INFORMATION ON THE HANDLING OF PERSONAL DATA PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679 (“GDPR”) AND ITALIAN LEGISLATIVE DECREE 196/03.
Dear User, EU Regulation 2016/679, known as “GDPR”, and Italian Legislative Decree 196/03 are concerned with protecting the privacy of the personal data belonging to natural persons. In particular, they impose several requirements on the subject who handles these personal data (referred to as the “Data Controller”), including the obligation to provide information (in the form of a privacy statement) to the person to whom such data refer (the “Data Subjects”). With this document, Research2Guidance GmbH and Healthware Group srl are fulfilling their requirements to provide a privacy statement as per the GDPR, informing you of the use we make of the data you provide when you download a brochure or express interest in a specific training initiative.
1. Data Controller
The Data Controller for this website are Research2Guidance GmbH, domiciled at the administrative/legal premises of Torstrasse 218, 10115 Berlin, Tel.: +49 30 400 424 32, and email address email@example.com and Healthware Group srl domiciled at the administrative/legal premises of Piazza Abate Conforti SNC, 84121 Salerno Tel.: +39 089.3061411 and email address www.healthwaregroup.com/privacy-policy
2. Data Protection Officer - DPO
Within the context of its organizational structure, the Data Controllers have appointed one Data Protection Officer or “DPO”, who can be contacted by any Data Subject “in all issues which relate to the protection of personal data. The DPO’s contact details are the following:
Healthware Group Data Protection Officer
Silvio Tortora Maione
3. The purposes and procedures of data processing
The Data Controller is only in possession of the personal data that you provided when downloading a brochure and/or other information material, or when you expressed interest in an initiative proposed by the Data Controller. Your personal data will be processed exclusively:
- To distinguish you based on your preferences and interests.
- If you explicitly provide your consent, to send you information material, notify you of events and promotional initiatives and/or send you commercial and direct marketing communications about the services offered by the Data Controller, the relative offers, discounts/special prices and any other promotional or loyalty offers.
When contacting you subsequently, we may use both traditional and totally automated systems, and contact you through your home address and/or email address, and also send SMS or MMS messages directly to your mobile phone.
Your personal data are processed via manual and electronic instruments and are stored in the designated digital database. Personal data contained in the above automated computer system, as well as those stored in the Data Controller’s digital archives, are processed in compliance with what is set out under current legislation and, in particular, in the constant and absolute respect of the safety measures as per GDPR, Art. 32, in order to reduce as far as possible the risks of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, or process the data in a way that does not comply with the purposes for which such data were gathered.
4. Type of personal data processed
The Data Controller will process your personal data, including but not limited to, your first name and family name, your address and some professional information, as well as an email address (hereafter “Data”).
Data relating to your preferences and interests will be retained for 5 (five) years, while your contact data will be stored until you ask us to delete them.
5. Providing personal data and consenting to the processing of such data - Consequences if data are withheld.
Providing your personal data to download the MIP brochure is optional and requires your consent (GDPR, Art. 6, section 1, letter b) but should you not consent to provide the data requested, it may be impossible for Data Controller to contact you about the training program you are interested in. Providing your personal data for commercial communication and direct marking purposes is also optional and requires your consent (GDPR, Art. 6, section 1, letter b) but should you not authorize us to process the data, it may be impossible for us to identify your interests and notify you about events, initiatives and programs in line with your preferences.
6. Data communication context
We will not circulate your Data. However, for the purposes of the data processing set out above, your Data may come to the attention of the following:
- Subjects that can access data under Italian and/or European Union, law, rules and legislation, within the limits set in this legislation.
- Employees and collaborators who operate under the direct authority of the Data Controller, as long as they have previously been instructed in the processing of the data and authorised to do so under Art. 29 of the GDPR, including as System Administrators.
- Subjects that operate as external Processors (under GDPR, Art. 4.8 and Art. 28), expressly appointed by R2G and Healthware Group, for purposes ancillary to the activities and services delivered by R2G. These include companies that offer computer assistance and consultancy or provide software and/or website design and implementation services, debt collection companies, brokerage firms, shipping and home delivery agencies, commercial agents and partners, companies that offer advertising and marketing services, and professionals, companies and consultants appointed to supply specific services to the Data Controller, always within the limits of the purposes for which such data were collected.
Any transmission or communication of these data will also take place in the respect for what is set out in law concerning the protection of personal data, including aspects relating to safety measures.
7. Data communication context
This may lead to data being transferred to a third country outside the EU, but only:
- To a third country where the European Commission has decided that the third country ensures an adequate level of protection (GDPR, Art. 45).
- To countries outside the European Economic Area (EEA) subject to appropriate safeguards (standard data protection clauses) adopted/approved by the European Commission under Art. 46(2)(c) and (d). In this event, you can request a copy of the guarantees under Art. 46(2)(c) and (d) adopted by the Data Controller by sending an email to the DPO.
- To a group of undertakings, or group of enterprises, with an international structure and which have in place binding corporate rules that apply to and are enforced by every member concerned of the group of undertakings, or group of enterprises, as per GDPR, Art. 47.
- When the data subject has explicitly consented to the proposed transfer for the performance of a contract or the implementation of pre-contractual measures, for the establishment, exercise or defense of legal claims, to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent (GDPR, Art. 49).
8. The rights of Data Subjects (GDPR, Art. 15 et seq.)
Data Subjects have the right to know from the Data Controller whether personal data relating to them is being processed and potentially ask for access to and rectification or erasure of personal data or restrictions on processing their data, or to object to the processing - if not required by law - as well as the right to data portability.
Data Subjects have the right to withdraw their consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation. The rights set out above can be exercised simply by making a request to the DPO.
Data Subjects also have the right to lodge a complaint with a supervisory authority.
Research2Guidance GmbH and Healthware Group srl have set up a CRM system to improve its user involvement proposal.