INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF EU REGULATION N° 679/2016 (GDPR)
This information notice, provided pursuant to article 13 of the EU Regulation n° 679/2016 (from now “The Regulation”), sets out the methods for processing personal data provided to register for events or access the services provided, through the site www.healthtech.eu, associated with Medflix s.r.l.
This information is provided pursuant to and for the purposes of articles 13 and 14 of European Regulation n° 679/2016 (GDPR) by Medflix s.r.l., with registered office in via Giovanni Boccaccio n.7 Milan, in the person of its legal representative Mr Ioannis Spandonis, as Data Controller. In accordance with the legislation in force, every operation concerning the personal data collected shall be based on the principles of correctness, lawfulness and transparency, limitation of purposes and storage, data minimization, accuracy, integrity and confidentiality.
This information is addressed to the users of the website www.healthtech.eu.
TYPE OF DATA PROCESSED
Medflix s.r.l., as data controller, collects and processes the following personal data of individuals who request to register on the website and access our services.
a) Identification data (first/given and last name) to create the user profile and associate it with a specific person;
b) Contact data (e-mail address, phone number) to create the profile and send you communications relating to the management and booking of the event;
c) Video images, photographs or other audiovisual material produced and/or recorded during the event in streaming mode or on a digital platform.
d) Identification data (tracking information, IP addresses) for the use of website;
e) Identification data (credit card number) to register for the event;
PURPOSE OF PROCESSING
The processing we intend to carry out, with your specific consent, where necessary, has the following purposes
TO CREATE, MAINTAIN AND MANAGE YOUR ACCOUNT ON HEALTHTECH
a) The processing of your data is necessary to carry out the registration on healthtech.eu and for the related administrative and service management activities.
a) For the registration on healthtech website, the legal basis for this treatment is derived from your express consent according to Article 6 paragraph 1 letter a) of the GDPR;
b) For the administrative activities related to registration and account management on healthtech website, the legal basis for this treatment is derived from the contractual obligation between Medflix.s.r.l. and the User (Data Subject) pursuant to Article 6 paragraph 1 letter b) of the GDPR;
c) To allow us to contact you through digital channels in case of technical problems or administrative issues, the legal basis for this treatment is the legitimate interest of the Holder pursuant to Article 6 paragraph 1 letter f) of the GDPR;
TO COMMUNICATE INFORMATION TO YOU REGARDING OTHER SERVICES OFFERED BY HEALTHTECH.
PLEASE NOTE: The legal basis is your explicit consent pursuant to Article 6 paragraph 1 letter a), without which we will not proceed with these processing activities;
a) User data will be processed to send direct marketing communications, newsletters, promotional material, through traditional contact systems and automated systems;
b) User data will be processed to determine habits and preferences through profiling;
b.1) In case of data processing for the purpose of using personalized services by means of profiling, the same may be subject to an automated decision-making process, by means of a specific algorithm that will decide which communications are most suitable for User’s profile or which may be of most interest;
PROCESSING AND STORAGE METHODS
The availability, management, access, storage and usability of Personal Data is guaranteed by the adoption of technical and organizational measures to ensure appropriate levels of security in accordance with Articles 25 and 32 of the GDPR, as well as, in relation to the specific processing purposes identified by the Applicable Privacy Law, to ensure compliance with the guarantee measures of the Guarantor for the protection of personal data and the relative sector provisions.
– Your personal data will be kept in a form that allows the identification of the data subjects for a period of time not exceeding the fulfillment of the purposes for which they were processed (5 years); Your data may be kept for longer periods in accordance with Article 89 paragraph 1;
– Your personal data collected for direct marketing purposes will be kept until you withdraw your consent and, in any case, for no longer than 24 months.
– Your personal data collected for profiling purposes will be kept until you withdraw your consent and, in any case, for no longer than 12 months.
The Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority, or for its own legitimate interest in order to protect its rights, including in court.
At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this period, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.
CATEGORIES OF RECIPIENTS
For the pursuit of the purposes described, the Data Controller may need to communicate your Personal Data to third parties belonging to the following categories:
a) Subjects that take care of accounting and labor law fulfilments for the Data Controller;
b) Subjects that provide services for the management of the Owner’s information system;
c) Company that, belonging to Medflix s.r.l., is in charge of hosting the events in live mode;
d) Company that deals with payments on behalf of the Owner;
e) Company that deals with communicating updates to the website or inviting to events;
The subjects belonging to the above categories act as Data Processors pursuant to Article 28 EU Reg. 679/2016 specifically appointed for this purpose.
In addition, for the pursuit of the aforementioned purposes, your Personal Data are processed and known by employees and collaborators of Medflix s.r.l. specifically designated as Persons Authorized to Processing ex art 29 Reg. EU 679/2016, by reason of the different tasks assigned to each of them and the instructions given.
The list of Data Processors and Data Trustees appointed is made available by the Data Controller for consultation, upon request to its contact details. email@example.com
TRANSFER OF DATA
The Data Controller may transfer personal data to a Third Country or an international organization.
The transfer of personal data to such entities, if established in a Third Country or an international organization, is made in the presence of an adequacy decision by the European Commission which has verified that the Third Country, the territory or one or more specific sectors within the Third Country, or the international organization in question guarantee an adequate level of protection of rights. In any case, the Data Controller has entered into specific agreements (SCC) that oblige such parties to adopt security measures, including organizational measures, aimed at providing appropriate guarantees with regard to rights. Data may thus be transferred to the following but not limited to the countries: Japan, China, Australia, Latin America and the United States of America.
RIGHTS OF THE DATA SUBJECT
The data protection legislation gives you the opportunity to exercise various rights. Under Articles 15 to 22 of the GDPR, you have the right to obtain confirmation of whether or not your data is being processed and if so, to obtain access to your data. See here for a full list of all the rights you may exercise.
a) Obtain from us, as Data Controller, confirmation of the storage, the recipients or categories of recipients to whom the data have been or will be disclosed, in particular if they are recipients from Third Countries or international organizations, the expected data retention period or the criteria used to determine this period (Art. 15 GDPR);
(b) Ask us to rectify, erase data or restrict the processing of data relating to you (Art. 16 and 17 GDPR);
(c) Limit the processing of your data (Art. 18 GDPR);
d) Object to the processing of your data, without prejudice to the Data Controller’s right to assess your request, which may not be accepted if there are compelling legitimate grounds for processing that override your interests, rights and freedoms (Art. 21 GDPR);
(e) Withdraw consent at any time, without affecting the lawfulness of the processing based on the consent given before the withdrawal (Art. 7 GDPR);
f) Obtain notification in case of rectification or erasure or restriction of data processing (Art. 19 GDPR);
g) Obtain data portability, in the cases provided for by law (Art. 20 GDPR);
h) To lodge a complaint with the Data Protection Authority (Art. 77 GDPR);
(i) Object at any time to the processing of personal data concerning him/her pursuant to Art 6(1)(e) or (f), including profiling on the basis of those provisions. (Art. 21(1) GDPR);
(j) Object at any time to the processing of personal data concerning him/her carried out for direct marketing purposes (Art 21(2) GDPR);
Our site is not suitable for minors under the age of 18, but is intended for an adult audience. If you are a parent or guardian and you think your child has transmitted data to us, you can contact us at firstname.lastname@example.org