1. Who we are
This communication is made available to you – also pursuant to art. 13 of the European Regulation 2016/679 on the protection of personal data (“Regulation” or “GDPR”) and Legislative Decree no. 30/06/2003 n. 196 (“Privacy Code”), as amended and integrated by Legislative Decree no. 101/2018, and subsequent amendments and additions – by Mediconcierge s.r.l. with registered office in Milan (MI), via Mascheroni n. 20, as Data Controller of your personal data. The purpose of this Policy is to inform the user about the processing of personal data.
2. Type of data processed
The website offers informative and sometimes interactive content. During the navigation of the site Mediconcierge s.r.l. can, therefore, acquire information about the visitor, in the following ways:
a) Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and the addresses of the websites from which it was accessed, information on the pages visited by users within the site, the access time, the stay on the single page, the internal path analysis and other parameters related to the operating system and the user’s IT environment.
b) Additional categories of data
These are all personal data provided by the visitor through the site, for example:
- By filling in a form through which to request information on the services offered and/or a contact request;
- By writing to the e-mail addresses indicated on our site to request information;
- Accessing a reserved area and/or a service;
- Filling in a form through which to submit your curriculum vitae;
- By filling in a form to receive our newsletter and marketing communications;
- Filling in a form to register for one of the initiatives of Mediconcierge s.r.l. (conferences, seminars, workshops, events).
3. Purpose of processing
The data provided are processed for the following purposes:
- Provide the service requested by the user, manage the contracts concluded by the user, carry out the related administrative, accounting, tax and legal requirements, and process the requests submitted by the user. The processing carried out for these purposes is necessary for the fulfilment of contractual obligations and does not require specific consent from the interested party;
- Detect the experience of using our platforms, the products and services we offer and ensure the proper functioning of the web pages and their contents. The processing carried out for these purposes is based on a legitimate interest of the Data Controller;
- Send commercial communications relating to promotions and/or offers, in the interest of the Owner; the processing carried out for these purposes is carried out with the specific consent provided by the user.
4. Sharing and transfer of personal data
- The staff of the holding;
- Service providers, (e.g. IT system providers, cloud service providers, database providers and consultants);
- Public administrations for legal purposes;
- Any public and/or private person to whom the communication of your personal data is necessary in relation to the purposes indicated above.
The updated list of data processors is available at the registered office of the data controller and will be provided upon written request.
Mediconcierge s.r.l. may have to transfer your personal data to countries located outside the European Union/Common European Area (EEA), to so-called “third countries”. Such transfers to third countries may include all the above processing activities.
5. Protection of personal data
Mediconcierge s.r.l. has implemented appropriate technical and organizational measures to provide an adequate level of security and confidentiality to personal data.
These measures shall take into account:
- the state of the art of technology;
- the costs of its implementation;
- the nature of the data;
- the risk of treatment.
The purpose is to protect them from accidental or unlawful destruction or alteration, accidental loss, unauthorised disclosure or access and from other forms of illicit processing.
In addition, when managing your personal data, Mediconcierge s.r.l.:
- Collects and processes personal data that is adequate, relevant and not excessive, as required to meet the above purposes;
- Ensure that such personal data remain up-to-date and accurate.
6. Data retention periods
Without prejudice to your right to object to the processing of personal data and/or to request its cancellation, Mediconcierge s.r.l. will keep your personal data only for the time necessary to achieve the purpose for which they were collected and received, or to meet legal or regulatory requirements.
When this period expires, your personal data will be removed from the active systems of Mediconcierge s.r.l.
7. Your rights under the law
The rights related to personal data that Mediconcierge s.r.l. treats are:
- Right to rectification.You can obtain the rectification of personal data concerning you or communicated to us by you. Mediconcierge s.r.l. makes every efforts to ensure that the personal data in its possession are accurate, complete, updated and relevant, based on the most recent information available;
- Right to limitation. You may obtain a restriction on the processing of your personal data if:
- The accuracy of your personal data is in question;
- The processing is unlawful and you request a restriction of the processing or deletion of your personal data;
- No longer exists, by Mediconcierge s.r.l., the need to maintain your personal data but you need it to ascertain, exercise or defend your rights in court or you oppose the treatment while Mediconcierge s.r.l. checks whether its legitimate reasons prevail over yours.
- Right to access.You can ask Mediconcierge s.r.l., information about the personal data stored about you, including information about which categories of personal data Mediconcierge s.r.l. owns or controls, for what purpose they are used, where they were collected (if not directly from you), and to whom they have been communicated;
- Right to portability.Following your request, Mediconcierge s.r.l. will transfer your data;
- Right to cancellation.You can obtain from Mediconcierge s.r.l. the cancellation of your Personal data if:
- personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You have the right to object to further processing of your personal data and exercise this right to object;
- Personal data have been processed unlawfully.
Unless processing is necessary by virtue of legal obligations, by law or in order to constitute, exercise or defend a right in court:
- Right to opposition. You can object at any time to the processing of your personal data, provided that the processing is not based on your consent but on the legitimate interests of Mediconcierge s.r.l. or third parties. In such cases, Mediconcierge s.r.l. will no longer process your personal data unless it is possible to demonstrate to you the compelling and legitimate reasons, an overriding interest in the processing or verification, or the exercise or defense of a right in court. If you object to the processing, please specify if you intend to delete your personal data or limit its processing.
- Right to lodge a complaint. In the event of an alleged breach of the applicable privacy law, you may lodge a complaint with the competent authorities of your country or the place where the alleged breach occurred.
9. Controller and Data Protection Officer
To exercise the rights referred to in art. 15 et seq. of the GDPR, you can contact the Data Controller, Mediconcierge s.r.l. with registered office in Milan (MI), via Mascheroni n. 20, e-mail: firstname.lastname@example.org
The Data Protection Officer – DPO – can be contacted at the e-mail address: email@example.com