ISGE CONGRESS 11-14 MAY 2022
Extended privacy notice on the processing of personal data pursuant to article 13 of EU Regulation 2016/679 GDPR regarding the data collection privacy postcard
In accordance with article 13 of EU Regulation 679/2016 (“GDPR”), Theramex Italy S.r.l. informs you that will process your personal data, received directly from you through the compilation of the privacy postcard available at the Theramex stand during the ISGE Congress, in accordance with the principles of fairness, lawfulness and transparency, respecting your confidentiality and in compliance with the applicable law.
Who is the Controller?
The Controller is Theramex Italy S.r.l., Fiscal Code and VAT number 10087630967, with registered office in Milan, corso Vercelli no. 40, in its capacity as data controller (“Theramex” or “Controller”).
Who is the Data Protection Officer?
The Controller appointed a Data Protection Officer (“DPO”) which can be contacted at the following e-mail address: HYPERLINK “mailto:firstname.lastname@example.org” email@example.com.
Which personal data we collect?
We will process the following personal data:
city and country of practice
hospital of practice (optional)
How do we use your Data?
We will use your Data for the following purposes:
medical and scientific information activities and professional updating (such as the visiting of medical sales representative, invitations to participate in conferences, congresses, meetings, sending of scientific material related to medical and diagnostic products or related pathologies), based on your professional profile through visits of the medical sales representative, operator calls, videocalls and chats and with automated contact methods such as SMS and MMS;
transfer of your Data to the company of the Theramex group operating in the country where you mainly exercise your profession, in order to allow this company to carry out activities of medical-scientific information and professional updating (such as, for example, the visit of the medical sales representative, invitations to participate in conferences, congresses, meetings, sending of scientific material concerning medical and diagnostic products or related pathologies), based on your professional profile.
How do we process your Data and where do we store them?
The Data will be processed through computerized, automated and manual systems, with logic strictly related to the purposes outlined above. The Data will be stored in the United Kingdom according to criteria that allow to prevent breaches in the processing of the Data and to prevent the risks of misuse and unauthorized use of the Data on the basis of appropriate technical and organizational security measures.
Your Data will be processed by employees and/or collaborators of Theramex, appointed by the Controller as persons in charge of the processing for the tasks carried out within the company organization.
The Data will be stored until your consent is withdrawn, adopting adequate measures to avoid the indefinite storage of data in accordance with current legislation.
What are the consequence of any refusal to provide your Data?
The provision of your Data is optional and free, and subject to your explicit consent. However, if you do not provide the Data, the Controller will be unable to carry out the activities for the purposes referred to in point 4.
You may withdraw your consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.
To whom do we transfer and communicate your Data?
Your Data will not be disclosed, but they may be transferred within the European Union and outside the European Union to companies belonging to the Theramex Group and to providers for the purposes indicated in point 4.
We inform you that, for the performance of the purposes specified above, your Data may be communicated:
to third parties (such as, for example, service providers related to the purposes specified in point 4) or companies within the Theramex Group, which will operate as data processors;
to public entities for the compliance with legal obligations, which will operate as independent data controllers or
to providers of data entry and elaboration services in computer files, duly appointed as data processors.
For internal administrative and organizational purposes, pursuant to recital 48 and Article 6(f) of EU Regulation 679/2016, Theramex may also communicate the Data to its parent company Theramex HQ UK Limited.
We may communicate your Data to third parties:
in the event of the sale of any assets or property; or
if some or all of our assets are acquired by third parties, the Data will be one of the transferred assets.
Moreover, with your consent, your Data may be transferred to the company of the Theramex group operating in the country where you mainly exercise your profession, in order to allow the latter to carry out medical and scientific information activities and professional updating (such as the visiting of medical sales representative, invitations to participate in conferences, congresses, meetings, sending of scientific material related to medical and diagnostic products or related pathologies), according to your professional profile.
The transfer of the Data to Theramex HQ UK Limited is carried out in accordance with the European Commission’s adequacy decision of 18.6.2021; the Data may also be transferred to third countries that do not guarantee a level of security adequate to European standards and for which no adequacy decision has been issued by the European Commission pursuant to Article 45 GDPR. For this reason, the Controller has signed with third parties, intending to transfer data to such countries, standard contractual clauses or adopted other appropriate safeguards pursuant to Article 46 GDPR, and, where necessary, any additional security measures.
What are your rights about your Data?
You have the right to request at any time to the Controller access to and copy of the Data, rectification or erasure of the same, restriction of the processing involving your data or to object to their processing, as well as the right to ask the portability of the data.
When you exercise your right of access you have the right to know whether your personal data are being processed, the purpose of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom your personal data are disclosed (and, if they reside in a third country, on the basis of what guarantees), your data retention period (or the criteria used to determine the retention period), whether there is an ongoing automated processing (for example, through the profiling) and the logic of such processing, the origin of the data (if they are not initially collected by us).
You can exercise these rights by contacting the DPO at the following e-mail address HYPERLINK “mailto:firstname.lastname@example.org” email@example.com or by writing to the Controller’s address indicated above.
You also have the right to lodge a complaint with the competent supervisory authorities, under the conditions and within the limits provided for in Article 13 of the GDPR.