PERSONAL DATA INFORMATION ARTICLE 13, CO. 1, GDPR
“APP I-TECH Life”
IACER S.r.l., pursuant to the article 13 of Regulation UE 679/2016 (di seguito GDPR), with the following rules, gives Users (or “Data subject”) information regarding purposes and methods of the processing.
a) Data controller
IACER S.r.l., with registered office in Via S. Pertini 24/A, 30030 Martellago (VE), C.F./P.I. 00185480274, REA: VE 120250, email firstname.lastname@example.org.
b) Purposes of the processing.
Users’ personal data will be processed for the following purposes:
– to allow users’ entry;
– to enable the use of the services and to satisfy users’ requests;
– to support users to properly use the devices and to check the ongoing therapy;
– to check the device therapy effectiveness;
– to comunicate further services or devices offers;
– to carry out statistical analysis ,
c) Processing of special categories of personal data.
With reference to specific tasks, Iacer will process the special category of personal data as detailed sub art. 9, clause 1, GDPR (ie. Biometric data, data concerning health).
d) Legal basis of the processing.
Legal basis for the processing, pursuant to article 6, sub. 1, are
– letter B (“performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract “);
– letter C (“legal obligation“);
– letter A (“consent“) in relation to the transmission of communications related to the activities and initiatives of the Data Controller, as well as processing special categories of personal data.
e) Recipients of personal data. Transfer of personal data to third countries
The Data Controller may communicate all data collected and processed, only for the purposes specified above, to UE established third parties.
The recipients will process personal data on behalf of the Data Controller an will be appointed as “Data Processors”. The Data Processors are, for example, suppliers of IT and logistic services functional to the operation of the Site, outsourcing or cloud computing service providers, system administrators or subjects who provide hosting services, professionals and consultants, associations, companies and professional firms, also abroad, with whom is maintained a contractual relationship of collaboration or correspondence, external subjects who provide specific services, such as translation or electronic archiving services, entities or legal persons who collaborate with the Controller for administrative, accounting, fiscal, management reasons, as well as all other subjects to whom the communication is mandatory by law for the fulfillment of the aforementioned purposes.
The updated list of data processors is available at the registered office of the Data Controller.
The user can freely contact the data controller for any clarification or problem concerning its privacy.
The system administrator, on behalf of the company legal representative, while carrying out his tasks, is allowed to process personal data.
f) Data retention period
The data will be stored for a period of time not exceeding what is necessary to achieve the purposes indicated and/or in compliance with the terms provided by law or regulation. With reference to commercial purposes, data will be stored for a period of ten (10) years.
With reference to special data categories, data will be stored for a period not exceeding the time needed to get the tasks, or to what is necessary for the civil protection of the interests of both Users and Data Controller.
After the retention period, the Controller will completely delete the data provided by the User.
g) Data subject’s rights.
In relation to all personal data processed, the Users may exercise the rights provided by the GDPR and specifically:
– Right of access to personal data collecting and processed (art. 15);
– Right to rectification of data (art. 16);
– Right to erasure and right to be forgotten (art. 17);
– Right to restriction of processing (art. 18);
– Right to data portability (art. 20);
– Right to object (art. 21);
– Right not to be subject to a decision based on automated processing (art. 22);
– Right to withdraw the consent (if the processing is based on consent). It shall not affect the lawfulness of processing based ton consent before its withdrawal (art. 7);
– Right to lodge a complaint with a supervisory authority (art. 77);
– Right to an effective judicial remedy against the supervisory authority (art. 78) and against the controller or the processor (art. 79).
h) Reasons of the provision of personal data. Consequences of denial.
The provision of personal data for the processing purposes indicated above is optional but necessary, because the denial of the provision of data will make impossible for the User to browse the Website, to register and to use the services offered by the Data Controller.
Anyway, the consent is optional in relation to the use of Users personal data for commercial purposes.
i) Third parties’ personal data.
Whenever, in order to carry out our activity, would be necessary to process third parties’ personal data sent by you, with the signature of the present document you ensure the fully compliance with GDPR in processing them. Whenever third parties’ data processing needs the consent of the third parties, you undertake to get, on our behalf, the third parties’ legitimate consent.
j) Automated processing
Personal data won’t be processed in any automated form, as profiling methods.
k) Processing methods.
The personal data concerning users will be processed according to the principles of lawfulness, fairness and transparency and protection of the privacy and the rights of the Users. The data will be processed in the following ways:
– Access to data and archives allowed only to subjects that are authorized to process the data;
– Data and area protection by technical and organizational security measures adequate and systematically monitored, as required by art. 32 GDPR;
– Registration and processing both through files and paper supports and through IT supports;
– Conservation by saving and archiving in paper files but mainly in hardware systems of the Data Controller or its Processors.
AKNOWLEDGMENT OF THE INFORMATION AND DECLARATION OF CONSENT TO THE USE OF PERSONAL DATA PURSUANT TO
ARTICLES 6, CO. 1, LETT. A AND 9, CO.2 LETT. A, GDPR
To consent the use of your personal data, please click the button “Accept” in the App.
In this way, you also declare to have received the information above written pursuant to article 13 of the Regulation UE 2016/679.