Who we are
Suggested text: Our website address is: https://podiacar.eu.
Introdution
Dear User, during the consultation and use of the website https://www.podiacar.eu (hereinafter, “Site”), some of your personal data will be collected and processed as defined by art. 4, par. 1 of EU Regulation 2016/679 (hereinafter, the “GDPR”).
The purpose of this information (hereinafter, the “Information”) is to offer a comprehensive overview of the purposes, methods of collection and use of personal data as well as the data retention times of each interested party (hereinafter, “Interested” or , in the plural “Interested”).
This information is provided pursuant to art. 13 of the GDPR and in compliance with the European and Italian laws that integrate it (“Privacy Regulation”).
Each interested party is invited to read this information, so as to better understand the methods of processing of their personal data, including their rights pursuant to the Privacy Law.
Data controllers
The data controller of your personal data is Ospedale Sacco (“Data Controller”) with headquarters in Via Giovanni Battista Grassi, 74 20157 Milan, email valeria.calcaterra@unipv.it.
The Data Controller has also appointed a data protection officer (“Data Protection Officer” or “DPO”), as required by the GDPR, with surveillance, supervision and specialist consultancy duties in the privacy field who can be contacted for any support at the following address by email: valeria.calcaterra@unipv.it.
Categories of Interested Parties
The owner processes the personal data of users of the Site.
Categories of data processed
Various categories of personal data (hereinafter, “Personal Data”) are collected and processed through the Site:
to. navigation data, processed in order to guarantee the correct functioning of the Site or to obtain information on your preferences and habits of using the Site. Such data could also be processed through cookies. In this regard, we invite you to read the specific cookie policy on the Site;
b. common data, such as, by way of example and not limited to, personal information (for example, name, surname, date of birth, address, gender, marital status, tax code, etc.), contact information (for example, the number landline and/or mobile telephone, e-mail address, etc.);
c. particular categories of Personal Data, as defined by art. 9 of the GDPR, to the extent that they are provided by the interested party to receive services and/or services from the owner or third parties, through the owner;
d. in the specific case in which the Personal Data of third parties are provided voluntarily by the Interested Parties, the latter will qualify as independent data controllers, assuming all the obligations and responsibilities established by the applicable law.
Purpose and legal basis of the processing
The Personal Data will be processed by the Data Controller, as part of its activity, for the purposes indicated below:
to. for any defensive activity that is necessary to assert a right of the Data Controller in court or in a preparatory phase to the trial, pursuant to articles. 6, par.1, letter. f) and 9, par. 2, letter. f), of the GDPR;
b. on the basis of the legitimate interest of the Data Controller, pursuant to art. 6, par.1, letter. f) of the GDPR, to guarantee the security of the Site and/or in the context of extraordinary corporate operations (e.g. mergers, acquisitions) of which the Owner is a party.
Further information on the processing of Personal Data may be provided in specific sections of the Site.
Methods of data processing and storage
In relation to the purposes indicated in paragraph 4 above, the processing of Personal Data is carried out by the Data Controller in compliance with the Privacy Law, in particular:
to. is carried out with manual means and also with the aid of electronic or automated means, in any case, suitable to guarantee security and confidentiality, as well as to avoid unauthorized access to Personal Data by third parties;
b. it is carried out directly by the Data Controller’s organization and/or by data controllers identified by the Data Controller, on the basis of a contract signed pursuant to art. 28 of the GDPR.
Personal Data will be kept only for the time necessary for the purposes for which they are collected, respecting the principle of minimization referred to in the art. 5, par. 1, letter. c) of the GDPR as well as the legal obligations to which the Data Controller is bound, without prejudice, in any case, to the right to withdraw consent, at any time, by the Interested Party.
In general, the Data Controller refers to the times established in the Discard Maximum “Version 04” of the “Owner and Maximum of the Lombardy Social-Health System, formerly the Lombardy Region Health and Social-Health System”, Annex 1, an integral part of this document, which replaces the previous one in its entirety, approved by Decree of the D.G. Welfare n. 11466 of 17.12.2015 and subsequent amendments, adopted by the Lombardy Region which applies to the entire Lombardy Social and Health System and which is referred to in full in this information.
More information is available from the Owner.
Data communication
In pursuit of the purposes referred to in paragraph 4, Personal Data may be communicated and/or otherwise shared with third parties and with public administrations in accordance with the law.
Some of the subjects indicated in the previous paragraph will process the Personal Data as data controllers of the Data Controller, by virtue of an appointment as external manager conferred by the Data Controller himself pursuant to and for the purposes of art. 28 of the GDPR. The list of names of data controllers, pursuant to art. 28 of the GDPR, is available to interested parties.
The Personal Data may be communicated to subsidiaries and associated companies of the Owner, pursuant to art. 6, par. 1, letter. f) and Recitals 47 and 48 of the GDPR, for administrative and accounting purposes, meaning those connected to organisational, administrative, financial and accounting activities, regardless of the nature of the data processed, including internal organizational activities , those functional to the fulfillment of contractual and pre-contractual obligations and to the management of the employment relationship in all its phases.
These subjects will, as a rule, act as independent Data Controllers of the respective processing operations, except in the case in which they act on behalf of the Data Controller as Data Processors and have therefore signed a specific contract which promptly regulates the processing entrusted to them, pursuant to the ‘art. 28 of the GDPR.
Other subjects (such as, for example, authorities legitimated by law, health control bodies or other supervisory and control bodies, public administration bodies) may process the Personal Data, received from the Data Controller, as independent data controllers. The natural persons, employees and collaborators of the Owner, managers or third parties, authorized to process the Personal Data provided by the Interested Parties, act under the instructions of the Owner, managers or third parties, and subject to confidentiality constraints.
Transfer of data outside the European Union
Personal Data is not subject to dissemination or transfer to countries outside the European Union or international organisations. Should such transfer become necessary and/or unavoidable due to organizational needs of the Data Controller, we inform you that it will take place exclusively towards countries considered safe by the European Commission or, in any case, according to one of the methods permitted by current law and in particular in compliance with the appropriate guarantees referred to in art. 46 of the Regulation, for example through the signing of the Standard Clauses approved by the Commission or on the basis of one of the exceptions provided for by the art. 49, such as the consent of the interested parties.
Rights of interested parties
Pursuant to the articles. from 15 to 22 of the GDPR, the interested party has the right to obtain, from the Data Controller, confirmation as to whether or not Personal Data concerning him or her is being processed and, in this case, to obtain access to his or her data. .
Furthermore, the interested party has the right to:
to. know the purposes of the processing;
b. know the categories of the data in question;
c. know the recipients or categories of recipients to whom the data have been or will be communicated, in particular if recipients are from third countries or international organizations;
d. know, when possible, the expected data retention period or, if this is not possible, the criteria used to determine this period;
And. ask the data controller to rectify or delete the data or limit the processing of data concerning you;
f. oppose the processing of data, without prejudice to the right of the owner to evaluate your request, which may not be accepted in the event of the existence of compelling legitimate reasons to proceed with the processing which prevail over his interests, rights and freedoms;
g. lodge a complaint with a supervisory authority;
h. if the data are not collected from the interested party, receive all available information on their origin;
to. revoke consent at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation;
j. be made aware of the existence of an automated decision-making process, including profiling pursuant to art. 22, par. 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party;
k. in the cases and within the limits established by the GDPR and the Applicable Privacy Regulations, obtain data portability, i.e. receive them from the Data Controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without impediments .
Requests must be sent in writing to the Data Controller or to the DPO at the addresses indicated above.
Any modification or cancellation or limitation to processing carried out at the request of the interested party, or following revocation of consent – unless this is impossible or involves a disproportionate effort – will be communicated by the Data Controller to each of the recipients to whom they were communicated Personal Data. The Data Controller may communicate these recipients to the interested party upon request.
This privacy policy was synchronized with cookieboot.com on February 20, 2024.