Information pursuant to Art. 13 of the 2016/679 EU Regulation and the applicable Regulation in effect
Pursuant to the Code and the Regulations, ESAOTE SpA, with registered office in Via Enrico Melen 77, Genoa, the Data Controller of your personal data (henceforth, also the "Company"), in the person of the Legal Representative, provides you with the following information regarding their use.
Pursuant to and for the purposes of art. 13 of the European Regulation, we inform you that the personal data you provide will be processed in compliance with the aforementioned legislation by ESAOTE S.p.A.
2. Legal basis and purpose of the processing
Your data will be collected, recorded, organized, modified, stored, processed, communicated and disseminated also together with data referring to other subjects, selected, extracted, compared and used for the following purposes:
- fulfillment of the obligations established by laws, regulations and community legislation.
The provision of common personal data necessary for this purpose is necessary, and its processing does not require your consent. This processing purpose is legitimized by the fulfillment of legal obligations to which the Data Controller is subject (pursuant to Article 6 paragraph 1, letter c) of the GDPR);
- for registration on the ESAOTE WebShop, as well as for the completion of purchases on the same and for purposes strictly connected and instrumental to the management of the existing contractual relationship with you. The provision of common personal data necessary for these purposes is not mandatory, but your refusal will make it impossible for ESAOTE to implement what has been agreed in the contractual relationship with you, to which this information is attached. These processing purposes are legitimized by the execution of pre-contractual measures or the contract to which you are a party (pursuant to Article 6 paragraph 1, letter b) of the GDPR);
- functional to ESAOTE's business:
- promotion of ESAOTE products and services (implemented by sending commercial information or other communications relating to the economic, administrative and commercial activity of the Company, by telephone, post, forwarding agent, fax, e-mail and through reserved and private areas on our website);
- detection of the degree of customer satisfaction - carried out by ESAOTE, through interviews, dissemination or sending questionnaires;
- elaboration of studies and market research carried out by ESAOTE (through interviews, dissemination or sending of questionnaires);
- profiling of user behavior within the eshop.esaote.com site.
It should be noted that the processing of personal data will not concern particular data.
Processing your personal data for the purposes indicated above is entirely optional and will be carried out only with your express, specific and unequivocal consent (pursuant to Article 6 paragraph 1, letter a) of the GDPR) which you can do when registering your account and change at any other time through the personal area of your Profile. Your refusal to provide data for this purpose will have no effect in relation to the fulfillment of the service you requested from the Data Controller. You may decide to revoke any consent given at any time through the same area.
3. Processing method
Personal data processing is in both hard and IT copy, by means of electronic or automated tools, in compliance with current legislation, in particular regarding confidentiality and security.
The Data Controller's organization sees to the processing directly.
4. Personal data processing to non-EU Countries
Personal data may be processed by other companies in the ESAOTE Group, also based in non-EU countries, whose level of data protection has in any case been considered adequate by the European Commission pursuant to Art. 45 of the GDPR or having signed Standard Contractual Clauses adopted and approved by the European Commission pursuant to Art. 46(2) (c) of the GDPR. A copy of these guarantees can be requested by sending an e-mail message to the Data Controller at the address: firstname.lastname@example.org.
5. Conservation period
The Company retains personal data in compliance with the principles of proportionality and necessity, for a period of time necessary to achieve the specific purposes of the processing, in compliance with contractual and/or regulatory obligations.
The Data Controller in particular, in relation to the purposes listed in letters a) and b) of point 2 of this information on the processing of personal data, will keep the personal data for the end of the contractual duration and, after the contract has been terminated, for the ordinary limitation period of 10 years.
With regard to the promotional activities referred to in point 2.c), the Data Controller will process the data relating to the promotional activities carried out towards you for a period of 7 years.
Once the retention terms indicated above have elapsed, the data will be destroyed, deleted or made anonymous in accordance with the cancellation and backup technical procedures and with the Owner’s accountability needs. In particular, following your possible revocation of consent, the Company will continue to process your data in order to have evidence of the fact that information and promotional marketing material will no longer be sent to you.
6. Data receipients
The data may be processed by external subjects operating as independent owners such as, by way of example, supervisory and control authorities and bodies and, in general, public or private subjects entitled to request such data, but also other companies of the ESAOTE Group (subsidiaries). The data may also be processed by external parties on behalf of the Company. designated as data processors (pursuant to art. 28 of the GDPR), who are given appropriate operating instructions. These subjects, by way of non-exhaustive example, can be:
- companies specialized in marketing activities and market research companies;
- service companies;
- consultants, collaborators and freelancers.
The data will not be disseminated.
7. Interested party rights
By writing to the e-mail address email@example.com, interested parties can request the Company, as Data Controller, to access the data concerning them, to rectify them, to integrate them if incomplete, to delete them, to limit their treatment in the cases provided for by art. 18 of the GDPR and may also oppose the processing, for reasons related to their particular situation, in the hypothesis of the Data Controller's legitimate interest.
Furthermore, in the event that the processing is based on consent or on a contract and is carried out in an automated way, the interested parties have the right to receive the data in a structured format, commonly used and readable by an automatic device and, if technically possible, have the right to transmit such data to another Data Controller without impediments.
Interested parties have the right to withdraw the consent given at any time for marketing purposes. The interested party who prefers to be contacted for the aforementioned purpose exclusively through traditional methods, can still express their opposition only to receiving communications through automated methods. Any withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the withdrawal itself.
Interested parties have the right to lodge a complaint with the competent supervisory authority in the Member State where they usually reside or work or in the State where the alleged violation occurred.
8. Data controller
The Data Controller is ESAOTE S.p.A., with registered office in via Enrico Melen 77, 16152 Genoa, Italy.
Our employees and our internal collaborators are authorized to process on the basis of the roles and work duties performed. Therefore, they have the right to know and process the data you transmit to us, within the limits of their competence and in accordance with the instructions given by the "Data Controller".
The treatments are carried out by internal staff, officially appointed and trained in the security and confidentiality of personal data, in accordance with the provisions of the data protection legislation.
9. Data protection officer (DPO)
The DPO can be contacted at the following email address: firstname.lastname@example.org.