Information to be provided ex art. 13, GDPR
Identity and contacts of the Controller
1MED SA – Via Campagna 13 – 6982 Agno – Switzerland (CH), VAT CHE-345.019.233, phone +41 (0)91 605 40 50, e-mail email@example.com (hereinafter: “Controller” or “1MED”).
Source of data and purposes of processing
Personal data are provided directly by the data subject (user) and consist of name, surname, e-mail, phone number, interest and information included in the contact message. They are processed for the following purposes:
- To reply to the message sent by the user
- To contact you for direct marketing purposes on our services and products, and for surveys and market research
- To carry out statistics on the website’s users.
- To send newsletters
Means of data processing
- Personal data are processed by the Controller with manual, electronic and telematic means and stored in its filing system. Appropriate security measures are applied to prevent data from loss or alteration – even if accidental – unlawful or improper uses or unauthorised access.
- All processing will be carried out with criteria which take into account the purposes for which data have been collected and in accordance with the security measures in force.
- The reply to the message will be sent by e-mail provided by the user.
- Statistical analysis referred to in point 3., “Source of data and purposes of processing” will be carried out elaborating data relating to the data subject and have as an outcome anonymous data which cannot be matched to the data subject any more.
Legal basis of the processing
Depending on the purpose of processing, the legal bases of the processing are:
- for the purpose referred to in point 1), paragraph “Source of data and purposes of processing”, the legal basis is art. 6, par. 1, letter b), GDPR, since data processing is necessary for the performance of obligations taken towards the data subject. In this case, to reply to the message voluntarily sent by the user
- for the purposes referred to in point 2 and point 4., paragraph “Source of data and purposes of processing”, the legal basis is the user’s consent (art. 6, par. 1, letter a), GDPR, since the data subject has given consent to the processing of his or her personal data for one or more specific purposes
- for the purpose referred to in point 3., paragraph “Source of data and purposes of processing”, the legal basis is the “legitimate interest” (art. 6, par. 1, letter f, GDPR, Recital 47, GDPR and Opinion 6/2014 Working Party 29, par. III.3.1.) pursued by the Controller in studying the characteristics of the users so that 1MED can adjust, improve and create other services and products of interest of companies operating in medical and pharmaceutical sectors.
Processors, persons authorised to process personal data, autonomous controllers
- Data will be processed by the persons authorised for the processing and acting under the authority of the data controller and in charge of communication and institutional activities, business activities and information technology and data security.
- Data will be processed by processors engaged by the Controller for the management of the website and for the elaboration of data for statistical purposes.
- Personal data may be processed by autonomous controllers (e.g.: Internet Provider) to carry out activities connected to the management of the accesses to the Internet and to this website and, if not here described, they shall provide the user with information ex art. 13, GDPR.
Communication and dissemination of personal data
- Data are not communicated to associations, companies or bodies, unless the data subject gives consent. In particular, data will be communicated to the Controller’s Affiliates if the user has given his / her consent.
- Data may be communicated to supervisory authorities and judiciary or public bodies for their institutional tasks on their request or to assert, exercise, defend a right in judiciary by 1MED or by a third party.
- Data are not and will not be disseminated without the data subject’s consent.
Period of data storage
Data will be stored depending on the purposes of their processing. The period for which data will be stored is determined by the Controller as follows:
- for the purpose referred to in point 1), “Source of data and purposes of processing”, data will be stored as long as the request is not fully fulfilled, which means that the user may be contacted more times if the request is not completely fulfilled at the first contact. Then, personal data will be destroyed
- for the purpose referred to in point 2)., “Source of data and purposes of processing”, data will be stored in our filing system until, duration of the purposes or until withdrawal of consent
- Data will be stored.1MED considers that the data subject shares the Controller’s institutional principles and has interest in its business activity. This period will be reduced if the data subject objects to such processing exercising the rights listed in “Data subject’s rights”.
- for the purpose referred to in point 3), “Source of data and purposes of processing”, data will be stored in our filing system for the period necessary to elaborate them to create statistical reports. In so doing, the outcome does not allow to trace the identity of the person, but anonymous data are useful to improve and adjust our services and products to the needs of our target market. Identification data will be, therefore, destroyed, unless otherwise provided by supervisory authorities, law enforcement or judiciary as well as to exercise, enforce or defend rights of the Controller or of third parties in court.
Where data are processed and transfers of personal data to third Countries
Processing takes place at 1MED’s headquarter and are performed by the persons authorised to processing. If need be, personal data can be processed by companies which are in charge of the technological management of the website (data processors designated pursuant to art. 28, GDPR), at their offices. It is understood that, if need be, the Controller will have the right to transfer personal data to third Countries or international organisations. In this case, the Controller assures that the transfer will take place in accordance with provisions laid down in articles 45, 46, 47 and 49, GDPR.
Data subjects’ rights
Pursuant to articles 15-22, GDPR, writing to the data controller at the postal address of the Controller or by e-mail firstname.lastname@example.org you may request the list of data processors and the list of third parties to which data can be communicated (e.g.: our Affiliates) and exercise your right of access, rectification, right to be forgotten, restriction of processing, data portability, and you can object to the processing of your data on legitimate grounds or for the sending of institutional and informational communications.
How to lodge a complaint with the supervisory authority
The data subject has the right to lodge a complaint with the supervisory authority (Garante per la Protezione dei Dati Personali – Piazza Venezia 11, 00187 Roma (RM – Italy) – www.garanteprivacy.it, e-mail email@example.com, format https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw ) to exercise and defend the right of data protection.
Data Protection Officer
Our Data Protection Officer can be contacted by e-mail firstname.lastname@example.org, for information on data processing.