INFORMATION TO BE PROVIDED PURSUANT ARTT. 13 AND 14 OF THE REGULATION (EU) 2016/679 (THE “INFORMATION”)
1 – THE DATA CONTROLLER
Sanifast s.r.l., P.I. 09829250969, registered office in Milan (MI), Corso Lodi 47 as controller of the data (The “Company” or the “Controller”), provides the Data Subject with all of the following information with reference to its personal data.
2 – DATA, LEGAL BASIS OF THE PROCESSING
2.1. Data of the processing
Pursuant to art. 4, comma 1), of the Regulation “personal data” means any information relating to an identified or identifiable natural person (‘data subject’);
Personal data subject to the processing of the Controller are the following:
name and surname
2.2. Legal basis for processing
The Company processes the Personal Data that is communicated by the Data Subject or collected by other Controllers (in that case previous verification of the legal conditio from that other Controllers) or collected from public organizations (like Chamber of Commerce) under the legal disposition.
2.3 Purpose and legal basis for processing
The Personal Data are processed by the Controller to achieve the following objectives and pursuant to the following legal basis:
a) Execution of the services and the agreements
The Personal Data is necessary to provide for the requested services, and in particular, to book and deal with the medical examination, medical appointments, ecc and to receive the related updating.
There is no obligation, but in absence of Personal Data, the Company can not perform the services.
b) Compliance with the national and international legal provision
When the processing of the Personal Data is necessary for compliance with a legal obligation to which the Controller is subject, your approval is not requested.
Personal Data could be processed to the following purposes:
– to carry out promotions activities or to sell services or products by means letters, telephone Internet, SMS, MMS and other communication system;
– to carry out market survey related customer satisfaction, by means letters, telephone Internet, SMS, MMS and other communication system;
– to provide for high level services and products;
In this case, to process personal data it is necessary the Data Subject’s previous approval.
d) Legitimate interests of the Data Controller
The Controller may process personal data without the the Data Subject’s previous approval in the following cases:
– to acquire immagine to ascertain the possible commission of illegal acts;
– to carry on other legitimate interests. In those cases the Company can process Personal Data except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
3 – RECIPIENTS OF PERSONAL DATA
The Data Controller may disclose the personal data to third parties, such as, for example, those belonging to the following categories:
1) Employees, as subjects authorized to process data or internal managers;
2) Third parties (companies, freelancers, etc.) operating both within and outside the European Union who process your Personal Data in the context of:
– banking, financial and insurance services, payment systems, tax offices and treasuries;
– recording of financial risks for the purpose of preventing and controlling the risk of insolvency;
– credit recovery and related activities;
– supply and management of IT systems and procedures;
– security and video surveillance management services;
– real estate appraisal services;
– auditing and consultancy activities in general;
– management of communication to customers, as well as archiving of data and documents both in paper and electronic form;
3) Authority (for example, judicial, administrative etc …).
Sanifast s.r.l. and the third parties to whom your Personal Data may be disclosed act as: 1) Data Controllers, ie subjects who determine the purposes and means of the processing of Personal Data; 2) Data processors, i.e. subjects who process Personal Data on behalf of the Data Controller; 3) Joint data controllers who jointly determine the purposes and means of the same; 4) Subjects authorized to process.
The updated list of data processors and authorized subjects is kept at the Company’s headquarters.
4 – Transfer of personal data outside the European Economic Area (EEA)
Your Personal data is processed into the European Economic Area (EEA).
Whenever your personal data is transferred outside the EEA, the Data Controller shall take every suitable and necessary contractual measure to guarantee an adequate level of personal data protection in accordance with this Information on the processing of Personal Data, including, among other means, the Standard Contractual Clauses approved by the European Commission.
5 – Data processing and Data retention period
Personal Data Processing is carried on by means manual instrument, computer system and telecommunications system to grant security and confidentiality.
The data will be kept for no longer than required for the purposes for which it has been collected or processed, in accordance with the applicable legislation or in any case to allow the Company the protection of legitimate rights and interests of its own or of third parties.
6 -RIGHTS OF DATA SUBJECTS
As the data subject, you have, within the limits of legal provision, the following rights concerning the personal data collected and processed by the Data Controller, sending a request to firstname.lastname@example.org or to the address Sanifast s.r.l., registered office Milan (MI), Corso Lodi 47, or to write to email@example.com
You may revoke, at any time the consents you have given.
Company’s communications and actions under the exercise of the right below indicated shall be executed free. Otherwise, if your requests are unfounded and excessive, to be recurred, the Company could charge expense contribution, or to deny your requests.
Rights of access, You have the right to ask the Data Controller for confirmation that your personal data is being processed and obtain access to your personal data and to obtain information related to the transfer of your data in case the personal data is transferred to another country or international organization.
Right of rectification, in the cases provided for in applicable law, the data subject can exercise the right to rectify any inaccurate personal data, as well as, taking into account the purposes of the processing, complete any incomplete personal data, including by providing a supplementary statement;
Right of cancellation, you have the right to obtain cancellation of your personal data for any of the reasons indicated by the article 17 of the Regulation;
The right to restrict processing, you have the right to ask the Company to restrict processing, for any of the reasons indicated by the article 18 of the Regulation;
The right to data portability, You have the right to receive the personal data provided to the Company and processed by it on the basis of consent, contract or automated means;
Right to object, you have the right to object the the processing data in case of particular condition, unless the Data Controller proves the existence of legitimate reasons to proceed with the processing (reasons prevailing over the interests, rights and freedoms of the data subject), or the processing is necessary for the assessment, exercise or defense in court of a right.
Data subject has the right to:
Automated decision-making process relating to natural persons, including profiling:
The Regulation provides in favor of the data subject the right not to be subjected to a decision based solely on an automated processing of his Personal Data, including profiling, which produces legal effects concerning him or which significantly affects his person unless that the Company, to express your opinion or to contest the decision.
Right to lodge a complaint with the Supervisory Authority for the protection of personal data
Without prejudice to your right to appeal to any other administrative or judicial office, if you believe that the processing of your Personal Data by the Data Controller is in violation of the Regulations and / or applicable legislation, you can lodge a complaint with the Supervisory Authority.
7 – THE DATA PROTECTION OFFICER
Sanifast s.r.l. Has appointed Data Protection Officer (DPO) who is available at this address firstname.lastname@example.org