCESS CREDENTIALS
Some Platform services are reserved only to registered users. To complete registration procedure, the Platform will request some personal data, in particular:
- User’s name and surname;
- user’s email address;
- spoken language indication;
- user’s social security number;
- user’s phone number;
- user’s home address.
Legal basis of the treatments is the contract fulfilment (art. 6.1-b of Regulation) or, depending from the cases, Data Controller legal obligation (art. 6.1-c of Regulation).
Where requested, user will have to indicate a username and a password for identification, Any other personal data that may be requested during registration procedure is not mandatory and will be provided based on user’s free will
HOW PERSONAL DATA WILL BE USED?
Data controller will use the data provided by users to use the credentials protected services, exclusively after user’s consent, united to user’s home address, for the following activities:
- invoicing of paid services and/or of products purchases required by user;
- for any purpose strictly related to providing the services offered on the Platform.
I user does not provide the data listed above, the Data Controller cannot ensure the user to access and use all the services offered on the Platform.
Data Controller will also use user’s data:
- exclusively if user provided his/her consent at the voice “I expressly consent to collect my personal data for profiling purposes”, data will be used to study user’s interest and to define a personal and/or group profile. This activity is aimed to send updates on activities, especially new services/products, commercial offers, survey, feedback requests and other services related communications to users who agreed to receive commercial and advertising communications. The activity will also allow to elaborate statistical and commercial research studies aligned with users ‘interests. Verifying users’ preferences and defining a user profile (including a specific one) aimed to personalize the offer is a Data Controller’s legitimate interest (art. 6.1-f of the Regulation) or, a execution of user’s consent (art. 6.1-a);
- exclusively if user provided his/her consent at the voice “I consent to my personal data treatment usage for promotional and commercial purposes” data will be used to send user updates (also customized ones) on activities, in particular new services/products, new special offers, surveys, feedback requests and other services related communications. The activity will also allow to elaborate statistical and commercial research studies aligned with users ‘interests. Using users’ personal data to send commercial communication aligned with users’ preferences is a Data Controller’s legitimate interest.
User’s consent to these data treatments is not mandatory and an eventual refusal will not affect the possibility to use Platform services. User’s consent can be freely modified through simple mail request at the following eMail address email@example.com through different method identified and indicated by the Data Controller, with no additional formalities.
- BROWSING DATA
Information and communication systems via which Platform operates automatically acquire some data related to browsing activity, in the course of their operative routine.
The Platform collects personal data related to users’ browsing activity including but not limited to:
- IP address;
- Number of accesses;
- Duration of browsing session;
- Used browser;
- Viewed pages;
- Date and time of each access;
- Other parameters related to user’s Operative System;
Legal basis of these treatments is the pursue of Data Controller legitimate interest (art. 6.1-f of the Regulation).
HOW DATA WILL BE USED
Browsing data are collected at the sole purpose to obtain anonymous statistics on users’ Platform usage, and to control the correct functioning of the Platform itself. These data, however, for their own nature, can allow drawing conclusion on user’s identity, also through elaborations and association with other data, owned by third parties.
HOW DATA WILL NOT BE USED
User’s browsing data will not, in any case, be used for marketing purposes, to define user’s profile or personality, to send advertising material, for market researches or commercial communication.
Browsing data will be stored in a temporary way only.
- NEWSLETTER SUBSCRIPTION
Newsletter subscription service is reserved to registered customers. To provide and manage the service, the Data Controller uses services and tools provided by mdct.net website. For further information on personal data treatment by this provider, the Data Controller suggests to carefully review the following link: https://mdct.net/privacy.
Failure to provide personal data does not entail to any consequence for the user, unless the impossibility to access to some of the requested services, if not provided data is needed for service’s performance. Legal basis for these treatments is contract fulfill (art 6.1 – b of Regulation)
DATA TREATMENT PURPOSES
Data Controller will use user’s personal data to provide the requested services by user and to constantly improve user’s experience on Platform.
In the event that a user is not 18 (eighteen) years old or he/she is not in possession of the ability to act, the Notice is addressed to the person in charge under the Italian law in force, who is the only subject authorized to provide consent.
Users’ personal data held for the purposes outlined above is processed by Data Controller in a lawful, correct and transparent manner, with or without electronic tools, in order to protect in any moment, user’s privacy and rights, in respect of the existing law.
This data will not disclosed or communicated in any way to third parties, except for those cases the law requires so and as provided for herein.
PERSONAL DATA RECIPIENTS
Unless specified to the contrary in relation with the specific purposes of the data treatments described above, personal data can be disclosed an communicated to the persons (including third parties) in charge and/or responsible for data treatment, in accordance with their duties and functions, in pursuit of the aforementioned purposes, or for meeting regulatory and/or contractual requirements.
Personal data collected by Data Controller is not generally disclosed to third parties, except in situations where such disclosure is needed to meet legal or contractual obligations or to fulfill specific requirements.
In such cases, users personal data may be disclosed to the following subjects, persons or entities:
- Internal and/or external consultants or collaborators, in order to comply with existing regulation and/or in the performance of the contractual obligations in relation with the concerned individuals (including, but not limited to: labor consultants, legal advisors, accountants, tax consultants, auditors, etc.);
- Judicial or other public authorities, with regard to the purposes outlined above or in compliance with legal requirement in force.
Users can request to Data Controller the full list of Data Processors through an email at the following address firstname.lastname@example.org
USER PERSONAL DATA LOCATION AND POTENTIAL TRANSFER
User’s customer data are recorded in the European Economic Area (EEA), more in details they are stored on a server in Italy.
Data Controller reserves the possibility to transfer user personal data to countries that ensure a compliant security level, based on the European Commission decision about security adequacy or on appropriate safeguards laid down in the existing regulation.
PROTECTION OF USER’S PERSONAL DATA
Data Controller uses highly evolved encryption technologies and periodical backups to protect user data integrity and privacy.
DURATION OF PRESERVATION OF PERSONAL DATA
Data Controller will preserve personal data of the user for all the time that is needed to comply with legal requirements, to resolve legal disputes and to have agreements implemented and respected.
User’s personal data will be preserved, in compliance with the law, for a period not longer than the needed one to pursue the purposes for which the Data Controller is treating them. In particular:
- In relation to the existing contract, data will be preserved for the periods defined by regulating law. Upon termination of contractual relationship, civil law related data will be conserved for ten years;
- In relation with the personal data management that user provided voluntarily when registered to Data Controller services that can be accessed through credentials and/or to newsletter, Data Controller will preserve the data till the registration is active;
- In relation with user personal data treatment for marketing purposes and analysis of behavior and consumer choices purposes, only if user provided to Data Controller a specific consent (optional) Data Controller will preserve the collected data only for the strictly needed period to manage the above-mentioned purposes. Data Controller will preserve these data following criteria that respect existing law and that balance Data Controller legitimate interests and users rights and freedom.Data Controller will use user data for these purposes for a maximum period of 24 months, and after Data Controller will proceed to cancellation, in case of lack of specific norms that define different preservation periods and of lack of a new explicit uses consent, requested when the due date will be approaching.
- In relation with user personal data for profiling purposes, only in case user provided a specific consent (option), Data Controller will preserve the data for the period strictly necessary to manage the above described purposes. Data Controller will preserve these data following criteria that respect existing law and that balance Data Controller legitimate interests and users rights and freedom. Data Controller will use user data for these purposes for a maximum period of 12 months, and after Data Controller will proceed to cancellation, in case of lack of specific norms that define different preservation periods and of lack of a new explicit uses consent, requested when the due date will be approaching.
Data Controller will adopt any measure to avoid user data usage for an indeterminate amount of time. Data Controller will periodically check, in an appropriate way, user interest in allowing Data Controller to treat his/her data for promotional purposes – activity that will be performed through automatized modalities, as but not limited to eMails.
The user, as subject of personal data treatment, has the right to request to Data Controller:
- confirmation as to whether or not data related to him or her are being processed and, if yes, the right to access to it (access right);
- the modification and correction of incorrect data or the integration of incomplete personal data (right of reply);
- data cancellation, if at least one of the motivations provided in the Regulation exists (right to be forgotten);
- data treatment limitation when one of the hypothesis provided in the Regulation exists (limitation right);
- to receive user personal data in a structured, common usage format that can be read by an automatic device and the right to transmit, where technically feasible, these data to another Data Controller (right to data portability);
- to withdraw personal data treatment consent in any moment, without affecting the lawfulness of the data treatment performed before user withdrawal and to oppose in any moment to data treatment for marketing purposes or other different purposes (right to object);
- to object, for legitimated reasons, to user data treatment also if they are related to collecting purposes;
- to object to data treatment for advertising material sending or direct sales or for market researches or commercial communications.
AUTHOMATIZED DECISIONAL PROCESS
User has the right not to be subject to a decision uniquely based on automatized data treatment that generates legal effects concerning and/or affecting user, unless the aforementioned activity is:
- needed to execute or complete the contract between user and Data Controller or,
- it is authorized by European Union law or,
- it is authorized by local Member Country law which Data Controller is subject to (law that specifies adequate measures to protect user’s rights, freedom and legitimated interests) or,
- it is based on user explicit consent.
The user can exercise the aforementioned rights in any moment, submitting a simple request to the Data Controller to the following eMail email@example.com
Data Controller will contact the user as soon as possible and, in all cases in less than 30 (thirty) days form the request date.
If user believes that the personal data protection law has been breached, in relation to user personal data treatment, he/she has te right to present a complaint to local Authority for data protection in the European Economic Area (EEA). User can find details of the different local Authorities, based on user located country, at the following link. https://www.garanteprivacy.it/web/guest/home/footer/link.