Privacy information pursuant to articles 13 and 14 of Reg. (EU) 2016/679
Dear Visitor,
Privacy legislation (in particular, EU Regulation 2016/679, the “General Data Protection Regulation” – known by the acronym “GDPR”) requires us to provide you with the following information on the processing of your personal data, pursuant to articles 13 and 14 of the GDPR.
The “processing of personal data,” in simple terms, refers to any operation involving any “information relating to an identified or identifiable natural person.” For example, a name and surname or an email address with a “username” that identifies you (e.g. mariorossi@…) are considered “personal data,” and the act of collecting, recording them with us and using them to send you a communication are considered “processing” operations; so are communicating them to other parties and storing them. The indication of the pathology from which you may suffer is a “special category of data” that requires specific protection, which we are constantly committed to providing. The website of the Italian Data Protection Authority contains further information that may be useful to you to better understand the subject (see, for example: http://www.garanteprivacy.it/home/diritti).
Sea Life Charter Società Cooperativa a R.L, with VAT number 06394680828, located at Via Francesco Cilea 97, 90144 Palermo (PA), is considered the “data controller,” which means that they decide how and for what purposes to process information related to individuals.
As a “data subject,” you, as a physical person to whom the personal data refers, have the right to receive the following information about who we are, what personal data we process, why we do it, how and for how long we process it, and what obligations and rights you have regarding it.
Depending on whether you are a simple visitor to our websites or want to use our services, we collect and/or require you to provide us with some data that is necessary for you to navigate the site and/or access our services. In the former case, this concerns information that does not allow us to identify you (and therefore we will not process personal data, but only “navigation data”).
The definitions of the terms and expressions used (indicated in bold) are contained in the Glossary.
Who we are? (“Data Controller”)
Sea Life Charter Cooperative Society in R.L, with headquarters in Via Francesco Cilea 97, 90144 Palermo (PA), VAT number 06394680828.
Data Protection Manager: Sea Life Charter Cooperative Society in R.L
What categories of personal data do we process?
Common personal data (e.g. name and surname, tax code, telephone number, addresses, etc.) and special data (relating to health or sex life or sexual orientation, or revealing racial or ethnic origin or religious beliefs), to the minimum extent necessary for the achievement of each of the Purposes indicated below, by persons subject to secrecy obligations and under the responsibility of health professionals and/or the Medical Director.
What is the origin of your personal data?
You may have sent them to us yourself or we may have obtained them from third parties (e.g. a family member of yours who books a service with us on your behalf).
Why do we process personal data (purpose) and on what is the processing based (legal basis) of each category of data?
| n. |
Purpose |
Categories of personal data |
Legal basis |
Storage period |
| 1 |
allow you to browse the site |
Common (to the extent that the information collected consists of personal data) |
our legitimate interest (to be able to present our services to you) |
Defined by provider policy |
| 2 |
satisfy your requests regarding our services |
Common Personal Data |
the need to take pre-contractual measures at your request |
2 years |
| 3 |
provide you with our services and everything connected to them (e.g. bookings, appointments, exam withdrawals, sending reports, reports, reminders, complaints, etc.), for the purpose of prevention, diagnosis, treatment, assistance or health therapy |
Common and Particular Personal Data |
the need to execute the contract stipulated with you, and the need to pursue purposes of prevention, diagnosis, treatment, assistance or health therapy, or management of health systems and services |
2 years |
| 4 |
inform you about health prevention initiatives |
Common and Particular Personal Data |
relevant public interest (to the safety and health of the population) |
2 years |
| 5 |
send you advertising, commercial or marketing communications regarding services similar to those used by you, or inform you about our news (e.g. opening of new clinics, promotions, events, etc.), if you are already a user of ours or are a subscribed to the newsletter |
Common Personal Data |
our legitimate interest (to carry out promotional activities) |
2 years |
| 6 |
send you questionnaires to verify your satisfaction |
Common Personal Data |
our legitimate interest |
2 years |
| 7 |
send you advertising, commercial or marketing communications, and/or carry out market research, even if you are not yet a user of ours |
Common Personal Data |
your explicit consent, freely given and revocable at any time |
2 years |
| 8 |
analyze or predict your habits and/or preferences regarding our services through profiling activities |
Common and Particular Personal Data |
your explicit consent, freely given and revocable at any time |
2 years |
| 9 |
ascertain, exercise and/or defend our right in the competent offices |
Common and Particular Personal Data |
the need to establish, exercise or defend a right |
2 years |
| 10 |
statistical purposes, but with the use of anonymous information (which no longer allows us to trace your identity) |
Anonymous information |
none, because the information does not consist of personal data |
2 years |
To whom do we communicate the Data (Categories of Recipients)?
To the minimum extent necessary to achieve each of the Purposes, based on the Applicable Law and/or a contractual agreement with the Controller:
- subjects necessary for the execution of the activities connected and consequent to the execution of the Contract, who act as Data Processors or as independent Data Controllers (e.g. suppliers of IT, banking, insurance, shipping and transport services, commercial agency, accounting, fiscal, tax, legal, etc.);
- consultants and/or professionals appointed by us, independent Data Controllers (e.g. medical personnel and Healthcare Professionals);
- subjects authorized by us (e.g. our workers), committed to confidentiality or recipients of a legal obligation of confidentiality;
- public organizations and Authorities, if and within the limits in which this is required by the applicable legislation or by their orders, or for the exercise, assessment and/or defense of a right in court.
We do not disseminate personal data, except in the case in which it is requested, in accordance with the law, by Authorities, information and security bodies or other public entities for purposes of defense or state security or prevention, detection or prosecution of crimes.
Upon request, the list of external Data Processors is available, with additional data useful for their identification.
How long do we keep the Data?
We process the Data for marketing purposes until your consent is revoked (for example, until you unsubscribe from a newsletter); for other purposes, the maximum retention time is linked to the provisions of the applicable legislation that allow us to (or oblige us to) keep the data for the protection of our rights.
Do we transfer Personal Data outside the European Union?
No. Extra Eu transfers are not made.
Do we perform profiling activities?
If (and only if) you expressly allow us to, we will process your user profile by collecting personal data and the type of services used, to allow you to stay updated on services and news in line with your objectives of prevention, treatment and health care.
Does the site use cookies?
Yes. To find out more and to view our policy in this regard, you can consult the cookie policy.
Are you obliged to provide us with personal data?
The communication of browsing data (which usually does not consist of personal data) is mandatory to allow us to navigate the site.
Of course, you are not obliged to use our services or subscribe to our newsletter, but if you want to do so, you must communicate the personal data we request.
What happens if you refuse to communicate your data?
Due to the functioning of the Internet, he cannot refuse the communication of navigation data; can refuse the installation of some cookies.
If you do not agree to communicate your data, we will not be able to provide you with our services or pursue one or more of the other purposes.
What rights does he have?
You have the right to:
- access your Personal Data in our possession;
- request the rectification of any incomplete or inaccurate Personal Data;
- request its cancellation, where the conditions are met;
- request the limitation of the processing, where the conditions are met;
- oppose processing based on legitimate interest or public interest, for reasons connected with your particular situation;
- object to processing for marketing purposes, by initially not giving consent or subsequently revoking it;
- oppose the profiling activity, not giving consent initially or revoking it later;
- request the portability of the Data, where the conditions are met and to the maximum extent technically possible;
- propose a complaint to the Guarantor for the Protection of Personal Data (in Italy, www.garanteprivacy.it), or to the Guarantor Authority of the EU State in which you usually reside or work, or of the place where the alleged violation occurred.
Who can contact?
You can contact Sea Life Charter Società Cooperativa a R.L for questions concerning the processing of your personal data by sending an email to sealifecharter@hotmail.com.
This Privacy Policy is effective from 25/May/2018; we reserve the right to modify the content, in part or completely, also following changes in the privacy legislation; we will publish the updated version of the Privacy Policy on the website and from that moment it will be binding: you are therefore invited to visit this section regularly.
Glossary
“Supervisory Authority“: the independent public authority established by a Member State of the European Union, or by the European Union itself, in charge of supervising the application of the privacy legislation (for Italy, the Guarantor for the Protection of Personal Data , http://www.garanteprivacy.it).
“Authority“: body or organization, public or private, with administrative, judicial, police, disciplinary, supervisory powers.
“Authorised“: the natural person, placed under the direct authority of the data controller, who receives instructions from the latter on the processing of personal data, pursuant to and for the effects of art. 29 of the GDPR.
“Privacy Code”: Legislative Decree 196/2003 and subsequent amendments and/or additions (in particular by Legislative Decree 101/2018).
“Committee” or “EDPB“: the European Data Protection Board, established by art. 68 of the GDPR and governed by articles from 68 to 76 of the GDPR, which replaces the WP29 from 25/5/2018.
“Communication“: “giving personal data knowledge to one or more specific subjects other than the interested party, the owner’s representative in the territory of the European Union, the person in charge or his representative in the territory of the European Union, authorized persons, pursuant to article 2-quaterdecies, to the processing of personal data under the direct authority of the owner or manager, in any form, including by making them available, consulting or through interconnection” (as defined in article 2 -ter, paragraph 4, letter a of the Privacy Code).
“Cookies“: short fragments of text (letters and/or numbers) that allow the web server to memorize information on the browser to be reused during the same visit to the site (session cookies) or later, even days later (cookies persistent). Cookies are stored, based on user preferences, by the single browser on the specific device used (computer, tablet, smartphone). The following categories are considered:
Technical cookies: these are essential cookies for the correct functioning of the site and are used for the sole purpose of “carrying out the transmission of a communication over an electronic communications network, or as strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service” (see article 122, paragraph 1, of the Privacy Code).
Analytical cookies: these are cookies used to collect and analyze traffic and use of the site anonymously. These cookies, even without identifying the user, allow, for example, to detect if the same user returns to connect at different times. They also allow you to monitor the system and improve its performance and usability. Disabling these cookies can be done without any loss of functionality.
Profiling cookies: these are persistent cookies used to identify (anonymously or not) user preferences and improve their browsing experience.
Third-party cookies (analytical and/or profiling): these are cookies generated by organizations not belonging to the Site, but integrated into parts of the Site page. Think, for example, of Google’s “widgets” (e.g. Google Maps) or “social plugins” (Facebook, Twitter, LinkedIn, Google+, etc.).
“Navigation Data“: these are the data that the computer systems and software procedures used to operate the site acquire, during their normal operation, and whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are canceled immediately after processing.
“Special Data“: personal data “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, […] relating […] to the sex life or sexual orientation of the person” (art. 9.1 GDPR), “related to health” (“personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information relating to his state of health”, as defined by article 4, subparagraph 1, no. 15, of the GDPR) and “personal data relating to criminal convictions and crimes or related security measures” (article 10 of the GDPR), as well as “genetic” data ( “personal data relating to the inherited or acquired genetic characteristics of a natural person which provide unambiguous information on the physiology or health of that natural person, and which result in particular from the analysis of a biological sample from the natural person in question”, such as defined by art. 4, subparagraph 1, no. 13, of the GDPR); “biometric” (“personal data obtained from a specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person which allow or confirm its unique identification, such as the facial image or dactyloscopic data”, as defined by the art. 4, subparagraph 1, n. 14, of the GDPR).
“Data”: one or more of the categories indicated as personal data and particular data.
“Personal Data”: “any information relating to an identified or identifiable natural person (“interested”); an identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social”, as defined by art. 4, subparagraph 1, no. 1, of the GDPR).
“Recipient“: “the natural or legal person, public authority, service or other body that receives communication of personal data, whether or not it is a third party”, as defined by art. 4, subparagraph 1, no. 9, of the GDPR.
“Dissemination“: “the giving knowledge of personal data to unspecified subjects, in any form, including by making them available or consulting them” (as defined in Article 2-ter, paragraph 4, letter b of the Privacy Code) .
“GDPR”: EU Regulation 2016/679 “relating to the protection of natural persons with regard to the processing of personal data, as well as to the free movement of such data and which repeals Directive 95/46/EC (general regulation on data protection) ”.
“Interested party“: “identified or identifiable natural person”, as defined by art. 4, subparagraph 1, no. 1, of EU Regulation 2016/679 (so-called “GDPR”).
“Registered“: the interested party who has activated the newsletter service.
“Limitation”: “the marking of stored personal data with the aim of limiting their processing in the future”, as defined in art. 4, subparagraph 1, no. 3, of the GDPR.
“Contact Form“: the section of the main page of the site through which the visitor can send requests for information.
“Marketing“: individually or collectively, the purposes of sending advertising material, commercial communication, direct sales and carrying out market research.
“Newsletter“: editorial and promotional content sent to Members.
“Applicable Law“: any provision, of any rank, pertaining to Italian law or to that of the European Union, in any way applicable to the site and/or services.
“Privacy Law”: Legislative Decree 196/2003 and subsequent amendments and/or additions (“Privacy Code”), as well as the General Provisions issued pursuant to art. 154 paragraph 1 of the same Code, the EU Regulation 2016/679 (“GDPR”) and the further applicable legislation, of any rank, including the opinions and guidelines elaborated by the WP29 and, from 25/5/2018, by the Committee .
“Profiling”: “any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning professional performance, economic situation, health , personal preferences, interests, reliability, behavior, location or movements of said natural person “, as defined in art. 4, subparagraph 1, no. 4, of the GDPR.
“Publication“: the action with which the owner communicates information on the site, without the implementation of procedures that require the Visitor to view it.
“Data Processor“: “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller”, as defined by art. 4, subparagraph 1, no. 8, of the GDPR.
“Services“: the services provided by the Centro Medico Santagostino.
“Site”: the web pages displayed through www.cmsantagostino.it, subdomains included.
“Third party“: “the natural or legal person, public authority, service or other body that is not the interested party, the data controller, the data processor and the persons authorized to process personal data under the authority directly from the owner or manager”, as defined by art. 4, subparagraph 1, no. 10, of the GDPR.
“Owner“: “the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of processing personal data”, as defined by art. 4, subparagraph 1, no. 7, of the GDPR.
“Processing”: “any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organisation, structuring, conservation, the adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction”, as defined by art. 4, subparagraph 1, no. 2, of the GDPR.
“User“: the person who uses the services of the Santagostino Medical Center.
“Visitor“: the natural person who uses a device and navigates the public pages of the site via the Internet.
“WP29“: the Working Group for the protection of individuals with regard to the processing of personal data, established pursuant to art. 29 of directive 95/46/EC, whose tasks are set out in art. 30 of directive 95/46/EC and in art. 15 of directive 2002/58/EC.
