PRIVACY POLICY CONCERNING THE PROCESSING OF PERSONAL DATA OF USERS PURSUANT TO THE REGULATION (EU) 679/2016 (“GDPR”) – “ADVATIS” WEBSITE
Data controller
Medigas Italia S.r.l. Società Unipersonale
Address: Via T. A. Edison n.6, 20090 Assago (MI)
Phone number: 024888111
E-mail address: medigas_privacy@siad.eu
Hereinafter also referred to as the “Company” or the “Controller”
Data protection officer (DPO)
The Data Protection Officer can be contacted via e-mail at the following e-mail address: medigas_dpo@siad.eu
DATA COLLECTION AND PROCESSING
Navigation data
The computer systems and software procedures set up for the operation of this Web Site acquire, during their normal use, some personal data whose transmission is implied in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.
PERSONAL DATA PROCESSED
The Company, in addition to your navigation data (see also the Cookie Policy which can also be accessed from the link at the bottom of the page), will process the data you directly provide by filling in any additional sections on the website (by way of example but not limited to: personal data, contact details).
PURPOSES OF THE PROCESSING | LEGAL BASIS OF THE PROCESSING | DATA RETENTION PERIOD |
1. Data are processed for technical administration and management of the operation of the website. In particular, navigation data are processed to: • enable and track the proper functioning of the site, as well as perform maintenance activities; • gather anonymous statistical information about the use of the site. | The processing of the referred information does not require users’ consent, pursuant art. 122, (1) of the D.Lgs. 196/2003 (“Privacy Code”). In relation to the related purposes, the legal basis is the execution of a contract, pursuant art. 6, (1), b) of the GDPR. | Throughout the duration of browsing. |
2. Data are processed to provide feedback to requests for information submitted by the user. | Execution of a contract, pursuant art. 6, (1), b) of the GDPR. | Data will be kept for a period not exceeding 2 year after receipt of the request. |
3. Data are processed to allow subscription to the Newsletter service, in order to receive informational and promotional communications in order to keep the users updated about the participation in conferences, scientific highlights and clinical studies within the scope of application of our products. | Execution of a contract, pursuant art. 6, (1), b) of the GDPR. | Data will be kept until the user requests to be removed from the service, which can be done by clicking on the dedicated link at the bottom of each communication sent by the Company. |
4. Data are processed for direct marketing purposes to send, via e-mail, commercial communications regarding offers, discounts, promotions and news about the Company’s products. | Consent of the data subject, pursuant art. 6, (1), a) of the GDPR. | Data will be kept until the withdrawal of consent by the user. However, data may be kept for a maximum of 2 years. |
5. Data are processed to fulfill obligations under applicable regulations, national and supranational legislation (e.g., tax compliance, administrative duties, etc.) | Compliance with a legal obligation to which the controller is subject, ex art. 6, (1), c) of the GDPR. | Legal term (10 years for administrative-accounting compliance) |
6. If necessary, data are processed to establish, exercise or defend the Controller’s rights in and/or out of court. | Legitimate interest of the Controller, ex art. 6, (1), f) of the GDPR. | In the event of litigation, for the entire duration of the same, as long as the time limits for bringing an appeal have not expired |
After the above retention periods have expired, the data will be destroyed, erased, or anonymized compatibly with the technical procedures for erasure and backup and with the accountability requirements of the Controller.
PROVISION OF PERSONAL DATA
Navigation data are necessary to give effect to computer and telematic protocols; therefore, failure to provide them would not allow the operation of this website.
As for the purposes of points 2. and 3. above, the provision of data marked with a (*) within the contact forms on the site is also necessary to ensure the provision of the requested services.
It is agreed that the provision of data for processing purposes based on the consent of the data subject is optional. Any refusal to provide them will result in the impossibility of being able to receive, via e-mail, the commercial communications requested.
DATA RECIPIENTS
The data may be communicated to autonomous data controllers and/or processed by third parties designated by the Company as Data Processors, who provide the Controller with services or performances essential to the purpose indicated in this privacy policy, such as, by way of example: the company appointed to maintain/manage the Company’s website and the electronic and/or telematic tools used by the Company.
SUBJECTS AUTHORIZED TO PROCESSING DATA
The data may be processed by employees of the corporate units responsible for pursuing the aforementioned purposes, that have been expressly authorized to process and have received adequate operating instructions.
TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION
The data may be processed by entities acting as autonomous Data Controllers or Data Processors, also located in countries outside the European Union, whose level of data protection has been deemed adequate by the European Commission in accordance with Article 45 of the GDPR, i.e., subject to the signing of Standard Contractual Clauses pursuant art. 46, par. 2, c) of the GDPR.
DATA SUBJECTS’ RIGHTS – COMPLAINT TO THE SUPERVISORY AUTHORITY
Data subjects may contact the Controller by e-mail at medigas_privacy@siad.eu, in order to request access to the data concerning them, their deletion, the rectification of inaccurate data, the integration of incomplete data, and the restriction of processing in the cases provided for in Article 18 GDPR, where applicable.
The data subject has the right to withdraw consent given at any time by requesting unsubscription from the newsletter service by clicking on the dedicated unsubscribe link at the bottom of each email.
Data subjects have the right to object at any time, easily and free of charge, for reasons related to their particular situation, to the processing of their personal data in cases of legitimate interest of the Data Controller.
In addition, data subjects, where processing is based on consent or contract and is carried out by automated means, have the right to receive in a structured, commonly used and machine-readable format the data, as well as, if technically feasible, to transmit them to another data controller without hindrance.
Data subjects shall be entitled to lodge a complaint with the relevant supervisory authority in the Member State where they have their habitual residence or employment or in the State where an alleged infringement has occurred.