PRIVACY POLICY & COOKIES

This policy for managing personal data transmitted via the web (hereinafter called “Privacy Policy”) was drafted by Garofalo Health Care S.p.A. in order to enable patients and website users to understand who the data controller is, what information is collected, how it is processed, for what purposes, the security measures in place, and how to identify one’s rights, as laid down in EU Regulation 2016/679 ("GDPR” - General Data Protection Regulation) and by the national legislation in force on the protection of personal data. This document aims to describe the management procedures of the www.garofalohealthcare.com official website with regard to the processing of personal data of persons (“users”) who consult the site, as described below.

The Privacy Policy concerns those users who access the site, as well as those who communicate with Garofalo Health Care by sending e-mail messages to the addresses indicated on the site.

Information is disclosed only to the www.garofalohealthcare.com website and not to any other website consulted by the user via connecting links, which, from time to time, submit specific information for the services requested.

THE “DATA CONTROLLER"

When a user consults the site, data relating to the identified or identifiable persons may be processed by manual, computerized and automated systems. The “Data Controller" is Garofalo Health Care S.p.A., with registered office at Piazzale delle Belle Arti, 6 - 00196 Rome. The Data Controller confirms the appointment of a Data Protection Officer, who can be contacted at the following e-mail address: dpo@garofalohealthcare.com.

DATA REPORTING AND DISSEMINATION

Data processing on this site takes place at the headquarters of Garofalo Health Care S.p.A. and is handled by responsible technical staff who are continually identified and/or appointed, appropriately trained and made aware of the constraints imposed by the law. Security measures are used to ensure data protection, prevention of data loss or destruction risk, unauthorized access or data possessing which is not in compliance with the said objectives. Security measures are constantly improved based on technological developments. No personal data derived from the web service will be disseminated. However, without prejudice to the foregoing, the following provisions may apply when: data is communicated to companies expressly appointed to perform certain services within the activity carried out by the Data Controller, and/or, in general, in his/her favour, when operating as autonomous holders and/or data controllers, as well as the communication and/or dissemination of data required, in compliance with the law, by police forces, judicial authorities, information and security bodies or other public entities for defence or security purposes of the State, or for the prevention, detection or repression of crimes.

NAVIGATION DATA

The computer systems and software procedures used to operate this website, in the normal course of operation, acquire personal data, the transmission of which is implicit in the use of internet communication protocols. This concerns information that is not collected in order to be associated with specific identified data subjects, but, by their own very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of user computers connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (success, error, etc.) and other parameters regarding the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on site usage and to check its correct functioning, in compliance with the conditions laid down in Article 6.1(f) of the GDPR. The said data could be used to ascertain responsibility in the case of hypothetical cyber-crime to the detriment of the site: currently, except for this possibility, data relating to web contacts are not stored for a period longer than one thousand days.

DATA SUPPLIED VOLUNTARILY BY THE USER AND RELATIVE PURPOSE

The optional, explicit and voluntary sending of e-mails to the addresses listed on this site involves the subsequent acquisition of the sender's address by the Owner, which is necessary in order to respond to requests, as well as any other personal data included in the message, always in compliance with the law in accordance with Article 6.1(b) of the GDPR.

OPTIONALITY OF DATA SUPPLY

Apart from that specified for navigation data, the User is free to provide personal data in order to access the site (request information, register for newsletters, donations, etc.). However, failure to provide the requested data may lead to the impossibility to communicate with the Data Controller and/or obtain what was requested.

USING COOKIES OR PERMANENT USER TRACKING/MONITORING SYSTEMS

No user’s personal data is acquired by the site. We do not use cookies for the transmission of information of a personal nature, nor so-called persistent cookies of any kind, or systems, for the tracking of users. The use of session cookies (which are not stored permanently on the user's computer and are deleted once the browser is closed) is strictly limited to the transmission of session identifiers (formed by random numbers generated by the server) which are necessary to enable safe and efficient exploration of the site. The session cookies used in this website avoid the use of other information technologies that could potentially compromise the privacy of users and not permit the acquisition of the user’s personal data.

DURATION OF PROCESSING AND STORAGE OF PERSONAL DATA

The User's personal data is processed by the Data Controller only for the time necessary to achieve the said purposes; after this short period of time, the data will be kept only to fulfil existing legal obligations on the matter, for administrative purposes and/or to enforce or defend legal rights in the event of legal disputes and pre-litigation.You have the right to obtain:

RIGHTS OF THE INTERESTED PARTIES (ARTICLE 15 OF THE GDPR)

You have the right to obtain:

  • confirmation of the existence or not of your personal data, even if not yet registered, and its communication in an intelligible form and/or access to it;
  • a copy of your personal data;
  • correction of your personal data if inaccurate;
  • cancellation of your personal data;
  • limitations in processing your personal data;
  • obtain the personal data which you provided or which you yourself created, in a structured format, for common use and in a machine-readable format, and to transmit the data to another data controller (the so called “data portability”);
  • obtain indication of: a) the origin of personal data; b) the categories of personal data processed; c) the purposes and methods of processing; d) other logic applied in case of treatment carried out with the aid of electronic instruments; e) the identifying details of the Data Controller and of any responsible parties; f) the retention period of your personal data or of the criteria useful for determining this period; g) the subjects or the categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents authorized to process the data in the name and on behalf of the Owner (under Article 4 of the Regulation); h) updating, rectification or, when interested, integration of data; i) the transformation into anonymous form or the blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; j) the attestation that the operations referred to in sections a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfilment proves impossible or involves the use of means manifestly disproportionate to the protected right.

You also have the right to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even though they are relevant to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.

Finally, we inform you that if you believe that your rights have been violated by the Data Controller and/or a third party, you have the right to lodge a complaint with the Data Protection Authority and/or other competent supervisory authority by virtue of the GDPR. Requests should be sent to the Data Controller, without formalities, by sending a communication to the following e-mail address: dpo@garofalohealthcare.com; or to the certified email address (PEC address): pierpaolo.maio@pec.net indicating the subject "Privacy - exercise of rights pursuant to Article 15 (and as subsequently amended) of the GDPR "

Your experience of the site will be improved thanks to the use of cookies.