PURSUANT TO ARTICLES 13 AND 14 OF THE (“GDPR”) 2016/679 (UE) REGULATIONS AND SUBSEQUENT NATIONAL ADJUSTMENT RULES
This document (“Policy”) is intended to provide guidance on the processing of information, as specified below, that will be provided by you or otherwise available at our facility and will be treated the same and/or other subjects identified for the following purposes. The Policy, in particular, is made pursuant to the EU Regulation n. 679/2016 (“GDPR”) and subsequent adjustment of national standards (in conjunction with the GDPR hereinafter “Applicable Regulation”).
1. Identity and contact data of the Data Controller
Pursuant to art. 4 and 24 of the UE 2016/679 Regulations, the Data Controller is CORESEARCH S.R.L. (Center for Outcomes Research and Clinical Epidemiology) – Via Tiziano Vecellio, 2, 65124 PESCARA (PE), VAT Number 02113130682, Tel. +39 085 9047114, email: firstname.lastname@example.org, in the person of the pro-tempore legal representative (here in after “Controller”).
2. Contact data of the Data Protection Responsible (c.d. “RPD-DPO”)
The Data Controller does not carry out any activities which envisage the designation of the Personal Data Protection Responsible.
3. Processing purpose and legal basis
The collected Personal Data will be treated for the purposes and in accordance with the legal basis as follows:
|section 3, lett. a): : for Your contractual relationship management that is pre-contractual provision executing (as, for example, the information or quotation request); to allow navigation on this website and the technical management of connections to the same; to manage any request for contact by the interested party and to respond to them and to respond to requests for assistance and the needs of customers and users. In this case, you are free to provide your personal data, however, failure to provide it will not allow you to establish the aforementioned relationship and satisfy your request and could make it impossible to use all the services provided by the site.||the processing is necessary in relation to the execution of a contract of which you are part, to the provision of a service or to the need to respond to requests from the interested party and is necessary to fulfill a legal obligation to which the Controller is subject.|
|point 3, lett. b) : prior specific consent, revocable at any time, to send you promotional communications relating to the Holder and communications relating to events organized by the Controller (the “marketing purposes“).||Your consent|
4. Categories of personal data processed
4.1 Navigation data
The computer systems and software procedures used for the functioning of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the date and time of the request, the method used in submitting the request, the size of the response file, the numeric code indicating the status of the response given by the server and other parameters relating to the operating system and the IT environment of the User. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning, and are deleted immediately after processing. The data could be used, exclusively by the Judicial Authority for ascertaining responsibility in case of hypothetical computer crimes against the site.
4.2 Data Provided Voluntarily by the User
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site, or the completion of forms, entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data voluntarily entered by the User. The User assumes the responsibility of the Personal Data of third parties obtained, published or shared through this website and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.
5. Recipients or categories of recipients
Personal data will not be diffused or will not be given knowledge to unspecified subjects. It will instead be communication object to well-defined subjects, in full compliance with legal requirements, for purposes strictly related to those mentioned above. Any access to Your personal data is restricted to persons authorized by the Data Controller. The communication to the identified recipients, only if involved and functional, is linked to the achievement of the purposes referred to in paragraph 3 mentioned above, therefore, the personal data collected and processed may be:
- used in anonymous form for statistical purposes;
- made available to the employees of the Data Controller, as managers or persons authorized to process personal data;
- disclosed to third persons, natural or juridical, public administrations, professionals, law enforcement, government agencies, regulatory bodies, courts or other government authorities authorized by law;
- subjects that provide services for the management of the information system and communication networks including e-mail, newsletters and website management;
- companies in the context of assistance and consultancy relationships;
- if necessary, transferred to another Data Controller in accordance with GDPR, also with regard to the right to data portability.
The information may also be disclosed whenever the communication may be required to comply with requests made by judicial or public safety. The data collected will not be disseminated in any case.
The list of the personal data processing personnel is available at the office of the Data Controller.
6. Data transfer abroad
The data will not be transferred outside the European Community.
7. Data retention period (determination criteria)
Below there is a table that contains the indications of the retention time (i.e. the determination criteria) of personal data:
|section 3, lett. a): : contract management||For the entire duration of the relationship and subsequently for 10 years (ordinary prescription).|
|section 3, lett. b) : marketing purposes||2 years from collection, with the possibility for the interested party to modify and/or revoke his/her will at any time|
Furthermore, the Data Controller may be obliged to keep the Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
8. Data processing methods
Personal Data will be processed using manual, computerized or telematic tools, suitable for guarantee security and confidentiality, and will be carried out by personnel properly trained in compliance with the Applicable Law. There is no automated decision-making process.
In addition to the Data Controller, in some cases, other parties involved in the organization of this Website (administrative, commercial, marketing, legal, system administrators) or external parties (such as third party technical service providers, postal couriers , hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Processors by the Data Controller.
In addition to cases in which it is necessary to contact you for needs related to the management of Your position, where You consent to the processing of Your data for the purposes referred to in section 3, lett. b), you can be contacted by e-mail, newsletter, text message, or through any equivalent electronic tool or by paper-based mail or call via operator to all the contact details provided. If you prefer to be contacted only to one or some of these means, you can make an express written request to the Data Controller.
8.1 Defense in court
The User’s Personal Data may be used by the Controller in court or in the preparatory stages for its eventual establishment for the defense against abuse in the use of this website or the connected services by the User. The User declares to be aware that the Controller may be required to disclose the Data by order of the public authorities.
8.2 Specific information
8.3 System log and maintenance
For needs related to operation and maintenance, this website and any third-party services used, may collect system logs, that are files that record the interactions and that may also contain Personal Data, such as the User IP address.
8.4 Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time to the Data Controller using the contact details.
8.5 Response to “Do Not Track” requests
This website does not support “Do Not Track” requests. To find out if any third-party services used support them, the User is invited to consult the respective privacy policies.
9. Rights of the Data Subject
We inform you that you will be able to exercise the rights recognized by the Applicable Law including, but not limited to and as example, the right:
- to access Your Personal Data and to know the origin, the purposes of the processing, thedata of the subjects to whom they are communicated, the retention period of the data or the criteria necessary to determine it (art.15);
- to request the correction (art.16);
- to the cancellation (“oblivion”), if no longer necessary, incomplete, erroneous or collectedin violation of the law (art.17);
- to request that the processing should be limited to a part of the information concerning You(art.18);
- to receive in a structured format or to transmit to You or to third parties indicated by Youthe information concerning you (so-called “portability”) or those that you have voluntarily provided (art. 20), as far as it is technically possible;
- to oppose their processing based on legitimate interest (art. 21);
- g. and to revoke Your consent at any time, if this constitutes the basis of the processing (therevocation of consent, however, does not affect the lawfulness of the processing based onthe consent made before the revocation itself).
The aforementioned rights may be exercised by means of a written request addressed without formalities to the Controller to the contacts indicated in sections 1.
The Controller must proceed in this direction without delay and, in any case, no later than one month after receipt of the request. The deadline may be extended by two months if necessary, taking into account the complexity and the number of requests received by the Controller. In such cases, the Data Controller within one month of receiving your request will inform you about the reasons of the extension.
We remind you that, if the response to Your requests was not satisfactory in Your opinion, You can contact and submit a complaint to the Authority for the Protectionof Personal Data (https://www.garanteprivacy.it/) in the manner provided by the Applicable Regulations.
Revision April 2019