(according to the article 13 of Regulation (EU) 2016/679)
According to the Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, as well as the free circulation of these data (General Data Protection Regulation , hereafter “GDPR” or “Regulation”) – we inform you that your personal data provided to our Company (jointly hereafter “Data”), will be subject, in compliance with the regulation above and in accordance with the confidentiality obligations to which the activity of our Company`s activity inspired by the treatment is defined by Article 4 of Regulation (EU) 2016/679. In particular, we wish to inform you of the following:
Data related to the Data Controller and the Data Protection Manager
The Data Controller is Turismo Medico Italia Srl VIA VITTOR PISANI 28 (20124) MILANO (MI), Italy, e-mail: firstname.lastname@example.org
Purposes and methods of processing
- Processing for purposes related to the execution of the contract
In consideration of the activity carried out by the Data Controller, the collection and processing of your data has the purpose:
- Execution of obligations derived from contractual relations or for the performance of pre-contractual activities
- Planning of activities;
- customer management;
- fulfillment of accounting and tax obligations;
- litigation management.
The legal basis of the indicated processing consists in the execution of the contract (Article 6, paragraph 1, letter b) of the Regulation).
- Processing for purposes related to sending promotional communications
But only with your express consent, your personal data, including the telephone number, may also be processed for promotional and marketing purposes, including but not limiting to sending our periodic newsletter (containing information on our services, promotional and advertising material, as well as invitations to events organized by us or by third-party companies with which we work).
The legal basis for the treatment indicated is the consent of the data subject (Article 6, paragraph 1, letter a) of the Regulation).
The personal data of the subject will be processed by personal authorization in charge of processing according to Art. 29 of the EU Regulation 2016/679 or Joint Data Processing pursuant to Art. 26 of the Regulation.
The Data may also be collected from third parties, in which case we will promptly proceed to inform you, as required by Article 14 of the GDPR.
With reference to the methods of data processing carried out by our company, we specify that it will take place both manually and with the aid of IT tools.
The processing of Data for these purposes will take place using computerized and manual methods, based on logical criteriums that are compatible and functional to the purposes for which the data were collected, in compliance with the rules of confidentiality and security provided by the law and by the company’s internal regulations. In particular, the data will be processed by comparison, classification and calculation, as well as by producing lists. Some Data will also be processed on behalf of the Company by third companies, organizations or professionals who, as outsourcing managers, perform specific processing services or activities complementary to ours. The Data referred to the Interested subject are, or have been, provided to the Company by the Interested subject.
The Data Controller in carrying out the activities referred to in Purpose 1) may communicate and transfer your data to third subject, meaning those third subjects authorized to the related data processing, as they are charged with performing or providing specific services strictly functional to the execution of the contractual report, such as:
- banks and credit institutions;
- professionals, partner companies or service providers;
- providers of technological services;
- societies and companies (customers/suppliers).
The names and addresses of these subjects are available at the request of the interested subject.
Personal data transfer to a Third Country
For the recipients of the communication of the Data that are based outside the European Union, the Company obtains the necessary guarantees so that the Data transfer should be carried out in accordance with the provisions of Chapter V of the GDPR.
The Data will be kept completely for the entire period of the contract execution; after, the Data will be kept for a period of ten years for the purpose of complying with legal obligations and, among these, the obligations referred to in articles 2220 and following of the civil code. Any further storage of Data or part of the Data may be ordered to assert or defend its rights in any location and in particular in the courts.
Rights of the interested subject
Regarding your personal data, we inform you that you can exercise the rights provided by articles 15 to 22 of Regulation (EU) 2016/679:
- Access to the following information:
- purpose of the processing,
- categories of personal data in question,
- recipients or categories of recipients to whom such personal data have been or will be communicated, in particular if recipients of third countries or international organizations,
- existence of the right of the data subject to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
- Rectification, i.e.:
- correction of inaccurate personal data concerning you without justified delay,
- integration of incomplete personal data, including providing a supplementary declaration;
- Data cancelation of data concerning without unjustified delay, if:
- the data are no longer necessary respectively to the purposes for which they were collected or otherwise processed,
- a withdrawal of consent is formulated and there is no other legal basis for the processing,
- you oppose the processing and there is no legitimate prevailing reason to proceed with it,
- personal data have been processed illicitly,
- personal data must be deleted in order to fulfill a legal obligation,
- personal data were collected in relation to the offer of information society services;
- Limitation of the processing:
- if you object to the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data,
- when the processing is illicitly and the interested subject opposes the cancelation of personal data and requests instead that the use be limited,
- when personal data are necessary for the interested subject to ascertain, exercise or defend a right in court, although the owner no longer needs them for the purposes of processing,
- if you oppose the processing under the right of opposition;
- To receive notification in case of rectification or cancellation of personal data or limitation of processing;
- Data portability, or right to receive in a structured format, commonly used and readable by automatic device, personal data concerning you and you have the right to transmit such data to another data controller, if:
- the processing is based on the express consent of the interested subject for one or more specific purposes or is carried out according to a contract signed with the interested subject and
- the processing is carried out by automated means;
- Opposition at any time, for reasons related to the particular situation, to the processing of personal data concerning.
To exercise the aforementioned rights, you can contact the Data Controller by sending a registered letter with return receipt to the address indicated or an email to the address email@example.com
You also have the right to lodge a complaint with a supervisory authority if you believe that the rights indicated that have not been recognized.
Obligatory nature or optional nature of providing data and consequences
The provision of Data to our Company is obligated only for Data for which there is a regulatory obligation (i.e. established by laws, regulations, provisions of Public Authorities, etc.) or necessary for the execution of the contract. Failure to provide these personal data prevents the provision of the services referred to in Purpose 1).
Failure to provide personal data in relation to the Purpose 2) has no consequence on the provision of the requested services, however it inhibits the sending of promotional communications relating to the products and services marketed by the Company, including invitations to events, etc…
Consequences in case of refusal to provide the Data
In the presence of a legal or contractual obligation to provide data, the refusal by the Interested subject to provide the Data may lead to the violation by the Interested subject of the rules that establish this obligation (with possible consequences for the Interested subject) or the breach of contract by the Interested subject (which may result in contractual or civil remedies regarding non-performance). In any case, the Company will not be able to carry out the operations that require the processing of the aforementioned Data and this with every consequence and damage to the Interested subject. In cases where the interested subject is free to confer the Data, the refusal to supply them does not result in regulatory or contractual violations (with the related consequences described above). However, if the Data is necessary or strictly instrumental to the execution of the contractual report, the refusal to supply them may determine the impossibility of following up the operations connected to such Data (or in any case may cause delays in the performance of said operations). Any refusal to confer data functional to our activities, other than those necessary or strictly instrumental to the execution of the contractual report, may prevent the conduct of such further activities but does not interfere with the performance of the contractual report in progress.