provided pursuant to Article 13, paragraph 1, EU REGULATION 679/2016 for the protection of personal data (GDPR)
I.A.C.E.R. S.r.l., in compliance with the provisions of Article 13, paragraph 1, of EU Regulation 679/2016 (hereinafter referred to as GDPR), informs users of the Web Portal https://itechmedicaldivision.com/ as “Data Subjects”, on the purpose of the collection and the methods of processing personal data.
I.A.C.E.R. S.R.L., Via Enzo Ferrari no. 2, 30037 Scorzè (VE) Italy- Data Controller’s email address: email@example.com
Data Protection Officer- Identity and contact details
Please note that the Data Controller has appointed, pursuant to Article 37 of the Gdpr, the Data Protection Officer, Maria Antonietta Sacheli, who can be contacted through the following channels: e-mail firstname.lastname@example.org – tel.: (+39) 049 877161
Types of Data Collected
The computer systems and application procedures used to operate the above-mentioned website acquire the following types of data in the course of their normal operation and in automated form:
– name; surname; telephone number; address; province; email; city.
– browsing data collected during a visit to the website, the transmission of which is implicit in the use of Internet communication protocols. By way of example: IP address of the device connected to the site, type of browser used, name of the internet service provider (ISP), date and time of visit, visitor’s web page of origin and exit, etc.;
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Website and guarantees that he/she has the right to communicate or disseminate them, releasing the Data Controller from any liability towards third parties.
Purposes for processing the Data collected
The User Data are collected by the Data Controller for the following specific purposes:
a) To allow navigation of the Web Portal of https://itechmedicaldivision.com/
b) To contact the User following the contact request received through the “Contact Form” (technical-commercial-post-sales information);
c) To provide the User with the information and services requested also following the contact established through the switchboard service.
d) Display and interaction with social networks and external platforms.
e) Traffic optimisation and distribution;
f) Tag management;
g) To obtain anonymous statistical information on the use of the Web Portal or related services, to check its correct functioning, to carry out monitoring activities in support of its security and to identify actions aimed at its improvement;
h) Interaction with online survey/questionnaire platforms, managed by the Typerform platform;
i) Interaction with data collection platforms and other third parties;
j) Mailing lists or newsletters: the specific data processing is governed by a specific information notice. Please consult it;
k) General profiling: the data collected by filling in our forms, while browsing the site or obtained from the type of your purchases, could also be used to identify and define your tastes, preferences, habits, needs and consumption choices;
l) To fulfil legal obligations, to comply with orders from public authorities, to ascertain possible liability in the event of hypothetical computer crimes to the detriment of the site or its users.
Legal basis for the data processing
The legal bases for processing are those referred to in Article 6 paragraph 1 of the GDPR
– letter a (“consent”) regarding the transmission of offers of services and products, profiling activities.
– letter b (“performance of a contract to which the Data Subject is a party” or “performance of pre-contractual measures”);
– letter c) “necessary to fulfil a legal obligation to which the Data Controller is subject”;
– letter f) the processing is necessary for the pursuit of the legitimate interest of the Data Controller or of third parties.
The User may deny consent and may revoke consent already given at any time.
However, denying consent may result in the inability to provide certain services and the browsing experience may be compromised.
Data processing methods
The personal data collected are processed in compliance with the principles of lawfulness, correctness and transparency, as provided for in Article 5 of the GDPR, also with the aid of computerised and telematic tools designed to store and manage the data themselves, and, in any case, in such a way as to guarantee their security and protect the utmost confidentiality of the Data Subject.
Categories of subjects authorised to process and to whom the data may be communicated
In addition to the Data Controller, in some cases, the personal data of users will be disclosed to and processed, in compliance with current legislation, by other subjects involved in the organisation of this Website:
– administrative, commercial, marketing, legal staff, system administrators or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies and communication agencies) appointed, in this case, Data Processors by the Data Controller pursuant to Article 28 of the GDPR. The updated list of Data Processors can always be requested from the Data Controller;
– to the Public Security Authorities or other public entities for the purposes of defence, State security and the detection of offences or to the Judicial Authority in compliance with legal obligations, where criminal offences are suspected.
The Data are processed at the Data Controller’s operational facilities and in any other place where the parties involved in the processing are based.
Apart from the aforementioned cases, personal data are in no way and for no reason communicated or disclosed to third parties. Finally, personal data will not be transferred to third countries or international organisations unless this is strictly related to specific requests made by the user, for which specific consent will be obtained.
The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organisation under public international law or consisting of two or more countries, such as the UN, as well as regarding the security measures adopted by the Data Controller to protect the Data.
Data retention period
In relation to the different purposes and the purposes for which they have been collected, the data will be kept for the time provided for by the relevant legislation or for the time strictly necessary to pursue the purposes. More specifically:
– the browsing data will be retained for a maximum of 365 days;
– the data collected through cookies will be retained for a period of time not exceeding that indicated in the extended information notice attached to this document;
– the Personal Data collected for purposes related to the performance of a contract between the Controller and the User will be retained until the performance of such contract is completed;
– With reference to the pursuit of commercial and profiling purposes, data will be retained for a period of 5 (five) years.
– Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied.
Where the Personal Data processing is based on the User’s consent, the Data Controller may retain the Data for longer, until such consent is revoked. Furthermore, the Data Controller may be obliged to keep the Personal Data for a longer period in compliance with a legal obligation or by the order of an authority.
At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this period the right of access, deletion, rectification and the right to Data portability can no longer be exercised
We inform you that, as a Data Subject, in relation to all personal data processed you may exercise your rights under the GDPR and specifically:
– Right of access to data collected and processed (Article 15);
– Right to obtain the rectification of data (Article 16);
– Right to obtain the erasure of data and the right to be forgotten (Article 17);
– Right to obtain restriction of processing (Article 18);
– Right to data portability to another data controller (Article 20);
– Right to object to processing (Article 21)
– Right to withdraw consent (where processing is based on consent), without prejudice to the lawfulness of processing based on consent given before the withdrawal (Article 7);
– Right to lodge a complaint with the Supervisory Authority (Article 77);
– Right to lodge a judicial appeal against the Supervisory Authority (Article 78) and against the Data Controller or the Data Processor (Article 79).
To exercise these rights, Users may address a request to the Data Controller’s contact details indicated in this document. Requests are filed free of charge and processed by the Data Controller as quickly as possible, in any case within one month.
Right to complain
Data Subjects who consider that the processing of personal data relating to them carried out through this site is in breach of the provisions of the Regulation have the right to lodge a complaint with the Data Protection Authority, as provided for in Article 77 of the Regulation, or to take legal action (Article 79 of the Regulation).
Automated processing and profiling
By giving your consent to the processing of your personal data for the purposes indicated in the relevant section, the data collected may be subject to an automated decision-making process, by means of a specific algorithm that will decide which communications are best suited to your profile or which may be of most interest to you.
Nothing proposed shall be binding on the user.
The Data Subject has, in any case, the right to obtain human intervention in the decision-making process by the Data Controller, to express his or her opinion, to obtain an explanation of the decision reached and to appeal against the decision.
How to exercise your rights
In order to exercise the aforementioned rights, the User may address a request to the Data Controller’s contact details indicated in this document. Requests are filed free of charge and processed by the Data Controller as quickly as possible, in any case within one month.
If the changes affect processing whose legal basis is consent, the Data Controller shall collect the User’s consent again.