Privacy Policy

Pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter the “Regulation” or “GDPR”), this Privacy Policy has been drafted in order to inform those who interact with the Solomeo Regenerative Medicine Clinic Website (www.cmrsolomeo.it, hereinafter the “Website“) about the ways in which personal data will be processed both through simple consultation and through the use of specific services made available through the Website. This Privacy Policy will also provide you with the information required to enable you to consent to the processing of your personal data in an explicit and informed manner, where appropriate.

The information is provided for the above-mentioned Website and does not also cover other websites that you may consult through links on the Website (for which reference should be made to their respective privacy policies).

The processing of your personal data will be based on the principles of fairness, lawfulness, transparency, restriction of purposes and storage, data minimization and accuracy, integrity and confidentiality, as well as on the principle of accountability referred to in Article 5 of the Regulation. Therefore, your personal data will be processed in accordance with the legislative provisions of the Regulation and the confidentiality obligations set forth therein.

***

1. CONTROLLER AND DATA PROTECTION OFFICER

The controller is Clinica di Medicina Rigenerativa di Solomeo S.r.l. (hereafter the “Controller” or “Clinic”), with offices at Piazzetta dei Sapienti, 1, 06073 Corciano (PG), which can be contacted at the e-mail address info@cmrsolomeo.it.

Clinica di Medicina Rigenerativa di Solomeo S.r.l. has designated a Data Protection Officer (“Data Protection Officer” or “DPO”) who can be contacted at the Controller’s offices at the above address, as well as by e-mail at: dpo@cmrsolomeo.it

2. THE PERSONAL DATA SUBJECT TO PROCESSING

We wish to inform you that, when you use the Website, the Controller may collect and process information and personal data related to you and which may consist of an identifier such as your name, an identification number, location data, an online identifier, or one or more characteristic elements of your physical, physiological, mental, economic, cultural, or social identity capable of identifying you or making you identifiable, depending on the type of services you requested (hereinafter simply “Personal Data”).

Specifically, the Personal Data processed through the Website are as follows:

a. Browsing data

The operation of the Website involves the use of computer systems and software procedures that collect information about Website users as part of their normal operation. While the Controller does not collect such information in order to link it to specific users, it is still possible to identify such users either directly through such information or by using other information collected. As such, this information is also considered personal data.

This information includes different parameters regarding the user’s operating system and IT environment, for example, your IP address, your location (country), the domain names of the computer or device you are using, the URI (Uniform Resource Identifier) addresses of the resources requested on the Website, the time of the requests, the method used to send the requests to the server, the size of the file obtained in response to a request, the numerical code indicating the status of the response given by the server (successful, error, etc.), and so on.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website, as well as to monitor its proper functioning and to identify any malfunctions and/or improper use of the Website – the data are usually deleted immediately after processing, unless it is necessary to identify those responsible in case of hypothetical computer crimes against the Website or third parties.

c. Data voluntarily provided by the user

Without prejudice to the reference to specific disclosures that may be available in the different sections of the Website, this Privacy Policy is also deemed to be rendered for the processing of Personal Data concerning you (such as, by way of example, your e-mail address, personal data and identification data, as well as any additional Personal Data that may be contained in your specific request) and voluntarily provided by you when making specific inquiries to the e-mail addresses or telephone help desk of the Controller available within the Website.

When making inquiries to the e-mail addresses and/or the Controller’s telephone help desk available on the Website, we encourage you to provide only the Personal Data strictly necessary to process your request and avoid providing superfluous Personal Data.

d. Cookies

For more information on the type of cookies used, you can consult the Cookie Policy.

3. PURPOSE OF PROCESSING, LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF PROCESSING

Your Personal Data will be processed to pursue the following purposes, where applicable:

a) to allow you to browse the Website and interact with the content thereof, including managing Website security.

b) handle and acknowledge specific requests made to the Controller, such as inquiries about the Clinic’s products and services, made through the Controller’s email addresses or telephone help desk available on the Website.

The legal basis for the processing of Personal Data for the purposes referred to in section a) and b) is to be found in Article 6(1) ( b) of the Regulation ([…]processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), as the processing operations are required to use the Website, provide the services requested by the data subject and handle and respond to specific requests addressed to the Controller. The provision of Personal Data for these purposes is optional, but failure to provide them would result in the inability to access the services requested and/or to respond to your requests;

Once provided, your Personal Data may also be processed for the following purposes:

c) to comply with any obligations envisaged by applicable laws, regulations or EU legislation, or to satisfy requests from the authorities.

d) to defend any rights, possibly related to the detection, prevention, mitigation, and investigation of fraudulent or illegal activities in connection with the services provided on the Website.

The purpose referred to in section (c) represents legitimate processing of personal data under Art. 6(1) (c) of the Regulations ([…]processing is necessary for compliance with a legal obligation to which the controller is subject) as, once the Personal Data have been provided, their processing may be necessary to comply with legal obligations and/or orders of authorities to which the Data Controller is subject.

Processing carried out for the purposes referred to in section (d) is based on the legitimate interest of the Controller pursuant to Article 6(1)(f) and 9, ( 2)(a), of the Regulation.

4. RECIPIENTS OF THE PERSONAL DATA

For the purposes set out in section 3 of this Privacy Policy, your Personal Data may be shared with:

– Persons specifically authorized by the Controller, pursuant to Article 29, 32( 4) and of the Regulation and 2-quaterdecies of Italian Legislative Decree no. 196/2003 (the “Privacy Code”) to process the personal data necessary to carry out activities closely related to the provision of the services, who have undertaken to maintain confidentiality or who have an appropriate legal obligation of confidentiality.

– Parties typically acting as Processors under Article 28 of the Regulation on behalf of the Controller, specifically parties tasked with providing services necessary for the usability of the Website (e.g., hosting providers, technical maintenance providers, etc.). The full list of data processors can be obtained by submitting a written request to the Controller or the DPO at the contact details specified in section 8 of this Privacy Policy.

– parties, entities or authorities (including supervisory authorities) and autonomous data controllers, to whom it is mandatory to disclose the personal data by virtue of legal provisions and/or orders of the authorities.

These parties are hereafter collectively referred to as “Recipients”.

5. TRANSFERS OF PERSONAL DATA

Personal data provided through the Website will be processed and stored in the Controller’s information systems, whose servers are located within the European Economic Area. Some of your personal data may be transferred to Recipients located outside the European Economic Area. The Controller ensures that the processing of your Personal Data by these Recipients is in compliance with the regulations or according to one of the methods permitted by law under Articles 44-49 of the GDPR, such as the consent of the data subject, the adoption of Standard Clauses approved by the European Commission, the selection of entities participating in international programs for the free movement of data, in compliance with the provisions of Recommendations 01/2020 adopted on November 10, 2020 by the European Data Protection Board. More information regarding the data transfers made and the safeguards adopted to that end can be obtained, upon request, from the Data Controller and/or the DPO using the contact details provided in Section 8 of this Privacy Policy;

6. STORAGE OF PERSONAL DATA

The Personal Data processed for the purposes referred to in section 3, letters a) and b), of this Privacy Policy will be processed for the time strictly necessary to achieve those purposes, in accordance with the principles of minimization and limitation of storage referred to in Article 5(1) (c) and (e) of the GDPR.

 In addition, the Controller reserves the right to retain your data also for as long as necessary to fulfill further regulatory obligations to which the Controller itself is subject or to establish, exercise or defend a legal claim, both in court and out-of-court and in the stages preceding litigation.

More information regarding the data storage period and the criteria used to determine this period can be obtained by sending a written request to the Controller at the contact details provided in section 8 of this Privacy Policy.

7. RIGHTS OF THE DATA SUBJECT

As a data subject, you may exercise the following rights at any time:

  • Right to withdraw consent (Article 7 of the GDPR) – i.e., the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  • Right of access (Article 15 of the GDPR) – i.e. the right to obtain confirmation about the existence or otherwise of processing concerning your Personal Data as well as the right to receive any information concerning such processing;
  • Right to rectification (Article 16 of the GDPR) – i.e. the right to have your personal data rectified if they are incomplete or inaccurate. Note that for personal data collected through audio and video recording systems the right to rectification cannot be exercised in practice in view of the intrinsic nature of the data collected, which pertain to an objective and determined fact;
  • Right to erasure (Article 17 of the GDPR) – under certain circumstances you have the right to have your personal data deleted from our records.
  • Right to restriction of processing (Article 18 of the GDPR) – upon the occurrence of certain conditions you have the right to have the processing of your personal data restricted;
  • Right to portability (Article 20 of the GDPR) – You have the right to have your personal data transferred to a different data controller as well as the right to receive your data in a structured, commonly used and machine-readable format;
  • Right to object (Article 21 of the GDPR) – You have the right to submit an objection to the processing of your personal data in which you give evidence of the reasons justifying such objection. The Data Controller reserves the right to evaluate this request, which may not be accepted if there are compelling legitimate grounds for processing that override your interests, rights and freedoms;
  • Right to file a complaint with the Supervisory Authority (Article 77 of the GDPR) – if you believe that your Personal Data have been processed in breach of data protection legislation, you may lodge a complaint with the Supervisory Authority of the Member State where you habitually reside, work, or where the alleged breach occurred;
  • Right to an effective judicial remedy against a controller or processor (Art. 79 of the GDPR).

8. CONTACT DETAILS

To exercise the above rights or for any other request, you may send an e-mail to the Controller at info@cmrsolomeo.it, or to the Data Protection Officer designated by the Controller who can be contacted at: dpo@cmrsolomeo.it

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.