Privacy Policy
Information ex Section 13 of Legislative Decree 196/2003 for processing sensitive data
Dear Sir/ Madam, in accordance with Legislative Decree 196/2003 concerning the personal data protection of people and other subjects, the processing of any information concerning you shall be based on the principles of correctness, lawfulness and transparency, protecting your privacy and your rights.
In particular, sensitive data shall only be processed with the written consent of the data subject and after authorization by the Garante for the protection of personal data (Section 26).
In accordance with Section 13 of the aforesaid decree, we inform you that:
- The sensitive data you give us shall be processed, within the limits of the Garante’s general authorization of 2/2004, for disclosing health and sex life details for the purposes indicated in this contract.
- The processing shall be carried out by electronic means.
- It is obligatory to provide personal data for the execution of this contract and any refusal to provide these data could mean the partial or total failure to execute said contract.
- The data may only be communicated to health practitioners in the emergencies specified under this contract (without prejudice to the ban disseminating data disclosing health, as per Section 65 (5) of Legislative Decree 196/2003).
- The data processor is SMARTBANK s.r.l. with offices in Rome, Via Vittorio Locchi, 9 REA n. 1115582.
- The data controller is Dr Irene Martini.
You are entitled at any time to exercise your rights with regards to the data controller, in accordance with Section 7 of Legislative Decree 196/2003, which for your convenience we reproduce here:
Legislative Decree 196 dated 30 June 2003. Section 7 – Right to Access Personal Data and Other Rights
1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him/her exist, regardless of their being already recorded, and communication of such data in intelligible form.
2. A data subject shall have the right to be informed:
a) of the source of the personal data;
b) of the purposes and methods of the processing;
c) of the logic applied to the processing, if the latter is carried out with the help of electronic means;
d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2);
e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative in the State’s territory, data processor or person in charge of the processing.
3. A data subject shall have the right to obtain:
a) updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. A data subject shall have the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
