Privacy Policy

Information provided to users of the company website for the processing of personal data

Pursuant to art. 13 of EU Regulation No. 2016/679 (European Regulation on the protection of personal data – GDPR) the management methods of the website are described below with reference to the processing of personal data of those who interact with the web services, accessible electronically from the mentioned address. The information is provided only for the site mentioned above and not for other websites that may be consulted by the user through links.

Identity and contact details of the Data Controller.

Below we indicate which are our references to which you can contact for any clarification.
• The data controller is: MILAN MEDICAL CENTER SRL, in the person of his representative.
• The Holder can be contacted via email at:
• The Data Protection Officer may be contacted by mail at:

Purpose of the processing for which the data is intended for personal data and its legal basis.

We indicate below why we ask for your personal data.

The data provided while browsing the company site is collected to make the site’s functions usable following user access and to collect information freely transmitted by the interested party. In particular, your personal data will be processed:
(i) without your consent (article 6, letters b, c, f, GDPR), for the following purposes:
• The computer systems and software procedures used to operate this website acquire during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
• These data (such as domain names, IP addresses, operating system, device type of browser used to access) are not accompanied by any additional personal information and are used to: a) obtaining anonymous usage statistics of the site; b) manage needs to control how it is used, c) ascertain responsibility in case of hypothetical computer crimes.
• The legal basis for legitimizing the processing of such data is the need to use the site’s features due to access user.
The provision of data for the purposes referred to in the previous section (i) is mandatory. In case of unavailability for the use of the data, you must not browse the company website.

Categories of personal data processed.

Below we indicate which types of personal data we ask for.

As part of the purposes of the processing highlighted in the previous paragraph, only personal data acquired directly by the interested party will be processed, which fall into the following categories:


The software applications used to operate the website acquire some personal data transmitted through Internet communication protocols. This information is not collected to be associated with identified interested parties, but could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (for example, successful end, error) and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.


For access to some services provided through the website, optional and voluntary sending of the e-mail address to the addresses indicated on the site itself necessary to respond to requests, as well as any other personal data may be requested included in the message. Specific summary information will be reported or displayed on the pages of the site prepared for particular services on request. The retention period of such data is defined by the cancellation request criterion for information voluntarily provided by the user; as regards the technical data managed by the site, such as cookies, the period is defined by the technical characteristics of the cookies defined in the cookie policy.


The website uses cookies and similar technologies to ensure the proper functioning of the procedures and improve the experience of using online applications. To learn more and to view our policy in this regard, you can consult the cookie policy on the site.

Categories of recipients of personal data.

Below we indicate who will be able to process your personal data and to whom it may be disclosed.

For the aforementioned purposes, the personal data you provide may be made accessible to the owner’s employees with secretarial / administrative functions. The owner’s employees process the data as an authorized data processor (or so-called “in charge of processing”), in the context of the tasks entrusted. We only communicate the data that is strictly necessary. In exceptional circumstances they may be made accessible to the relevant regulatory agencies, judicial authorities and other governmental agencies or counterparties in a dispute, in any country or territory or when disclosure is a legal obligation.

Processing methods

We indicate below how your personal data will be processed.

The processing of your personal data is carried out by means of the operations (collection, registration, organization, structuring, storage, extraction and analysis, cancellation or destruction) carried out both in digital format (on servers and clouds adequately protected and located within the European Union owned and / or in the availability of the Data Controller and / or third party companies appointed, duly appointed as data processors).

General principles

Below we indicate the general aspects that characterize the processing of your personal data.

The data will be processed in a lawful, correct and transparent way towards the interested party, collected for the purposes indicated above, limited and kept as necessary with adequate security measures. There is no transfer of data abroad to non-EU countries. Your personal data will not be disclosed. It is not expected that the data will be processed for automated decision-making processes. In the event of a personal data breach likely to present a high risk for the rights and freedoms of natural persons, the owner will inform you without undue delay.

Retention period of personal data

We indicate below how long we will keep your personal data.

Personal data collected for the purposes indicated in the relative previous paragraph will be processed and stored for a maximum of 2 years.

Exercisable rights

Below we indicate all the rights that we guarantee for your personal data.

In accordance with the provisions of Chapter III, Section I, GDPR, you can exercise the rights indicated therein and in particular:

  • RIGHT TO INFORMATION: Right to receive all information relating to the treatment in a concise, transparent, intelligible and easily accessible form (this information).
  • RIGHT OF ACCESS: Confirm that is or is not going on the processing of personal data relating to you and, if so, to receive relevant information, in particular, to: purposes of the processing, the categories of personal data processed and retention period, recipients to whom these can be communicated (Art.15 GDPR),
  • RIGHT OF REPLY: Get correction of inaccurate personal data concerning you and the integration of incomplete personal data (Art.16 GDPR) with its obligation on the holder to communicate these changes.
  • THE RIGHT TO DELETE (cd Oblivion): Right to request the cancellation of their data when it is out of the purposes of treatment, has been revoked consent, was made opposition to the processing, the data has been processed in violation of the law (Art. 17 GDPR).
  • RIGHT OF LIMITATION: Law to limit the use of their data in the event of inaccuracies, dispute, or as an alternative measure to the cancellation (Art. 18 GDPR).
  • RIGHT TO PORTABILITY DATA: Receive personal data concerning supplied to the data and transfer the data to another owner in the cases provided for in Art. 20 of the GDPR.
  • RIGHT TO OBJECT: right to object at any time to the processing of their personal data, unless there are legitimate reasons (Art. 21 GDPR).
  • THE RIGHT TO BRING CLAIMS CONTROL AUTHORITY: Authority for the protection of personal data, Piazza di Montecitorio n. 121, 00186, Rome (RM).

You can exercise these rights (excluding the last one) by simply sending a request by e-mail to the owner’s address, indicated above.

Information for the processing of personal data

Read the document