INFORMATIVA SULLA PRIVACY
INFORMATION FOR THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF THE EUROPEAN REGULATION N. 679/2016 (THE “GDPR”)
1. PERSONAL DATA SUBJECT TO THE TREATMENT
The personal data processed through the Site are as follows
1.1 NAVIGATION DATA
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which, by their very nature, could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and of our customers’ sites and to check their correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site or third parties: except for this eventuality, the data on web contacts do not currently persist for more than seven days, unless requested by the user (eg: access to the user’s personal pages within Carbet Medica s.r.l. which summarize the services used, the information published, etc.).
1.2 DATA PROVIDED VOLUNTARILY BY THE USER
If you decide to register on the site for the provision of certain services such as, for example, subscribing to the newsletter, requesting information from Carbet Medica s.r.l. through the Contact form or the purchase of products, you will be asked to fill in a data collection form and to provide some personal data, such as name, surname, tax code, date of birth, company name, address, city, province, zip code , country, telephone, e-mail, bank and payment details, hereinafter “personal data”.
2. PURPOSE OF THE TREATMENT
Your personal data are processed:
2.A) without your express consent art. 6 lett. b), c), e), f) GDPR Regulation, for the following Service Purposes:
a) conclude the contracts for the services and/or products provided by the Data Controller and fulfill the request
of the interested party for the purchase of a product and/or service and the request for registration on the Site;
b) fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships with you;
c) allow navigation and consultation of the Site;
d) respond to requests for assistance or information, which we will receive via e-mail, telephone or using the appropriate “Contact” form on the Site.
e) fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as in the matter of anti-money laundering);
f) exercise the rights of the Owner, for example the right of defense in court;
2.B) only with your specific, explicit and distinct consent, for the following Marketing purposes: send you by e-mail, mail and/or sms and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and detection of the degree of satisfaction with the quality of services; send you commercial and/or promotional communications from third parties (for example, business partners and other Group companies) via e-mail, post and/or sms and/or telephone contacts.
We point out that if you are already a customer of ours, we will be able to send you commercial communications relating to the Owner’s services and products similar to those you have already used, unless you disagree.
Where the subject who provides the data is under the age of 16, the processing is lawful (Article 8 of the GDPR Regulation) only if and to the extent that consent is given or authorized by the holder of parental responsibility for which they are acquired the identification data and a copy of the identification documents.
3. LEGAL BASIS, NATURE OF THE PROVISION AND CONSEQUENCES OF REFUSAL
The provision of data for the purposes referred to in point 2.A is mandatory. In their absence, we will not be able to guarantee you the Services referred to in point 2 A. The legal basis for the processing of data referred to in letters a), b), c), d) is art. 6 lett. (b) (e) of the GDPR Regulation as the treatments are necessary for the provision of the contractual services. The legal basis of the data processing referred to in letters e) and f) is the art. 6 lett. (c) and (f) GDPR Regulation.
The provision of data for the purposes referred to in point 2.B. however, it is optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by the Data Controller.
However, you will continue to be entitled to the Services referred to in point 2.A.
4. METHOD OF TREATMENT
The processing of your personal data is carried out by means of the operations indicated in art. 4 no. 2) GDPR regulation and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
Your personal data are subjected to both paper and electronic and/or automated processing and in any case with tools having organizational and processing logics strictly related to the purposes themselves and in any case in order to guarantee the security, integrity and confidentiality of the data themselves in compliance with the organizational, physical and logical measures envisaged by the provisions in force.
5. DATA RETENTION
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purposes and for no more than 2 years from the collection of data for the Marketing Purposes.
6. RECIPIENTS OF THE DATA
Your data may be made accessible for the purposes referred to in point 2.:
a) to employees and collaborators of the Data Controller or of Group companies in Italy and abroad, in their capacity as persons in charge and/or internal data processors and/or system administrators;
b) to third-party companies or other subjects (as an indication, credit institutions, professional firms, consultants) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.
c) subjects, bodies or authorities to whom it is mandatory to communicate your personal data pursuant to provisions of the law or orders from the authorities. These subjects will process the data in their capacity as independent data controllers.
7. DATA TRANSFER
Personal data is stored on servers located in Italy – EU.
In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses envisaged by the European Commission.
8. RIGHTS OF THE INTERESTED PARTY
In your capacity as an interested party, you enjoy the rights referred to in articles 15 and following of the GDPR Regulation and, therefore, you have the right to ask Carbet Medica s.r.l. :
a) access to your personal data;
b) the rectification of your personal data;
c) the cancellation of your personal data;
d) the limitation of treatment in the cases provided for by art. 18 of the GDPR Regulation;
e) to obtain the data concerning you in a structured format, commonly used and readable by an automatic device, in the cases provided for by art. 20 of the GDPR Regulation.
In any case, you have the right to lodge a complaint with the Guarantor for the protection of personal data and, with reference to art. 6 paragraph 1, letter a) and art. 9, paragraph 2, letter a), has the right to revoke the consent given at any time.
9. METHOD OF EXERCISE OF RIGHTS
The interested party may at any time exercise the rights by sending: a registered letter with return receipt to Carbet Medica s.r.l. at the registered office in viale Beatrice d’Este, 24 Milan. or email to firstname.lastname@example.org or email@example.com
10. SUBJECTS OF THE TREATMENT
The Data Controller is Carbet Medica s.r.l. with registered office in viale in viale Beatrice d’Este, 24 Milan.
The updated list of personal data processors can be easily consulted at the headquarters of the Data Controller.
Last updated, 21 March 2023