Dear visitor, in accordance with Article 12 and subsequent articles of the EU Regulation 2016/679 of the European Parliament and Council of the 27th April 2016 (General Data Protection Regulation, “Regulation” or “GDPR”), and in general in accordance with the principle of transparency foreseen in the same Regulation, we are to provide the following information on the processing of personal data (that is, any information concerning an identified or identifiable natural person: “interested party”) made in connection with the browsing on the website “www.mediclinic.it” (“website”) and on the related interaction by the user (it is noted that this statement does not therefore concern other websites that may be visited by the user through links on the website).
Data Controller and Data Protection Officer
The data controller (i.e. the person who determines the purpose and means of processing of personal data) is MediClinic , based in Pozzonovo (PD), 4 Novembre Street, 10/C, tax code and VAT registration number n. 04606790287. For contacts specifically relating to the protection of personal data, including the exercise of the rights, we indicate in particular the e-mail address: email@example.com to which you may address any requests.
We inform you that Mediclinic has designated the Data protection Officer (in the acronym “DPO”), pursuant to Art. 37 of the Regulation, which can be contacted by you through the following channels: firstname.lastname@example.org
Browsing data of the user
The IT systems and computer programs used for the operation of the website collect some personal data whose transmission is implied in the use of Internet communication protocols (e.g. the IP addresses or the domain names of computers used by users who connect to the website, the URI -Uniform resource Identifier- addresses of the requested resources, the time of the request, the method used to submit the request to the server, the dimension of the file obtained, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and other parameters related to the operating system and the user’s computing environment). Although the information is not collected in order to associate it to specific users, by their nature and through processing and association with further data held by third parties, such data may permit to identify users.
Such data shall only be used for statistical purposes, without associating them to any identifier of the users, to ensure the correct operation of the website and are deleted after processing. This data may also be used for the purposes of investigating liabilities in the event of information crimes committed against the website.
The legal basis of the processing is therefore the legitimate interest in the operation and security of the website.
Data provided voluntarily by the user
No personal information of the user is required for the website to be visited. However, any contact with the Controller, or the optional, explicit and spontaneous sending of messages, e-mail or traditional mail, to the contact details of the Controller indicated on the website or the compilation of the fields in the “Contacts” section entail the subsequent acquisition of the address, including e-mail of the sender or his/her telephone number, necessary to answer the requests, as well as any other personal data provided in the related communications. Such data will be processed in the sole purpose of following up on the user’s request and may be communicated to third parties only if this is necessary for this purpose; they will be kept for the time strictly necessary to provide the person concerned with the answers to the requests made (purpose of response to users).
For the processing of the data for these purposes, the user’s consent is not required, since the processing is necessary for the execution of a contract of which he/she is part or the execution of pre-contractual measures adopted at the request of the latter (art. 6, paragraph 1, lit. b) of the Regulation). This refers to the so-called common data, while the data belonging to special categories (i.e. data concerning the state of health; genetic data; biometric data intended to uniquely identify a natural person; data relating to the health or sexual life or sexual orientation of the person may be lawfully processed – as far as it is concerned – only with the express consent of the interested party). We therefore invite users not to include in the communications personal data belonging to the recalled special categories of data; such information may be collected prior consent or otherwise with the appropriate modalities, at the time of a subsequent interview. The specific information regarding the processing of the personal data of the candidates, which integrates the present without replacing it, can be consulted in the “Work with us” section, through which it is possible to submit your application. The user will also be able to subscribe to our newsletter, through the special section of the website, to receive periodic information about our services; in this case, the processing of personal data for this purpose will be based on the consent of the user, which he/she can still withdraw at any time, and the lack of consent or non-conferral of data will not have any consequence on the possible contractual relationship. The subscription to the newsletter – unless the withdrawal of consent occurs earlier, which will result in the immediate deletion of the data – is maintained for 48 months from the conferral of consent or by the renewal of the same.
The user can register to the “Service Portal” to access the medical examination online booking services. The registration to this Portal requires the presentation of a specific information concerning the processing of personal data and the processing will take place with the consent of the person concerned.
Processing modalities and communication of the data
The processing of personal data will be done by personnel trained and authorized by the Controller with procedures, technical and information tools suitable to protect the confidentiality and security of the data. Personal data will not be disseminated. In the context of your activity and for the above-mentioned purposes, the Controller may make use of services rendered by third parties operating either as independent Controllers or on behalf of and in accordance with the instructions of the Controller, as Data Processors. These are subjects that provide the Controller with processing or instrumental services. The user may request a complete and updated list of the appointed Data Processors by contacting one of the contacts listed below.
It is not intended to transfer personal data to non-EU countries or to International Organisations.
Rights of the interested parties
The GDPR gives the person concerned the exercise of the following rights with reference to the personal data concerning him/her (the summary description is indicative, the complete statement of the rights can be found in the Regulation, in particular in Artt. 15-22):
Access to personal data (the concerned person will therefore have the right to have free information about the personal data held by the Controller and about the related processing, and to obtain a copy in an accessible format);
Rectification of data (we will provide, on recommendation of the concerned person, the correction or integration of your data – which are not an expression of evaluative elements – incorrect or inaccurate, even if they have become so, because they have not been updated);
Erasure (right to be forgotten) (for example, data are no longer needed with regard to the purposes for which they were collected or processed; they have been illegally processed; they must be deleted in order to fulfil a legal obligation; the concerned person has withdrawn the consent and there is no other legal basis for processing the data; the person objects to processing, if there are the conditions);
Right to restrict processing (in certain cases – objecting the accuracy of the data, during the time required for verification; objecting the lawfulness of processing with opposition to the erasure; need of use for the rights of defence of the concerned person, while they are no longer useful for processing; if there is objection to processing, while the necessary verifications are carried out – the data will be stored in such a way in order to be able to be restored, but, in the meantime, they are not available to the Controller except in relation to the validity of the restriction request of the concerned person, or with the consent of the person or for the assessment, exercise or defence of a right in court or to protect the rights of another natural or legal persons or for reasons of relevant public interest of the Union or of a member State);
Right to object to processing in full or in part for legitimate reasons (in certain circumstances the concerned person may however object to processing of his/her data, in particular, if the personal data is processed for direct marketing purposes, he/she have the right to object to processing at any time); in this particular case, the sending of the newsletter takes place on the basis of the consent expressed by the person concerned and therefore the simple withdrawal of the consent by the latter will be sufficient to end the processing);
Data portability (if processing is based on consent or on a contract and is carried out by automated means, on request, the concerned person will receive his/her personal data in a structured format, in common use and readable by an automatic device, and he/she may transmit them to another Controller, unimpeded by the Controller which has provided them and, if technically feasible, the concerned person can obtain that such transmission is made directly by the latter). In addition, if the processing takes place by virtue of the consent expressed by the person concerned, he/she may withdraw the consent at any time without prejudice to the lawfulness of the processing provided before the withdrawal.
The person concerned also has the right to complain to the supervisory authority (Garante per la protezione dei dati personali) if he/she considers that the processing about him/her infringes the requirements of the Regulation; The supervisory authority can be contacted through the contact details indicated on the website of the authority “www.garanteprivacy.it”. In any case, we would like to have the opportunity to deal with any perplexity of the concerned persons, who can contact the email address email@example.com or the other contact details of the Controller or the DPO indicated above for any clarification concerning the processing of personal data concerning them and the exercise of their rights, including the withdrawal of consent.
The Controller may modify or update the content of this information in whole or in part, also considering any changes in the rules on the protection of personal data.