DATA PROCESSING POLICY ON OUR WEBSITE

Introduction

Dialisi Mucaria takes very seriously user’s privacy and undertakes to respect it. This privacy policy describes the processing of personal data carried out by Dialisi Mucaria through its website and the relative commitments undertaken by the Company. We inform that Dialisi Mucaria may process your personal data when you visit its website or use its services. In the sections of the website where the user's personal data is collected, a specific information notice is published pursuant to articles 13/15 of the EU Reg. 2016/679. Where required by EU Reg. 2016/679, a user consent will be required before processing of personal data. If the user provides personal data of third parties, he must ensure himself that the communication of data to Dialysis Mucaria and subsequent treatment for the purposes specified in the applicable privacy policy is in compliance with EU Regulation 2016/679 and applicable legislation.

Identification data of Data Controller and Data Protection Officer

The Data Controller is “Mucaria s.r.l.”, with a registered office in Valderice (TP), 23, Viale Europa Street - tel. +39 0923836440 pec: centroemodialisispa@pec.it

The Data Protection Officer is Giuseppe Edoardo Scarlata, lawyer with a registered office in Palermo, 38, Enzo ed Elvira Sellerio Street – e-mail: avv.scarlata@gmail.com - pec: avv.scarlata@pec.it

Type of processed data

The visit and the consultation of the Website generally do not imply a collection and processing of personal data, except for browsing data and cookies as specified below. In addition to the so-called "browsing data" (see below), personal data voluntarily provided by the user may be processed when the latter interacts with the functionalities of the website or requests to use the services offered on the website. In compliance with the Privacy Code, Dialisi Mucaria may also collect your personal data from third parties during the performance of its commercial activity.

Cookie policy

For further information on cookie policy the website applies, please consult the extended cookie policy version.

The storage of personal data

The personal data is stored and processed through IT systems owned and managed by Dialysis Mucaria or by third party technical service providers; for more details please refer to the "Transmission and access to personal data (10) " section that you can find below. The data is processed exclusively by specifically authorized personnel, including the personnel responsible for carrying out extraordinary maintenance operations.

Purposes and methods of processed data

Dialysis Mucaria can process the user's common and sensitive personal data for the following purposes: to allow browsing and use of services placed on the website, for management of users’ requests and reports, in order to send newsletters, management of received recruitment applications sent through the website, etc. Moreover, with the further optional and specific consent of the user, Dialisi Mucaria may process personal data for marketing purposes, i.e. to send promotional materials and/or communications relating to the Company's services at the addresses indicated by the users, both through traditional methods of contact (such as post, telephone etc.) and / or automated methods (such as internet communications, faxes, e-mails, text messages, applications for mobile devices as smartphones, tablets, CD.APPS-, social network account like f.ex. Facebook or Twitter, phone calls with automatic operator, etc.). The personal data is processed both in paper and electronic form. The data are entered into the company information system, including security and confidentiality profiles, being based on principles of the utmost correctness and lawfulness of data processing, in full respect with EU Reg. 2016/679. In compliance with EU Reg. 2016/679, the data are kept and stored for the period allowed by the law in force.

Security and quality of personal data

Dialisi Mucaria undertakes to protect the security of personal data of the users and commits to respect the provisions on security envisaged by the applicable legislation in order to avoid data loss, illegitimate or illegal use of data and unauthorized access, with particular reference to the Technical Regulations regarding minimum measures of security. Furthermore, the information systems and computer programs used by Dialisi Mucaria are configured in a way to minimize the use of personal and identification data; these data are processed only to achieve the specific purposes pursued. Dialysis Mucaria uses multiple advanced security technologies and procedures to promote the protection of users' personal data; for example, personal data is stored on secure servers located in places with protected and controlled access. The users can help Dialisi Mucaria to update and maintain their personal data by communicating any change concerning address, qualification, contact details, etc.

Transmission and access to personal data

The user’s personal data may be disclosed to:

• to all subjects who have right of access to such data and stipulated by legislative measures;
• to our employees, collaborators, within the framework of their duties;
• all those natural and/or legal, public and/or private persons if the forwarding (disclosure) of the data proves necessary or expedient to the performance of our operations, as well as in the above manner and for the appropriate purposes described above.

Nature of personal data provision

The provision of some personal data is mandatory in order to allow the Company to manage communications or requests received from the user or to contact the users in order to respond to their request. This type of data is marked with an asterisk symbol [*] and in this case the provision is obligatory to allow the Company to follow up the request which, otherwise, cannot be processed. And conversely, the collection of other data not marked with an asterisk is optional: the absence of that kind of data will not entail any consequences for the user.
The provision of personal data for marketing purposes, as specified in the section "Purposes and methods of processing" is optional and the refusal will have no consequence. The consent given for marketing purposes is intended to be extended to sending communications through automated and traditional methods of contact, as above mentioned.

The Rights of Data Subject

Right to the access and Right to rectify - as referred in Art. 15 and Art. 16. of UE Regulation 2016/679

The data subject has the right to obtain from the data controller the confirmation that the processing of personal data concerning him is being carried out and, in this case, the interested party has the right to obtain the access to personal data concerning him and the access to the information regarding:

• a) the purposes of the processing;
• b) the categories of personal data concerned;
• c) the recipients or categories of recipients to whom the personal data have been or may be disclosed, in particular if recipients have been or might be communicated to third countries or international organizations;
• d) the period of time that the personal data will be stored or if it is not possible, about the criteria used to parameterized the data storage period;
• e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
• f) the right to lodge a complaint with a supervisory authority;
• g) where the personal data are not collected from the data subject, any available information as to their source;
• h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to erasure («right to be forgotten») - as referred in Art. 17 of UE Regulation 2016/679

The data subject has the right to obtain from the data controller the erasure of personal data concerning him without unjustified delay and the data controller has the obligation to delete personal data without undue delay, if there is one of the following reasons:

• a) personal data are no longer necessary to conclude the purposes for which they were collected or otherwise processed;
• b) the data subject withdraws the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and if there is no other legal ground for the processing;
• c) the data subject objects to the processing pursuant to Article 21 paragraph 1, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 paragraph 2; ;
• d) personal data have been unlawfully processed;
• e) the personal data must be deleted in order to fulfill a legal obligation established by EU or by the Member State to which the data controller is subject;
• f) the personal data have been collected in relation to the offer of information society services referred to in Article 8 paragraph 1 of EU Regulation 2016/679.

Right to restriction of processing - as referred in Art. 18 of UE Regulation 2016/679

The data subject has the right to obtain restriction of data processing when one of the following hypotheses occurs:

• a) the accuracy of the personal data is contested by the data subject, for the period enabling the controller to verify the accuracy of the personal data;
• b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
• c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defend of legal claims;
• d) the data subject has objected to processing pursuant to Article 21, paragraph 1, EU Reg 2016/679 pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability - as referred in Art. 20 of UE Regulation 2016/679

The data subject has the right to receive in a structured format, commonly used and readable by automatic device, the information about personal data concerning him that had been provided to a data controller and has the right to transmit such data to another data controller without hindrance by part of the data controller.

Withdrawing your consent on data processing

The interested party can revoke the consent to the processing of the personal data regarding him by sending a registered letter with return receipt to the following address: Via Principe di Granatelli n. 46 - 90139 Palermo. As attachment necessary is sending also a photocopy of the identity, with the following text: << << revoca del consenso al trattamento di tutti i miei dati personali - revocation of consent to the processing of all my personal data >>. Upon completion of this operation your personal data will be removed from the archives as soon as possible.

If you wish to have more information on the processing of your personal data, or exercise the rights referred in point 7, you can send a registered letter with return receipt to the following address: Viale Europa n. 23 - Valderice (TP). Before providing you or changing any information, it may be necessary to verify your identity and answer some questions. An answer will be provided as soon as possible.