WEBSITE PRIVACY POLICY

 

Information pursuant to and for the purposes of Article 13 of EU Regulation 2016/679

 

In compliance with the provisions of EU Regulation 2016/679 (“GDPR“), this page describes the methods of processing personal data provided while browsing this website. The information does not apply to third party websites viewed through links on this website, for which the Data Controller takes no responsibility.

 

What personal data are processed?

Personal data: any information relating to an identified or identifiable natural person (“Data Subject”). The Data Controller, through the website, collects various personal data, by way of non-exhaustive example: name, surname, email address, telephone number.

Navigation data: the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols, such as IP addresses or domain names of computers and terminals used by users.

Information about the processing of personal data carried out through Social Media platforms: with regard to the processing of personal data carried out by the managers of the Social Media platforms used by Columbus Clinic Center Srl, please refer to the information provided in their privacy policies. Columbus Clinic Center Srl processes the personal data provided by users through the pages of dedicated Social Media platforms for the only purpose of managing interactions with users (comments, public posts, etc.) and in compliance with the current legislation.

Specific information: may be present on the pages of the website in relation to particular services or processing of the data provided.

 

Cookies and other tracking systems. What are they? What are they used for?

For cookies and other tracking systems, please refer to the cookie policy reported in the footer of the site and at the following link.

 

Who is the Data Controller? How to get in touch?

Pursuant to art. 4 and 24 of EU Reg. 2016/679, the Data Controller is Columbus Clinic Center S.r.l., with registered office at Via Michelangelo Buonarroti 48, 20145 Milan (MI), in the person of the legal representative for the time being, who can be contacted for any information by telephone at +39 02-480801, or email at privacy@columbus3c.com.

 

What are the contact details of the Data Protection Officer?

The Data Controller has appointed its own Data Protection Officer (DPO) pursuant to art. 37, 38 and 39 of the GDPR, who can be contacted by email at: dpo@columbus3c.com.

 

Purpose of the processing, legal basis, data retention period and nature of the provision

 

PURPOSE OF THE PROCESSING

 

LEGAL BASIS

 

RETENTION PERIOD

 

NATURE OF THE PROVISION

A) Navigation on this website and technical services for the correct use of the site.

 

 

For specific information on this, it is possible to view the cookie policy at the following link

 

This purpose does not refer to cookies for which consent is required, the management of which is regulated through the banner and the cookie policy.

Legitimate interest of the Data Controller connected to the processing of personal data functional to the correct functioning of the website and its navigation.

(Article 6, paragraph 1 letter f and C47 of the GDPR)

The data will be retained for the entire duration of the browsing session.The provision of data is necessary for browsing the website.

 

B) Follow up on the contact request sent through the form: a representative of the Clinic will use the personal data provided to contact you and complete the booking request sent by filling in the form in the dedicated “book online” area.

 

In order to provide a better service, the Data Controller may use the telephone / mobile number provided for sending SMSs or direct contact, as well as to provide service communications (e.g. modification of booking times or specific needs regarding any appointments, services, visits).

The processing is necessary for any existing pre-contractual obligations, i.e. to contact you again to book the requested service (C44)

art. 6 par. 1 letter b) of the GDPR.

A maximum of 12 monthsThe provision is necessary.

Failure to provide the necessary data will make it impossible for the Clinic to follow up on the contact request.

C) To receive the Columbus Clinic Center Srl newsletter regarding services (e.g. service packages,  new services) offered by the ClinicConsent of the Subject.

art. 6 par. 1 letter a) of the GDPR.

Until consent is expressly revokedThe provision of the data is optional. However, failure to provide the necessary information will make it impossible to receive the Clinic’s newsletter.

 

To whom will the personal data collected be communicated? Who are the recipients?

The personal data provided will be communicated to recipients who will process the data as Data Processors (Article 28 of EU Reg. 2016/679), persons specially authorized by the Data Controller and the Data Processors (art. 29 of EU Reg. 2016/679) or separate data controllers for the purposes listed above.

Specifically, the data will be communicated to:

– Subjects providing services for the management of the information system used by the Data Controller and of the telecommunication networks (including email, assistance and maintenance services for the website);

– Subjects who provide assistance, maintenance and updating services for the Data Controller’s website;

– External professionals or companies in the field of assistance and consultancy relationships;

– Competent authorities, for the fulfillment of legal requirements and / or provisions of Public Authorities, upon their request.

The list of data processors is constantly updated and available at the headquarters of the Data Controller. To request a copy, contact dpo@columbus3c.com.

 

Will personal data be transferred to “non-EEA” countries?

The Data Controller does not transfer personal data to countries outside the EEA.

 

Is there an automated process?

Personal data are not subjected to fully-automated decision-making processes.

 

What are your rights? How can you exercise them?

You can exercise your rights as granted by articles 15 et seq. of the GDPR, by contacting the Data Controller at the email address privacy@columbus3c.com,, or by contacting the DPO at dpo@columbus3c.com. You have the right, at any time, to request access to your personal data (Article 15), obtain rectification (Article 16), deletion (Article 17), and restriction to processing (Article 18). The Data Controller communicates (Article 19) any rectifications, deletion or restrictions of the data processed to each of the recipients to whom the personal data have been transmitted. The Data Controller will communicate these recipients to the Data Subject if the Data Subject should request it. In the cases provided for by the law, you have the right to request the portability of your data (Article 20) and these will be provided in a structured, commonly used and machine readable format. You have the right to oppose (Article 21), at any time, to the processing of your personal data on grounds relating to your personal situation. Users who no longer wish to receive the Clinic’s newsletters (via email) may opt-out at any time by sending a message to privacy@columbus3c.com and specifying in the subject “unsubscribe from automated messages” or using our automatic cancellation systems intended for email messages only.

If you believe that the Data Controller is processing your data in violation of the provisions contained in the GDPR, you have the right to lodge a complaint with the competent Supervisory Authority of the Member State in which you normally reside or work or of the place where the alleged infringement occurred, or take legal action.

 

Further information

The Data Controller reserves the right to modify, update, add or remove parts of this privacy policy at its discretion and at any time. In order to facilitate this verification, the document will display an updated revision date.

 

Updated: 11th April, 2022