The Data Controller of personal data is Advanced Osteopathy Institute s.r.l., operational headquarters: via Cardinale Mezzofanti, 13 Milan, registered office: via Soperga, 50 Milan, VAT number and Tax Code 09229220968, REA MI 2077428.
Object of treatment
The Owner deals with:- Personal, identifying data (for example, name, surname, company name, address, telephone, e-mail, bank and payment details) hereinafter referred to as "personal data".
- The "particular data" communicated by you on the occasion of the conclusion of contracts for the services of the Data Controller and in your capacity as recipient of such data in reference to all communications made and received in relations with the entities and subjects involved in one's professional activity of the Data Controller and Data Processor.
Purpose of the treatment
Your personal data are processed:pursuant to article 6 of EU Regulation n.679/2016 (and subsequent provisions for legislative adaptation to Legislative Decree 101/2018) (GDPR). lit. b), e) GDPR), for the following Service Purposes:
A) conclude the contracts for the services of the Data Controller:
- fulfill the pre-contractual, contractual and tax obligations deriving from relationships with you in particular;
- to carry out all the diagnostic and therapeutic health services of general osteopathy and all the related osteopathic manipulative treatments (OMT);
- for the performance of diagnostic and therapeutic massage therapy services;
- for the collection and for the insertion in the personal data in the IT databases of the professional studio;
- for issuing invoices and credit notes;
- for issuing estimates and quotations to active and/or potential customers;
- for the maintenance of ordinary accounting and VAT;
- for the management of receipts and payments;
B) fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as in the matter of anti-money laundering);
C) exercise the rights of the Owner, for example the right of defense in court;
D) with the specific consent of the interested party, carry out information and commercial promotion of the services of Advanced Osteopathy Institute s.r.l. themselves; the legal basis of the processing is consent.
Nature of data provision and consequences of refusal to respond
We inform you that, taking into account the purposes of the processing referred to in points A), B) and C) as illustrated above, the provision of data necessary for the purposes is free but their failure, partial or incorrect provision may have, as a consequence, the 'impossibility to carry out the activity and the pre-contractual and contractual obligations as provided for in the service supply contract. Where the subject who provides the data is under the age of 13, such processing is lawful only if and to the extent that such consent is given or authorized by the holder of parental responsibility for which the identification data and a copy of the identification documents.Methods of treatment
The processing of your personal data is carried out through the following operations: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.The treatment will be carried out both with manual tools and/or possibly with IT and telematic tools with organization and processing logics strictly related to the purposes themselves and in any case in order to guarantee the security, integrity and confidentiality of the data in compliance with the measures organisational, physical and logical envisaged by the articles 24 and 25 and 32 of the GDPR.
Access to data by collaborators in charge of processing
Your data may be made accessible for the exclusive purposes referred to in art. 2.A) and 2.B) of this information:- to any employees and collaborators of the Data Controller, auxiliaries and third-party employees, companies and supply companies and in an outsourcing relationship with the Data Controller in their capacity as persons authorized to process and/or data processors and/or system administrators;
- to third-party companies or other subjects (as an indication, credit institutions, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.
Data Communication
Senza la necessità di un espresso consenso (ex art. 24 lett. a), b), d) Codice Privacy e art. 6 lett. b) e c) Regolamento UE n.679/2016 (e successive disposizioni di adeguamento legislativo D.Lgs 101/2018) (GDPR), il Titolare potrà comunicare i Suoi dati per le finalità di cui all’art. 2.A) a Organismi di vigilanza, Autorità giudiziarie, a società di assicurazione per la prestazione di servizi assicurativi, nonché a quei soggetti ai quali la comunicazione sia obbligatoria per legge per l’espletamento delle finalità dette. Detti soggetti tratteranno i dati nella loro qualità di autonomi titolari del trattamento. I Suoi dati non saranno diffusi.Data Storage and Transfer
Personal data is mainly stored only with analogue and paper procedures in Milan, within the European Union and precisely also outside the headquarters of the Data Controller and in full compliance with the provisions and fulfilments necessary for the purposes of security and correct location of data storage units. The digital storage methods are limited only to the sending of documentation and are carried out in full compliance with the provisions and fulfilments necessary for the purposes of security and the correct location of the data storage units (data centers or other secure back-up tools) .The aforementioned location and methods of data storage can only be made known to the interested party whose data are being processed and to the supervisory authorities for reasons of national security, public safety, defense in court, for the purposes of prevention, the investigation and prosecution of crimes, for the protection of the interests and freedoms of others, for the execution of civil actions and for significant objectives of public and economic interest. The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no later than the termination of the relationship carried out for the Service Purposes. It is considered that the Data Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 5 years from the termination of the relationship for the Billing and Accounting Service Purposes;
With reference to health data, the retention time is limited to the time necessary to obtain the therapy and subsequently archived as per the circular of the Ministry of Health dated 12/19/1986. no. 6.
Data transfer to a third country and/or an international organization
The personal data provided by the interested party will not be transferred outside the European Union.Rights
As a user, you have the following rights:- Right to access your data, obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form; - obtain the indication: a) of the origin of the personal data; b) the purposes and methods of processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of the owner, of the managers and of the representative of the owner and of the designated persons authorized to process it e) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as designated representative in the territory of the State, of persons in charge or authorized to process; (art. 15 GDPR).
- Right to update, rectify or, when interested, integration of data; (art. 16 GDPR).
- Right to cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; (art. 17 GDPR).
- Right to request the limitation of use of the data for reasons of public interest only and for the establishment or defense of a right, in cases where the interested party disputes the accuracy of the data and of the processing, in the case of exercise of the right to object to the processing pursuant to art. 21 GDPR and in the other cases provided for by article 18 GDPR; (art.18 GDPR).
- Right to receive the personal data provided to the Data Controller in a structured format or on commonly used, intelligible and accessible IT support for each operating system (USB or duly encrypted ZIP file), and to move without constraints, the sets of information and data concerning you from this owner to another owner chosen by you according to your purposes and in full compliance with the principles of transparency, lawfulness and proportionality of the treatment. This right to data portability is without prejudice to your other rights; (art. 20 GDPR).
- Right to object, in whole or in part:
a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of your personal data for any other purpose not pertinent to the processing; (art. 21 GDPR). - Right to withdraw consent, where required and at any time. The withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the withdrawal;
- Right to lodge a complaint with the supervisory authority.