C.so della Resistenza, 7 - Meda
Tel. 0362.74505
Fax: 0362.343763 - 759333

Privacy

PRIVACY POLICY

Information document in accordance with Article 13 EU Regulation 2016/679 (GDPR)

In compliance with the provisions of EU Regulation 2016/679(European Regulation for the Protection of Personal Data), we provide you with due information regarding the processing of personal data carried out through this website. The information is not to be considered valid for other websites that may be consulted through links on the domain websites of the owner, who is not to be considered in any way responsible for the websites of third parties. This information is provided in accordance with Article 13 of the EU Regulation 2016/679 and is also inspired by the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, on Cookies as well as the provisions of the Provision of the Guarantor Authority for the Protection of Personal Data of 08.05.2014 on cookies and subsequent amendments.

  1. DATA CONTROLLER is LABORATORIO ANALISI MEDICHE ALFA S.R.L., with registered office in 20821 – Meda (MB), Corso della Resistenza n. 7, in the person of its Managing Director as well as Legal Representative pro-tempore (hereinafter, the “Data Controller“).

Owner’s contact information: tel: +39 0362 74505; email: privacy@analisialfa.it.

The Data Controller may appoint other persons, internal to the company, duly authorized and instructed to perform processing operations under the authority of the Data Controller, pursuant to Article 29 of EU Regulation 2016/679.

Processing operations may also be carried out on behalf of the Controller by external parties, duly appointed as Data Processors pursuant to Article 28 of EU Regulation 2016/679. A complete and updated list of Data Processors is available at the Controller’s registered office, at the contacts indicated above.

  1. RESPONSIBLE FOR THE PROTECTION OF PERSONAL DATA (DPO | DPO – DATA PROTECTION OFFICER), pursuant to Articles 37, 38 and 39 of EU Regulation 2016/679, is DPO PROFESSIONAL SERVICE – Division of Labor Project S.r.l., with registered office in 22063 – Cantù (CO), Via Brianza n. 65 (hereinafter, the “DPO|DPO“).

DPO|DPO contact details: email: dpo.analisialfa@dpoprofessionalservice.it.

 

  1. DATA PROCESSED.

Personal Data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity (such as, but not limited to, first name, last name, date of birth, address, e-mail, telephone number, etc.).

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

This data is used for the sole purpose of obtaining anonymous statistical information about the use of the site and to check its correct operation and is deleted immediately after processing.

Maintenance

The User’s Personal Data may be processed in additional ways and for additional purposes related to the maintenance of the website.

Data voluntarily provided by the user

The optional and voluntary sending of personal data (e.g., through the sending of e-mail messages to the addresses indicated on this site or through the filling in of registration or information request forms on this site) entails the acquisition and processing by the Holder of the data voluntarily provided by users through the filling in of registration forms or any further personal data included in the communication including name, surname, date of birth, tax code, telephone number, e-mail address and any further data provided in order to receive the requested information, e.g. filling in “Examination Booking” data collection form. In particular, the Holder may process information related to your health status, which you may have provided in the examination booking phase.

Cookies
For more information about the cookies used by this website see the Cookie Policy.

 

  1. PURPOSE AND LEGAL BASIS OF PROCESSING – COMPULSORY OR OPTIONAL NATURE OF CONFERMENT

Data of a personal nature voluntarily provided, will be processed in compliance with Regulation (EU) 2016/679 for the following purposes:

(a) With reference to browsing data, to obtain anonymous statistical information on the use of the site and to monitor its proper functioning.

  • Legal Basis.: legitimate interest, Art. 6(f) and recital 47 GDPR: processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not prevail, taking into account the reasonable expectations of the data subject based on his/her relationship with the Data Controller. Activities strictly necessary for the operation of the site and the provision of the browsing service on the platform.
  • Data Retention Period.: up to the duration of the browsing session. For navigation see cookie policy.
  • Nature of conferment: except as specified for navigation data (which are necessary in order to enable navigation of the website), the user is free to provide personal data.

(b) Appointment booking online in order to improve service access to withdrawal.

  • Legal basis: need to implement pre-contractual and contractual obligations to which you are a party, art. 6 lett. b) GDPR, as well as the need to fulfill legal obligations, art. 6 lett. c) GDPR. The special categories of personal data (so-called sensitive data), and in particular data related to health status that may be communicated during the booking, will be processed by the Data Controller in compliance with the applicable legislation (Art. 9 par. 2 lett. h) GDPR).
  • Period of data retention.: 12 monthsfrom theprovision of the requested service by the patient except for further retention of personal data for the fulfillment of the contractual obligation and related administrative accounting and/or legal requirements.
  • Nature of conferment: The provision of your personal data for this purpose is optional. However, in the absence of such conferment, it will not be possible for the Owner to process online appointment booking requests sent through the website.

 

  1. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA

Data of a personal nature provided may be disclosed to:

– service providers for the management of the information system used by the Owner and telecommunications networks (including e-mail and the website);

– agencies, firms or companies as part of assistance and consulting relationships for the purposes described above;

– competent authorities for fulfillment of obligations of laws and/or provisions of public bodies, upon request.

Individuals in the above categories act as Data Processors, or operate completely independently as separate Data Controllers. The list of Data Controllers is constantly updated and available at the Controller’s office and at the contacts above.

 

  1. DATA TRANSFER TO A THIRD COUNTRY AND/OR INTERNATIONAL ORGANIZATION AND GUARANTEES

Data of a personal nature provided will not be disseminated and will not be transferred to countries outside the EEA.

Should there be a need to transfer Data to Third Countries, the Data Controller itself undertakes to:

  • Ensure that the country to which the Data will be sent guarantees an adequate level of protection as required by Article 45 GDPR; or
  • Use the standard contractual Data Protection Clauses approved by the European Commission for the transfer of personal information outside the EEA in accordance with Art. 46(2) GDPR.

The data subject may obtain information about the guarantees provided by the Data Controller for the transfer of data by contacting the Data Controller at the contacts above.

 

  1. DATA RETENTION PERIOD OR CRITERIA FOR DETERMINING THE PERIOD

Processing will be carried out in automated and manual form, using methods and tools designed to ensure maximum security and confidentiality, by specially appointed individuals.

In compliance with the provisions of Article 5 paragraph 1 letter e) GDPR, the personal data collected will be stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed.

  1. RIGHTS OF INTERESTED PARTIES

You may assert your rights as expressed in Art. 15, 16, 17, 18, 19, 20, 21, 22 GDPR by contacting the Data Controller or the DPO|DPO at the data provided above; You have the right, at any time, to obtain from the Data Controller access to your personal data and request information regarding the purposes, the categories of personal data processed, the recipients to whom the personal data will be disclosed, with particular reference to recipients in third countries, the retention period of the personal data or, where this is not possible, the criteria for its definition; the existence of an automated decision-making process, including profiling. You have the right to rectify, erase your personal data or restrict their processing. If the processing is based on Art. 6 para. 1(a) DGPR you have the right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal. You have the right to be informed of the existence of adequate safeguards regarding the transfer of your data to a third country or international organization pursuant to Article 46 GDPR. You have the right to portability of your personal data, in which case the Data Controller will provide you with your personal data, in a structured, commonly used and machine-readable format, and the right to transmit such data to another data controller. In addition, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data pursuant to Article 6(1)(e) or (f) GDPR, including profiling on the basis of these provisions. You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects your person. Without prejudice to any other administrative or judicial remedy, in the event that you believe that the processing of your personal data violates Regulation (EU) 2016/679, you have the right to lodge a complaint with the Privacy Guarantor(https://www.garanteprivacy.it), or to take appropriate legal action.

  1. CHANGES TO PRIVACY POLICY

The Owner reserves the right to change, update, add or remove portions of this privacy policy at its discretion and at any time. The data subject is required to periodically check for any changes. In order to facilitate such verification, the notice will contain an indication of the date on which the notice was updated. Use of the site, after the posting of changes, will constitute acceptance of those changes.

 

Update date: July 11, 2022

 

 

Verified by MonsterInsights