Information document pursuant to Article 13 of EU Regulation 2016/679 (GDPR) – Information on the processing of personal data collected by the interested party
In compliance with the provisions of EU Reg. 2016/679 (European Regulation for the protection of personal data) we hereby provide the necessary information regarding the processing of personal data collected during the navigation on this website. The information must not be considered valid for other websites that may be consulted through links found on other internet sites of the Owner’s domain, as we are not to be considered in any way responsible for third party websites.
1. HOLDERS OF THE DATA PROCESSING
Pursuant to arts. 4 and 24 of EU Reg. 2016/679, the Data Controller is Columbus Clinic Center Srl, based at 48, Via Michelangelo Buonarroti, 20145 Milan, in the person of its pro tempore legal representative
2. PROCESSED DATA
Personal Data: any information concerning the Data Subject, with particular reference to identifiers such as the name, identification number, geographical position, online identification or to one or more factors specific to his or her physical, physiological, genetic, psychic, economic, cultural or social identity – please refer to art. 4, c. 1, no. 1 GDPR.
Personal data processing refers to: “any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.”.
Data Subject is: “any identified or identifiable natural person”.
Specific information may be found on the pages of the Website in relation to particular services or processing of the data provided.
3. PURPOSE AND LAWFULNESS OF PROCESSING
The personal data provided will be processed in compliance with the conditions of lawfulness pursuant to art. 6 EU Reg. 2016/679 for the following purposes:
– browsing this website; book any appointments, services, medical appointments and related activities (in-house activities and activities for the fulfilment of contractual and pre-contractual obligations) – as established in art. 6 letter f) EU Reg. 2016/679.
The processing of data will be in compliance with the conditions of law pursuant to Article 6, paragraph 1, letter f: (with reference to 47) taking into account the reasonable expectations of the data subject at the time of and with reference to the collection of personal data, whenever it is reasonably expected that data processing is being carried out for these purposes.
– subject to consent and until an objection is raised, to subscribe to the newsletter of the Data Controller and receive advertising material and emails about the activity of the Clinic as well as about the events and initiatives promoted – as established in art. 6 letter a) EU Reg. 2016/679.
4. PERSONAL DATA RECIPIENTS/RECIPIENT CATEGORIES
The personal data provided will be shared with a number of recipients, who will process the data as Data Processors (Article 28 of EU Reg. 2016/679) or as natural persons, as duly appointed by the Data Controller and the Data Processor (art. 29 of the EU Reg. 2016/679), for the purposes listed above in point 3. Namely, the data will be shared with:
– firms or companies providing services for the management of the information system and communication networks (including websites and emails); – authorities competent for the carrying out of relevant laws and/or regulations of public bodies, upon request.
The subjects belonging to the aforesaid categories are either considered Data Processors, or they act independently as separate Data Controllers.
The list of the data processors is constantly updated and available at our headquarters: 48, Via Michelangelo Buonarroti, 20145 Milan.
5. DATA TRANSFER TO A THIRD COUNTRY AND / OR AN INTERNATIONAL ORGANIZATION AND GUARANTEES
The Personal Data provided will not be transferred to countries of the European Union, nor to third countries outside the European Union.
6. PERIOD OF DATA STORAGE OR CRITERIA FOR DETERMINING THIS TIME PERIOD
Data processing will be carried out in an automated and / or manual way, with methods and tools aimed at guaranteeing maximum safety and confidentiality, by subjects specifically appointed to do so.
Pursuant to art. 5 paragraph 1 letter e) of Reg. UE 2016/679, the personal data collected will be retained in a form that allows identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data is processed. The retention of personal data provided depends on the purpose of the processing and the User can view any criterion used by consulting the Data Retention Policy of the Data Controller.
7. NATURE OF THE PROVISION AND CONSEQUENCES OF REFUSAL
The provision of data may be optional or necessary depending on the different purposes of processing.
Specifically, the provision of data for the purposes of navigation and booking of medical appointments is necessary for the pursuit of your legitimate interest or your legitimate expectation to receive feedback from the Holder and book a service. Any refusal to provide such data will make it impossible to use the requested service and to process a request. The provision of data for the purpose of subscription to the newsletter is optional and shall be freely provided by the User. Any refusal will result in the inability to subscribe to the newsletter of the Holder, yet this does not imply any negative consequences with regard to the possibility of booking a service.
8. RIGHTS OF THE DATA SUBJECT
You can assert your rights as expressed in articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, by referring to the Data Controller, or the Data Processor, or the Data Protection Officer, pursuant to article 33 paragraph 4, by contacting firstname.lastname@example.org. You have the right, at any time, to ask the Data Controller to access your personal data, to rectify it, to delete it or limit its processing. Furthermore, you have the right to object, at any time, to the processing of your data (including automated processing, e.g. profiling) based on legitimate interest and, lastly, you have the right to data portability. Without prejudice to any other administrative and judicial appeal, if you believe that the processing of your personal data is violating the provisions of EU Reg. 2016/679, pursuant to art. 15 letter f) of the aforementioned EU Reg. 2016/679, you have the right to lodge a complaint with the Guarantor for the protection of personal data and, with reference to art. 6 paragraph 1, letter a) and art. 9, paragraph 2, letter a), you have the right to revoke the consent given at any time. In the case of request for data portability, the Data Controller will provide, in a structured, common and legible format, by automatic device, the personal data concerning you, without prejudice to paragraphs 3 and 4 of art. 20 of the EU Reg. 2016/679.
Last updated on: April 24th, 2018