Pursuant to Article 13 of the EU regulation 2016/679 (“GDPR”), we hereby inform you that Aptiva Medical Srl (the “Company” or the Data Controller) will process the personal data you supply (“Data”) acting as Data controller.
1. Data Collected
- Biographical data (Name and Surname, age, gender); Contact details (address, post code, city, state/county, country, email address) Bank Details
- Operating system and internet browser used
- Demographic information, such as preferences and interests
- Product reviews and opinions
2. Processing Methods
The data collected by aptiva medical s.r.l. are used solely for continual improvement of the expected services. The processing methods are collection, registration, organization, storage, consultation, use, communication and cancellation.
This Web Site is a processing the users’ Data while applying appropriate safety measures in order to prevent any unauthorised access, disclosure, alteration or destruction of the Data. Data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject, by way of computer and/or computerised systems, as well as according to organisational methods and logic strictly related to the purposes stated. In some circumstances, different staff representatives involved in the Web Site organisation (such as administrative, commercial, marketing, legal affairs staff and system administrators) or external third parties (such as third-party technical service providers, hosting providers, computer companies and communication agencies) may access to Data in addition to the Data Controller. The updated list of the responsible for processing data, can always be requested to the Data Controller.
3. Legal basis and purposes of the processing
Pursuant to Article 5 of the GDPR, both Data supply and the relevant consent to collect and process such Data are voluntary. A web user may deny his/her consent and he/she is allowed to revoke any existing consent at any time (by registered mail to Data Controller). However, should the web user deny his/her consent, some services might not be provided and such denial might prejudice his/her navigation experience. This Web Site also processes some Data even for legitimate interests of the Data Controller. Data collected for purposes related to the Data Controller’s legitimate interest shall be held until such interest is met.
Therefore, the Company shall process Data for information and promotion of consulting activities related-purposes, including the use of such Data for future surveys or similar activities, such activities being in line with the main purposes of this processing.
Any voluntary and deliberate transmission of messages to the Data Controller addresses, as well as any willing completion and submission of Web Site forms included on the Web Site being completed and sent shall result in collecting the sender’s contact details, together with all his/her personal details included in his/her communications. Personal data supplied by the data subject in order to make use of the services offered on the Web Site shall be processed to act on his/her request in compliance with this policy and the specific privacy policies delivered during the acceptance of each service. Such Data shall be stored for a period enabling the supply of the service requested and/or necessary to handle any claims
Google Analytics (hereafter simply “Analytics”) is a statistical service offered by Google Inc., whose head office is 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Its aim is to track access to websites and web resources. Its administrators are able to generate and display aggregated and anonymous data for statistical purposes. In order to function, Google Analytics requires the site pages to include a tracking code that identifies the pages visited by users, the domain names and the type of browser of the computers used etc. This data is considered anonymous, since it does not enable identification of the user.
The data collected is used by Google for statistical purposes in order to assess correct use of the site and improve its efficiency.
5. Storage Period
The Data will be entered in the company database and kept for the time necessary for the purposes of the processing. After the time-limit on data storage, the Data will be destroyed or anonymized.
6. Rights of the Data Subject/Users
The user, according to the EU General Data Protection Regulation (GDPR), shall have the right to :
- Transparent information, communication and modalities for the exercise of the rights of the data subject.
- Right to revoke consent. The data subject can exercise its right to revoke consent towards processing of his/her data.
- Right to object. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
- Information and access to personal data. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
- Right to rectification anytime. The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
- Right to restriction of processing. The data subject shall have the right to obtain from the controller restriction of processing
- Right to erasure (‘right to be forgotten’). The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay under certain conditions.
- Right to lodge a complaint. Every data subject should have the right to lodge a complaint with a single supervisory authority, and the right to an effective judicial remedy in accordance with Article 47 of the Charter.
- Right to data portability. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
- Or, as well as, more widely, you can exercise all rights that are recognized by the legal provisions in force.
7. How to exercise you Rights
Users to exercise the rights can make a request to the Data Collector contacts, indicated in this document. The requests are filed for free and processed by the Data Collector as soon as possible.
8. Place of processing and Data Controller
Aptiva Medical s.r.l.
Via Gadames, 57/7 20151 Milan (Italy)
Tel.: +39 02 48714472
Data collected through the web site shall be processed by Data Controller at the registered office and on locations where aptiva medical srl operate according to GDPR. For more information, contact the Data Controller.