Information on data protection as per art.13. EU Reg. 679/2016 and subsequent amendments of legislative adaptation to the Italian law D.Lgs 101/2018.
Treatment carried out by Osteopath Francesca Abburà, with fiscal headquarters in Via Terravecchia 10, 07028, Santa Teresa Gallura, (SS), P.IVA: 08784530019 as the Data Controller protects your personal data, given by you during the navigation and use of this site ensuring their confidentiality and guaranteeing compliance with the regulations in force as well as the necessary level of protection, from any occurrence that may put them at risk of violation.
As required by Article 13 of the General Data Protection Regulation of the European Union (GDPR), Francesca Abburà informs you that your personal data, collected through this website, are processed by means of computerized and/or telematic tools, for the purposes indicated below in this statement.
- OBJECT OF PROCESSING
With regard to the data processed by this website
The Holder treats:
-personal, identifying data (e.g., first name, last name, company name, address, telephone, e-mail, bank and payment references) hereafter, “personal data.”
– “Particular data” to be disclosed in connection with the conclusion of contracts for the services of the Holder and as the recipient of such data with regard to all communications made and received in dealings with entities and individuals involved in the Holder’s own professional activity.
The computer systems and software procedures in charge of the operation of this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. Consequently, the following personal data, by way of example, may be processed:
– Browsing data: this category of data includes IP addresses or domain names of computers and terminals used by users, addresses in URI/URL (Uniform Resource Identifier/Locator) notation, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data, necessary for the use of web services, are also processed for the purpose of:
– Obtain statistical information on the;use of the services (most visited pages, number of visitors by time slot or daily, geographical areas of origin, etc.);
– Monitor the proper functioning of the services offered.
– data communicated by the user: such as, for example, personal data provided by you through the “contact” form or data provided in the “Contact” section.
In particular, it is specified that the data processed by means of the website are:
Information that our servers automatically collect when you access the Site, such as your IP address, browser type, operating system, access times, and the pages you viewed directly before and after accessing the Site. [If it is in use on a mobile device, this information may also include device name and type, operating system, phone number, country, likes and replies to a post, and other interactions with the application and other users via server log files, as well as any other information that is provided].
Particular health data
Health and health-related information that may be entered by users on the site or in communications used by the site in the reception and collection of data from ur users.
The Site can, by default, access basic Facebook account information, including name, email, gender, birthday, current city, and profile picture URL, as well as other public information.
Data from social networks
User information from social networking sites, such as [Apple’s Game Center, Facebook, Google+, Instagram, Pinterest, Twitter], including name, social network user name, location, gender, date of birth, e-mail address, profile photo, and public contact information, if the user links their account to such social networks.
Mobile device data
Device information, such as mobile device ID, model and manufacturer, and device location information, if you access the Site from a mobile device.
Information from third parties, such as personal information or network friends, if you link your account to the third party and grant the Site permission to access this information. Data from contests, giveaways, and surveys Personal and other information you may provide when you enter contests or giveaways and/or answer surveys.
Mobile application information
If you connect using our mobile application:
– Mobile Device Data. It is possible that cookie functions may collect device information (such as mobile device ID, model, and manufacturer), operating system, version information, and IP address.
- PURPOSE OF PROCESSING
Your personal data are processed:
Pursuant to Art 6 EU Regulation No.679/2016 (and subsequent legislative adaptation provisions Legislative Decree 101/2018) (GDPR). lett. b), e) GDPR), for the following Service Purposes:
A)conclude contracts for Holder’s services:
To fulfill pre-contractual, contractual and tax obligations arising from existing relationships with you in particular;
for the performance of all services inherent in all treatments of general, pediatric, geriatric, and sports osteopathy (TMO) and for consultations all inherent in the professional field performed;
For the development of the terapaeutic techniques of evolutionary dynamic osteopathy
for collection and for inclusion in master records in professional practice databases;
invoices and credit notes;
for issuing quotes and quotations to active and/or potential clients;
for keeping ordinary and VAT accounts;
-for managing collections and payments; the legal basis is the contract
- B) to fulfill obligations under the law, a regulation, EU legislation, or an order of the Authority (such as in the area of anti-money laundering); the legal basis is legal obligation;
- C) exercise the Holder’s rights, such as the right to defense in court; the legal basis is the exercise of defense in court;
- D) with the specific consent of the data subject, carry out information and commercial promotion of services; the legal basis for processing is consent.
- E) Your personal data will also be processed for the following purposes:
(a) to enable the enjoyment and use of this website, as well as to perform maintenance and technical support necessary for its proper functioning;
(b) to allow the Owner to respond to requests made by you through this website.
The legal basis underlying the processing under (a) of this item is:
– Art. 6 par.1(f) GDPR: “processing is necessary for the purposes of pursuing the legitimate interests of the data controller or a third party”.
- METHODS OF TREATMENT
The processing of your personal data is carried out by means of the following operations: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data.
The processing will be carried out either by manual and/or computerized and telematic means with logics of organization and processing strictly related to the purposes themselves and in any case in such a way as to guarantee the security, integrity and confidentiality of the data themselves in compliance with the organizational, physical and logical measures provided for in Articles 24 and 25 and 32 of the GDPR.
- MODE OF DATA COLLECTION.
The personal data subject to processing are collected directly by the Data Controller or by third parties expressly authorized by the Data Controller, or communicated by the Data Controller to such third parties for the pursuit of the purposes set forth in point #2.
The processing of personal data will be carried out mainly with the aid of computerized toolsby persons internal and external to the structure of the Data Controller duly authorized and instructed for this purpose in the manner and with the appropriate means to ensure the security and confidentiality of such data, in accordance with the provisions of the GDPR.
The Data Controller carries out periodic checks so that no personal data are processed, collected,stored or retained that are not necessary in relation to the processing and related purposes as set out in point no. 2 of this policy.
Policy for children
We do not knowingly solicit information from children under the age of 13 nor do we market to them. Should you become aware of any data we have collected from children under the age of 13, please contact the data controller using the contact information provided below.
- NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL TO RESPOND
Please note that, taking into account the purposes of the processing referred to in points A), B) C) and D) as explained above in point 2. , the conferment of the data necessary for the purposes is free but their failure, partial or inexact conferment may have, as a consequence, the impossibility of carrying out the activity and pre-contractual and contractual fulfillments as provided for in the contract of sale and / or supply of products. Where the person giving the data is under 13 years of age, such processing is lawful only if and to the extent that, such consent is given or authorized by the holder of parental responsibility for whom the identification data and copies of identification documents are acquired.
- ACCESS TO DATA BY EMPLOYEES IN CHARGE OF DATA PROCESSING
Your data may be made accessible for the exclusive purposes set forth in Article 2.A) and 2.B) of this policy:
-to employees and collaborators of the Controller, the auxiliaries and third persons employed companies and companies in supply and outsourcing relationship with the Controller in their capacity as authorized persons for processing and/or internal data controllers and/or system administrators;
-to third-party companies or other entities (by way of example, credit institutions, consultants, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of the Controller, in their capacity as external data processors.
- COMMUNICATION OF DATA
Without the need for your express consent (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) EU Regulation n.679/2016 (and subsequent provisions of legislative adaptation D.Lgs 101/2018) (GDPR)., the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the fulfillment of the said purposes.
Specifically,data recipients can be:
– information society and information technology assistance;
– companies, or professional firms offering professional and/or consulting services with respect to accounting, legal, tax, administrative, financial, and debt collection matters;
– IT infrastructure and solution providers;
– Web service providers;
– banks and payment service providers, acting as Processors, to whom your personal data may be disclosed for the purpose of processing your payments;
– consultants, to the extent necessary for the performance of their professional duties.
The communication concerns the categories of personal data whose transmission to the above-mentioned third parties is necessary for the performance of the activities and for the purposes referred to in this notice.
An up-to-date list of Data Processors and Authorized Persons is kept at the Data Controller’s office and is available upon request to be made by e-mail to email@example.com
Some of these parties may process data in their capacity as autonomous data controllers.
Your data will not be disseminated.
Data communications may also relate to:
Law or exercise of rights
If the release of information is deemed necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share information as permitted or required by any applicable law, rule, or regulation. This includes sharing information with other entities for fraud protection and credit risk reduction.
Third-party service providers
You may share information with third parties who perform services for the site or on our behalf, including data analysis, emailing, hosting services, customer service, and marketing support.
With your consent, or an opportunity to withdraw consent, we may share information with third parties for marketing purposes as permitted by law.
You may use third-party advertising companies to serve ads when you visit the Site. These companies may use information about your visits to the Site and other Web sites that is contained in Web cookies in order to provide advertisements about goods and services of interest to you.
Cookies and web beacons
- DATA STORAGE AND TRANSFER
Personal data are stored mainly with both paper and digital procedures in Sardinia, within the European Union and precisely also outside the Holder’s Head Office and in full compliance with the provisions and fulfillments necessary for the purposes of security and proper location of the data storage units. Digital storage modes are limited only to the sending of documentation and are carried out in full compliance with the provisions and fulfillments necessary for the purposes of security and proper location of data storage units( pc and secure back up tools) as well as for the purposes of security of paper archives.
It is considered that The Controller will process personal data for the time necessary to fulfill the above purposes and in any case for no longer than the termination of the relationship carried out for the Service Purposes. It is considered that The Controller will process personal data for as long as necessary to fulfill the above purposes and in any case for no longer than 10 years after the termination of the relationship for the Billing and Accounting Service Purposes;
With reference to health data, the storage time is limited to the time necessary for the achievement of the treatment and the same will be subsequently archived as per the Ministry of Health Circular No. 6 dated 19/12/1986.
- EXTRA EU/SEAS TRANSFER
The Data Controller does not make any transfers of your personal data abroad (to be understood as abroad all countries outside the European Economic Area).
- RIGHTS OF THE DATA SUBJECT
In your capacity as a user you are entitled to the following rights:
-Right to access your data, obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in intelligible form; -obtain indication of: (a) the origin of the personal data; (b) the purposes and methods of processing; (c) the logic applied in the case of processing carried out with the aid of electronic instruments; (d) the identification details of the data controller, data processors and the data controller’s representative and the persons authorized to process the data; and (e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of the data in their capacity as designated representative in the territory of the State, data processors or persons authorized to process the data; (Art. 15 GDPR).
-Right to update, rectify or, when interested, supplement data; (Art. 16 GDPR).
-Right to erasure, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed ; (art. 17 GDPR).
-Right to request the restriction of use of data for the sole reasons of public interest and for the establishment or defense of a right, in cases where the data subject disputes the accuracy of the data and processing, in the case of exercising the right to object to processing under Article 21 GDPR, and in the other cases provided for in Article 18 GDPR; (Article 18 GDPR).
-Right to receive the personal data provided to the data controller in a structural format or on a commonly used, intelligible and accessible computer medium for any operating system (USB or duly encrypted ZIP file), and to move without constraints, the complexes of information and data concerning you from the present controller or another controller chosen by you in accordance with your purposes and in full compliance with the principles of transparency, lawfulness and proportionality of processing. This right to data portability is without prejudice to other rights; (Art. 20 GDPR).
-Right to object, in whole or in part:
- a) on legitimate grounds to the processing of personal data concerning you, even if relevant to the purpose of collection; b) to the processing of personal data concerning you for any other purpose not relevant to the processing; (Art. 21 GDPR).
-Right to withdraw consent, where provided and at any time. Revocation of consent does not affect the lawfulness of the processing based on the consent given before revocation;
-Right to file a complaint with the supervisory authority.
-Right to withdraw consent: consent to data processing may be withdrawn at any time by the data subject.
- WAYS OF EXERCISING RIGHTS
You may exercise your rights at any time by sending a request by email to firstname.lastname@example.org and you may also exercise your rights by contacting the Privacy Guarantor, with Headquarters in Piazza Venezia n. 11 – 00187 Rome, Telephone switchboard: (+39) 06.696771, Fax: (+39) 06.69677.3785. For general information you can send an e-mail to: email@example.com, firstname.lastname@example.org
- AMENDMENTS TO THIS POLICY