Privacy Policy

Privacy Policy

The information is provided by the Multi-specialist Medical Center pursuant to art. 13 of the EU Reg 679/16

Centro Medico Polispecialistico is aware of how important it is to protect the data of its customers and therefore strives to be clear about the way in which personal data is collected, processed, disclosed, transferred and stored. Centro Medico Polispecialistico guarantees compliance with the legislation on the protection of personal data and personal protection; it also informs that the personal data provided by the interested parties, through the various collection channels, directly or indirectly managed by the Data Controller, will be processed in a lawful, pertinent and correct manner in compliance with the principles sanctioned by EU Reg 679/16. Polyspecialist Medical Center also informs you that the information you provide will be processed in compliance with the art. 13 of EU Reg 679/16 in force and in application from 25/05/2018 for the processing activities carried out in its own operating offices.
Owner and authorized parties

The Data Controller, that is the person who takes the decisions regarding the methods and the purposes of the processing, is the Polispecialistico Medical Center, with registered office in Via Mazzini, 11- 27100 Pavia, VAT number: 01806370183 and CF: 01806370183 (hereafter , “OWNER”). The Data Protection Officer is Ing. Antonio Perrella (DPO) and it is possible to contact him at
In addition to employees of the Polispecialistico Medical Center, the processing of personal data may also be carried out by third parties, to whom the OWNER entrusts certain activities (or part of them) connected or instrumental to the performance of treatments or the provision of services offered. In this case the same subjects will operate as autonomous owners, co-owners, or will be appointed Managers or authorized persons for the treatment.
The updated list of all the subjects authorized to the processing of personal data is available and can be consulted at the operational headquarters in Via Ponzio, 15 – 27100 Pavia.
Type of data processed

The collection and subsequent processing of data is carried out by the Data Controller at the offices of the Polispecialistico Medical Center and by companies appointed by the same and also through its website in compliance with the safety measures and prescriptions of the Laws for the processing of personal data in force.
Collects the following data types:

  • personal data;
  • particular data that reveal the racial or ethnic origin;
  • particular data relating to health or sex life or sexual orientation of the person.
  •  particular data that collect genetic data;
  •  personal and particular data of minors.

Purpose of the processing

Purposes of an Administrative nature – personal data

The processing of personal data and telephone and telematic addresses is finalized to the execution of the contract.
The legal basis of the processing is therefore the exact execution of the contract relating to commercial services, thus determining the lawfulness of the processing of your Personal Data. By way of non-exhaustive example, the following purposes are cited:

  • billing;
  • tax;
  • eventual claim of accident to the insurance company in case of accident (accident, damages deriving from professional fault, etc …)
  • statistics.

Purposes of an Administrative nature – particular data

For the execution of the contract the company can process the particular data acquired by the customer.
The legal basis of the treatment is identified by the consent issued by the client. Conferment is therefore mandatory, since, in the event of failure to obtain consent or revocation of the same, the processing will take place, thus not being able to execute the contract. In the case of minors, specific consent will be required from those who exercise parental responsibility.
Purposes of processing Personal Data contained in the CVs

Medical Specialist Center will treat the data contained in the CVs sent / delivered spontaneously by the interested party or following a recruiting campaign promoted by the Polispecialistico Medical Center, according to the principles of lawfulness, correctness and confidentiality.
The data will be processed for the period strictly necessary for the pursuit of the aforementioned purposes and kept for a maximum period of 2 years from the time of receipt of the CV. The legal basis of the processing is the consent that the data subject must give at the bottom of the curriculum. Conferment is therefore mandatory, since in the event of failure to obtain consent or revocation of the same, the processing (legitimate interest) will take place.
Purposes of Direct and Indirect Marketing
The customer’s personal data may be processed for direct and indirect marketing purposes, for example
• market research

Direct and Indirect Marketing Purposes

he customer’s personal data may be processed for direct and indirect marketing purposes, for example • market research. The legal basis for processing is therefore a consent that expresses its willingness to be able to perpetuate this purpose on its data, thus determining the lawfulness of the processing of your Personal Data. The provision of data for marketing purposes is optional. You can then decide not to give any data or subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive information regarding the Services offered by the Owner. However, he will continue to be entitled to the Services under the existing consultancy agreement. This treatment will in any case also take place following the assessments made by the Data Controller with regard to the possible and prevalence of his interests, rights and fundamental freedoms that require the protection of Personal Data in particular if the interested party is a minor.

Marketing Purposes with Photo and Video Diffusion

  • The photographs / videos of patients, both minors and adults, may be disclosed in order to:
  • Promotion treatments
  • Medical research
  • Publication of articles

The personal data supplied by you, including the portrait contained in the photographs / videos, will be subject to processing operations in compliance with current legislation and of the principles of correctness, lawfulness and transparency to which the activity of the Polispecialistico Medical Center is inspired. These data may be processed either by computer tools or on paper or on any other type of suitable support, in compliance with the security measures provided by the GDPR. The data processing will be performed in compliance with the security measures provided for in the aforementioned Personal Data Protection Code. Data will be processed in accordance with the principles of lawfulness, correctness and confidentiality. The Polyspecialist Medical Center undertakes not to make any use of images that could be detrimental to the dignity or reputation of the subject portrayed. At any time it is possible to exercise all the rights indicated in articles 15 to 22 and of the art. 34 of the GDPR, in particular the cancellation, rectification or integration of the data, with written communication to be sent to the e-mail:

Processing methods – Profiling

As part of the owner’s organization, the data of the data subject may be processed by the various organizational functions. Polispecialistico medical center does not adopt any decision-making process aimed at user profiling, as per article 22, paragraphs 1 and 4, of Regulation (EU) no. 679/2016.

Period of conservation

Data will be processed even after the end of the main relationship, in compliance with the regulatory provisions governing the retention of deeds and documents, and, where expressly authorized, to allow the establishment of future relationships and to guarantee the historicization of data, also in the interest of the client and in any case the same will be verified annually. Specifically, the particular data are stored, in compliance with the sector law, for 10 years from the termination of the contract. The data relating to direct and indirect marketing will be processed for this purpose until the revocation of the consent and / or the exercise of the right of opposition and, in any case, no later than 5 years from data collection, reserving the right, before the expiration of such term, to ask the user for the renewal of the consent and / or the updating of the data. Communication and diffusion Your personal and particular Data may be communicated to specific subjects considered as recipients of such Personal Data. In fact, Article 4 of Section 9 of the Regulation defines as a recipient of a Personal Data “the natural or legal person, the public authority, the service or another body that receives communication of personal data, whether it is or not of third parties “In this perspective, in order to correctly carry out all the processing activities necessary to pursue the purposes referred to in this Notice, the following Recipients may be in a position to process your Personal Data:

  • Third parties, superior companies and / or connected companies or companies belonging to the Polispecialistico Medical Center that carry out part of the treatment activities and / or activities connected to the instruments on behalf of the Data Controller. These subjects have been appointed as data controllers, having to understand singularly with the term, a rule of article 4 at point 8) of the Regulation, “the natural or legal person, the public authority, the service or other on behalf of the Owner of the Treatment “;
  • Individuals, employees, consultants and / or collaborators of the Data Controller, to whom specific personal data has been assigned and / or more than one processing activity. These individuals were given specific instructions on the subject of safety and the correct use of Personal Data and, pursuant to Article 4 of point 10) of the Regulation, “persons authorized to process Personal Data under the direct authority of the Owner” are defined “(hereinafter the” Authorized Persons “).
  • subjects whose personal data are to be transferred by law or for the execution of the contract or for the protection of the right of the Data Controller. By way of example, but not limited to:
  • Institutions, law enforcement agencies, judicial authorities; o Revenue Agency; o Insurance; o Social security and / or welfare agencies; Service organizations
  • National health;
  • Operators of the medical profession and paramedical personnel;
  • Analysis laboratories;
  • consultants and freelancers also in associated form or Managers of centralized IT systems;
  • conveyor.

Outside the subjects and for the purposes indicated above, personal data will not be transferred to other subjects unless expressly authorized

Data transfer

We inform you that the data collected will not be transferred either to Member States of the European Union or to third countries not belonging to the European Union.

Rights of interested parties

The subjects to whom the personal data refer have the right at any time to request access to personal data, obtain confirmation of the existence of the same data and to know its content and origin, verify its accuracy or request it integration or updating, or rectification, limitation, oblivion, portability (from articles 12 to 22 of the EU Reg. 679/16), as well as the right to request cancellation, transformation into anonymous form of data processed in violation of the law, and to oppose in any case, for legitimate reasons, to their treatment. You can exercise your rights by sending an email to, writing to the Polispecialistico Medical Center, Via Ponzio, 15 – 27100 Pavia In detail, the interested party can exercise the following rights: Right of access: will have the right, pursuant to Article 15, paragraph 1 of the Rules, to obtain confirmation from the Data Controller that processing of your personal data is in progress and, in this case, to obtain access to such Personal Data and to the following information:
• the purposes of processing;
• the categories of Personal Data in question;
• Recipients or categories of Recipients to whom your Personal Data have been or will be communicated, in particular if Recipients of third countries or international organizations;
• when possible, the retention period of Personal Data provided or, if this is not possible, the criteria used to determine this period;
• if the Personal Data are not collected from the interested party, all available information on their origin;
• the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, of the Regulation and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such Treatment for the interested party.

Right of rectification: pursuant to Article 16 of the Regulation, you may obtain the correction of your Personal Data which are inaccurate. Taking into account the purposes of the processing, moreover, you will be able to obtain the integration of your personal data which is incomplete, even providing a supplementary declaration. Right to cancellation: in accordance with Article 17, paragraph 1 of the Regulation, you can obtain the cancellation of Your Personal Data without undue delay and the Data Controller will have the obligation to delete your Personal Data, if only one of the following reasons exists: a) the Personal Data are no longer necessary with respect to the purposes for which they were collected or otherwise processed b) Has revoked the consent on which the processing of your personal data is based and there is no other legal basis for their treatment c) has opposed the processing pursuant to Article 21, paragraph 1 or 2 of the Regulations and there is no longer any legitimate prevailing reason for proceeding with the Processing of Your Personal Data; d) Your Personal Data has been processed. unlawful; e) it is necessary to delete your Personal Data in order to fulfill a legal obligation required by a community or national law. In some cases, as provided for by article 17, paragraph 3 of the Rules, the Data Controller is entitled not to cancel your Personal Data if their Treatment is necessary, for example, for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for archiving in the public interest, for scientific or historical research or for statistical purposes, for ascertaining, exercising or defending of a right in court. Right to limitation of processing: in accordance with Article 18 of the Rules, the Treatment may be limited, if one of the following hypotheses occurs: a) has contested the accuracy of your Personal Data (the limitation will continue for the period necessary for the Data Controller to verify the accuracy of such Personal Data; b) the Processing is illegal but opposed the cancellation of Your Personal Data, requesting instead that its use be limited, c) although the Owner of the Treatment no longer needs it for the purpose of Processing, your Personal Data is used to ascertain, exercise or defend a right in court, d) has opposed the Treatment pursuant to Article 21, paragraph 1, of the Regulation and is awaiting verification regarding the possible prevalence of the legitimate reasons of the Data Controller with respect to His. In the event of limitation of the Processing, your Personal Data will be processed, except for storage, only with your consent or for the verification, exercise or defense of a right in court or to protect the rights of a another natural or legal person or for reasons of significant public interest. We will inform you, in any case, before this limitation is revoked. Right to data portability: may, at any time, request and receive, in accordance with article 20, paragraph 1 of the Regulation, all of your Personal Data processed by the Data Controller and / or the Data Controllers in a structured format, commonly used and legible or request its transmission to another data controller without hindrance. In this case, it will be your care to provide us with all the exact details of the new data controller to whom you intend to transfer your Personal Data by providing us with written authorization.Right of opposition: pursuant to Article 21, paragraph 2 of the Rules and as also reiterated by Recital 70, you may object, at any time, to the Processing of Your Personal Data if these are processed for direct marketing purposes, including profiling in the the extent to which it is connected to such direct marketing.
Right to propose a complaint to the supervisory authority: subject to your right to appeal to any other administrative or judicial office, if it considers that the Processing of your Personal Data conducted by the Data Controller it may occur in violation of the Regulations and / or applicable regulations, it may submit a complaint to the competent Authority for the Protection of Personal Data. To exercise all your rights as identified above, simply send an e-mail to the e-mail address: e-mail, or by ordinary mail: Via Ponzio, 15 – 27100 Pavia.

We remind you that, at any time, you can also contact the DPO at the e-mail address: e-mail

We remind you that the information may be changed due to the introduction of new regulations in this regard, therefore the user is invited to periodically check this information.