PRIVACY POLICY FOR WWW.GUIDEDSURGERY.IT

Information pursuant to Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (Personal Data Protection Code) and EU Regulation no. 2016/679, hereinafter also referred to as (“GDPR”), collectively also referred to as (“Privacy Legislation”).
1) GENERAL INFORMATION

We inform individuals about the following general aspects, applicable across all processing areas:
1. This privacy policy also applies under Legislative Decree no. 196/2003 as amended by Legislative Decree 101/2018, the Personal Data Protection Code, and under Article 13 of EU Regulation no. 2016/679 concerning the protection of individuals regarding the processing of personal data and the free movement of such data, for individuals interacting with https://www.guidedsurgery.it.

2. This policy is applicable only to the domain https://www.guidedsurgery.it and not to other websites that may be accessed by the user through links contained therein.

3. GUIDEDSURGERY Srl does not exercise control over content and materials published by or obtained through third-party websites, nor on their respective methods of processing user personal data, and expressly disclaims any responsibility for such events. Users are required to check the privacy policy of third-party sites accessed while navigating https://www.guidedsurgery.it and to inquire about the applicable conditions set by third parties for the processing of their personal data.

4. Brief specific information on specific data processing activities (e.g., following the completion and submission of a contact form) will be displayed on the pages of https://www.guidedsurgery.it designed for specific on-demand services.

5. This policy may undergo changes due to the introduction of new regulations; therefore, users are encouraged to periodically review this page.

2) DATA CONTROLLER DETAILS
Company Name: GUIDEDSURGERY Srl
VAT Number: IT 04760860280
Business Address: Via Guasti 12/H, Padova 35124, Italy
Phone Contact: +39 0499568229
Email Contact: project@guidedsurgery.it
PEC Contact: guidedsurgery2.0srl@legalmail.it

3) DATA PROCESSING
General Considerations
The processing of personal data is carried out using suitable computer tools to ensure the security and confidentiality of the data, in compliance with the appropriate security measures as required by Article 32 of the GDPR, using secure communication protocols with SSL encryption algorithms. Personal data will be processed in accordance with the legislative provisions of the aforementioned regulations and the confidentiality obligations therein. The provisions of the Privacy Guarantor Authority’s “Guidelines on promotional activities and spam prevention” of July 4, 2013, the “Guidelines on the processing of personal data for online profiling” of March 19, 2015, and the “Guidelines on automated decision-making and profiling” – WP251, defined based on the provisions of Regulation (EU) 2016/679, are considered good practices. All data of the subjects with whom we interact are processed lawfully, fairly, and transparently, in accordance with the general principles set out in Article 5 of the GDPR. Specific security measures are observed to prevent data loss, unlawful or incorrect uses, unauthorized access, pursuant to Article 32 of the GDPR.

Navigation Data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its nature, it could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment.

Voluntarily Provided Personal Data
For personal, identifying, and non-sensitive data such as name, surname, tax code, VAT number, email address, telephone numbers, residential address (“personal data”) that are directly provided by users when requesting registration for specific services offered by the site.

SUMMARY OF COMPLIANCE AS REQUIRED BY ARTICLE 13 OF GDPR

Purpose and Legal Basis of Data Processing
(GDPR-art.13, par. 1, lett. c)

Navigation Data: Navigation data is used solely to derive statistical information about the use of the website and to monitor its proper functioning. This data may also be used to ascertain responsibility in case of hypothetical cybercrimes against the website (GDPR-art.6, par. 1, lett. f).
Voluntarily Provided Personal Data: Users may voluntarily provide personal data to obtain information about services offered by the data controller (GDPR-art.6, par. 1, lett. b).
Tax Document Requirements: Some data may be required from the user for issuing fiscal documents (GDPR-art.6, par. 1, lett. c).
Email Communications: The optional, explicit, and voluntary sending of email messages to the addresses indicated on the website https://www.guidedsurgery.it entails the subsequent acquisition of the sender’s email address, to be used to respond to requests, as well as any other personal data included in the message. (GDPR-art.6, par. 1, lett. b).
Submission of Resumes: In the event that, through the website https://www.guidedsurgery.it, a user decides to submit their CV for potential employment, the data controller may receive, in addition to the user’s identifying personal data (e.g., name, surname, email address, phone number, educational background), also the contact details of third parties. When submitting their CV, the candidate may also provide data related to their health status, information about other legal entities and/or individuals, racial or ethnic origin, religious or philosophical beliefs, union membership, or sexual orientation. Such data is considered to be voluntarily and spontaneously provided by the user at the time of CV submission. (GDPR-art.6, par. 1, lett. a).

Scope of Communication
(GDPR-art.13, par. 1, lett. e – f)
The data may only be processed by authorized internal personnel who are regularly trained and instructed in data processing (GDPR-art.29) or by external parties responsible for the maintenance of the web platform, appointed as external processors (GDPR-art.28), and will not be communicated to other parties, disclosed, or transferred to non-EU countries. The server hosting the domain of the website https://www.guidedsurgery.it is located within the EEA.

Data Retention Period
(GDPR-art.13, par. 2, lett. a)
Navigation data is typically stored for short periods, not kept in databases, and periodically deleted if no longer necessary for processing purposes. Personal data voluntarily provided to request information follows retention obligations that the data controller is subject to for fiscal purposes and/or any extensions related to investigative activities. Resumes that are received and not deemed immediately relevant are deleted within six months of receipt.

4) RIGHTS OF DATA SUBJECTS
The data subject, regarding the personal data subject to this information, has the right to exercise the rights provided by the EU Regulation as listed below:Access their personal data.
1. Right of access; the ability to be informed about the processing of one’s personal data and, if applicable, to receive a copy of it. (GDPR-art.15).
2. Right to rectification; the data subject has the right to rectify inaccurate personal data concerning them. (GDPR-art.16)
3. Right to erasure; (‘right to be forgotten’) the data subject has the right to have their data erased (GDPR-art.17);
4. Right to restriction of processing; in case of unlawful processing or dispute over the accuracy of personal data by the data subject (GDPR-art.18);
5. Right to data portability; the data subject may request their personal data in a structured format in order to transmit it to another controller (GDPR-art.20);
6. Right to object to processing; the data subject has the right to object to the processing of their personal data (GDPR-art.21);
7. Right not to be subject to automated decision-making processes; the data subject has the right not to be subject to a decision based solely on automated processing (GDPR-art.22)
8. Requests can be addressed to the data controller at the email address guidedsurgery2.0srl@legalmail.it using the model provided by the Data Protection Authority, downloadable from the website https://www.garanteprivacy.it/home/modulistica-e-servizi-online. In case of suspected violation of the regulations, the user has the right to lodge a complaint with the Data Protection Authority, which is the authority responsible for overseeing data processing in Italy. For more information on how to file a complaint with the Data Protection Authority, click on the link https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524. For a deeper understanding of data subjects’ rights, refer to Articles 15 and following of EU Regulation 679/2016 at the link https://www.garanteprivacy.it/i-miei-diritti.

5) OTHER SITES
GUIDEDSURGERY srl does not exercise any control over the content and materials published by or obtained through third-party sites, nor over their methods of processing user’s personal data, and expressly disclaims any responsibility for such circumstances. Users are encouraged to check the privacy policy of third-party sites accessed through the Website and to inquire about the applicable conditions regarding the processing of their personal data.

6) COOKIES
Cookies are small text fragments that allow the web server to store information on the client (the browser) to reuse during the same visit to the website (session cookies) or later, even after several days (persistent cookies). Cookies are stored on the specific device used (computer, tablet, smartphone) based on the user’s preferences and browser settings.

Possible types of cookies that may be present on the website include:

CATEGORY PURPOSES
Navigation or Session Technical Ensure normal navigation and usability of the website.
Analytical Technical Collect information about the number of visitors and pages viewed.
Functional Technical Enable navigation based on a set of selected criteria.
Profiling Create user profiles to send advertising messages in line with preferences.

Preferences management through the cookie banner.
In compliance with the ‘Cookie and Other Tracking Tools Guidelines’ issued by the Garante Authority on 10/06/2021, the user can decide whether to accept or reject cookies on the website by interacting with the dedicated banner. This setting can also be changed after the browsing session.
The website may contain links to other sites (so-called third-party sites). GUIDEDSURGERY srl does not access or control cookies, web beacons, and other user tracking technologies that may be used by third-party sites accessed from the Website.