Privacy Policy

PREMISE

This page describes how to manage the site www.medgeneraction.it with reference to the processing of personal data of users who consult it. This is the information provided pursuant to art. 13 of the 2016/679 European Regulation to those who interact with the company’s web services.

The information identifies some minimum requirements for the collection of personal data online, and, in particular, the methods, times and nature of the information that the data controllers must provide to users when they connect to web pages, regardless by the purposes of the connection.

THE OWNER OF THE TREATMENT

The data controller is Thema Srl with registered office in via Saragat, 5 – 40026 Imola (BO), VAT number 02770361208, email info@thema-med.com.

PLACE OF DATA PROCESSING

The treatments connected to the web services of this site take place at the registered office and are only

handled by technical staff of the office in charge of processing, or by any occasional appointees

maintenance operations. No data deriving from the web service is communicated or disseminated. The personal data provided by users who submit requests to send information material are used for the sole purpose of performing the service or provision requested.

TYPES OF DATA PROCESSED

Navigation data: the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this possibility, the data on web contacts do not persist for more than seven days.
Data provided voluntarily by the user: the optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.

USE OF COOKIES

With regard to the methods of use of cookies, please refer to the additional and specific “extended information” (Cookie Policy) published on this site and elaborated on the basis of the provisions of the Provision of 8 May 2014 issued by the Italian Guarantor for the protection of personal data as amended from the Provision n. 231 of June 2021, which integrates and completes this document.

OPTIONAL SUPPLY OF DATA

Apart from what is specified for navigation data, the user is free or not to provide personal data.

Failure to provide them may make it impossible to obtain what is requested.

METHODS OF PROCESSING

Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

TRANSFERS TO THIRD COUNTRIES

Personal data may be transferred to foreign countries of the European Union or non-EU and transmitted to private companies and institutional bodies for purposes related to the services requested and for the needs of territorial jurisdiction. The data is sent for cross-border processing, according to the principles of necessity, limited to the strictly necessary information. Data transfer takes place exclusively under the following conditions:

Countries covered by adequacy decisions pursuant to art. 45 GDPR 679/16 EU;
in the absence of adequacy decisions, the processing, with reference to Art. 46 GDPR 678/16 EU, takes place after agreement with the recipient of the data in compliance with binding clauses and corporate rules in accordance with article 47; standard data protection clauses adopted by the Commission in accordance with the examination procedure referred to in Article 93 (2);
in the absence of adequate guarantees, the Data Controller, pursuant to art. 49 GDPR 679/16 EU, if the transfer is necessary to fulfill contractual and / or legal obligations, it communicates the data by preparing all the technical-organizational security measures such as, where possible, minimization, pseudonymisation of the data, verification of the reliability of the recipient.

RIGHTS OF INTERESTED PARTIES

The subjects to whom the personal data refer have at any time the right to request access to the data and their correction, the cancellation of the same, the limitation of processing, the right to oppose their processing, in addition to the right to the portability of the data. data; they also have the right to lodge a complaint with the supervisory authority.

Requests should be addressed to the Data Controller

CONTACT DETAILS:

a registered letter with return receipt to Thema Srl via Saragat, 5 – 40026 Imola (BO)
an e-mail to info@thema-med.com
company website medgeneraction.it

This constitutes the “Privacy Policy” of this site which will be subject to updates.

COOKIE POLICY

PREMISE

This Cookie Policy has been drafted and customized specifically for the site https://www.medgeneraction.it/owned by Thema Srl based in via Saragat, 5 – 40026 Imola (BO), VAT number 02770361208, email info@thema-med.com. This Policy was drawn up on the basis of the provision of the Guarantor for the protection of personal data no. 229 of 8 May 2014 “Identification of the simplified procedures for the information and the acquisition of consent for the use of cookies” and New provision no. 231 of 10 June 2021 “Guidelines for cookies and other tracking tools”. It integrates and updates other information already present on the site and / or previously issued by the company, in combination with which it provides all the elements required by art. 13 of EU Regulation 2016/679.

IMPORTANT NOTICE

All third parties are informed that the use of this information, or even only some parts of it, on other websites in reference to which it would certainly be irrelevant and / or incorrect and / or incongruent, may lead to the infliction of heavy sanctions by the Guarantor Authority for the protection of personal data.

WHAT ARE COOKIES

In practical and non-technical terms, the cookie can be considered a tracking system consisting of a small file, stored by the website in the user’s device while browsing, used with the aim of saving the preferences shown during navigation, and to improve the performance of the website, optimizing the browsing experience.

In technical terms, cookies are defined as text strings (generally formed by the combination of letters and numbers) that the websites (so-called first parties) visited by the user or different sites / web servers (so-called third parties) place and they store, directly and / or indirectly within a terminal device (PC, tablet, smartphone, etc.) that is available to the user. The servers for internet browsing or for device operation can store cookies and then retransmit them to the same sites that generated them, in view of a subsequent visit by the same user. Specifically, these tracking tools allow the Site to recognize a particular device or browser.

TYPES OF COOKIES AND RELATED PURPOSES

Cookies can be classified into:

Technical cookies used for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary for the provider of an information society service explicitly requested by the contractor or by the user to provide this service as required by ‘art. 122 paragraph 1 of the Privacy Code. These types of cookies do not require the acquisition of consent by the user but must be indicated in the cookie policy.
Profiling cookies used to link specific actions or behavioral patterns to specific, identified or identifiable subjects in order to allow the owner to modulate the provision of the service in a more personalized way and to send advertising messages in line with the preferences expressed by the user during the navigation.
Analytics cookies installed on the user’s terminal by managers of the visited site or third-party sites. Third-party cookies, mainly having analysis purposes, mostly derive from the Google Analytics functions. You can get more information on Google Analytics by clicking on the following link: http://www.google.it/intl/it/analytics. In any case, cookies do not allow the data subject to be identified and are intended to refer to the single device or single application in order to avoid tracking the user’s browsing data. Analytics cookies can be treated in the same way as technical cookies, and therefore regardless of the user’s consent, under the following conditions:
- The use is limited to the production of aggregate statistics that can be used in relation to the site visited by the user;
- With reference to the so-called third-party analytics cookies, the fourth part of the IP address being tracked must be masked;
- With regard to the so-called third-party analytics cookies, the third party must be prevented from using the analytics cookies in combination with other processing or transmitting them to other third parties.

APPLICABLE LAW

For the use of cookies and other technical tracking tools, the data controller is subject to the sole obligation to provide specific information to the interested party. With regard to cookies and other tracking tools for purposes other than technical ones, their use is permitted only after obtaining the user’s informed consent, which must be expressed with an unequivocal act pursuant to Recital 32.

CONSENT ACQUISITION MECHANISM

The data controller guarantees the mechanism for acquiring consent through the presentation of a banner when the user first accesses the site.

The banner contains:

An information on the site’s use of technical cookies with a link to the privacy policy and cookie policy.
Button that allows consent to be accepted.
Button that allows user to deny consent.
Button that allows you to configure cookie settings/preferences. The latter leads to a further band where you can select and customise your ‘privacy settings’.

In the event that the user does not consent to the use of cookies and other tracking tools, and in the event that the user has chosen to give consent only for the use of certain cookies, the choice is recorded and no longer solicited, except in the following cases:

when one or more conditions of the processing significantly change
when it is impossible for the site operator to know whether a cookie has already been stored in the device
when at least 6 months have elapsed since the previous presentation of the banner.

[render_cookies_list]

BROWSER SETTINGS

We also inform you that the user can configure, freely and at any time, his privacy parameters in relation to the installation and use of cookies, directly through his navigation program (browser) following the relative instructions.

In particular, the user can set the so-called “private navigation”, thanks to which his navigation program interrupts the saving of the history of the sites visited, any passwords entered, cookies and other information on the pages visited.

We warn that in the event that the user decides to disable all cookies (including those of a technical nature), the quality and speed of the services offered by this website could drastically deteriorate and access to some sections of the same site could be lost.

RIGHTS OF INTERESTED PARTIES

We inform you that as interested in the treatment you have the right to exercise the following rights:

Right of access pursuant to art. 15 of EU Reg. 20167679, the interested party has the right to confirm whether or not personal data concerning you is being processed and in this case, he can obtain, among other things, access to your personal data and information concerning the purposes of the processing, the categories of personal data in question, the recipients or categories of recipients to whom the personal data have been or will be communicated.

Right of rectification pursuant to art. 16 of the Regulation:

rectification of inaccurate personal data concerning you without undue delay
integration of your personal data, if incomplete.

Right to cancellation (“right to be forgotten”) pursuant to art. 17 of the Regulation deletion of personal data concerning you without undue delay.

Right to limitation of treatment pursuant to art. 18 of the Regulation limitation of processing in the following cases:

the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
the processing is unlawful and the interested party opposes the cancellation of personal data and requests instead that its use be limited;
although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
the interested party opposed the processing pursuant to article 21, paragraph 1, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party

Right to data portability pursuant to art. 20 of the Regulations it is possible to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning you and in our possession;

Right to transmit such data to another data controller without impediments by the data controller to whom it provided them in the cases referred to in Article 20 of the Regulation.

Right of opposition for treatments carried out pursuant to article 6, paragraph 1 letters e) or f) and pursuant to art. 21 of the Opposition Regulation, at any time, for reasons connected with your particular situation, to the processing of personal data concerning you including profiling.

The aforementioned requests may be addressed to the Data Controller

The Data Controller is Thema Srl based in via Saragat, 5 – 40026 Imola (BO), VAT number 02770361208, email info@thema-med.com

Requests can be sent via:

a registered letter with return receipt to Thema Srl via Saragat, 5 – 40026 Imola (BO)
email to info@thema-med.com

Furthermore, in the event that it is believed that the processing has been carried out in violation of the legislation on the protection of personal data, the right to lodge a complaint with the Guarantor Authority for the protection of personal data, Piazza Venezia, 11 – 00187 – Rome is recognized.

MDG REGISTRATION INFORMATION

Dear Customer,

Thema S.r.l, in its capacity as Data Controller under Art. 4 and Art. 13 of EU Regulation 2016/679, wishes to inform you that it will process your personal data manually and/or with the support of computerised means for the purposes indicated below.

DATA CONTROLLER

The data controller is Thema S.r.l. with registered office in via Saragat, 5 – 40026 Imola (BO), VAT No. 02770361208, e-mail info@thema-med.com

TYPE OF DATA PROCESSED

The personal data being processed include:

identifying data such as name, surname, educational qualification, role held in the company;
contact details such as telephone number and e-mail;
invoicing data such as VAT Number/tax code;
accounting, fiscal, administrative, and banking data necessary for the management of contractual relations and/or pre-contractual requests;
contact details for billing operations such as billing address, and city.

DATA PROCESSING PURPOSE

The personal data you provide will be processed for purposes related to:

the execution and management of the contract, including any pre-contractual phase, and, specifically, the compilation of master lists, bookkeeping, invoicing, communications by both paper and electronic means, tax fulfilment, organisational management of the services requested and conclusion of contracts, management of appointments, processing of orders, deliveries, and bureaucratic fulfilments relating to the services requested. Data will be processed for contractual fulfilments related to participation in MedGenerAction (MDG).
the fulfilment of legal obligations under tax and fiscal legislation;
the sending to data subjects of communications of similar services – soft spam –based on the legitimate interest of the data controller;
marketing activities, and specifically, the sending of advertising and/or promotional commercial communications.

LEGAL NATURE OF THE CONTRIBUTION

The provision of personal data is mandatory. Failure to provide personal data will make it impossible for us to execute contracts and other related obligations, as well as to properly manage mutual business relations. For the purposes referred to in point 3), the data subject may exercise the right to opt-out, i.e. the right to refuse the sending of such communications free of charge. For the purpose referred to in point 4), the provision of data is optional; however, failure to provide such data will make it impossible for the data controller to carry out the processing operations related to that purpose.

LEGAL BASIS FOR PROCESSING

The legal basis of the processing for the purpose referred to in point 1) is found in the fulfilment of a contractual obligation under Art. 6(b) EU Reg. 679/2016; the legal basis of the processing for the purpose referred to in point 2) is the fulfilment of a legal obligation within the meaning of Art. 6 c) EU Reg. 679/2016; the legal basis for the purpose referred to in point 3) is to be found in the legitimate interest of the data controller as provided for in Art. 6(f) EU Reg. 679/2016; the legal basis for the purpose referred to in point 4) is to be found in the consent expressly given by the person concerned, which may be revoked at any time, as provided for in Art. 6(a) EU Reg. 679/2016.

RECIPIENTS OF PERSONAL DATA

The data processed will not be disclosed to third parties. Recipients of the data acquired may in any case be, in addition to the data controller:

entities, professionals, companies or other structures entrusted by us with the processing related to the fulfilment of administrative, accounting and management obligations associated with the ordinary course of our business;
public authorities and administrations for purposes related to the fulfilment of legal obligations or to persons entitled to access them by provisions of the law, regulations, and EU rules;
banks, financial institutions or other entities to which the transfer of such data is necessary for the performance of our business activities in connection with the fulfilment by us of our contractual obligations to you;
authorised internal staff within the organisation of the data controller;
consultants and business associates for purposes related to the provision of services;
consultants and company collaborators acting as Joint Data Controllers, Data Processors, Designated Persons or persons authorised to process data on, by way of example but not limited to, legal, administrative, tax, insurance, IT matters.

The list of data controllers is available on request.

MODES OF DATA COLLECTION AND RETENTION TIMES

The personal data collected will be processed under the principles of lawfulness, correctness and transparency and in such a way as to guarantee their security and maximum confidentiality. Your data will be stored in a form that permits identification of the data for a period not exceeding the fulfilment of the purpose for which the data was collected.

The personal data collected for the purposes set out in point 1) will therefore be kept for the duration of the entire contractual relationship and no longer than 10 years from the termination of the contract (Art. 2946 of the Italian Civil Code on the statute of limitations). Data which are strictly necessary for tax and accounting purposes, once the purpose for which they were collected no longer applies, will be kept for 10 years as stipulated in Article 2220 of the Italian Civil Code. Personal data collected for the purposes referred to in point 3) will be processed for as long as it is strictly necessary for the pursuit of those purposes, in any case for as long as the legitimate interest of the data controller persists. Personal data collected for the purposes referred to in point 4) will be processed for the time strictly necessary for the pursuit of the purposes, in any case not longer than 24 months, and/or until the express revocation of consent by the data subject.

DATA TRANSFER

Personal data may be transferred to foreign countries within the European Union or outside the EU and passed on to private companies and institutional bodies for purposes related to the services requested and for territorial competence needs. The data are sent for cross-border processing, according to the principles of necessity, limited to the strictly necessary information. The transfer of data takes place exclusively under the following conditions:

Countries covered by adequacy decisions under Art. 45 GDPR 679/16 EU;
in the absence of adequacy decisions, the processing, regarding Art. 46 GDPR 678/16 EU, is carried out after agreement with the recipient of the data in compliance with binding corporate clauses and rules under Article 47; the standard data protection clauses adopted by the Commission following the examination procedure referred to in Article 93(2);
in the absence of adequate safeguards, the Data Controller, under Article 49 GDPR 679/16 EU, if the transfer is necessary to fulfil contractual and/or legal obligations, shall disclose the data by putting in place all technical and organisational security measures such as, where possible, minimisation, pseudonymisation of the data, verification of the recipient’s reliability.

RIGHTS OF THE DATA SUBJECT

Under Articles 15 – 22 of the Regulation, we inform you that concerning the processing of your personal data you may exercise the following rights: The right to access your personal data; the right to rectification and integration of personal data; the right to erasure of data ‘right to be forgotten’); the right to restriction of processing; the right to lodge a complaint with the Authority for the protection of personal data, following the procedures and indications published on the official website of the Authority www.garanteprivacy.it; right to data portability; right not to be subject to a decision based solely on automated processing, including profiling; right to withdraw consent at any time.

The exercise of rights is not subject to any formal constraints and is free of charge.

WAYS OF EXERCISING RIGHTS

The person concerned may exercise his or her rights at any time by sending:

– a registered letter with a return receipt to Thema S.r.l. via Saragat, 5 – 40026 Imola (BO)

– an e-mail to info@thema-med.com

DECLARATION OF CONSENT FOR SENDING PROMOTIONAL AND ADVERTISING MATERIAL

The undersigned declares his or her specific consent to the processing of personal data that may be processed by Thema S.r.l., as Data Controller, to send promotional and advertising material. The undersigned declares that he/she has received full information under Articles 13 and 14 of the EU Regulation 2016/679, and gives his/her consent to the processing of his/her data for the above-mentioned purposes.