Privacy Policy

Direct and Indirect Marketing Purposes

he customer’s personal data may be processed for direct and indirect marketing purposes, for example • market research. The legal basis for processing is therefore a consent that expresses its willingness to be able to perpetuate this purpose on its data, thus determining the lawfulness of the processing of your Personal Data. The provision of data for marketing purposes is optional. You can then decide not to give any data or subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive information regarding the Services offered by the Owner. However, he will continue to be entitled to the Services under the existing consultancy agreement. This treatment will in any case also take place following the assessments made by the Data Controller with regard to the possible and prevalence of his interests, rights and fundamental freedoms that require the protection of Personal Data in particular if the interested party is a minor.

Marketing Purposes with Photo and Video Diffusion

• The photographs / videos of patients, both minors and adults, may be disclosed in order to:
  
• Promotion treatments
  
• Medical research
  
• Publication of articles

The personal data supplied by you, including the portrait contained in the photographs / videos, will be subject to processing operations in compliance with current legislation and of the principles of correctness, lawfulness and transparency to which the activity of the Polispecialistico Medical Center is inspired. These data may be processed either by computer tools or on paper or on any other type of suitable support, in compliance with the security measures provided by the GDPR. The data processing will be performed in compliance with the security measures provided for in the aforementioned Personal Data Protection Code. Data will be processed in accordance with the principles of lawfulness, correctness and confidentiality. The Polyspecialist Medical Center undertakes not to make any use of images that could be detrimental to the dignity or reputation of the subject portrayed. At any time it is possible to exercise all the rights indicated in articles 15 to 22 and of the art. 34 of the GDPR, in particular the cancellation, rectification or integration of the data, with written communication to be sent to the e-mail: info@centro-medico.it.

Processing methods – Profiling

As part of the owner’s organization, the data of the data subject may be processed by the various organizational functions. Polispecialistico medical center does not adopt any decision-making process aimed at user profiling, as per article 22, paragraphs 1 and 4, of Regulation (EU) no. 679/2016.

Period of conservation

Data will be processed even after the end of the main relationship, in compliance with the regulatory provisions governing the retention of deeds and documents, and, where expressly authorized, to allow the establishment of future relationships and to guarantee the historicization of data, also in the interest of the client and in any case the same will be verified annually. Specifically, the particular data are stored, in compliance with the sector law, for 10 years from the termination of the contract. The data relating to direct and indirect marketing will be processed for this purpose until the revocation of the consent and / or the exercise of the right of opposition and, in any case, no later than 5 years from data collection, reserving the right, before the expiration of such term, to ask the user for the renewal of the consent and / or the updating of the data. Communication and diffusion Your personal and particular Data may be communicated to specific subjects considered as recipients of such Personal Data. In fact, Article 4 of Section 9 of the Regulation defines as a recipient of a Personal Data “the natural or legal person, the public authority, the service or another body that receives communication of personal data, whether it is or not of third parties “In this perspective, in order to correctly carry out all the processing activities necessary to pursue the purposes referred to in this Notice, the following Recipients may be in a position to process your Personal Data:

• Third parties, superior companies and / or connected companies or companies belonging to the Polispecialistico Medical Center that carry out part of the treatment activities and / or activities connected to the instruments on behalf of the Data Controller. These subjects have been appointed as data controllers, having to understand singularly with the term, a rule of article 4 at point 8) of the Regulation, “the natural or legal person, the public authority, the service or other on behalf of the Owner of the Treatment “;
• Individuals, employees, consultants and / or collaborators of the Data Controller, to whom specific personal data has been assigned and / or more than one processing activity. These individuals were given specific instructions on the subject of safety and the correct use of Personal Data and, pursuant to Article 4 of point 10) of the Regulation, “persons authorized to process Personal Data under the direct authority of the Owner” are defined “(hereinafter the” Authorized Persons “).
• subjects whose personal data are to be transferred by law or for the execution of the contract or for the protection of the right of the Data Controller. By way of example, but not limited to:
• Institutions, law enforcement agencies, judicial authorities; o Revenue Agency; o Insurance; o Social security and / or welfare agencies; Service organizations
• National health;
• Operators of the medical profession and paramedical personnel;
• Analysis laboratories;
• consultants and freelancers also in associated form or Managers of centralized IT systems;
• conveyor.

Outside the subjects and for the purposes indicated above, personal data will not be transferred to other subjects unless expressly authorized

Data transfer

We inform you that the data collected will not be transferred either to Member States of the European Union or to third countries not belonging to the European Union.

Rights of interested parties

The subjects to whom the personal data refer have the right at any time to request access to personal data, obtain confirmation of the existence of the same data and to know its content and origin, verify its accuracy or request it integration or updating, or rectification, limitation, oblivion, portability (from articles 12 to 22 of the EU Reg. 679/16), as well as the right to request cancellation, transformation into anonymous form of data processed in violation of the law, and to oppose in any case, for legitimate reasons, to their treatment. You can exercise your rights by sending an email to dpo@serviceconsulting.net, writing to the Polispecialistico Medical Center, Via Ponzio, 15 – 27100 Pavia In detail, the interested party can exercise the following rights: Right of access: will have the right, pursuant to Article 15, paragraph 1 of the Rules, to obtain confirmation from the Data Controller that processing of your personal data is in progress and, in this case, to obtain access to such Personal Data and to the following information:
• the purposes of processing;
• the categories of Personal Data in question;
• Recipients or categories of Recipients to whom your Personal Data have been or will be communicated, in particular if Recipients of third countries or international organizations;
• when possible, the retention period of Personal Data provided or, if this is not possible, the criteria used to determine this period;
• if the Personal Data are not collected from the interested party, all available information on their origin;
• the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, of the Regulation and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such Treatment for the interested party.
Right of rectification: pursuant to Article 16 of the Regulation, you may obtain the correction of your Personal Data which are inaccurate. Taking into account the purposes of the processing, moreover, you will be able to obtain the integration of your personal data which is incomplete, even providing a supplementary declaration. Right to cancellation: in accordance with Article 17, paragraph 1 of the Regulation, you can obtain the cancellation of Your Personal Data without undue delay and the Data Controller will have the obligation to delete your Personal Data, if only one of the following reasons exists: a) the Personal Data are no longer necessary with respect to the purposes for which they were collected or otherwise processed b) Has revoked the consent on which the processing of your personal data is based and there is no other legal basis for their treatment c) has opposed the processing pursuant to Article 21, paragraph 1 or 2 of the Regulations and there is no longer any legitimate prevailing reason for proceeding with the Processing of Your Personal Data; d) Your Personal Data has been processed. unlawful; e) it is necessary to delete your Personal Data in order to fulfill a legal obligation required by a community or national law. In some cases, as provided for by article 17, paragraph 3 of the Rules, the Data Controller is entitled not to cancel your Personal Data if their Treatment is necessary, for example, for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for archiving in the public interest, for scientific or historical research or for statistical purposes, for ascertaining, exercising or defending of a right in court. Right to limitation of processing: in accordance with Article 18 of the Rules, the Treatment may be limited, if one of the following hypotheses occurs: a) has contested the accuracy of your Personal Data (the limitation will continue for the period necessary for the Data Controller to verify the accuracy of such Personal Data; b) the Processing is illegal but opposed the cancellation of Your Personal Data, requesting instead that its use be limited, c) although the Owner of the Treatment no longer needs it for the purpose of Processing, your Personal Data is used to ascertain, exercise or defend a right in court, d) has opposed the Treatment pursuant to Article 21, paragraph 1, of the Regulation and is awaiting verification regarding the possible prevalence of the legitimate reasons of the Data Controller with respect to His. In the event of limitation of the Processing, your Personal Data will be processed, except for storage, only with your consent or for the verification, exercise or defense of a right in court or to protect the rights of a another natural or legal person or for reasons of significant public interest. We will inform you, in any case, before this limitation is revoked. Right to data portability: may, at any time, request and receive, in accordance with article 20, paragraph 1 of the Regulation, all of your Personal Data processed by the Data Controller and / or the Data Controllers in a structured format, commonly used and legible or request its transmission to another data controller without hindrance. In this case, it will be your care to provide us with all the exact details of the new data controller to whom you intend to transfer your Personal Data by providing us with written authorization.Right of opposition: pursuant to Article 21, paragraph 2 of the Rules and as also reiterated by Recital 70, you may object, at any time, to the Processing of Your Personal Data if these are processed for direct marketing purposes, including profiling in the the extent to which it is connected to such direct marketing.
Right to propose a complaint to the supervisory authority: subject to your right to appeal to any other administrative or judicial office, if it considers that the Processing of your Personal Data conducted by the Data Controller it may occur in violation of the Regulations and / or applicable regulations, it may submit a complaint to the competent Authority for the Protection of Personal Data. To exercise all your rights as identified above, simply send an e-mail to the e-mail address: e-mail info@centro-medico.it, or by ordinary mail: Via Ponzio, 15 – 27100 Pavia.

We remind you that, at any time, you can also contact the DPO at the e-mail address: e-mail dpo@serviceconsulting.net.

We remind you that the information may be changed due to the introduction of new regulations in this regard, therefore the user is invited to periodically check this information.