INFORMATION AND ACCESS TO PERSONAL DATA
(article 13 General Data Protection Regulation (UE) 2016/679) – October 2019 edition
This information may undergo changes over time – also connected to the possible entry into force of new sector regulations.
This page describes the processing of personal data of users accessing the website www.medexlearning.com (hereinafter the Site).
This is an information notice pursuant to art. 13 of the Regulation (EU) 2016/679 (hereinafter the Regulation) concerning the protection of personal data to those who interact with the web services of the Site. According to the rules of the Regulations, the processing carried out will be based on the principles of lawfulness, correctness, transparency, purpose and conservation limitation, data minimization, accuracy, integrity and confidentiality.
Therefore, pursuant to art. 13 of the Regulation, we inform you that:
1. Identity of the controller
The controller of personal data is Med-Ex Learning Srl, Via Panama n. 12, 00198, Roma, firstname.lastname@example.org, VAT 15039721004.
2. Finality of processing and legal basis
- The data are processed for the execution of pre-contractual measures adopted at your request (Regulation Article 6 paragraph 1, letter b)) by sending requests for information or requests to register for events to the e-mail addresses published on the Site or by filling in the appropriate forms on the Site.
- Following your consent (Regulation paragraph 1, letter a) the data provided by filling in the newsletter forms will be processed for marketing e-mail activities.
- The data collected may also be used for the management of the security of the Site and for the statistics of visits to the Site for the pursuit of the legitimate interest of the controller (Regulation article 6 paragraph 1, letter f).
3. Categories of personal data processed
The processing of personal data means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or destruction.
In particular, the personal data processed through the Site are data voluntarily provided by the interested party and navigation data.
The navigation data are data that the computer systems and software procedures used to operate the Site acquire during their normal operation and whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the Site, time of the request, method used in submitting the request to the web server, size of the file obtained in response, etc.
More information on acquiring navigation data is available in the cookie section.
4. Processing methods
Your personal data will be processed in accordance with the principles of correctness, lawfulness and transparency, and will be carried out mainly with electronic and IT tools and the data may be stored both on computer media and on paper. The processing of data for the aforementioned finalities will take place using both automated and non-automated methods and in compliance with the rules of confidentiality and security envisaged by current legislation.
5. Recipients or categories of recipients of personal data
Med-Ex Learning S.r.l. will not disclose your personal data by disclosing it to undetermined parties in any way, even by making them available or consulted.
Med-Ex Learning S.r.l. may communicate your personal data to one or more specific subjects, as specified below:
- to subjects who can access the data according to the law, regulation or community legislation, within the limits set by these rules;
- to subjects who need to access your data for auxiliary purposes for the finalities of processing described in the section "Finality of processing and legal basis", within the limits strictly necessary to carry out these purposes (citing as a non-exhaustive example: law firms, IT solutions providers, providers of cloud computing services, providers of event organization services, communication agencies, etc.).
6. Period of storage of personal data
The data collected for the finality described above will be stored in the following ways:
- Finality 2.a: The data is kept for the time strictly necessary for the execution of the purpose. In any case, they will be cancelled by the end of the calendar year in which they expire 12 months from the last treatment performed on them.
- Finality 2.b: They will be processed for an indefinite time and in any case up to the revocation of the consent by the interested party.
7. Rights of data subject
The data subject, pursuant to art. 15 of the Regulation, has the right to obtain confirmation that data processing concerning him is being processed and in this case, he has the right to obtain a copy of the data and access to the data and the following information:
- the purposes of the processing;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
- when possible, the period of storage of personal data provided or, if this is not possible, the criteria used to determine this period;
- all information available on the origin of the data if they are not collected from the data subject;
- the existence of an automated individual decision-making process, including profiling.
Furthermore, the interested party has the right to:
- obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay (Article 16 of the Regulation);
- to obtain from the data controller the erasure (“right to be forgotten”) of personal data concerning him without unjustified delay (Article 17 of the Regulation);
- to obtain the treatment restriction from the data controller (Article 18 of the Regulation);
- receive, if applicable, in a structured format, commonly used and readable by automatic device, the personal data concerning him (art. 20 of the Regulation);
- object at any time, for reasons related to his particular situation, to the processing of personal data (Article 21 of the Regulation);
- withdraw your consent at any time without jeopardizing the lawfulness of the processing carried out before the revocation (Article 7 of the Regulation);
- be informed of the existence of adequate guarantees, if personal data are transferred to a third country or to an international organization (Article 46 of the Regulation);
- right to lodge a complaint with a supervisory authority (Article 77 of the Regulation);
To exercise these rights, please contact the controller at the contact points indicated in the “1 Identity of the controller”.
8. Obligation or right to provide data
The Site provides visitors with a series of services without the need to request any personal data or information. However, some services require the mandatory provision of data for information exchange or event registration. Failure to provide such data will make it impossible to establish or continue the relationship as these data are necessary for the exchange of information.
9. TRANSFER TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
The personal data provided by the interested party and processed by the Data Controller are not subject to transfer to international organizations. The personal data processed could be transferred to companies operating in third countries which, as required by Chapter V ^ of EU Reg. 2016/679, guarantee an adequate level of protection according to the decision of the EU Commission (so-called "Adequacy decision ") or have adopted adequate guarantees such as Binding Corporate Rules or Standard Contractual Clauses.