Prof. Dario Bertossi, born in Mira (Ve) on 23/07/1964, residing at Via Redentore 9 in Verona, VAT no. 03470780234 (“Prof. Bertossi”) is a University Professor and surgeon specialised in aesthetic medicine, who offers users the opportunity to view his activities, treatments, courses, and request an appointment with Prof. Bertossi through his website www.dariobertossi.com.
Through this document, Prof. Bertossi, as the Data Controller of the processing activities of personal data (hereinafter, the “Data Controller“), intends to render the disclosure pursuant to Articles 13 et seq. of EU Regulation 679/2016 (hereinafter, the “Regulation“), with reference to the processing of the personal data of users (hereinafter, the “User/Users“) who visit the website www.dariobertossi.com (hereinafter, the “Website“).
TYPES OF DATA PROCESSED AND PROCESSING TYPES
- Browsing data: during normal operation, computer systems and software procedures that serve to keep the website operational collect certain personal information, whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but given its nature it could allow for identifying users when processed and associated with data kept by others. This category includes the IP addresses or domain names of computers used by users who connect to the site, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time the request is made, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the response status from the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment. Such data are used for the sole purpose of compiling anonymous statistical data regarding the use of the website and checking its proper operation. Data are immediately deleted after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Website. Except for this possibility, data on web contacts currently do not persist for more than seven days.
- Data provided voluntarily by the user to request to be contacted for an appointment: in the event that the User is interested in being contacted by a collaborator of Prof. Bertossi to make an appointment, the appropriate online form must be completed. The staff of Prof. Bertossi must then process the User’s personal data, with the sole purpose of responding to requests and contacting Users. The data processed are the name, surname, telephone number, and e-mail address.
- Cookies: for cookies-related data processing, please read the relative LINKABLE policy.
PURPOSES AND LEGAL GROUNDS FOR PROCESSING
Users’ collected data will be processed by the Data Controller:
- WEBSITE OPERATION: in order to pursue a legitimate interest of the Data Controller, consisting of guaranteeing the security of the Website and the information exchanged on it, that is the capacity of such Website at a given level of security to withstand unforeseen events, unlawful acts, or malicious actions that compromise the availability, authenticity, integrity, and confidentiality of the personal data stored or transmitted, and the security of the related services offered or made accessible. The legal basis for processing is Art. 6, par. 1(f) of the Regulation.
- USE OF THE CONTACT SERVICE TO REQUEST AN APPOINTMENT: to use the contact service through the Website, the legal basis of processing is Art. 6, par. 1(b) of the Regulation, as regards processing activities that are required for the execution of a request by the User in the pre-contractual phase.
DURATION OF PROCESSING ACTIVITIES AND DATA STORAGE PERIOD
For the purposes of Art. 2(a) above, personal data will be processed for the period strictly necessary for the pursuit of the aforementioned objectives, and subsequently for the fulfilment of legal obligations and/or purposes of defence for the maximum duration provided for by law.
Data provided in the contact request for an appointment will be stored (i) when booking an appointment, until the medical service is provided and for the time required by law for the processing activity; (ii) the data will be immediately cancelled in the event of a missed appointment or non-willingness not to carry out treatments with Prof. Bertossi.
Processing activities will be carried out both on paper and electronically, with the aid of modern computer systems and manual methods, solely by persons expressly appointed for this purpose. Processing activities will take place with logics and by way of data organisation that is strictly related to the obligations, tasks, or purposes mentioned above. The data controller uses technical and organisational measures to protect the data in its possession from manipulation, loss, destruction, and access by unauthorised persons. Security measures are continuously improved based on technological development.
MANDATORY OR OPTIONAL NATURE OF PROVIDING DATA
The provision of the data referred to in point 1(b) is optional. If the data is not provided, the User cannot be contacted.
SCOPE OF COMMUNICATION AND DISTRIBUTION
The personal data of the User will be processed by subjects authorised to carry out these tasks, duly appointed as data processors or managers, equipped with security measures designed to guarantee the confidentiality of the parties to whom the data relate, and to avoid undue access to third parties or unauthorised personnel. Within the limits strictly relevant to the obligations, tasks, or purposes referred to in point 2, if necessary, data collected may be communicated to public or private subjects or the competent authorities for the purposes of prevention, detection, or combatting crimes, in compliance with the rules governing the subject matter. No data will be distributed.
The updated list of all data processors is available at the office of Prof. Bertossi, and can be requested by contacting email@example.com. This list can be subsequently integrated and/or updated as needed.
User data is saved on electronic media, and is kept and stored on a server located in the European Union.
Users are entitled to know their rights, which essentially consist of the right to receive information from the other party as to the existence of the processing of their personal data, as well as access their data, obtain their correction, integration, update, deletion or blocking. Users also have the right to obtain a copy of their data, to limit processing, and to oppose its processing, in addition to the right to data portability and to propose a complaint to the competent control authorities under the conditions and within the limits indicated in Art. 13 of the Regulation.
The following rights are guaranteed to each data subject, pursuant to Arts. 15 et seq. of the Regulation:
- Right to information;
- Right of access of the data subject;
- Right to rectification;
- Right to erasure (right to be forgotten);
- The right to limit processing;
- Right to data portability;
- Right of opposition.
The user can therefore know which personal data that the Data Controller holds, their origin and how they are used, request their update, rectification, or integration, and in the cases provided for by current regulations, their cancellation, limitation of processing, or oppose their processing. If desired, each data subject may request to receive a copy of the personal data held by the Data Controller that concerns him/her in a format that can be read by electronic devices; where technically possible, the Data Controller may transfer the data directly to a third party indicated by the Data Subject.
If the user deems that the processing of his/her personal data has been carried out illegitimately, a complaint may be filed with one of the competent control authorities for compliance with legislation on the protection of personal data. In Italy, the complaint can be presented to the Data Protection Authority (http://www.garanteprivacy.it/).
EXERCISE OF RIGHTS
To exercise the aforementioned rights, Users may send an email to firstname.lastname@example.org, indicating “Privacy – exercise of rights” in the subject line.
*** *** ***