INFORMATION ON THE PROCESSING OF PERSONAL DATA
In accordance with the provisions of art. 13 of the Regulation (EU) 2016/679 (“GDPR”), PRO.MED. S.r.l. provides users of the website https://www.pro-med.it/ with the following information in relation to the processing of their personal data.
1. DATA CONTROLLER
- The Data Controller of the personal data collected through this Website is PRO.MED.
- Registered office: Via Giambattista Vico, 10, 10128 Turin
- Email address: promedsrl@pro-med.it
2. TYPE OF PERSONAL DATA COLLECTED
While browsing the Website, PRO.MED. may acquire the following data/information:
- Data provided voluntarily by the user: these are data and/or information provided by the user through the contact details on the Website (name, surname, address, email address, telephone, tax code).
- Browsing data collected through cookies: for more information, please refer to the extended cookies policy.
3. PURPOSES AND LEGAL BASES OF THE PROCESSING
In compliance with the art. 6 of the GDPR, personal data will be used to:
- Respond to any user requests received through the use of the contact details available in the dedicated sections of the Website (legal basis: execution of pre-contractual measures);
- Fulfill the obligations established by EU and national regulations (legal basis: legal obligation);
- Prevent and suppress any fraud and/or any other illegal activity (legal basis: legitimate interest).
The Data may be processed for the following purposes only with the express consent of the User (which can be withdrawn at any time):
- Sending medical-scientific information, periodic or occasional publications, information on new products, methodologies and services (legal basis: consent). The consent given to receive the newsletter can be withdrawn via the “unsubscribe” link included in the footer of the emails or by contacting the Data Controller (paragraph USER RIGHTS)
- Manage the spontaneous applications received by completing the appropriate form and sending the CVs by the candidates (legal basis: consent)
- Obtain anonymous statistical information on the use of the Website, check its correct functioning and identify actions aimed at its improvement on the basis of navigation data (legal basis: consent)
The provision of data is optional. However, failure to provide data may make it impossible to provide the services and the requested information and the browsing experience of the Website could be compromised.
4. METHODS OF TREATMENT
The Data Controller carries out the processing of personal data in compliance with the principles of lawfulness, correctness and transparency (art. 5 GDPR). The processing of personal data is carried out by specifically authorized personnel, also through the use of IT and telematic tools suitable for guaranteeing data security. Personal data is protected by technical and organizational measures to ensure adequate levels of security and confidentiality in accordance with the provisions of articles 25 and 32 of the GDPR.
5. AUTOMATED DECISION-MAKING PROCESSES
The Data Controller does not carry out treatments that consist of automated decision-making processes.
6. RETENTION PERIOD
In compliance with the provisions of art. 5 of the GDPR, personal data will be kept for the period of time strictly necessary for the purpose for which they were acquired. In particular, the retention period of the data collected through requests received for the contact details on the Website is strictly limited to the time necessary to process the user’s request, also taking into account how the commercial relationship will eventually evolve following the contacts; in any case, in the absence of further developments, the data will be kept for 6 months from the last expression of interest by the user.
Navigation data, these will be kept for a maximum of one year; while the data collected through cookies will be kept for a period of time not exceeding that indicated in the extended cookie policy.
Data processed for marketing purposes may be lawfully kept for 2 years from the moment consent was given, unless the User previously communicates his/her wish to revoke consent for this purpose.
The CVs received through the appropriate form will be kept for a maximum period of 2 years from the date of receipt of the same. After this term they will be eliminated from paper and computer archives. In any case, the Data Controller will proceed to eliminate and delete the CVs deemed non-compliant or no longer necessary for company needs.
7. COMMUNICATION OF DATA AND RECIPIENTS
Personal data will not be disclosed and may be known and processed by employees / collaborators in charge of managing the Website and/or involved in responding to requests that may be received through the contact details indicated on the Website. The data may be communicated to the following recipients:
- third parties who carry out certain processing activities on behalf of the Data Controller, such as activities of a technical and/or organizational nature, including the activities of managing the IT system, telecommunications networks, including e-mail (e.g. hosting services, IT services, web analytics services); and advertising and communication services (e.g. marketing research, market surveys, opinion polls);
- competent authorities (public entities or judicial authorities) for the fulfillment of legal obligations and/or provisions of public bodies, upon request (e.g. to prevent or suppress the commission of a crime).
These subjects process personal data as independent Data Controllers or Data Processors. The Data Controller provides the aforementioned subjects only with the information necessary for the performance of the requested services.
The updated list of Data Processors is available upon request to the Data Controller.
8. TRANSFER OF DATA TO THIRD COUNTRIES / OUTSIDE THE EU
The personal data collected could be transferred abroad to European Union countries and/or to non-EU countries in compliance with the limits and conditions set out in EU Reg. 2016/679 for the protection of personal data. In case of transfer, the data will be transferred in compliance and within the limits established by the GDPR in articles 44 (General principle for transfer), 45 (Transfer based on an adequacy decision) and 46 (Transfer subject to adequate guarantees) on the basis of:
a) adequacy decisions of the European Commission issued in favor of third countries;
b) adequate guarantees expressed by the recipient third party;
c) cbinding corporate rules.
9. USER RIGHTS
- Receive confirmation of the existence of personal data and access their content (right of access);
- Update, modify and/or correct personal data (right of rectification);
- Obtain the erasure or restriction of processing of personal data processed in violation of the law (right to be forgotten and right to erasure);
- Object to processing of personal data (right to object);
- Lodge a complaint with a Supervisory Authority (Garante per la protezione dei dati personali) in the event of a violation of data protection legislation;
- Receive an electronic copy of personal data concerning him as Data Subject, and request that such personal data be transmitted to another data controller (right to data portability).
To exercise these rights, the Data Subject can contact the Data Controller (PRO.MED. S.r.l.) by sending a communication to:
- by e-mail to: promedsrl@pro-med.it
- by mail to: via Giambattista Vico, 10, 10128 Turin
In compliance with the circular of the Ministry of Health dated 17/02/2010 and the Guidelines of the Ministry of Health dated 28 March 2013, consultation of the contents of the website is aimed at professional operators. The information (texts, images, photos, drawings, attachments, etc.) relating to Medical Devices, Medical-Diagnostic Devices and Medical-Surgical Aids, contained on the website www.pro-med.it, are of an informative nature only.