PRIVACY POLICY OF THE WEBSITE ESHOP.ESAOTE.COM
1. Introduction
Please read this Privacy Policy carefully, which is provided to users of the website eshop.esaote.com (hereinafter, the "Website"), prepared in accordance with Article 13 of the General Data Protection Regulation No. 2016/679 (hereinafter, the "GDPR"), in which we provide details regarding the processing of your personal data.
The Privacy Policy applies only to the processing of personal data carried out on the Website and not to processing carried out on other pages of the website or on other websites, even if accessible via links on the Website.
The Reserved Area is intended exclusively for adults. By browsing the Reserved Area, the user declares that they are at least 18 years of age.
2. Who is the controller of your personal data?
A Data Protection Officer (“DPO”) has been appointed and can be reached for further information about personal data processing at dpo.esaote@esaote.com.
3. Who is the Data Protection Officer?
A Data Protection Officer (“DPO”) has been appointed and can be reached for further information about personal data processing at dpo.esaote@esaote.com.
4. What data do we collect and process?
4.1. Navigation data
This category of data includes the IP addresses or the domain names of the computers used by users who connect to the Website, the addresses in URI (Uniform Resource Identifier) format of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the computer environment of the user. This data is only used to collect statistical information, as well as to verify that the Website is functioning properly. Such data may also be used to determine liability in the event of cybercrimes committed against the Website. Except in the latter case, the navigation data is erased after 12 months.
4.2. Data related to registration to the Website
Through the registration form for the Website, users are required to provide personal data such as first name, last name, country, city, phone number, ZIP/postal code, email address, access password and main field of activity.
4.3. Location data
Esaote may determine the geographical location of the user, specifically identifying the country where the user is located at the time of accessing the Website, for the purpose of directing the user to the appropriate sales catalogue and applying the relevant tax regulations.
4.4. Data voluntarily provided by the user
Through the forms present within the Website (e.g. “Contact us”), the data subject can provide personal data such as first name, last name, ZIP/postal code, country, email address, phone number, company or institution, type of request, area of interest or product category and type of products, main activity field.
4.5. Data related to online payments
Regarding payments made by users, Esaote processes only the data transmitted by digital payment companies, namely information returned on the payment status (successful/declined). All further information regarding the account (e.g., PayPal) is stored by the entities managing the related service, which are not authorized to use the personal data received through the Website for other purposes.
4.6. Cookies
The Website collects and processes data using cookies or similar technologies. For further information on the use of cookies, please refer to the “Cookie Policy” available on the Website.
5. What do we do with the personal data we collect about you?
5.1. Registration to the Website
Purpose: to allow users to register and manage their account on the Website and access in order to place orders and purchase products. Providing personal data for this purpose is entirely optional; however, failure to do so will prevent registration.
Legal basis: performance of a contract to which the user is a party (Art. 6(1)(b) GDPR).
Retention period: personal data are retained until the account is deleted, which users can do by emailing privacy.esaote@esaote.com. Upon account closure, data is retained for an additional period necessary to fulfil legal obligations and for the time frame allowed to assert legal claims, as determined by the statutory limitation periods.
5.2. Management and execution of purchase orders
Purpose: to manage and execute purchase orders for products and services made by the user on the Website, including related payment, shipping, and delivery activities. Providing personal data for this purpose is optional, but without it, it will not be possible to manage and execute the purchase orders made by the data subject on the Website.
Legal basis: performance of a contract to which the data subject is a party (Art. 6(1)(b) GDPR).
Retention period: personal data are retained for the time strictly necessary to achieve the purpose of managing and executing purchase orders. In any case, as processing is carried out for the provision of products/services, personal data are retained for an additional period necessary to fulfil legal obligations and for the time frame allowed to assert legal claims, as determined by the applicable statutory limitation periods.
5.3. Geolocation
Purpose: to determine the location of the data subject with reference to the country where the individual is located at the time of accessing the Website, in order to enable Esaote to direct the user to the appropriate sales catalogue and apply the relevant tax legislation.
Legal basis: Esaote’s legitimate interest in facilitating the use of its online services (Art. 6(1)(f) of the GDPR).
Retention period: Esaote processes the data relating to the country of location of the data subject at the time of accessing the Website only for the time strictly necessary to direct the user to the appropriate product sales catalogue. Such data is not retained thereafter.
5.4. Management of information requests
Purpose: to respond to information requests sent by the user through: (i) the “Contact us” section available on the Website; and/or via email addresses reachable through links available on the Website, as well as for following up on subsequent interactions in order to assess the development of the relationship with the data subject and the potential commercial interest in Esaote’s products or solutions. For the purposes set out above, the Controller may share the data subject's personal data with its subsidiaries and/or authorized distributors, to the extent necessary for the effective handling of the request submitted. Providing personal data for this purpose is optional, but without it, it will not be possible to manage and respond to information requests submitted by the data subject.
Legal basis: performance of pre-contractual measures adopted at their request (Art. 6(1)(b) GDPR).
Retention period: personal data are retained for the time strictly necessary to manage and respond to information and support requests, and in any case no longer than 24 months from the date of collection, for the purpose of following up on subsequent interactions and assessing the development of the relationship with the data subject.
5.5. Management service and support requests
Purpose: to manage and fulfil requests for technical assistance, remote support, and scheduled or corrective maintenance of Esaote’s products sent by the user through: (i) the “Contact us” section available on the Website (“Technical Support” request); and/or via email addresses reachable through links available on the Website. To ensure the most effective and timely handling of service and support requests, Esaote may share the personal data provided by the user with its subsidiaries and/or authorized distributors. Providing personal data for this purpose is optional, but without it, it will not be possible to manage and respond to information and support requests submitted by the data subject.
Legal basis: performance of a contract to which the data subject is a party (Art. 6(1)(b) GDPR).
Retention period: personal data are retained for the entire duration of any maintenance and support agreement between the user and Esaote and, in any event, for the full statutory warranty period required by law following the product ‘sale. Upon the expiry of the support agreement, personal data shall be retained for a further period of 10 years to comply with legal, fiscal, and accounting obligations, as well as to enable Esaote to assert or defend its rights in accordance with the applicable statutory limitation periods.
5.6. Compliance
Purpose: to meet legal obligations and regulatory requirements, including allowing data subject to exercise his privacy rights.
Legal basis: compliance with legal obligations to which the Controller is subject (Art. 6(1)(c) GDPR).
Retention period: personal data are retained for the duration required by applicable legal obligations.
5.7. Exercise and defence of rights in judicial proceedings
Purpose: to establish, exercise or defend a claim in a legal proceeding or whenever the judicial authorities exercise their judicial functions.
Legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR).
Retention period: personal data are retained for a period strictly limited to the duration of the litigation, until the expiry of the terms for enforcement or appeal.
5.8. Direct marketing
Purpose: to send commercial and promotional communications via email related to the products and services offered by the Company. Providing personal data for this purpose is entirely optional and does not affect the use of the Website or related services.
Legal basis: data subject’s consent (Art. 6(1)(a) GDPR).
Retention period: personal data are retained until consent is withdrawn, which can be exercised by contacting the Company at privacy.esaote@esaote.com.
5.9. Profiled marketing
Purpose: to send personalized commercial and promotional communications based on data subject’s interests. Providing personal data for this purpose is entirely optional and does not affect the enjoyment of the Website or related services.
Legal basis: data subject’s consent (Art. 6(1)(a) GDPR).
Retention period: personal data are retained until consent is withdrawn, which can be exercised by contacting the Company at privacy.esaote@esaote.com.
5.10. Soft spam
Purpose: to send commercial communications via email regarding products and services similar to those already purchased by the data subject, unless he refuses to receive such communications expressed at the time of the first communication or subsequent communications.
Legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR).
Retention period: personal data are retained until an objection to processing is raised by the data subject through the appropriate link at the bottom of each communication or by contacting the Controller at the email address privacy.esaote@esaote.com.
5.11. Disclosure to Third Parties for direct marketing purposes
Purpose: to disclose user’s data (e.g., name, surname, email address) to third-party companies belonging to the Esaote Group for their own direct marketing purposes.
Legal basis: data subject’s consent (Art. 6(1)(a) GDPR).
Retention period: personal data is retained until consent is withdrawn, which can be exercised by contacting the Company at privacy.esaote@esaote.com.
6. To whom do we disclose or share your personal data?
Personal data can be shared with the following recipients:
- Third parties acting as data processors, such as: (i) service providers for Website development; (ii) entities delegated to perform technical maintenance activities on the Website; (iii) individuals, companies, or professional firms providing assistance and consulting services.
- Third parties acting as independent data controllers, such as: (i) Authorities or third parties where disclosure is required by law, including law enforcement agencies, regulatory bodies, or other governmental entities for compliance with legal obligations; (ii) Esaote Group Companies for: (a) technical assistance, maintenance, and after-sales service activities on Esaote’s products; (b) handling and follow-up of customer information requests submitted via the Website or other contact channels; (c) their own direct marketing purposes.
7. Who are the subjects authorized to process your personal data?
Personal data may be processed by Esaote’s personnel and operators in charge of pursuing the purposes mentioned above, who have been expressly authorized for processing, have received appropriate operational instructions, and are bound by confidentiality obligations.
8. How is personal data transferred internationally?
Some personal data may be shared with recipients who may be located outside the European Economic Area. The Controller ensures that the data processing by these recipients is carried out in compliance with the GDPR. Transfers may be based on an adequacy decision, on Standard Contractual Clauses approved by the European Commission, or another suitable legal basis. More information is available from the Controller by writing to privacy.esaote@esaote.com.
9. What are your rights?
Data subject can exercise his rights by contacting privacy.esaote@esaote.com, including access to the personal data, rectification, erasure, restriction, objection on legitimate interest grounds, and data portability, if technically feasible.
Consent may be withdrawn at any time by contacting privacy.esaote@esaote.com. However, it should be noted that the withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.
Data subject also has the right to file a complaint with the competent Supervisory Authority, pursuant to Art. 77 of the GDPR, if he believes that the processing of their personal data infringes applicable data-protection law.