01 - E - Privacy Policy Professionals

Privacy Policy Professionals

Updated as of 28/04/2022

Premise.

This page, hereinafter “Privacy Policy for Professionals”, informs the User interacting with the Platforms in the exercise of their entrepreneurial, commercial, or professional activity, hereinafter “Professional”, of the “Privacy Policy” for the use of the website “myspecialdoctor.it” and the applications called “My Special Doctor”, hereinafter “Platforms”, or the policies regarding the collection, use, and disclosure of personal data of Professionals, hereinafter “Personal Data”, when they use the Platforms and benefit from the services offered therein, hereinafter “Services”.

It is specified that Personal Data is collected and used in order to provide the Services and make them accessible and functional. The information and data collected will be used to provide and improve the service and will not be used for purposes unrelated to or exceeding those described in this Policy.

By using the Platforms, the Professional agrees to the collection and use of information in accordance with this policy, which, in compliance with applicable laws, ensures that all treatments are always based on the principles of lawfulness, fairness, transparency, purpose limitation, data retention limitation, and data minimization, integrity, accuracy, and confidentiality.

ARTICLE 1. Data Controller.

The Data Controller, hereinafter “Controller”, is the natural or legal person, public authority, service, or other body that, individually or jointly with others, determines the purposes and means of processing Personal Data. For the purposes of this Privacy Policy for Professionals regarding the processing of Personal Data, the Controller is the company VITA MIA S.r.l., hereinafter “MSD”, with legal headquarters in Fano (PU), Via Roma 125/F, [email protected], VAT number 02771710411.

For any information related to the processing of Personal Data by MSD, including the list of responsible parties and collaborators in the processing of their Personal Data, Professionals can:

Send a registered letter to the legal headquarters of MSD:
Send an email to the address [email protected];
Send an email to the PEC address “[email protected]”.

The Professional is informed that the Controller has appointed a Data Protection Officer (DPO) for the protection of Personal Data, who can be contacted at any time using the same methods provided to contact the Data Controller.

ARTICLE 2. Subject of Processing.

By using the Platforms, MSD informs the Professionals that their Personal Data will be processed in order to ensure the proper and optimal functioning of the Services.

The data collected and processed may include:

Data whose processing is aimed at identifying the Professional. Specifically: name and surname, tax code, VAT number, address of the place where the professional activity is carried out, billing address, professional association membership, registration number, main specialization, billing email, contact mobile phone, website address of the Professional, and their photographic portraits;
Data related to the fixed or mobile device in order to ensure the proper and optimal functioning of the services through the Platforms;
Data related to position and geolocation for the purposes of services provided by MSD;
Any other data voluntarily provided by the Professional for the better functioning of the Platforms or to access the Services.

The Professional acknowledges that MSD is able to recognize and record the ID and IP address of the device used by the Professional to access the Platforms, as well as to store such data. By using the geolocation functions, the Professional authorizes MSD to store this data and use it in an anonymous form, i.e., without exposing the ID and IP address of the device, for technical studies, statistical analysis, and market analysis. By using the geolocation functions, the Professional declares that they have read and accepted this Privacy Policy and have been informed about the use and processing of Personal Data by MSD.

ARTICLE 3. Purposes of Processing Personal Data.

The processing of Personal Data has the following purposes:

Allow the Professional to use the Platforms and benefit from the Services;
Respond to requests for assistance or information;
Fulfill any legal, accounting, and tax obligations;
Promote security and protection within and outside the Platforms, for example, by analyzing accounts and/or suspicious activities reported by other Users, or violations of the terms of use to ensure lawful use of the Services; to identify, analyze, prevent, and manage fraud and other illegal activities or technical or security problems. All of this is aimed at protecting the rights, property, and safety of the Professionals and/or third parties;
Conduct profiling activities to determine habits and preferences;
Conduct studies, research, market statistics, send advertising materials, informative materials, commercial information, or surveys to improve the Platforms via email, push notifications, or through informational/advertising banners within the Platforms.

The legal basis for processing Personal Data, data related to fixed and mobile devices, and geolocation for the purposes of points a), b), and c) is Article 6, paragraph 1, letter b) of EU Regulation no. 679/2016, as “the processing is necessary for the execution of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the same.” Providing Personal Data for these purposes is optional, but failure to provide it would make it impossible to activate and/or fully use the Services.

The legal basis for processing such personal data for the purposes of point d) is Article 6, paragraph 1, letter c) of EU Regulation no. 679/2016, as once consent is given for the processing of Personal Data, processing in these terms becomes necessary to fulfill a legal obligation to which the data controller is subject.

The legal basis for processing such personal data for the purposes of points e) and f) is Article 6, paragraph 1, letter a) of EU Regulation no. 679/2016, as the processing of personal data for such purposes is not necessary for the provision of the Services, and therefore processing is optional. Failure to provide consent will not affect the enjoyment of the Services. At any time, the Professional may revoke the consent previously given by sending a request to the contacts listed in Article 1 of the Privacy Policy for Professionals.

Finally, MSD informs that it has obtained certain Personal Data of the Professional from publicly accessible registers, such as the official registers held by medical associations or the Professional’s public profiles on the web. In other cases, the contact details of the Professional may be provided to MSD by their patients or colleagues who have freely chosen to recommend the Professional to MSD in their capacity as a healthcare professional.

ARTICLE 4. Transmission of the Professional’s Personal Data.

The Professional’s Personal Data may be shared, for the above purposes, with:

a) data controllers, i.e.:

individuals, companies, or professional firms that provide assistance and consultancy to MSD in accounting, administrative, legal, tax, and financial matters;
entities necessary for the provision of the Services, such as hosting providers or email platform providers, IT service providers, including companies hosting the servers used by the Controller;
call centers and providers of SMS and email services;
insurance companies;
other entities that have signed outsourcing service contracts with the Controller;
companies belonging to the group MSD is part of;
entities delegated to carry out technical maintenance activities, including maintenance of network devices and electronic communication networks;
persons authorized by MSD to process data, respecting confidentiality guarantees or assuming legal confidentiality obligations, such as MSD’s employees and internal collaborators.

b) entities, bodies, or authorities to whom Personal Data must be communicated due to legal requirements or orders from authorities.

ARTICLE 5. Retention of Personal Data.

The Personal Data processed for the purposes of points a), b), and c) will be stored for the time strictly necessary to achieve those purposes.

The Personal Data processed for the purposes of point d) will be stored for the time necessary to fulfill the specific legal obligation or applicable legal norm.

For the purposes of points e) and f), the Professional’s Personal Data will be processed until consent is revoked and/or until the individual Professional objects.

MSD is particularly attentive to the privacy of Professionals and, for this reason, aims to ensure full clarity regarding the processing of data related to position and geolocation.

Further information regarding the period and methods of data retention, as well as the criteria used to determine this period, can be requested by Professionals by sending communication to the contact details previously indicated in Article 1 of the Privacy Notice for Professionals.

ARTICLE 6. Transfer of Personal Data.

Personal Data is processed and stored within the European Union, but for the better provision of the Services, it may be shared with third parties located outside the European Economic Area.

MSD will take all necessary measures to ensure that Personal Data is processed securely and in compliance with the Privacy Notice for Professionals, ensuring that no transfer of Personal Data occurs to an organization or country outside the EU, unless there are adequate safeguards for the processing of Personal Data.

ARTICLE 7. Relations with Third Parties.

Messages sent by other Users may contain links to third-party websites not directly controlled by MSD. In this case, MSD is not responsible for the privacy practices of these third parties and encourages the Professional to review the privacy policies and statements of such third parties.

ARTICLE 8. Security.

MSD takes all necessary precautions to protect the security of Personal Data, particularly to prevent alterations, damage, or unauthorized access by third parties.

ARTICLE 9. Profiling.

If consent is provided for the processing of Personal Data for the purpose of accessing personalized Services through profiling, the data may be subject to an automated decision-making process using a specific algorithm that will determine which communications are most suitable for the Professional’s profile or which may be of greater interest. This process may, for example, result in the sending of highly targeted commercial communications, discounts, or invitations to events deemed of interest.

ARTICLE 10. Rights of the Professionals.

According to applicable law, the Data Controller informs that Professionals have the following rights:

the right to obtain information about the origin of the Personal Data, the purposes and methods of processing, the logic applied in case of processing by electronic means, the identification details of the data controller and processors, and the entities or categories of entities to whom Personal Data may be communicated or who may become aware of them as controllers or authorized persons;
the right to obtain access to, update, rectify, or, when relevant, integrate Personal Data;
the right to obtain the deletion, anonymization, or blocking of Personal Data processed in violation of the law, including those no longer necessary for the purposes for which they were collected or further processed;
the right to withdraw consent at any time, if the processing is based on their consent;
the right to data portability, the right to limit the processing of Personal Data, and the right to deletion;
the right to object, in whole or in part, for legitimate reasons, to the processing of Personal Data related to them, even if relevant to the purpose of collection;
the right to file a complaint with a supervisory authority in the EU member state of habitual residence, workplace, or where the alleged violation occurred.

The Italian supervisory authority is the Garante per la protezione dei dati personali, based in Piazza Venezia, 11, 00187 – Rome (http://www.garanteprivacy.it).

To exercise the above rights, the Professional must contact in writing the following address: “[email protected]”. The request will be processed by MSD within a maximum of two months from receipt, unless specific circumstances apply; the request must be accompanied by a photocopy of an ID document bearing the signature of the holder.

If a Professional’s requests are manifestly unfounded or excessive, particularly due to their repetitive nature, MSD may:

request payment of a reasonable fee to cover the administrative costs incurred to provide the information, make the communications, or take the requested measures; or alternatively,
refuse to respond to such requests.

ARTICLE 11. Changes to the Privacy Notice.

MSD reserves the right to modify and/or update the Privacy Notice for Professionals, notifying the Professional through the most appropriate means. The use of services provided through the Platforms will constitute acceptance of the modified Privacy Notice for Professionals. It is recommended to consult the Privacy Notice periodically. If the Professional does not accept that the conditions of the new Privacy Notice apply to their future use of the Platforms, they are invited to cease using them.