(Privacy Code – Legislative Decree 30.6.2003, n. 196 and subsequent amendments – EU Regulation 679/2016 on the processing of personal data – Article 13)
GAPMED SA, hereinafter “GAP” for brevity, is a Company between Professionals holding the title of Doctor of Medicine and registered in Rolls or registers, of qualification or authorization to exercise the activity for the supply of medical services and benefits professional activities, also instrumental or complementary to the same professional activity, as well as ancillary services that allow or facilitate its exercise.
GAP owns and operates the “GPMED” project and brands, through which it prepares, launches and manages its activities.
The domain website “www.gapmed.com” (hereinafter, “the Portal”) and all its contents are the property of GAP.
GAP is dedicated to the activities described above through highly specialized methodology and professionalism.
GAP protects the privacy of its users and the security of the information and data it processes through the permanence of its web pages and has provided a detailed document that illustrates the methods by which the activity complies with the Privacy Rules. This document describes, among other things, which personal data are collected, the purposes and methods of treatment for which the personal data are intended, and the security measures adopted to protect them.
The GAP Privacy Rules contain the necessary information pursuant to Art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”), Directive 2002/58/EC, as amended by Directive 2009/136/EC, on the protection of personal data in electronic communications, as well as pursuant to the Provision containing the provisions relating to the processing of particular categories of data, pursuant to art. 21, paragraph 1 of Legislative Decree 10 August 2018, n. 101 issued by the Guarantor for the protection of personal data.
In particular, GAP informs that the “owner” of the treatment pursuant to the Privacy Code is GAP ST. a R.L., based in Pisa, via Gozzini, 2, in the person of its President and legal representative Domenico Bruno Pagano (Tax Code: PGN DNC 85E12 I639K).
Purpose of the treatment
The Portal is a service designed to allow easy and clear use, also through mobile devices, of information relating to products and services, GAP activities, in particular:
- know GAP’s skills, purposes, activities, services and brands, including their professional characteristics;
- know aspects, methods and sectors of joining professional services through commercial communication of the GAPMED brand and/or services referable to GAP;
The personal data and all the information that is collected are connected to access and permanence on the Portal and are configured:
a) as mandatory information which, pursuant to art. 6 lett. b), e) GDPR are necessary to be able to use the Service and without which GAP will not be able to provide you with the requested access to the website and may concern:
- Compulsory/necessary information for technical reasons to make available and/or facilitate access to the Portal and will be collected and stored and used for a short time.
- Logs recording access to the site: IP address; date and time of access; login status and http status code; volume of data transferred and content of the request; differences in time zone with respect to Greenwich (GMT) and language settings and browser versions, as well as versions of the operating system in use, navigation path within the site, any errors;
- Data relating to the content entered by the user (e.g. Support requests in the dedicated Helpdesk form, search queries in the Articles section, check marks and/or “meta tag” sharing functions within the selected “heads” , such as to configure Snippets within search engines) published by the user on the Portal;
- it may be envisaged to use voice commands for voice control of activities and services. These features require access to certain functions of your device in order to improve the interactive experience. The use of the device controls, in any case, will not involve any collection of information.
In particular, with regard to mobile devices:
- Location: Your explicit consent will allow the collection and use of data relating to the sensors necessary to access the information. This information will allow the specific location of your mobile device to be recorded (using, for example, GPS or Bluetooth). In any case, the registration of your IP address is essential to determine, for example, in which country you are located in order to comply with the legislation and existing industrial property rights agreements.
- Voice: your explicit consent to access the microphone will allow, if foreseen, to increase the interactivity of the experience with our Services. You will have if there is always the option to disable microphone access.
Any refusal to communicate the data will make it impossible to complete the registration and to use the services and benefits of GAP.
b) as information that can be provided optionally, only with your specific and distinct consent (art. 7 GDPR):
- For the following commercial and marketing information purposes:
- Sending via e-mail, post and/or messaging, newsletters, commercial communications and/or advertising material on products or services offered by GAP and detection of the degree of satisfaction with the quality of the services which presuppose the processing of registration and authentication data: name, surname, e-mail address. These types of data are provided optionally by the user only by filling in the information request form and/or using the “chatbot”.
- Information and statistical data collection tools to measure the correspondence of products to Users’ expectations: Facebook pixel (https://www.facebook.com/business/help/742478679120153).
- Cookies: the Portal uses small text files that are stored in the memory of the terminal through the access browser, such as the language and/or the settings preferred by the User, in order to make it more pleasant and compliant with the tastes navigation of the User. GAP has provided adequate information on the use and disabling of Cookies on the web pages of its portals, which can be found in the “privacy” section.
- For sharing purposes: information without identifying and profiling elements may be shared with GAP SHAREHOLDERS and Professionals as well as with GAP Partners, to improve the quality of services and products rendered, as well as to evaluate possible commercial and work collaboration (“https://www.linkedin.com/psettings/privacy”) submitted by you and therefore to your exclusive advantage.
In particular, by expressing consent to allow the collection of data for statistical purposes and to improve the interaction between GAP and the User and to receive “information and proposals for professional collaboration” and/or to receive updates about the initiatives related to the professional services of GAP and the presence on the national territory of GAP itself, for any candidatures or offers and job positions, the user consents and authorizes the collection, use, sharing and other processing of his information, including any advertising purposes.
The data may also be communicated and shared with:
- Personnel and consultants of GAP and public and/or private healthcare companies, SHAREHOLDERS and/or subjects connected to GAP;
- financial administration of the State and P.A.;
- judicial authority and police forces, if GAP receives a formal request from the judicial authority in relation to investigations, investigations and investigations regarding the alleged violation of rules and rights of third parties;
- subjects having the purpose of studying and publishing de-identified or aggregated information relating to the use of the Service
Exclusion from treatment
In the event of access from a mobile support, data relating to the functionality of your hardware support such as photos and camera will not be collected or processed; position; specific geo-location (data from the “touch screen”; information from the device’s accelerometer and gyroscope sensors, relating to the specific position of your mobile device, nor is there the possibility of interfacing with proximity applications (i.e.: iBeacon); voice; contacts data relating to access and preferences expressed during the stay.
The Portal is designed and intended for use by adults and not for use by children under the age of 18.
The use of identity credentials that do not correspond to the user who intends to register constitutes an illegitimate impersonation and as such constitutes a crime against public faith.
The only data that will be collected and referred to in point a) above will be stored on servers dedicated to us located in Germany, in Frankfurt, at Hetzner Online GmbH, Industriestr. 25 – 91710 Gunzenhausen, Deutschland (https://www.hetzner.com/rechtliches/datenschutz) and in Ireland, in Dublin, at Google Ireland Ltd, PPK1, 22 Baldonnel Rd, Aungierstown, Co. (https://policies. google.com/privacy?hl=en-US), appointed for this purpose, where they will be processed for the purpose of allowing the functions described in this statement.
The data will not be transferred outside the European borders without the express and motivated authorization.
GAP guarantees the maximum confidentiality of personal data by applying the most suitable technologies, in compliance with Italian and European standards in terms of minimum security measures to avoid unauthorized access to its databases, and possibly ale accidental loss and/or destruction of data.
Access to personal data will also be allowed to the staff of all the Data Controller’s operational offices and in all other processing locations where the interested parties are located: in particular, to the subjects appointed as “Data Processor”, pursuant to the art. 4 of the GDPR, as well as to the security personnel of the telematic networks and in general the subjects who have been designated as “Data Processors” pursuant to Article 2 quaterdecies of the Privacy Code to offer support to users in relation to the services and services offered by GAP, to respond to requests from the Judicial Authorities, to verify non-compliant behavior and for any other requirement.
GAP guarantees a daily backup of the data it processes.
Exercise of rights by the interested party
GAP ensures interested parties the possibility of exercising the rights recognized by art. 15 EU Regulation 679/2016 (GDPR) and precisely of:
1) obtain information about the existence or not of personal data concerning you and their communication in an intelligible form (right of access – Art 15 GDPR);
2) get the indication:
a) the origin of the personal data collected or processed;
b) the purposes and methods of processing;
c) of the categories of personal data being processed;
d) the retention period of personal data if identified, otherwise the criteria used to determine the aforementioned period;
h) of the logic applied in case of treatment carried out with the aid of electronic instruments;
d) of the identification details of the owner, of the managers and of the designated representative pursuant to art. 3, paragraph 1, EU Regulation 679/2016;
e) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as designated representative in the territory of the State, managers or agents;
a) updating, rectification and, possibly, integration of data;
b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is proves impossible or involves the use of means manifestly disproportionate to the protected right;
4) object, in whole or in part, to the processing of your personal data: a) for legitimate reasons, even if pertinent to the purpose of the collection; b) for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated systems and/or by e-mail and/or through traditional marketing methods by telephone and/or paper mail. Please note that the right to object (Article 21 of the GDPR) can also be exercised only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
5) exercise the rights pursuant to articles 16-21 GDPR (Right to rectification, right to be forgotten, right to limitation of treatment, right to data portability, right to object), as well as the right to complain to the Guarantor Authority.
The aforementioned rights may be exercised by contacting the Data Controller, GAPMED SA, with headquarters in Via Canova 15, Lugano, Switzerland, in the person of its President and legal representative Domenico Bruno Pagano (C.F.: PGN DNC 85E12 I639K), by registered mail with return receipt, or alternatively by contacting us at the postal address electronics email@example.com.
The Owner has the burden of ascertaining pursuant to Article 12 par. 6 GDPR, the identity of the interested party who intends to exercise the aforementioned rights.
The updated list of data processors and persons in charge of processing is kept at the registered office of the Data Controller.
GAP undertakes to periodically review and update, where necessary, the technical and organizational measures relating to the security of data processing