Information pursuant to Article 13 of Reg. 2016/679 / EU concerning the processing of personal data (henceforth also "GDPR")
The Società Medi Sport s.r.l. , with registered office in Via Acque Alte, 23 - 04014 Borgo Podgora (LT) Italy and registered office at Via Oberdan 24, 04100, Latina, CF and P.iva 01530650595 - Business Register 17438, C.C.I.A.A. LATINA 95099. Contact details: firstname.lastname@example.org, Tel. +39 0773 636100 - Fax +39 0773 636002, as data controller for the execution of contractual relations, processes personal data of users of the website www .medisport.it, as well as the commercial service offered by the Company. The processing takes place in respect of the rights of the user concerned, in a lawful, transparent and correct manner. This information only concerns the treatment carried out by Medi Sport s.r.l. in its business relationships and on the website www.medisport.it, not also the processing by third parties owners of websites to which this site redirects. On these sites, Medi Sport s.r.l. has no control and is not liable for the processing of data that occurs on them. The interested User is therefore required to consult the privacy policies of the sites of the aforementioned third parties. The owner informs you pursuant to art. 13 EU Regulation n. 2016/679 that your data will be processed in the manner and for the following purposes.
1. Types of data (What data we ask you)
1.1 Customer data
To interact with the User, with Customers, with suppliers and, in general, with interested parties in the ordinary commercial and legal relations, the Company will have to acquire some data of the interested party, including - not necessarily in a cumulative way, they could be only some are needed - your identification data, physical and electronic addresses, fixed and / or mobile telephone numbers, bank details or credit card numbers or other means of payment, any particular data contained in the CV, as well as any other data that is absolutely essential for providing the Service, in compliance with the principle of necessity and proportionality.
1.2 Navigation data
browsers and browsing devices.
Described in the following point: "Processing methods and technologies used"
1.4 Data voluntarily sent by the user
If the User sends spontaneous communications to the company for registration to the newsletter or to receive commercial information, only if such treatment has been explicitly authorized, the name, telephone and the relative E-mail address are acquired, as well as any data contained in the communication .
2. Purpose of processing (Because we use your data)
The data the interested party transmits to Medi Sport s.r.l. & nbsp; in commercial relationships, or through the site are treated:
A) without your express consent (Article 6 letter b), e) GDPR), for the following Service Purposes:
- conclude contracts for the owner's services;
- to fulfill the pre-contractual, contractual and fiscal obligations deriving from existing relationships with you;
- to fulfill the obligations provided for by law, by a regulation, by EU legislation or by an order of the Authority (such as in the field of anti-money laundering);
- exercise the rights of the Owner, for example the right to defend in court;
B) Only with your specific and distinct consent (art. 7 GDPR), for the following Marketing Purposes:
- send you e-mail newsletters and commercial communications and / or advertising material about products or services offered by the Data Controller.
Depending on the purpose considered, the legal basis of the processing is the Law, the contract with the person concerned, the legitimate interest of the data controller or the consent of the data subject. The legitimate interests pursued by the owner consist in direct marketing (to the extent permitted by law), in verifying site functionality and improving it, in protecting corporate assets and optimizing commercial communications.
3. Processing methods and technologies used (How we treat them)
The processing of your personal data is carried out by means of the operations indicated in the art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are processed both on paper and electronic and / or automated. The processing of data takes place using appropriate tools and procedures to guarantee security and confidentiality. The computer systems and computer programs used to operate the site collect some personal data whose transmission is implicit in the use of Internet communication protocols (eg IP addresses or domain names of computers used by users connecting to the site, addresses and times of requests, connection method to the server, numerical result code and parameters relating to the user's operating system). Although this is information that is not collected to be associated with identified interested parties, by their nature they could allow users to be identified through processing and association with data held by third parties.These data are used only to obtain statistical information (not associated with any identification data of the user) on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site. & Nbsp; Medi Sport s.r.l. does not use automated decision-making IT processes, does not perform any profiling activities, therefore, does not record, does not store and does not process data related to the choices, habits and purchasing preferences of its Customers, nor does it create profiles (individual and / or aggregated) to the purpose of proposing targeted offers. Consent will be requested, where necessary, for the purposes of marketing and commercial communication, referred to in point 2 B). This consent is optional, if not provided there will be no consequence, other than the impossibility to receive improvement offers, promotions and marketing activities. The website and the commercial offer of the Company convey information and, consequently, process personal data, also possibly through social networks (via the LinkedIn page, for example) and social media (such as Facebook, for example): in accordance with the Privacy Guarantor's Guidelines on social spam of 04.07.2013, we inform the interested party that the advertising contacts with automated systems will only take place on these channels with the prior consent, while on social networks they may receive communications for the sole fact of following (follow) the page or profile. If the User does not intend to provide his data, he is therefore required to leave the site.
4. Duration of the processing (when we store your data)
The processing of data will take place for the time necessary for the pursuit of the purposes referred to in point 2. for which it is authorized and in any case not later than the deadline referred to in the contract / assignment existing between the parties, as well as, after the conclusion of the specific processing, in order to comply with the civil and fiscal legal obligations applicable to the existing relationship, as well as any other legal fulfillment / obligation which the Data Controller is obliged to. - The Owner will process personal data for no more than 10 years from the collection of consent for Marketing Purposes. Access to the website www.medisport.it activates methods of automatic collection of information (technical cookies) necessary for the correct navigation in the aforementioned sites which are automatically canceled upon expiration or closing of the session.
5. Access to data (who can access your data)
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
- to employees and collaborators of the owner of Medi Sport s.r.l. , in their capacity as appointees and / or internal processors and / or system administrators;
- to third-party companies or other parties (for example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that carry out outsourced activities on behalf of the Owner, in their quality of external processors.
6. Data communication (to whom we communicate them)
The following categories of internal and external officers and managers, identified in writing and to whom specific written instructions have been given, may become aware of the personal and identification data relating to the processing in question.
management and purchasing and sales employees for the purposes referred to in point 2, letter B;
professionals or service companies for the performance of corporate, tax and accounting obligations, business administration and management, including employees of the same, who operate on behalf of the Company;
professionals or service companies for the management and maintenance of the IT system that operate on behalf of the Company, limited to the task assumed, subject to the signing of obligations and restrictions of confidentiality and security in the processing of data, such as the companies reported below:
Hosting IT (current supplier: Aruba S.p.a.)
Payment System Management (Banca Intesa San Paolo - SETEFI MonetaWeb)
Furthermore, the personal data in question, within the limits and for the purposes of the preceding point 2, can be communicated to:
Service companies that deal with financial information and credit recovery.
Personal data is not subject to public disclosure. Your data will not be disclosed.
7. Data transfer (to whom we send them)
Personal data is stored on remote servers located in the EU area.
8. Nature of data provision and consequences of refusal to respond (because we can process your data)
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we cannot guarantee the services of the art. 2.A).
The provision of data for the purposes referred to in art. 2.B) is instead optional. He may therefore decide not to give any data or subsequently deny the possibility of processing data already supplied: in this case, he will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by the Owner. However, he will continue to be entitled to the Services referred to in art. 2.A).
9. Rights of the interested party (What you can ask us)
As an interested party, you have the rights set forth in art. 15 GDPR and precisely the rights of:
obtain confirmation of the existence or not of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
obtain the indication: a) of the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the aid of electronic instruments; d) of the identification data concerning the data controller, data processors and the representative designated pursuant to art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or appointees;
obtain: a) updating, rectification or, when interested, integration of data; b) the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data which does not need to be kept for the purposes for which the data was collected or subsequently processed; c ) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which such fulfillment is revealed impossible or involves the use of means manifestly disproportionate to the protected right;
object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by phone and / or mail. Please note that the interested party's right of objection, set out in the previous point b), for direct marketing purposes by automated means, extends to the traditional ones and that the possibility for the interested party to exercise the right of opposition also remains valid only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.
Where applicable, it also has the rights set forth in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of treatment, right to data portability, right to object), as well as the right to complain to the Guarantor Authority.
10. How to exercise rights (to communicate with us)
You can exercise your rights at any time by sending:
a registered letter a.r. to Medi Sport s.r.l. - Via Acque Alte, 23 - 04014 Borgo Podgora (LT) Italy
This information is subject to changes and updates, for which the User is invited to consult it regularly. Please let us know if you have not understood one or more of this information and contact us for further information.