Legal Notes and Privacy Policy

LEGAL NOTES

MEDAVITA S.P.A. with Sole Shareholder
SHARE CAPITAL € 585,520.00
MILAN REG. OF COMPANIES AND TAX CODE 03072410370
medavitaspa@legalmail.it
VAT NO. 12055940154

REGULATORY REFERENCES

Directive 2002/58/EC – concerning the “processing of personal data and the protection of privacy in the electronic communications sector”.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter “GDPR”.

THE DATA CONTROLLER

The Data Controller is Medavita S.p.A., Via Bernardino Telesio 15 – 20145 Milan, Italy.

TYPE OF DATA PROCESSED

Browsing data

The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of internet transfer protocols. This information is not collected for the purpose of being associated with identified data subjects, but, due to its nature, could make it possible, through processing and association with data held by third parties, to identify users. This category of data includes the IP addresses or domain names of the computers used by users that connect to the site, the URIs (Uniform Resource Identifiers) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numeric code indicating the status of the server response (success, error, etc.) and other parameters relating to the user’s operating system and IT environment. These data are used for the sole purpose of gathering anonymous statistical information on the use of the site and to check that it is operating correctly, and are deleted immediately following the processing.

The browsing data is not stored for more than seven days (unless needed for verifications of the commission of crimes by the legal authorities). Any limited processing of personal data collected for those purposes is necessary in pursuit of the legitimate interest of the Data Controller (Article 6, paragraph 1, letter f) of the GDPR).

Data provided voluntarily by users

The optional, explicit and voluntary sending of messages to the Data Controller’s addresses, as well as the sending and filling in of contact forms and other forms, signing up for the site or signing up for the newsletter on the website entail the acquisition of all the personal data included in those communications.

Depending on the specific purposes, data may be processes based on the consent freely given by the data subject (Article 6, paragraph 1, letter a) of the GDPR), to perform of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6, paragraph 1, letter b) of the GDPR); for the pursuit of the legitimate interests of the Data Controller (Article 6, paragraph 1, letter f) of the GDPR).
Specific disclosure will be published on the pages of the website set up for the provision of specific services.

Anonymous or aggregate data

Anonymisation is a type of processing that aims to prevent the identification of the data subject. Data rendered anonymous is not included in the scope of application of the data protection legislation. Aggregate data may derive from personal data provided by users but are not considered personal data because, as specified, it is not possible to either directly or indirectly identify the data subject.

COOKIES

For information on the cookies used, refer to the dedicated disclosure provided in the link “Cookie Policy”.

LINKS TO OTHER WEBSITES

This site may contain links or references to access other websites. The Data Controller does not control the cookies or other monitoring technology of those websites, to which this Policy shall not apply. Therefore, we ask that you consult the individual privacy policies of those websites.

OPTIONAL NATURE OF PROVIDING THE DATA and CONTROL OVER YOUR PERSONAL DATA

Aside from that specified for browsing data, you are free to provide your personal data. However, if you do not provide them, it may be impossible to obtain the services requested.
You can decide to limit the collection or use of your personal data at any time. For example, if you previously granted consent for the processing of your personal data for marketing purposes, you can revoke that consent by writing or sending an email to the Data Controller.

The Data Controller shall not sell or distribute to third parties the personal data collected unless it has obtained explicit, free consent from the users, or unless this is specifically requested by law. If consent has been obtained from the users, the personal data may also be used to send promotional information also regarding third parties.

PROCESSING METHODS and STORAGE PERIODS

Personal data are processed also using automated instruments. Specific security measures are followed to prevent the loss of data, unlawful or incorrect use thereof and unauthorised access. The Data Controller has adopted all of the minimum security measures required by law and, based on the main international standards, has also adopted additional security measures to reduce to the minimum the risks regarding the confidentiality, availability and integrity of the personal data collected and processed.

The processing connected to web services is overseen solely by personnel expressly authorised by the Data Controller or by any third party suppliers that perform support activities for the provision of those services, who have been designated as Data Processors pursuant to Article 28 of the GDPR. The data collected shall be stored exclusively for the period of time necessary to fulfil the individual purposes indicated in this Privacy Policy or in the specific summary disclosures displayed on the pages of the website, set up for specific services.

SHARING, COMMUNICATION AND DISSEMINATION OF THE DATA

The data collected may be transferred or communicated to other companies for activities strictly connected and necessary to operate the service, such as managing the IT system. The personal data provided by users that forward requests are used only to fulfil such requests, and are communicated to third parties only where this is necessary for such purposes. Outside of these cases, the personal data shall not be communicated, except where provided by contract or law, or unless specific consent is requested from the data subject.

In this sense, the personal data could be transmitted to third parties, but only and exclusively where:

• explicit consent has been provided to share the data with third parties;

• the information needs to be shared with third parties in order to provide the service requested;

• it is necessary to fulfil requests from the legal authorities or police forces.

No data deriving from the web service shall be disseminated.

TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES

The personal data shall not be transferred to third countries, meaning countries not belonging to the European Union or European Economic Area. Where this occurs, the Data Controller declares and warrants that it shall comply with the measures set out in Chapter V of the GDPR.

ADDITIONAL INFORMATION ON DATA PROCESSING AND THE EXERCISE OF RIGHTS

The regulations on personal data protection expressly provide certain rights to the data subjects. In particular, pursuant to Article 15 et seq. of Regulation (EU) 2016/679, each data subject has the right to obtain confirmation of whether data regarding him/her exists, to be informed of the origin of the data, the purposes and methods of processing, to object to such processing, the update, correction or addition to such data as well as their deletion where such data is processed in violation of law or due to one of the reasons specified in Article 17 of the GDPR. For more information on the processing of personal data, or to exercise the rights indicated above, you can contact the Data Controller by writing to Medavita S.p.A., Via Bernardino Telesio 15 – 20145 Milan, Italy, or sending an email to privacy@medavita.it.

CHANGES TO THIS PRIVACY POLICY

The Data Controller shall periodically verify its privacy and security policy and, if necessary, shall revise them as a result of regulatory or organisational changes, or changes resulting from technological evolution. In the event of changes to the policies, the new versions shall be published on this page of the website.

RIGHT TO LODGE A COMPLAINT

If you believe the processing of the personal data referring to you through this website is in violation of the provisions of the GDPR, you are entitled to lodge a complaint with the Data Protection Authority, as envisaged in Article 77 of the GDPR or seek a judicial remedy (Article 79 of the GDPR).