2. Data Controller
Pursuant to the GDPR, the Company, through its legal representative, is the data controller (the “Data Controller”), and may be contacted by you for any request of information on the matter by e-mail at firstname.lastname@example.org.
The updated list containing names of data processors and sub-processors is kept at the Company’s registered office, as indicated above.
3. Types of Personal Data Subject to Data Treatment
The Data Controller may collect and use certain personal data (the “Data”) and, in particular:
(a) personal and contact information such as first name, last name, address, telephone number and e-mail; and/or
(b) professional information on job title, work address, place of work;
all voluntarily provided by you through registration forms or to request access to the Website’s reserved area.
The Company may also collect automatically browsing information, during your navigation on the Website. Among such information, there are IP addresses, time of the request, Website access frequency and exploration information.
These data are used only to acquire statistical information, anonymously, on the Website use and its proper operation and will be erased after being processed.
4. Purpose of Data Treatment
The Personal Data will be treated in accordance with the GDPR and subject to users’ consent for the following purposes:
i) replies to specific contact or information requests, updates on Company’s activity and the events its organizes;
ii) compliance with applicable laws or requests from judicial authorities.
Moreover, in case a specific consent is given, Data may also be used for commercial and marketing purposes, such as:
iii) delivery of newsletters and/or communications having medical-scientific or promotional nature and/or other material having commercial purposes;
iv) elaboration of statistics for internal use, determination of customer satisfaction levels with respect to services and activities provided, also through third parties, market researches, Company and its group’s promotion.
5. Nature of Data Communication and Related Consequences
You are free to provide your Data through the Website or by e-mail; however a refusal to provide them may result in the impossibility for you to receive the articles, newsletters and any other communication requested.
6. Processing Methods
Data will be processed by means of such operations as indicated under article 4, paragraph 2 of the GDPR and namely, by means of collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Without prejudice to Article 8 below, Data will be processed at the Company’s registered office, with mechanical or non mechanical processes, solely for the purposes for which they were collected, in compliance with confidentiality obligations and with the security measures set forth by the applicable laws.
7. Data Protecting
Data will be kept for the time strictly necessary for the purposes they were collected and, in any case, for no later than 24 months, unless otherwise provided for by the laws and the competent authorities.
The Data Controller shall enhance and adopt all such technical, IT, organizational, logistics and procedural security measures granting an adequate level of protection required under the GDPR.
The Company will take appropriate security measures to prevent destruction, unlawful or inappropriate use and unauthorized access to said Personal Data. In particular, the Data Controller may use:
(a) firewall, such as protection systems that prevent unauthorized access to corporate information system;
(b) data encryption, such as methods to mask the data and information when data are sent or received in order to make them deciphered only to the intended recipient;
(c) digital certification;
(d) further electronic or automatic tools suitable to ensure protection and confidentiality of Personal Data, according to the GDPR.
Although the Company has implemented the above security measures for this Website, you should be aware that complete security is not possible. Therefore, your providing of your Data is done at your own risk and, to the greatest extent permitted under applicable laws, the Company shall have no liability as a result of the disclosure of your personal information due to errors, omissions or unauthorized acts of third parties during or after the transmission thereof to us.
You are therefore advised (i) to periodically update your software for protecting data transmission over networks (for example, antivirus software) and check that your provider of electronic communication services has adopted suitable means for the security of data transmission over networks (for example, firewalls and ant spamming filters); (ii) keep confidential, and not to disclose to any else, your username and password to access to your account; and (iii) to change your password from time to time.
Data may be communicated for the purposes specified above, and treated on Company’s behalf, to its employees and consultants who shall be in charge as data processors or data handlers, in accordance with the law.
Data may also be communicated to other companies, entities or professionals in charge with elaboration activities, as well with activities that are necessary or supplementary to the Company’s business; in such cases, they will act as independent data controllers, solely for the purposes of their activities and for the time necessary to pursue the,.
The list of such third parties will be kept constantly updated and may be requested to the Company.
9. Data Subject’s rights
Pursuant to article 15 of the GDPR, as Data subject, you shall have the right to:
- access to your Data;
- oppose to their treatment for legitimate reasons;
- have your Data corrected, cancelled or limited;
- with no obstruction or impediment, to obtain your Data in a readable automatic format to be transferred to another Data controller;
As well as the right to:
- revoke your consent;
- submit a claim to the Italian Privacy Authority.
Objection to data processing for marketing, either direct or by third parties, through automated means is extended also to traditional Data processing; however objection may be partially exercised You may then decide to receive communication through traditional channels or through automated means or no communication at all.
10. Exercise of Rights
As Data subject you can exercise your rights by sending a communication to the Company by registered mail receipt at Hulka S.r.l., Viale della Scienza no. 26, 45100 Rovigo, or by e-mail sent at email@example.com