Privacy Policy Patients
Updated as of 28/04/2022
Premise.
This page, hereinafter “Patient Privacy Notice”, informs the User interacting with the Platforms for personal purposes and in any case unrelated to the exercise of any entrepreneurial, commercial, or professional activity, hereinafter “Patient”, of the “Privacy Policy” for the use of the website “myspecialdoctor.it” and the applications called “My Special Doctor”, hereinafter “Platforms”, or the policies regarding the collection, use, and disclosure of personal data of Patients, hereinafter “Personal Data”, when they use the Platforms and benefit from the functions accessible following registration, hereinafter “Functions”. It is specified that Personal Data is collected and used in order to make the Platforms functional. The information and data collected will be used to provide and improve the service and will not be used for purposes unrelated to or exceeding those described in this Notice.
By using the Platforms, the Patient accepts the collection and use of information in accordance with this policy, which, in compliance with applicable laws, ensures that all treatments are always based on the principles of lawfulness, fairness, transparency, purpose limitation, data retention limitation, data minimization, integrity, accuracy, and confidentiality.
ARTICLE 1. Data Controller.
The Data Controller, hereinafter “Controller”, is the natural or legal person, public authority, service, or other body that, individually or jointly with others, determines the purposes and means of processing Personal Data. For the purposes of this Patient Privacy Notice regarding the processing of Personal Data, the Controller is the company VITA MIA S.r.l., hereinafter called “MSD”, with legal headquarters in Fano (PU), Via Roma 125/F, [email protected], VAT number 02771710411.
For any information related to the processing of Personal Data by MSD, including the list of responsible parties and any collaborators in the processing of their Personal Data, Patients can:
- Send a registered letter to the legal headquarters of MSD:
- Send an email to the address [email protected];
- Send an email to the PEC address “[email protected]”.
The Patient is informed that the Controller has appointed a Data Protection Officer (DPO) for the protection of Personal Data of Professionals, who can contact the DPO at any time using the same methods provided to contact the Data Controller.
ARTICLE 2. Purpose of the Processing.
By using the Platforms, MSD informs the Patients that their Personal Data will be processed in order to ensure the proper and optimal functioning of the Platforms.
The data collected and processed may consist of:
- data whose processing is aimed at identifying the Patient. Specifically: name and surname, tax code, residence address, billing address, email for invoicing, contact mobile phone number, photographic portraits;
- data related to the fixed or mobile device in order to ensure the correct and optimal functioning of the Platforms;
- data related to position and geolocation for the Platform’s Functions;
- any other data voluntarily provided by the Patient for the better functioning of the Platforms.
The Patient acknowledges that MSD is able to recognize and record the ID and IP address of the device the Professional uses to access the Platforms, as well as to store such data. By using the geolocation functions, the Patient authorizes MSD to store this data and use it in an anonymous form, that is, without exposing the ID and IP address of the device, for technical studies, statistical analysis, and market analysis. By using the geolocation functions, the Patient declares to have read and accepted the Patient Privacy Notice and to have been informed about the use and processing of Personal Data by MSD.
ARTICLE 3. Purpose of the Processing of Personal Data.
The processing of the above-mentioned Personal Data by the Platforms has the following purposes:
- allow the Patient to use the Platforms and benefit from the Functions;
- respond to requests for assistance or information;
- fulfill any legal, accounting, and tax obligations;
- promote security and protection within and outside the Platforms, for example, by analyzing accounts and/or suspicious activities reported by other Users, or violations of the terms of use to ensure lawful use of the Platforms; to identify, analyze, prevent, and manage fraud and other illegal activities or technical or security problems; all in order to protect the rights, property, and safety of the Patient and/or third parties;
- conduct profiling activities to determine habits and preferences;
- process studies, research, market statistics, send advertising materials, informative information, commercial information, or surveys to improve the Platforms via email, push notifications, or through informational/advertising banners within the Platforms.
The legal basis for the processing of Personal Data, data related to fixed and mobile devices, and geolocation for the purposes of points a), b), and c) is Article 6, paragraph 1, letter b), of EU Regulation no. 679/2016, as “the processing is necessary for the execution of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the same.” Providing Personal Data for these purposes is optional, but failure to provide it would make it impossible to activate and/or use the Functions in full.
The legal basis for the processing of Personal Data for the purposes of point d) is Article 6, paragraph 1, letter c) of EU Regulation no. 679/2016, as, once consent is given for the processing of Personal Data, processing in these terms becomes necessary to fulfill a legal obligation to which the data controller is subject.
The legal basis for processing such personal data for the purposes of points e) and f) is Article 6, paragraph 1, letter a) of EU Regulation no. 679/2016, as the processing of personal data for such purposes is not necessary for the provision of the Functions, and therefore processing is optional. Failure to provide consent will not affect the enjoyment of the Functions. At any time, the Professional may revoke the consent previously given by sending a request to the contacts listed in Article 1 of the Patient Privacy Notice.
ARTICLE 4. Transmission of the Patient’s Personal Data.
Personal Data may be shared, for the above purposes, with:
a) data controllers, such as:
- people, companies, or professional firms that provide assistance and consulting services to MSD in accounting, administrative, legal, tax, and financial matters;
- entities with whom it is necessary to interact to ensure the operation of the Platforms, such as hosting providers or email platform providers, IT service providers, including companies hosting the servers used by the Data Controller;
- call centers and SMS/email service providers;
- insurance companies;
- other entities that have signed an outsourcing services contract with the Data Controller;
- companies belonging to the group to which MSD belongs;
- delegated entities to carry out technical maintenance activities, including maintenance of network devices and electronic communication networks;
- persons authorized by MSD to process data with respect to confidentiality guarantees or legal obligations of confidentiality, such as employees and internal collaborators of MSD.
b) entities, bodies, or authorities to whom it is mandatory to disclose Personal Data pursuant to legal provisions or orders of authorities.
ARTICLE 5. Retention of Personal Data.
The Personal Data processed for the purposes of points a), b), and c) above will be retained for the time strictly necessary to achieve those same purposes.
The Personal Data processed for the purposes of point d) will be retained for the time necessary to fulfill the specific legal obligation or applicable law.
For purposes e) and f), the Personal Data will be retained for a period not exceeding 24 months, from the moment they are voluntarily provided by the Patient, and may be used for promotional activities unless consent to the processing of such data is revoked by the Patient before.
ARTICLE 6. Rights of the Data Subject.
At any time, the Patient may exercise their rights under Article 15 et seq. of EU Regulation no. 679/2016, by contacting MSD at the above-mentioned addresses. These rights include:
- Right to access: the Patient has the right to obtain confirmation as to whether or not Personal Data concerning them is being processed, and, if so, access to such data;
- Right to rectification: the Patient has the right to request the correction of inaccurate Personal Data and the integration of incomplete Personal Data;
- Right to erasure: the Patient has the right to request the erasure of their Personal Data under the conditions provided by Article 17 of EU Regulation no. 679/2016;
- Right to restriction of processing: the Patient has the right to request the restriction of the processing of their Personal Data, in cases provided by Article 18 of EU Regulation no. 679/2016;
- Right to data portability: the Patient has the right to receive Personal Data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format, and has the right to transmit such data to another Data Controller without hindrance;
- Right to object: the Patient has the right to object, at any time, to the processing of their Personal Data on the grounds of legitimate interest, including profiling based on such interests;
- Right to withdraw consent: the Patient has the right to withdraw consent to the processing of Personal Data at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- Right to lodge a complaint with the supervisory authority: the Patient has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), if they believe their rights have been violated.
ARTICLE 7. Transfer of Personal Data outside the European Union.
MSD does not transfer Personal Data to third countries or international organizations, except for cases where, under the provisions of EU Regulation no. 679/2016, the data is transferred based on adequate safeguards or the express consent of the Patient.
ARTICLE 8. Changes to the Privacy Notice.
MSD reserves the right to modify or update this Privacy Notice at any time. Any changes will be promptly communicated to the Patient through appropriate notices on the Platforms. The Patient is invited to periodically check this Privacy Notice to be informed of any updates.
p>ARTICLE 9. Security of Personal Data.MSD takes the security of Personal Data seriously and adopts appropriate technical and organizational measures to protect Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are continually assessed and improved to ensure a high level of security. However, it is important to note that no method of transmission over the Internet or electronic storage is 100% secure. While MSD strives to use commercially acceptable means to protect Personal Data, it cannot guarantee absolute security.
ARTICLE 10. Cookies and Similar Technologies.
The Platforms may use cookies and similar technologies to enhance the user experience, facilitate navigation, and personalize content. Cookies are small data files stored on the Patient’s device that enable the Platforms to remember certain information about the user’s preferences or actions over time. The Patient can manage cookie preferences through the settings of their web browser or device. By continuing to use the Platforms, the Patient consents to the use of cookies in accordance with this Privacy Notice.
ARTICLE 11. Contact Information.
If you have any questions, concerns, or requests regarding this Privacy Notice or the processing of your Personal Data, please contact MSD at:
- Address: Via Roma 125/F, Fano (PU), Italy
- Email: [email protected]
- PEC: [email protected]
By using the Platforms, the Patient confirms that they have read and understood this Privacy Notice and consents to the collection and processing of their Personal Data as described above.