The purpose of this Privacy Policy is to describe how the Site www.esamed.it, is managed, in relation to the processing of personal data of users/visitors who consult it.

This document is valid only for the above mentioned website and not for other websites you can visit through the links which it contains, and includes information provided to the users in compliance with the provisions of EU Regulation 2016/679 and Legislative Decree 196/2003 and subsequent modifications and additions.

The contents of this Site – including data, news, information, images, charts, drawings, trademarks and domain names – are the property of Esamed srl and, unless otherwise indicated, are covered by copyright and industrial and intellectual property regulations.

We clarify that the term “Personal Data” is used in reference to any information that allows the managers of the www.esamed.it site to identify the user (or a third subject whom data is supplied by the user), directly or indirectly, including possible information related to the purchase of goods or services, or that the user chooses to disclose or share, while using the Website.

We therefore invite our users/visitors to carefully read this Privacy Policy before submitting any personal information and/or filling in any electronic form on the site.

1. CONTROLLER OF THE TREATMENT

The “Controller” of the treatment is Esamed srl (P. Iva 04716160231), a company with headquarters in Via Paolo Borsellino, 48 37067 – Valeggio Sul Mincio (VR) Italy. The Controller can be contacted by registered letter with return receipt or at the e-mail address esamed@esamed.it, or at the Certified Electronic Mail esamed@pecmail.net.

2. TYPE OF TREATED DATA and PURPOSE OF THE TREATMENT

Navigation data
The Controller treats some of the personal data of the users who interact with the information systems and software procedures of the website. The Company especially treats navigation data which the IT systems automatically collect during the use of the website, such as the IP address, domain names and type of browsers. This navigation data do not contain any further personal information. This data is used to collect anonymous statistical information on the use of the website, to control the modalities of use of the website, as well as to ascertain responsibility in case of possible computer crimes.

Data supplied voluntarily by the user
If users/visitors, connecting to this site, send their personal data to access certain services, that is to make requests by e-mail, are aware that this involves the acquisition by the Controller of the sender’s address and/or any other personal data that will be processed exclusively to respond to the request, i.e. for the provision of the service.
The personal data provided by the users/visitors will be communicated to third parties only in the event that the communication is necessary to comply with the requests of the users/visitors themselves, or by legal obligation (as in the case of invoicing).

Cookies
In addition to the data expressly given to the Controller, other data deriving from surfing the site by the user may be collected: when the user accesses the site, in fact, the site may send the user a “cookie”. A “cookie” is a small text file that the site can automatically send to the user’s computer when they view our pages. “Cookies” are used to make navigation easier, as well as to obtain information on the navigation of the individual user within the site and to allow the operation of certain services that require the identification of the user’s path through different pages of the site. For any access to the Site, regardless of the presence of a “cookie”, the Site records the type of browser (e.g. Internet Explorer, Chrome, Firefox), the operating system (e.g. Windows, Macintosh) and the host and URL of the user-navigator, as well as the data on the requested page. This data may be used in aggregate and anonymous form for statistical analysis of site usage. For the complete management of cookies, please consult the “cookie policy” page of this site.

3. PURPOSE OF THE TREATMENT

In addition to those indicated in the single information notices that precede the filling in of the forms of the different sections of the site, the purposes of the data processing carried out by the Controller must be intended as follows:

  • collection, retention and processing for the establishment and operational and administrative management of the contractual relationship related to the provision of the service offered on the site;
  • use of the user’s personal data (in particular their e-mail address) to make communications relating to the performance of the established contractual relationship;
  • processing of personal data both provided and derived from surfing the site in order to ensure the service is consistent with the indications transmitted during the use of the service;
  • collection, storage and processing of data to perform statistical analysis in anonymous and/or aggregate form;
  • purposes related to the performance of our activity, such as offering personalized content like newsletter services;
  • for the communication of commercial information on future initiatives, product or service launch announcements;
  • for market research, statistical and economic analysis;
  • to send advertising or promotional material and to inform about prize competitions and promotional initiatives in general.

Your data can be treated, even without your consent, also with the purpose of: fulfilling tax and accounting obligations; fulfilling the obligations provided by law, a regulation, EU legislation or an order of the authority; prevention or discovery of fraudulent activities or misuse damaging the website; exercise of the rights of the Controller, such as defense in court.

4. LEGAL BASIS

The legal basis for the processing of clients’ data carried out by the Controller through the site indicated above consists in the contract stipulated with the Interested Parties, while, in the absence of it, the legal basis is to be found in the legitimate interest of the Controller to the free economic initiative referred to in art. 41 const. For further purposes that require consent, it will be requested in a specific form and should also be considered as a valid legal basis.

5. RECIPIENTS

In addition to the Controller, in some cases, the data may be accessed by categories of Processors and authorized persons involved in the business organization of the Site (administrative, commercial, marketing staff, lawyers, system administrators). In addition to this, the Controller may make use of external parties (such as third party technical service providers, carriers, hosting providers, cloud service, IT companies, communication agencies) who may be appointed as external processors. The updated list of data processors can always be requested to the Data Controller by contacting the address indicated above.

6. DATA PROCESSING METHOD

Personal data is collected with automated processes (e.g. using electronic procedures and media) and/or manually for the time strictly necessary to achieve the purposes for which the data has been collected and, in any case, in compliance with the relevant regulations in force. Personal data will be processed within the European Union. The data processed by the Controller will never be disclosed.

7. DATA STORAGE

Personal data will be processed and stored for the time period which is necessary to the purpose for which it was collected; in particular, for the purposes related to the management of the contract, data will be stored for the time period which is necessary to the execution of the service required and, after this, for the time in which the Controller is subject to mandatory data retention for tax purposes or other purposes required by law or regulations. Data will, in any case, be stored for a maximum period of 10 years from the end of the contract, according to the ordinary limitation period as provided by the Civil Code.

Personal data will be stored for the time strictly necessary to achieve the purposes for which it is collected and processed. Once the purpose of the processing has been exhausted, in the event of exercising the right to object to the processing or the right to withdraw consent, the owner will still be entitled to further store all or part of the personal data for the purposes permitted by the GDPR, (such as, for example, the need to assert a right in court). After this deadline the data will be deleted or made anonymous.

8. OPTIONAL OR MANDATORY PROVISION OF PERSONAL DATA

Apart from what has been specified for navigation data that acquire data automatically, users/visitors are free to provide their personal data or not to provide it. Failure to provide it may only result in the impossibility of obtaining what has been requested.

9. SUBJECT’S RIGHTS

The subjects that the personal data refers to have the right at any time according to GDPR to obtain confirmation of the existence or not of the said data and to know its content and origin, verify its accuracy or request its integration, updating or rectification.

In relation to the processing of the aforesaid data, article 7 GDPR recognizes the right to obtain the following from the Data Controller:

  • the confirmation of the existence or absence of your personal data, its communication in intelligible form and its origin, as well as the logic on which its processing is based;
  • the cancellation within a reasonable period of time of your data, its transformation into anonymous form or the blocking of any data processed in violation of the law;
  • the updating of the data, its rectification or, should you be interested, its integration;
  • proof that the operations referred to in the previous points have been brought to the attention of those to whom they have been communicated, provided that it is not impossible or it requires the use of a disproportionate effort.

The customer has the right to revoke the consent relating to the optional processing operations and unrelated to the execution of the contract stipulated with the owner.

The customer has also the right to object for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of collection, to request its portability, to exercise the right to oblivion, as well as to contact the competent supervisory Authority for the protection of personal data for any violation they deem to have suffered; that is, for Italy, the Guarantor for the protection of personal data and can be contacted by e-mail at garante@gpdp.it, by fax at no. 06 696773785, or by mail to the Guarantor for the protection of personal data which is based in Rome, Piazza di Monte Citorio, 121, cap 00186.

The Controller will respond to the user as soon as possible, in any case within one month, without prejudice to the right of the user in case of violation to lodge a complaint to the designated authority.

10. MODALITIES FOR THE APPLICATION OF THE RIGHTS

It is at any time possible to exercise one’s rights by sending:

  • a registered letter with return receipt to the Controller;
  • an e-mail to the Controller’s address;
  • a certified e-mail Controller’s address.

The Controller will respond to the user within 30 days, without prejudice to the right of the latter to lodge a complaint to the designated authority in case of violation.

11. CHANGES TO THE PRIVACY POLICY

The Controller reserves the right to make changes to the privacy policy and the privacy Information Notice at any time by giving the users notice publishing it on the site and, if in possession of an e-mail address, by e-mail.

Should the changes affect any processing whose legal basis is consent, the Controller will re-collect the user’s consent if necessary.