PRIVACY POLICY FORM BOOK VISIT
As provided for by the regulations in force (Art. 13 General Data Protection Regulation, hereinafter also RGPD), Prof. Pietro Lorenzetti, the data controller (hereinafter also referred to as "Data Controller" or "Professional"), provides users interested in contacting the Professional to book an examination through the form provided on the website www.pietrolorenzetti.it with information regarding the processing of their data.
WHO IS THE DATA CONTROLLER?
The Data Controller is Pietro Lorenzetti, Via Teseo 13, 95126 Catania, P.IVA 01162690893.
WHAT DATA IS PROCESSED?
The data processed are those provided by the user by filling in the visit booking form.
The user, through the field dedicated to the message, will not have to provide any special data (such as health data), as the form is not dedicated to consultations but only to requests for booking visits.
In the event that the User mistakenly provides special data when sending the booking request, this data will be deleted.
WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PROCESSING?
The personal data provided by the user through the appropriate form are used for the sole purpose of responding to the request of the interested party.
The legal bases for the processing of such data are therefore: the adoption of measures relating to the pre-contractual relationship.
Should it become necessary, the data may also be used for the legitimate interest of the data controller to carry out defensive activities or to assert or defend a right in court.
HOW IS THE DATA MANAGED?
The data collected are processed using computerised tools and only residually on paper.
For data processing related to the services of the website, the Data Controller uses servers located within European territory and computer systems located in the offices where the Data Controller carries out its activities. There are no plans to transfer user data abroad for the purposes indicated herein.
Adequate security measures are taken to prevent data loss, illicit or incorrect use and unauthorised access.
Data provided directly by the data subject are stored for the time strictly necessary to process the data subject's requests and then deleted, subject to defensive requirements (which may require further storage).
WHAT HAPPENS IF DATA IS NOT PROVIDED?
The provision of data is optional but, without it, it will not be possible for the data controller to respond to requests made by the data subject.
WHO CAN KNOW THE DATA?
The data will be processed by the Data Controller. The data may be known by the IT companies that the data controller uses for the provision of hosting services and assistance and maintenance of the systems used, and by the consultants for the management of litigation and legal assistance in the event of any disputes requiring their involvement. The data may also be disclosed to the companies that provide outsourced secretarial and administrative services for the data controller and to the competent authorities in the event of specific requests that the data controller is required by law to comply with.
It should be noted that some of the persons indicated operate as data processors and that communication to those who operate as autonomous data controllers is made because it is prescribed by legal obligations or necessary to fulfil the obligations arising from the contractual relationship or the legitimate interest of the data controller consisting in maintaining the security of the information systems and in carrying out defence activities through legal advisors.
Communication is in any case limited to the categories of data whose transmission is necessary for the performance of the activities and purposes pursued.
The data subject may request from the Data Controller the list of external entities that carry out their activities as data processors.
WHAT ARE THE DATA SUBJECT'S RIGHTS?
The law recognises the data subject's right to request from the data controller access to and rectification or erasure of personal data or restriction of processing concerning him or her, or to object to its processing.
The data subject may assert his or her rights at any time, without formalities, by contacting the data controller at the email address info@pietrolorenzetti.it.
The rights recognised by current legislation on the protection of personal data are detailed below.
The right of access, i.e. the right to obtain from the controller confirmation as to whether or not personal data relating to him are being processed and, if so, to obtain access to the personal data and to the following information (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organisations; (d) where possible, the period for which the personal data are to be retained or, if this is not possible, the criteria used to determine that period; (e) the existence of the data subject's right to request from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing (f) the right to lodge a complaint with a supervisory authority; (g) where the data are not collected from the data subject, all available information as to their source; (h) the existence of an automated decision-making process, including profiling and, at least in such cases, meaningful information on the logic used, as well as the importance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or an international organisation, the data subject shall then have the right to be informed of the existence of the processing.
The right to rectification, i.e. the right to obtain from the data controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
The right to erasure, i.e. the right to obtain from the data controller the erasure of personal data concerning him/her without undue delay if: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws the consent on which the processing is based and if there is no other legal basis for the processing; (c) the data subject objects to the processing being carried out because it is necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority vested in the controller or for the pursuit of the legitimate interest and there is no overriding legitimate ground for the processing, or objects to the processing for direct marketing purposes (d) personal data have been unlawfully processed; (e) personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject; (f) personal data have been collected in connection with the provision of information society services to children.
However, a request for erasure may not be granted if the processing is necessary (a) for the exercise of the right to freedom of expression and information; (b) for the performance of a legal obligation requiring the processing provided for by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (c) for reasons of public interest in the field of public health; (d) for archiving purposes in the public interest, scientific or historical research or statistical purposes, insofar as erasure might render impossible or seriously jeopardise the attainment of the objectives of such processing; or (e) for the establishment, exercise or defence of legal claims.
The right to restriction, i.e. the right to obtain that data be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of a legal claim or to protect the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State if: (a) the data subject contests the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of those personal data; (b) the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that their use be restricted; (c) although the controller no longer needs them for the purposes of the processing, the personal data are necessary for the establishment, exercise or defence of a legal claim by the data subject (d) the data subject has objected to the processing on the ground that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in the furtherance of the legitimate interests of the controller or a third party, pending verification as to whether the legitimate interests of the controller outweigh those of the data subject.
The right to portability, i.e. the right to receive in a structured, commonly used and machine-readable format the personal data concerning him/her that he/she has provided to the data controller and has the right to have those data transmitted to another data controller without hindrance by the data controller to whom he/she has provided them, as well as the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible, where the processing is based on consent or on a contract and the processing is carried out by automated means. This right is without prejudice to the right to erasure.
The right to object, i.e. the right of the data subject to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in the furtherance of the legitimate interests of the controller or a third party. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him/her carried out for such purposes, including profiling insofar as it is related to such direct marketing.
The data subject is also informed that, should he or she consider that his or her personal data is being processed in breach of the provisions of the GDPR, he or she has the right to lodge a complaint with the Garante, as provided for in Article 77 of the Regulation itself, or to take legal action (Article 79 of the Regulation).
FURTHER INFORMATION
Further information on the processing of data linked to the website is contained in the privacy policy and cookie policy, which the user can access through the links in the footer of the site.