“The company M.F.I. Medicina Fisica Integrata s.r.l., with registered office in Roma, Via degli Aldobrandeschi 47, 00163 Roma - Telephone 06/84388650 - E-mail: [email protected] VAT No 09422081001 (“Data Controller”), in its capacity as the data controller hereby informs you pursuant to Article 13 of Legislative Decree No 196 of 30 June 2003, as amended by Legislative Decree 101/2018 (“New Privacy Code”) and Article 13 of EU Regulation No 2016/679 (“GDPR”) that your data will be processed in the following ways and for the following purposes.
1. Purpose of processing
The Data Controller processes personal data voluntarily provided by you – hereinafter “personal data” or “data” :
- when accessing the website www.mfisrl.com;
- when requesting information;
- for promotional purposes.
The Data Controller also processes your data in order to fulfil legal tax and administrative obligations.
2. Processing methods
Your personal and sensitive data is processed by means of the operations set out in Article 4 of the Privacy Code and Article 4(2) GDPR, specifically: collection, recording, organisation, storage, consultation, preparation, alteration, selection, retrieval, alignment, use, combination, restriction, disclosure, erasure and destruction. Your data will undergo paper, electronic and/or automated processing.
The Data Controller will keep your personal data for the time necessary to fulfil the purposes set out in this policy and in any case for no longer than 10 years following termination of the relationship.
3. Access to data
Your data may be made accessible for the purposes set out below:
– to employees and collaborators of the Data Controller, in their capacity as data protection officers and/or processors and/or system administrators and/or joint data controllers and/or independent data controllers;
–to third party companies or other entities (for example website management and maintenance providers, suppliers, credit institutions, accountancy firms, etc.) that perform outsourcing activities on behalf of the Data Controller;
4. Data disclosure
Without the need for your express consent (under Article 24(a), (b), (d) Privacy Code and Article. 6(b) and 9c) GDPR), the Data Controller may disclose your data to Supervisory Bodies, Judicial Authorities and all other entities to which disclosure is obligatory by law in order to fulfil the above purposes. Your data will not be further disseminated.
5. Rights of the data subject
In your capacity as data subject, you have the rights set out in Article 7 of the Privacy Code and Article 15 of the GDPR, namely the rights to:
I. obtain confirmation of the existence or otherwise of personal and sensitive data concerning you, even if not yet recorded, and their disclosure in intelligible form;
II. obtain information on: a) the origin of the data processed; b) processing purposes and methods; c) the logic applied in the event of processing carried out with the aid of electronic instruments; d) identification details of the data controller, processors and data protection officer if appointed under Article 5(2) of the Privacy Code and Article 3(1) GDPR; e) entities or categories of entities to which the personal data may be disclosed or who can become aware of them as appointed representatives in the State, processors or data protection officers;
III. obtain: a) the updating, rectification or completion of incomplete data; b) erasure, anonymisation or restriction of data processed in violation of the law, including data whose storage is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations under points a) and b) have been reported, including with regard to their contents, to the entities to which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort considering the right that is to be protected;
IV. object fully or in part: a) for legitimate reasons, to the processing of personal and sensitive data concerning you, even if relevant to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or business communications, through the use of automated calling systems without the intervention of an operator by email and/or by traditional marketing methods using telephone and/or mail.
The Data Subject, where applicable, also has the rights referred to in Articles 16-21 GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability and right to object), as well as the right to complain to the Supervisory Authority.
6. How to exercise your rights
You can exercise your rights at any time by sending:
– a registered letter with return receipt to M.F.I. Medicina Fisica Integrata s.r.l., with registered office in Roma, Via degli Aldobrandeschi 47, 00163 Rome.
7. Data controller, processors and data protection officer
The Data Controller is the company M.F.I. Medicina Fisica Integrata S.r.l.
