Articles. 13-14 of the EU Reg. 2016/679
This information is a general obligation that must be fulfilled before or at the latest when start collecting personal data. In the case of personal data not collected directly from the data subject, the information must be provided within a reasonable time, or at the time of communication (not registration) of the data (to third parties or to the data subject). In accordance with the General Regulations for the Protection of Personal Data of Individuals (GDPR – Reg. (EU) 2016/679), the undersigned organization, data controller, informs of the following:
SOURCES AND CATEGORIES OF PERSONAL DATA
The personal data held by the undersigned organization is collected directly from the data subjects. This site not collect data belonging to special categories, it is intended data apt to reveal the racial or ethnic origin, philosophical or other religious beliefs, political opinions, membership of trade unions, associations or organizations of religious, political or political nature or union, health status, sex life, genetic or biometric personal data.
The computer systems and the software used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet communication protocols. This is information that cannot be associated with data subjects, but which by their very nature could, through processing and association with data held by third parties, allow to identify users. This category of data includes IP addresses or domain names of computers used by users connecting to the site, the address in the Uniform Resource Identifier (URI) notation of the requested resources, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer and cyber-crimes against the site. This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Profiling data on the consumer’s habits or consumption choices are not directly acquired. It is however possible that through links or embedding elements of third parties, such information is acquired from autonomous or separate subjects. See the section of third-party cookies in this disclaimer.
Like others, this website saves cookies on the browser used by the user concerned for the transmission of personal information and to enhance the experience. In fact, cookies are small text strings that the sites visited by the user send to his terminal (usually to the browser), where they are stored, sometimes even with features of wide temporal persistence, to be then retransmitted to the same sites to the next visit.
As explained below, it is possible to choose which cookies to accept, bearing in mind that refusing use may affect the ability to perform certain transactions on the site or the accuracy and adequacy of some customizable content proposed or the ability to recognize the user from a visit to the next one. If no choice is made in this regard, the default settings will be applied and all cookies will be activated: however, at any time, you can communicate or change the decisions in this regard.
In particular, so-called session cookies are used, which are not permanently stored on the user’s computer and disappeared when the browser is closed and the use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site and avoid the use of other computer techniques prejudicial to the privacy of the users’ browsing and not to acquire the acquisition of the user’s personal identification data.
Then analytics cookies are used to help understand how visitors interact with the site’s contents, collecting information (geographical and web origin, technology used, language, entry pages, visits, exit times, etc.) and generating website usage statistics without personal identification of individual visitors.
All these are to be considered technical cookies for which, since consent is not required, the opt-out mechanism applies. Technical cookies are not disclosed to third parties as necessary or useful for the operation of the site; therefore, they are processed only by persons qualified as persons in charge, data processors or system administrators.
Finally, the site incorporates cookies and other elements (tags, pixels, and cc.) Of third parties (autonomous and on which the Owner has no responsibility) that also perform profiling activities and for which you refer to the respective sites:
• Google Analytics
Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the email. Even the explicit and voluntary sending of the forms that can be filled in on the website containing the data of the data subject involves processing to comply with the pre-contractual obligations or the performance of the services provided by sending the forms. Such information in the forms may concern personal data, contact details, telephone numbers, email addresses of the data subjects and identified and identifiable third parties with the user of the site. However, specific summary information will be progressively reported or displayed on the pages of the site prepared for special services on request.
Newsletter e Mailing-list
The e-mail contacts used for sending the periodic newsletter come from voluntary registrations by the recipient to which a request for confirmation is always subject, as well as from information acquired in a context of sale of the owner’s products or services or the like for which subsidies the legitimate interest of the data controller to send communications and information on events, products, services and training courses. It is emphasized that the contacts have not been retrieved from the public subscriber lists. In the event that communications are not of interest to the recipient, you can avoid any other contact by clicking on the appropriate link contained in each message or by writing to the contact details below, exercising the right to the newsletter from the newsletter. The newsletter is prepared through the Mailchimp service which may include the transfer of personal data to the United States under the protection of the privacy shield.
You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
The information (texts, videos and images) that the user uploads to the reserved area are protected by encryption and authentication systems and are accessible only to authorized users, or to those directly involved and / or to the intermediaries involved. This information is not subject to dissemination operations.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
PURPOSE AND LEGAL BASIS OF TREATMENT
Personal data are used (ref. Artt.6 (b) of the GDPR):
- to allow navigation on the site and
- if necessary to perform the service or the service requested as part of the normal activity carried out by the organization.
Furthermore, all personal data can be processed:
- for purposes connected to obligations established by law, as well as by provisions issued by authorities authorized by the law (see articles 6 (c) and 9 (b, g, h) of the GDPR);
- for the assessment, exercise or defense of a right in court and out-of-court (legitimate interest) of the organization (see articles 6 (f) and 9 (f) of the GDPR);
- for direct marketing purposes according to the legitimate interests of the Owner in particular; for cookies, advertising ids used to display advertisements and ads; for e-mail addresses for sending the newsletter; for navigation and usage logs to protect site and service from cyber-attacks; in these cases the data subject can always refuse consent so that the Data Controller will abstain from processing (see Article 6 (f) of the GDPR);
for functional purposes to the activity for which the data subject has the right to express or not the consent:
- subscription to the newsletter to receive information messages and to promote and sell products and services, measure satisfaction (GDPR art.6 (a));
CONSEQUENCES OF THE REFUSAL OF PROVIDING THE DATA
The provision of data collected from the data subject is optional but essential for processing them for the purposes in letters a) and b). In the event that the parties do not communicate their indispensable data and do not allow the processing, it will not be possible to carry out and put in place the proposed services and to follow the contractual obligations undertaken, with a consequent prejudice for the correct fulfillment of regulatory obligations, such as, e.g., accounting, tax and administrative, etc.
Apart from that specified for navigation data, the user is free to provide personal data for cookies and specific requests via forms e.g. on products and / or services. Failure to provide such data may make it impossible to obtain what has been requested. For all non-essential data, including sensitive data, the conferment is optional. In the absence of consent or incomplete or incorrect conferment of certain data, including sensitive data, the required obligations may be so incomplete as to cause injury or in terms of penalties or loss of benefits, and due to the impossibility of ensuring the adequacy of the processing same to the obligations for which it is performed, and for the possible mismatch of the results of the treatment itself to the obligations imposed by the law to which it is addressed, intending to exonerate the organization from any and all liability for any sanctions or provisions afflictive.
DATA PROCESSING METHODS
The treatments connected to the web services of the site are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected; they take place at the server in Italy or the EU and are only handled by technical staff in charge of processing, or by persons in charge of maintenance and administration. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access and loss of confidentiality. The structure is equipped with anti-intrusion devices, firewall, log and disaster recovery. Specific mechanisms of encryption and segregation of data and authentication and authorization of users are used.
Data processing means the collection, recording, organization, storage, processing, modification, cancellation and destruction or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data takes place using manual, computerized and telematic tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of personal data will therefore be processed in compliance with the methods indicated art. 5 EU Reg. 2016/679, which provides, moreover, that the data are processed lawfully and fairly, collected and recorded for specific, explicit and legitimate, exact, and if necessary updated, relevant, complete and not excessive in relation to the purposes of the processing, respecting the fundamental rights and freedoms, as well as the dignity of the person concerned, with particular reference to privacy and personal identity, through measures of protection and security. The undersigned organization has prepared and will further improve the security system for accessing and storing data.
There is no automated decision-making process (e.g. for profiling).
EXTRA UE TRANSFERS
Processing takes place in countries outside the EU, specifically in Switzerland where exists the following “Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland (notified under document number C(2000) 2304)” – (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32000D0518 )
PERIOD OF CONSERVATION
Personal data will be kept, in general, as long as the purposes of the processing persist according to the category of data processed.
CATEGORIES OF RECIPIENTS
The data (only the indispensable ones) are communicated
- to persons in charge of processing, both internal and external to the organization, who perform specific tasks and operations (site administration, analysis of navigation data, traffic, profiling, management of emails and forms sent voluntarily by the user, processing of e-commerce requests and orders, etc.)
- in the cases and to the subjects foreseen by the law
The data will not be disseminated unless otherwise required by law or prior to anonymization. Except as specified for cookies and elements of third parties, without the prior general consent of the party to communications to third parties, it will be possible to run exclusively to services that do not provide such communications. In case of necessity specific and precise consents will be required and the subjects who will receive the data will use them as autonomous data controllers.
In some cases (not subject to the ordinary management of this site) the Authority may request news and information, for monitoring the processing of personal data. In these cases, the answer is mandatory under penalty of administrative sanction.
RIGHTS OF THE INTERESTED
At any time you can: exercise your rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when provided to the data controller, pursuant to art. from 15 to 22 of the GDPR (https://eur-lex.europa.eu/legal-content/en/TXT/?uri=celex%3A32016R0679); propose a claim to the Control Authority (www.garanteprivacy.it); if the processing is based on consent, revoke the consent given, taking into account that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before revocation.
Almost all browsers offer the possibility to manage and not enable cookies, to respect users’ preferences. In some browsers it is possible to set rules to manage cookies site by site, an option that offers a more precise control on the user’s privacy; another function available on some browsers is the incognito mode, so that all cookies created in this mode are deleted after closing.
Consult the following instructions for managing cookies in their browser:
PHONE NUMBERS AND CONTACTS
The data controller is EURAPS – European Association of Plastic Surgeons
The office is in Sennweidstrasse 46 – Steinhausen 06312 Switzerland
The contact details are: tel. +41 417482300 e-mail firstname.lastname@example.org .
The complete list of data processors is available on request.