General Medical Merate S.p.A. (hereinafter referred to as GMM or the Group), as Data Controller (hereinafter referred to as Controller), sets as its main objective the compliance with the rules applicable in the field of protection of personal data and, therefore, ensures the necessary fulfilments for its proper compliance with the relevant regulations in force.
In compliance with the General Data Protection Regulation 2016/679 on the protection of individuals with regards to the processing of personal data, the Group wishes to inform the website user, as Data Subject (hereinafter referred to as Subject), on matters relating to the treatment of personal data and on the free movement of such data, provided to us during navigation on the website, as well as on the rights of the Data Subject.
The Data Controller is General Medical Merate S.p.A., with headquarters in Via Partigiani 25, 24068 Seriate (BG), which can be contacted by writing to the following e-mail address: firstname.lastname@example.org.
Data processed by GMM
Data processed by GMM include:
- Personal data voluntarily provided by the Subject when interacting with the features of the website, such as, for example, contacting or asking to be contacted by GMM.
- Identifying data used in internet communication protocols (i.e., navigation data) acquired by IT systems and software procedures required for navigating the website
Purposes of data processing
GMM collects and processes navigation data exclusively for statistical purposes and in anonymous form with regards to access and use of the website, with the purpose of monitoring and optimizing functionality and contents of the website.
Communication of personal data
The Subject’s personal data are communicated to the following categories of recipients, within the framework of the aforementioned purposes:
- Data Processors identified from time to time;
- Third parties that provide services for GMM;
- Companies and professionals employed by the Controller to safeguard the Controller’s rights (e.g.,: accountants, lawyers, tax consultants, auditors, consultants, etc.).
Retention period of personal data
The Subject’s personal data are retained for the time necessary to process such data for the aforementioned purposes and thereafter:
- Within the applicable limitation period. In case of occurrence of events interrupting the limitation period, the retention period is extended accordingly;
- Within the limits provided by the regulations on data retention (e.g., tax records), to properly fulfil any legal obligations;
- Within the period of time necessary to protect GMM’s rights, in the event of legal disputes.
Rights of the Subject
The rules on personal data protection guarantee a number of rights throughout the processing period. The rights that the User may exercise, as a concerned party, are:
- Right of access: to know which data are processed and be exhaustively informed regarding the processing.
- Right of rectification: to request the amendment of inaccurate or obsolete data.
- Right of data portability: to obtain a copy of processed data, in a structured, commonly used and machine-readable format, in order to facilitate a potential transfer of the data to a new Controller, other than GMM.
- Right of restriction of processing: to restrict the processing of one’s own data, provided that one of the circumstances envisaged by the applicable regulations applies.
- Right of erasure: to request the erasure of one’s data.
- Right of objection: to request the interruption of data processing (e.g., interruption of commercial communications)
- Right to file a complaint with the supervisory authority: to encourage reports, complaints or appeals to the Data Protection Authority.