Information provided to users of the company website for the processing of personal data
Pursuant to art. 13 of EU Regulation No. 2016/679 (European Regulation on the protection of personal data – GDPR) the management methods of the website www.milanmedicalcenter.it are described below with reference to the processing of personal data of those who interact with the web services, accessible electronically from the mentioned address. The information is provided only for the site mentioned above and not for other websites that may be consulted by the user through links.
Identity and contact details of the Data Controller.
Below we indicate which are our references to which you can contact for any clarification.
• The data controller is: MILAN MEDICAL CENTER SRL, in the person of his representative.
• The Holder can be contacted via email at: firstname.lastname@example.org
• The Data Protection Officer may be contacted by mail at: email@example.com
Purpose of the processing for which the data is intended for personal data and its legal basis.
We indicate below why we ask for your personal data.
The data provided while browsing the company site is collected to make the site’s functions usable following user access and to collect information freely transmitted by the interested party. In particular, your personal data will be processed:
(i) without your consent (article 6, letters b, c, f, GDPR), for the following purposes:
• The computer systems and software procedures used to operate this website acquire during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
• These data (such as domain names, IP addresses, operating system, device type of browser used to access) are not accompanied by any additional personal information and are used to: a) obtaining anonymous usage statistics of the site; b) manage needs to control how it is used, c) ascertain responsibility in case of hypothetical computer crimes.
• The legal basis for legitimizing the processing of such data is the need to use the site’s features due to access user.
The provision of data for the purposes referred to in the previous section (i) is mandatory. In case of unavailability for the use of the data, you must not browse the company website.
Categories of personal data processed.
Below we indicate which types of personal data we ask for.
As part of the purposes of the processing highlighted in the previous paragraph, only personal data acquired directly by the interested party will be processed, which fall into the following categories:
The software applications used to operate the www.milanmedicalcenter.it website acquire some personal data transmitted through Internet communication protocols. This information is not collected to be associated with identified interested parties, but could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (for example, successful end, error) and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.
DATA PROVIDED VOLUNTARILY BY THE USER
Categories of recipients of personal data.
Below we indicate who will be able to process your personal data and to whom it may be disclosed.
For the aforementioned purposes, the personal data you provide may be made accessible to the owner’s employees with secretarial / administrative functions. The owner’s employees process the data as an authorized data processor (or so-called “in charge of processing”), in the context of the tasks entrusted. We only communicate the data that is strictly necessary. In exceptional circumstances they may be made accessible to the relevant regulatory agencies, judicial authorities and other governmental agencies or counterparties in a dispute, in any country or territory or when disclosure is a legal obligation.
We indicate below how your personal data will be processed.
The processing of your personal data is carried out by means of the operations (collection, registration, organization, structuring, storage, extraction and analysis, cancellation or destruction) carried out both in digital format (on servers and clouds adequately protected and located within the European Union owned and / or in the availability of the Data Controller and / or third party companies appointed, duly appointed as data processors).
Below we indicate the general aspects that characterize the processing of your personal data.
The data will be processed in a lawful, correct and transparent way towards the interested party, collected for the purposes indicated above, limited and kept as necessary with adequate security measures. There is no transfer of data abroad to non-EU countries. Your personal data will not be disclosed. It is not expected that the data will be processed for automated decision-making processes. In the event of a personal data breach likely to present a high risk for the rights and freedoms of natural persons, the owner will inform you without undue delay.
Retention period of personal data
We indicate below how long we will keep your personal data.
Personal data collected for the purposes indicated in the relative previous paragraph will be processed and stored for a maximum of 2 years.
Below we indicate all the rights that we guarantee for your personal data.
In accordance with the provisions of Chapter III, Section I, GDPR, you can exercise the rights indicated therein and in particular:
- RIGHT TO INFORMATION: Right to receive all information relating to the treatment in a concise, transparent, intelligible and easily accessible form (this information).
- RIGHT OF ACCESS: Confirm that is or is not going on the processing of personal data relating to you and, if so, to receive relevant information, in particular, to: purposes of the processing, the categories of personal data processed and retention period, recipients to whom these can be communicated (Art.15 GDPR),
- RIGHT OF REPLY: Get correction of inaccurate personal data concerning you and the integration of incomplete personal data (Art.16 GDPR) with its obligation on the holder to communicate these changes.
- THE RIGHT TO DELETE (cd Oblivion): Right to request the cancellation of their data when it is out of the purposes of treatment, has been revoked consent, was made opposition to the processing, the data has been processed in violation of the law (Art. 17 GDPR).
- RIGHT OF LIMITATION: Law to limit the use of their data in the event of inaccuracies, dispute, or as an alternative measure to the cancellation (Art. 18 GDPR).
- RIGHT TO PORTABILITY DATA: Receive personal data concerning supplied to the data and transfer the data to another owner in the cases provided for in Art. 20 of the GDPR.
- RIGHT TO OBJECT: right to object at any time to the processing of their personal data, unless there are legitimate reasons (Art. 21 GDPR).
- THE RIGHT TO BRING CLAIMS CONTROL AUTHORITY: Authority for the protection of personal data, Piazza di Montecitorio n. 121, 00186, Rome (RM).
You can exercise these rights (excluding the last one) by simply sending a request by e-mail to the owner’s address, indicated above.