Last update: September 2020
Pursuant to Article 13 of the GDPR relating to the processing of personal data
The Company ElectroPhysiology Frontiers S.p.A., with registered office in Piazza Statuto 18, Turin, Italy, Tax Code and registration number with the Companies’ Register 12027670012 (“Company”), is committed to protecting the personal data of the user (“User”) of the website https://www.ep-frontiers.com/ (“Site”) and, as data controller, is required, pursuant to Article 13 of EU Regulation No. 679/2016 (General Data Protection Regulation, “GDPR”), to provide the User with certain information regarding the processing of personal data. This Privacy Notice does not apply to other websites owned by third parties, which can be reached through links on the Site. Please read the privacy policies of these websites of third parties in relation to their processing of personal data.
1. WHAT DATA CAN BE PROCESSED
Through the Site, the following types of User’s data (hereinafter jointly also “personal data”) can be processed.
A) Navigation Data
The computer systems and software procedures, aimed at the functionality of the Site, acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified subjects, but by its own nature could, through processing and association with data held by third parties, allow the identification of the Users. This category of data includes the IP addresses of the computers used by Users who connect to the Site, the URI addresses (Uniform Resource Identifier) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system used. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and it is deleted immediately after processing. The data could be used to ascertain responsibility in case of any computer crimes against the Site.
B) Personal data provided voluntarily by the User
The Company collects some personal data that can be voluntarily provided by the Users of the Site through specific forms present on the Site (section “Contacts”) or sent to the Company by e-mail or provided to the Company in another way (e.g. User who shows an active interest in the Company’s activities).
2. PURPOSES FOR WHICH PERSONAL DATA CAN BE PROCESSED
A) Managing information requests
The Company will process the personal data voluntarily provided by the User in order to manage and respond to information requests through the Site.
Legal Basis: fulfilment of a contractual obligation or execution of pre-contractual measures. The provision of personal data is necessary; otherwise, the Company will not be able to process the User’s requests.
B) Defence of rights during judicial, administrative or extra-judicial proceedings, and in the context of dispute arising in relation to the services/activities offered.
The Company may process personal data in order to defend its rights or to act or even to make claims against the User or third parties.
Legal Basis: legitimate interest of the Company in protecting its rights. Processing for the purpose of legitimate interest is not compulsory and you may object to such processing, but, if you do object to such processing, your data may not be used for the aforementioned purpose of legitimate interest, unless the Company demonstrates that there are compelling legitimate grounds for doing so or for exercising or defending a right under Article 21 of the GDPR.
C) Purposes related to obligations provided for by laws, regulations or EU legislation, by provisions/requests of authorities legitimized by law and/or by supervisory and control bodies.
The Company may process the User’s personal data in order to fulfil its obligations.
Legal Basis: compliance with a legal obligation. The provision of personal data for this purpose is necessary, otherwise, the Company will not be able to comply with specific obligations.
3. HOW WE KEEP PERSONAL DATA SECURE AND WHERE
The Company takes appropriate security measures to ensure the protection, security, integrity and accessibility of Users’ personal data.
All personal data is held on the Company’s secure computer systems (or appropriately stored hard copies) or those of our suppliers, and it may be accessible and usable in accordance with our standards and security policies (or equivalent standards for our suppliers).
The servers are located within the European Economic Area (“EEA”). Any transfer of processed personal data outside the EEA will be subject to the rights and safeguards provided by applicable law. Where personal data being processed is not transferred outside the EEA on the basis of an adequacy decision of the European Commission, other appropriate safeguards, such as model contractual clauses, will be in place.
4. HOW LONG WE RETAIN PERSONAL DATA
Navigation data is not retained for more than 7 (seven) days, unless the judicial authorities need to ascertain whether a crime has been committed.
In any event, for technical reasons, the stop of processing and the consequent definitive cancellation or irreversible anonymisation of the relevant personal data shall be definitive within 30 (thirty) days of the aforementioned deadlines.
With particular reference to the judicial protection of our rights or in the event of requests by the authorities, the data processed will be kept for the time required to process the request or to pursue the protection of your rights.
5. WITH WHOM WE MAY SHARE PERSONAL DATA
You can contact us using the contact details provided in the “Contacts” section if you would like to see the list of data processors and other subjects to whom we disclose data.
6. PERSONAL DATA PROTECTION RIGHTS
Each User, subject to the existence of the legal basis for the request, has the right to obtain from the Company:
- the access to and the rectification of personal data concerning him/her;
- the erasure of personal data;
- the rectification of personal data;
- the limitation of the processing of personal data;
- the copy of personal data provided by the Users to the Company, in a structured, commonly used and machine-readable format (portability) and the transmission of such personal data to another data controller.
In addition, Users have the right to object, in whole or in part, to the use of their personal data processed by the Company, under the conditions provided for by the GDPR, for example if the personal data is processed for direct marketing purposes.
In the event that the User exercises any of the above-mentioned rights, it will be the responsibility of the Company to verify that the User is entitled to exercise such rights, and a feedback will normally be provided within one month.
If the User considers that the processing of his/her personal data is in breach of the provisions of the GDPR, he/she has the right to lodge a claim before the Personal Data Protection Authority (Garante per la protezione dei dati personali), using the available references on the website https://www.garanteprivacy.it/, or to take appropriate legal action.
The Company’s contact details, as data controller, are as follows:
In order to exercise your rights, you may contact the Company by Email email@example.com, by telephone +39 392 8893351, or by sending a registered letter with return receipt to the aforementioned address of the Company or a PEC message to firstname.lastname@example.org