Information document pursuant to article 13 REG. (EU) 2016/679 – GDPR - Information to be provided where personal data are collected from the data subject
Pursuant to REG. (EU) 2016/679 (General Data Protection Regulation) please find herein the information to be provided where personal data are collected from the data subject. The information document shall not be considered valid for other websites accessible by means of the links contained in the websites with the domain name of the owner, which is not liable for the content of third-parties’ websites.
This is an information document provided pursuant to article 13 of the Reg. EU 2016/679 (General Data Protection Regulation) and it is also inspired by Directive 2002/58/EC, as amended by Directive 2009/136/EC, concerning cookies, as well as the provision of the Italian Data Protection Authority of May 8, 2014 regarding cookies.
Personal data that can be processed: «personal data»: any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; (C26, C27, C30)
Specific Information could be provided in the pages of the website in relation to particular services or processing of the personal data.
1 CONTROLLER, pursuant to articles 4 and 24 of the Reg. EU 2016/679 is SOFAR S.p.A., with registered office in Trezzano Rosa (Milan), Via Firenze 40, Italy, email contact firstname.lastname@example.org
2 DATA PROTECTION OFFICER (DPO) pursuant to articles 37 and 39 of the Reg. EU 2016/679 is Overline s.r.l., email contact email@example.com
3 LEGAL BASIS AND PURPOSE OF PROCESSING
Personal data will be processed in accordance with the conditions of lawfulness pursuant to article 6 f) of the Reg. EU 2016/679 (legitimate interest) for the following purposes:
- surfing on this website;
- possible filling of the data collection forms for the contact request with transmission of the information;
- possible filling of the data collection forms in personal area/login;
- possible filling of the data collection forms for staff recruitment;
- possible filling of the data collection forms in personal areas
Processing is based on article 6, paragraph 1, letter f): (recital 47) taking into consideration the reasonable expectations of data subjects when a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place.
4 RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA
The personal data provided will be disclosed to the recipients, that will process the data in their quality of processors (art. 28 of the Reg. EU 2016/679) and/or as natural person acting under the authority of the controller or of the processor (art. 29 of the Reg. EU 2016/679) for the purposes mentioned in point 3 and to third parties. More specifically, data will be disclosed to:
- sales/distribution network on the territory; - entities that provide services for the management of the information system and communications networks (including emails); - firms or companies as part of advice and assistance relations; - competent authorities for the fulfilment of obligations required by law or a Public Authority upon request; - for administrative and accounting purposes, data might be disclosed to commercial information companies for the assessment of solvency and payment habits and/or to other entities for credit collection purposes.
The entities belonging to the abovementioned categories act as Data Protection Officers or they act in total autonomy as a distinct controller.
The list of the Data Protection Officers is constantly updated and available sending an email to firstname.lastname@example.org or at the registered office in in Trezzano Rosa (Milan), Via Firenze 40, Italy.
5 TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION AND GUARANTEES
Personal data will not be transferred in non-EU countries.
6 THE PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED OR THE CRITERIA USED TO DETERMINE THAT PERIOD
Personal data will be processed by automated means, as well as to manual processing, with measures and equipment that ensures appropriate security and confidentiality by the designated subjects. Pursuant to article 5 paragraph 1 letter e) of the Reg. EU 2016/679 personal data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; the storage of the data depends on the purposes of processing:
- contact request (max 1 year);
- personal area/login (max 2 years);
- staff recruitment (max 24 months);
- receipt of newsletters or promotional communications generally by email (max 24 months);
the timing is determined on the basis of criteria on which the client may be informed by sending an email to email@example.com
7 RIGHTS OF DATA SUBJECTS
You can exercise your rights as defined in the Reg. EU 2016/679, by contacting the Controller by sending an email to the address firstname.lastname@example.org or by writing to the above mentioned registered office of the controller. You have the right to ask the controller to have access to your personal data at any time (article 15), the right to rectification (article 16) or right to erasure (article 17) or the right to restriction of processing (article 18) or to object to the processing on the basis of a legitimate interest (article 21).
Withdrawal of consent. The legal basis for processing is not consent but the legitimate interest. Whether processing is based on consent, You shall have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
To object to the processing or to exercise the other rights you can write to email@example.com
You have the right to lodge a complaint with a single supervisory authority. Providing personal data is optional. You are free to provide your personal data in the dedicated areas of the website. The lack of data makes it impossible to provide the services offered by the Controller. There is no automatic decision making.
Part of the information contained in this website is exclusively addressed to healthcare professionals. Please confirm that you are a healthcare professional. Are you a healthcare professional?
This website contains links/references to third-party websites. By such links, SOFAR does not provide any guarantee nor gives its approval to their contents and quality. SOFAR does not have and does not accept any responsibility for the contents or the availability of such websites; SOFAR does not accept any liability for damage or injury resulting from the use of such contents, of whatever form. Users access such websites at their own risk. The information contained in this website is for information purposes only and not for diagnostic or therapeutic purposes. Thus, it does not substitute in any way medical and /or expert or other healthcare professionals or specialists ‘advice.