Privacy Policy

Privacy Policy

INFORMATION ABOUT DATA PROCESSING

(march 2020)

MedicalDimensions.r.l.s.

Medical Dimension s.r.l.s. (hereinafter "Medical Dimension") considers seriously the protection of personal data of its users and patients:for this reason, their personal data, the security of the processing and more in general the protection of the privacy are treated and considered as an important aspect to which give maximum attention during the business processes.

Each treatment is performed according to the applicable personal data protection law, in particular to the General Data Protection Regulation ("GDPR"). According to this law, the treatment will be on compliance with the principles of correctness, lawfulness and transparency and the protection of privacy and the rights of users and patients.

The present information paper has been written in order to give tothatcategoryof subjects more details about how Medical Dimension processes personal data and about their rights.

* * *

a) Controller and Data Protection Officer.

The Controller of the processingis Medical Dimension s.r.l.s. (tax code and VAT number 12595701009)established in Rome (Italy), Via di S. Giovanni in Laterano, n°182 – 00184.

The controller can be contacted by e-mail at info@medicaldimension.net orcalling the number+39.3208722126,also for exercising the rights reported above.

Data Protection Officer (D.P.O.) is Avv. Francesca Sconosciuto, who can be contacted by e-mail at fsconosciuto@gmail.com.

* * *

b) Purpose and legitimation of the data processing.

Any data processing made by the controller is strictly limited to what is necessary.

The processing is mainly aimed to the correct and complete provision of the services offered by Medical Dimension to its users and may concern health data necessary for the correct provision of the services offered.

The acquisition of the aforementioned data normally takes place through the direct communication givenby the data subject who makes them available to the controller through the IT tools offered for this purpose.

The data acquisition of the data subject may also take place through third parties (such as insurance companies) for the provision of services to which the controller has engaged in the commercial relations stipulated during its business activity.

In order to make a transaction, it may also be necessary to provide some payment data.

The access to the website with subsequent acceptance of the notification advice on the use of cookies also involves the installation of technical cookies for the proper functioning of some sections of the website and for profiling made by functionalities developed by third parties;this may happen also selecting icons and preferences expressed in social networks in order to share website content or for the use of third-party software services (such as software to generate maps or videos, and additional software that offer additional services). These cookies are sent from third-party domains that offer their own functionality to the website of Medical Dimension, even for the purpose of profiling - which, however, is performed directly by those third parties and not by the controller.

For more details refer to the separate document called “Cookie Policy”.

Contact the user.

The collection and use of data through the insertion made by the user on the site www.medicaldimension.netcan take place in order to respond to requests for information, to get a quote, or for any other purpose indicated in the format used. These data may include: name, surname, gender, e-mail address, telephone number, address and city of residence or domicile.

Interaction with social networks and external platforms.

This type of services makes possible the interaction with social networks or with other external platforms using directly the pages of the website managed by Medical Dimension. The interactions and information acquired by this website are in any case subject to the User's privacy settings relating to any social network.

If an interaction service with social networks is installed, it could be possible that, even if the User doesn’t use the service, the traffic data relating to some pages may be registered. Furthermore, the aforementioned platforms may deposit cookies in the user's device through the website (third-party cookies), in order to collect information on the user's browsing.

For more details, please refer to the separate document called “Cookie Policy”.

Statistics.

The services referred to this section allow the Controller to monitor and analyse traffic data and are used to keep track of User behaviour through the tool named Google Analytics (Google Inc.).For more details about it, please refer to the separate document called “Cookie Policy”.

System logs and maintenance.

For needs related to operation of maintenance, Medical Dimension’s website and any other third party services used on that website may collect system logs, which are files that record the interactions and which may also contain Personal Data, such as the User IP address.

More information on processing.

Finally, all the data communicated and processed for the aforementioned activities may also be used in order to make possible to comply with the obligations imposed to Medical Dimension and required by current legislation, such as:

• for the inclusion of personal data in databases;

• to draw up medical reports and information;

• for issuing invoices and credit notes;

• for keeping ordinary accounting;

• for the management of receipts and payments;

• to fulfil the obligations established by any law and regulation;

• for the legaldefencebefore any court or for anylinked necessity.

The Data Controller may reveal the data processed at the request of the public authorities, if the request is deemed legitimate.

The User is responsible for the consequences of any illegitimate treatment of third party personal data, if consequence of  publishing or sharingperpetrated by himthrough the website of the data controller.

* * *

c) Methods of data processing.

Personal data may be processed by analogical and electronic archives, in both case in ways strictly necessary for the aforementioned purposes.

The Controller and its agents process the Personal Data of Users by adopting appropriate and adequate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.

The Data are processed at the operational headquarters of the Controller and in any other place where a part involved in the processing is located.

Security measures have been adopted for the access to digital archives, such as the use of firewalls, antivirus and alphanumeric passwords for access.

The processing will be carried out in ways strictly related to thecorresponding purposes,using the data already in possession and with the commitment to promptly communicate any corrections, additions and/or updates.

* * *

d) Legal Basis of the processing.

The processing of non-special categories of personal data (which are indeed those related to health and afferent to health)is made using as legal basis the need to guarantee the execution of the contract of which the user is a part or the execution of pre-contractual measures adopted on request of the user (art.6, par.1, letter b, GDPR).

The processing of the contact data, provided in the compilation of the form present in various sections of the website,made in order to be contacted, is subject to the express consent (art.6, par.1, letter a, GDPR).

The processing of health data is carried out for the purposes and in the ways referred to in this document, on the legal basis of the consent of the data subject(art. 9, par. 2, letter a, GDPR).

In cases where health data relating to minors are involved, consent is given by subjects who exercise parental responsibility;in this case that kind of informations are used only for the specified purpose.

The data processing, in cases it is necessary to fulfil obligations deriving from legal provisions, both in civil and criminal law and tax matters (such as, for example, the compilation of invoices and VAT registers), as well as EU legislation, as well as rules, codes or procedures approved by Authorities and other competent Institutions, has its legal basis in the fulfilment of a legal obligation to which the data controller is subject (art.6, par.1, letter c, GDPR).

* * *

e) Personal data processed and consequences of amissing communication.

In order to permit the above reported processing activities it could be necessary to know and store informations related to user’s personal data, tax code, VAT number, accounting data, data useful for contacting the user, data concerninghis residence and domicile.

Considering the nature of the services offered by Medical Dimension, the processing will also concern data relating to the health of the data subject.

The missing or incorrect communication of personal data necessary for the execution of the services providedor related to the fulfilment of a regulatory obligation of the Controllerinvolves:

• The impossibility to guarantee the adequacy of the processingin compliance with the contractual agreements;

• The possible mismatch of the processing results to the obligations imposed by the fiscal, administrative or labour regulations;

• the lack of the genesis and/or the impossibility to continue the legal relationship engaged, its correct execution and any other legal obligations;

• Prevent the Medical Dimension website from providing the services offered.

* * *

f) Personal data retain.

The personal data processed for the above indicated purposes will be kept for the time necessary to perform the service requested by the User and, subsequently, for the time necessary to the Controller in order tomake possible the fulfil of obligations provided by law (i.e. for tax purposes or for other purposes).

This maximum term is estimated in ten years and six months,because ten years constitutes the time limit within whicha liability actions against the data controller can be activated as well as the time established by law for the conservation of accounting records.

Expired this period of time, each analogical document containing user’s personal data will be returned to the data subject or destroyed and any digital support on which that data are saved willbe formatted.

* * *

g) Data transmission.

The collected data will not be sold in any case to third parties. The transmission of data to third parties takes place only when it is necessary to permit the provision of the service to the user or for other lawful purposes or on the basis of the present information.

The Controller uses external IT service providers for its server infrastructure, for IT maintenance, or for other IT and software solutions;a data transmission could take place to this subjectswithin strictly necessary limits.

Moreover, the Controller in some cases hire external consultants not related to its organization; to that subject a datatransmission could occur within strictly necessary limits to permit the provide of the service to the user.

In addition, in some cases, the user’s datamay be transmitted to categories of persons who maintain or operate on the website (system administrators, commercial and marketingconsultants, legals) or to other external subjects (as suppliers of technical services, postal couriers, hosting providers, IT companies, communication agencies).

Personal data may be communicated in particular to:

• all those who the access to such data is permitted by law or other regulatory provisions;

• the collaborators of the Controller, for anyindispensable purpose (call centres, accounting, administrative, legal, tax and financial reasons), within necessarywith the scope related to their duties and in order to fulfil any contractual obligations concerning the commercial relationships with the interested parties;

• post offices, shippers and couriers for sending documentation and / or other material;

• all those persons, public and/or private (legal, administrative and fiscal consultancy studies, job consultancy studies, Judicial Offices, Chambers of Commerce, Chambers and Labour Offices, etc.) when the communication is necessary or functional for the provision of the service, within the limits and for the purposes illustrated above or for other Controller’s legitimate interests;

• banking institutions and any other payment service providers in order to allow the transaction and to carry out anti-fraud checks or even to persons who, in any case, provide functional services for the purposes indicated above:this transmission may occur for the management of the payments deriving from the execution of contracts;

• Public and Private subjects, also as consequence of inspections or audits (i.e. by Judicial Authorities and by Offices part of the Ministry of Justice, by Tax Police, byLabour Inspectorate, by ASL, by Social Security Agencies, by ENASARCO, by Chambers of Commerce, by INAIL, by Customs Offices or others) or for fulfil the assignment entrusted and other related contractual or legal obligations;

•to the insurance companies and to other subjects that commission to the Data Controllerthe health services rendered, in the interest or for the name or account of the user, on the basis of an agreement signed with him (in this case the communication is made only where necessary or requested on the basis of the agreements with that third party).

* * *

h) Data transmission across borders outside the Union.

For the purposes set out in point b) and/or in order to allow the fulfilment of the obligations assumed, the Controller may transmit the user’s datato third countries outside the EU.

Even in such cases, the processing of data remains bound to the purposes for which they were collected and takes place in full compliance with the standards of confidentiality and security and in compliance with data protection laws.

The aforementioned processing and transfer takes place purely towards Companies linked to the insurance circuit on behalf of which the Controller operates, who have commissioned visits to their users.

In this cases, first of all, the Data Controller always assesses whether the subject to whom the transfer is planned is based in a foreign Country where the European Commission has adopted an adequacy decision, based on article 45 of the GDPR.

Only if this requirement does not exist, the owner undertakes with every possible effort to establish adequate guarantees in the context of future relationships that it will establish with non-EU third party recipients and to negotiate changes regarding existing relationships. This adequate guarantees will be establishedwith the subscription of legally binding forms, according to models at his purpose prepared by the European Institutions.

In a purely residual way, if the compliance with the aforementioned criteria cannot be guaranteed, Article 49 of GDPRwill be applied and so the transfer of data outside the Union may take place, with case by case assessment also regarding the limitation and containment of data transferred, on the basis of the explicit consent of the user to the proposed transfer, after he has been informed of the possible risks of such transfers for the data subject, due to the lack of an adequacy decision and adequate guarantees.

* * *

i) Data profiling and disclosure.

The personal data of the interested will not be collected directly by the Controller for the purpose of profiling.

In any case, as expressed in point b), the navigation on the Medical Dimension website –after the acceptance made by the user in the relevant bar on the main page - may involve a profilationby third-party cookies. This process occur with the acquisition in the user's system of cookies that can cause the profiling.

The profiling purposes in this case are expressed in special papers prepared by that third parties.

For more details about it, please refer to the separate document called “Cookie Policy”.

* * *

l) Rights of the data subject.

Among the rights recognized by the GDPR to the interested parties are those of:

• ask the Controller for access to personal data and information relatedto the data subject, as well as the right to obtain a copy of the personal data processed; the correction of inaccurate data or the integration of incomplete data; the deletion of personal data (upon the occurrence of one of the conditions indicated in Article 17, paragraph 1 of the GDPR and in compliance with the exceptions provided in paragraph 3 of the same article); the limitation of the processing of personal data (in case occur one of the hypotheses indicated in Article 18, paragraph 1 of the GDPR);

• request and obtain from the Controller - in cases the legal basis of the treatment is the data subject consent and it has been collected by automated systems - their personal data in a structured and readable format, also in order to communicate such data to another data controller (so-called right to the portability of personal data);

• oppose at the processing of personal data if occur a particular situation that affect the data subject, with the consequences referred to in point e) of the present paper;

• revoke the consent at any time, in case the processing is based on consent for one or more specific purposes and concerns common personal data (for example date and place of birth or place of residence), or particular categories of data ( for example, data revealing racial origin, political opinions, religious convictions, health status or sexual life). The treatment based on consent and carried out prior to the revocation preserves, however, its lawfulness;

• propose a complaint to a Supervisory Authority (Italian Authority for the protection of personal data can be contacted by the websitewww.garanteprivacy.it).

* * *

m) Revise and update.

This information paper is valid from the date indicated in its header on.

The DataController could also make changes and/or additions to the present document, also as a consequence of any subsequent change and/or regulatory addition to the GDPR.

The changes will benotified by publication on the website www.medicaldimension.net, where the data subjectis invited to view them. On this site it will also be possible to trace the previous information texts.

 

 

 

Previous Versions

Guarda medica
Direct Line

© 2017 Medical Dimension S.r.l.s. | Legal Office: Via di S. Giovanni in Laterano, 182 - 00184 Rome | Vat Code 12595701009 - All rights reserved
Ai sensi dell’art. 1, comma 125, della legge n. 124, del 4 agosto 2017, si informa che la Medical Dimension srls nell’anno finanziario 2021, ha ricevuto aiuti di Stato e aiuti de Minimis soggetti all’obbligo di pubblicazione nel “Registro nazione degli aiuti di Stato” di cui all’articolo 52 L. 234/2012.
Privacy Policy