Search

Privacy Policy

www.paideiahospital.it

Regulation (EU) 679/2016 on the processing of personal data - Art. 13

Casa di Cura Paideia S.p.a., with registered office at Via G. Fabbroni, 6 – 00191 – Rome, VAT number 01847201009 (hereinafter, “Controller”), in its capacity as Data Controller, informs you, pursuant to Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (hereinafter, “Privacy Code”) and Article 13 of EU Regulation No. 2016/679 (hereinafter, “GDPR”), that your data will be processed in accordance with the principles of fairness, lawfulness, transparency, and in compliance with the purposes and methods indicated below, collecting them to the extent necessary and accurate for the processing.

The contact details of the Data Protection Officer (DPO) are as follows: dpo@paideiahospital.it, to whom you can exercise the rights provided for in Articles 15 and following of the GDPR by writing.

 

Subject of the Processing

This Privacy Policy concerns the management of the website https://www.paideiahospital.it/ regarding the processing of users’ personal data. Personal data processing includes any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as collection, recording, organization, structuring, storage, processing, selection, blocking, adaptation, or alteration, retrieval, consultation, use, communication by transmission, dissemination, or any other form of provision, comparison or interconnection, limitation, erasure, or destruction.

1.1 Type of Data Collected

In accordance with EU Regulation 679/2016 on the processing of personal data when using our services, you accept that our company collects some of your personal data. This information aims to inform you about the data we collect, why we collect it, and how we use it.

1.1.1. User-provided Data

When requesting information through contact forms or subscribing to our newsletter, we ask you to provide certain data necessary to use our services. These may include, but are not limited to:

  • Name
  • Surname
  • Email address
  • Phone number
  • Product/service of interest

Any health-related information (e.g., special data under Article 9 GDPR) provided by the user within contact forms will be immediately deleted and not processed.

When making a reservation for our services using the “Book Online” function, we also ask for:

  • Tax code
  • Date and place of birth
  • Gender
  • Language
  • Residential address
  • Special data under Article 9 GDPR, particularly health-related data. The association of the user’s name with the corresponding service is capable of revealing health-related information.

It is noted that a chat is operational as a support tool for user/interested party requests. The collected information is necessary for the chat platform’s operation and to enable operators to provide personalized assistance; the processed data is provided by the user when accessing the chat.

1.1.2. Automatically Collected

Data from the Website We collect the following data through the services we use:

  1. Technical data: e.g., IP address, browser type, information about your computer, data regarding the approximate current location of the device you are using.
  2. Data collected using cookies or similar technologies. For more information on the types of cookies used and how to disable them, please refer to the Cookie Policy.
 

Purpose of Processing and Legal Basis

The personal data you provide is processed by the owner of this website for:

2.1) Purposes related to the provision of requested services. For example:

  • Allowing the user access to the website https://www.paideiahospital.it/
  • Allowing the user to request information
  • Allowing the user to register an account to book our services
  • Executing the requested service or performance.

The legal basis for processing is the performance of a contract or pre-contractual measures (Article 6, paragraph 1, letter b) GDPR).

2.2) Your data will also be processed to:

  • Collect statistical information on the use of the site (most visited pages, number of visitors per daily time slot, geographical areas of origin, etc.) and improve usability for users. The legal basis in this case is the legitimate interest of the Controller to ensure a service that meets your expectations (Article 6, paragraph 1, letter f) GDPR).

2.3) We may process your data to send you advertising material, newsletters, and communications with informative and/or promotional content related to products and services provided and/or events promoted by the Controller or its commercial partners, unless you object through the unsubscribe links at the bottom of the communications we send. You can subscribe to our newsletter through the form on the website. The legal basis for processing is your explicit and prior consent (Article 6, paragraph 1, letter a) GDPR).

2.4) When making a reservation for our services using the “Book Online” function, we inevitably become aware of “special” data, specifically, health-related data. The association of the user’s name with the corresponding service is capable of revealing health-related information. The legal basis for processing is your explicit and prior consent (Article 9, paragraph 2, letter a) GDPR).

 

 

Processing Methods

The processing of your personal data is carried out through the operations indicated in Article 4, No. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data is processed both on paper and electronically and/or automatically.

 

 

Access to Data and Communication

Your data may be made accessible for the purposes mentioned in point 2 to:

  1. Employees and collaborators of the Controller in their capacity as authorized and/or internal processing managers and/or system administrators;
  2. Third-party companies or other entities (such as ICT companies, website hosting providers, consultants, web platform providers, etc.) that perform outsourced activities on behalf of the Controller, acting as external data processors. The Controller may also communicate your data for the aforementioned purposes to:
  3. Supervisory bodies, Judicial Authorities, Police Authorities, Public Entities, and all those subjects to whom communication is mandatory by law for the fulfillment of said purposes. These subjects will process the data as independent data controllers. Only with your explicit and prior consent for the purposes mentioned in point 2.3), the Controller may communicate your personal data to third-party companies such as commercial partners and event organizers, which will process the data as external data processors. Personal data collected for the purposes mentioned in point 2.4) will only be accessible, with your consent, to our medical and administrative staff, limited to activities related to the reservation management process, as well as to the booking platform provider, acting as an external data processor. Your data will not be disclosed.
 

Data Retention

Period The data collected by the website during its operation is kept for the time strictly necessary to carry out the specified activities. At the end of this period, the data will be deleted or anonymized, unless there are further purposes for retaining them, such as security reasons in case of potential abuse. In such cases, the Controller will keep the personal data acquired for the time necessary to fulfill legal obligations and/or to assert and/or defend a right in the appropriate venues. Data collected for the purposes mentioned in point 2.3) will be processed and kept until the withdrawal of your consent. Data related to online reservations mentioned in point 2.4) will be processed and kept for the entire duration of the service you have booked.

 

 

Data Transfer

The personal data provided by the user is not subject to transfer outside the European Union; in any case, it is understood that, if necessary, the Controller may transfer personal data to non-EU countries, ensuring in advance that the transfer of personal data outside the EU complies with applicable legal provisions (starting from Regulation (EU) No. 679/2016) by entering into, if necessary, specific agreements to ensure an adequate level of protection of personal data or by adopting the standard contractual clauses provided by the European Commission for the transfer of personal data outside the EU. Automatically collected personal data from the website may be shared with servers located in non-EU countries through social plugins and the Google Analytics service; in this case, we ensure that the transfer complies with applicable legal provisions and that an adequate level of protection of personal data is guaranteed. In this regard, please refer to the information provided in the Cookie Policy.

 

 

Nature of Data Provision

The provision of data for the purposes mentioned above is mandatory for everything required by legal and contractual obligations; therefore, any refusal to provide them in whole or in part may result in the impossibility for the Controller to provide the service. The non-provision of data for the purposes mentioned in the previous point 2.3) of the “Processing Purposes” paragraph will have no consequences on the provision of services. The provision of data for the purposes mentioned in point 2.4), finally, is optional but essential to perform the service; any refusal would, in fact, make it impossible for the Controller to perform the requested service. Regarding the consequences of non-acceptance and/or removal of cookies, please refer to what is specified in the Cookie Policy.

 

Rights of the Data Subject and Exercise Methods

We inform you that, at any time and if the conditions are met, you can exercise your rights provided for in Articles 15 and following of the GDPR:

  • Obtain confirmation of whether or not personal data concerning you is being processed and, if so, obtain a copy in intelligible form.
  • Obtain the updating, rectification, or integration of your data.
  • Request the deletion of your data, within the limits allowed by the law.
  • Object, in whole or in part, to the processing of your personal data.
  • Restrict the processing in case of violation, request for rectification, or objection.
  • Request the portability of electronically processed data, provided on the basis of consent or contract.
  • Withdraw your consent to the processing of your data, if applicable.
  • In relation to entirely automated profiling, obtain human intervention from the Controller to express your opinion and contest the decision. If deemed appropriate, you can file a complaint with the Data Protection Authority.
 

To exercise your rights, you can contact the Data Controller at the following email address: info@paideiahospital.it.

You can also contact the Data Protection Officer (DPO) at the following address: dpo@paideiahospital.it.

Privacy Policy for My Paideia App

EU REGULATION 679/2016 ON THE PROCESSING OF PERSONAL DATA – ARTICLE 13 

Casa di Cura Paideia S.p.a., with registered office at Via G. Fabbroni, 6 – 00191 – Rome, VAT number 01847201009 (hereinafter, “Controller”), as the Data Controller, informs you, pursuant to Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (hereinafter, “Privacy Code”) and Article 13 of EU Regulation No. 2016/679 (hereinafter, “GDPR”), that your data will be processed in accordance with the principles of fairness, lawfulness, transparency, and in compliance with the purposes and methods indicated below, collecting them to the extent necessary and accurate for the processing.

The contact details of the Data Protection Officer (DPO) are as follows: dpo@paideiahospital.it, to whom you can exercise the rights provided for in Articles 15 and following of the GDPR by writing.

 

Subject of the Processing

This Privacy Policy concerns the management of the “My Paideia” app regarding the processing of users’ personal data. Personal data processing includes any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as collection, recording, organization, structuring, storage, processing, selection, blocking, adaptation, or alteration, retrieval, consultation, use, communication by transmission, dissemination, or any other form of provision, comparison, or interconnection, limitation, erasure, or destruction.

1.1 Type of Data Collected

In accordance with EU Regulation 679/2016 on the processing of personal data when using our services, you accept that our company collects some of your personal data. This information aims to inform you about the data we collect, why we collect it, and how we use it.

1.1.1. User-provided Data

When registering an account and booking our services, we ask you to provide certain data necessary to use our services. These may include, but are not limited to:

  • Name
  • Surname
  • Email address
  • Phone number
  • Product/service of interest
  • Tax code
  • Date and place of birth
  • Gender
  • Language
  • Residential address
  • Special data under Article 9 GDPR, particularly health-related data. The association of the user’s name with the corresponding service is capable of revealing health-related information.

1.1.2. Automatically Collected

Data from the App We collect the following data through the services we use:

  1. Technical data: e.g., IP address, browser type, information about your computer, data regarding the approximate current location of the device you are using.

Purpose of Processing and Legal Basis

The personal data you provide is processed by the owner of this app for:

2.1) Purposes related to the provision of requested services. For example:

  • Allowing the user access to the “My Paideia” app
  • Allowing the user to register an account to book our services The legal basis for processing is the performance of a contract or pre-contractual measures (Article 6, paragraph 1, letter b) GDPR).

2.2) Your data will also be processed to:

  • Collect statistical information on the use of the app and improve usability for users. The legal basis in this case is the legitimate interest of the Controller to ensure a service that meets your expectations (Article 6, paragraph 1, letter f) GDPR).

2.3) When making a reservation for our services using the app, we inevitably become aware of “special” data, specifically, health-related data. The association of the user’s name with the corresponding service is capable of revealing health-related information. The legal basis for processing is your explicit and prior consent (Article 9, paragraph 2, letter a) GDPR).

 

Processing Methods

The processing of your personal data is carried out through the operations indicated in Article 4, No. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data is processed both on paper and electronically and/or automatically.

 

Access to Data and Communication

Your data may be made accessible for the purposes mentioned in point 2 to:

  1. Employees and collaborators of the Controller in their capacity as authorized and/or internal processing managers and/or system administrators;
  2. Third-party companies or other entities (such as ICT companies, app hosting providers, consultants, app platform providers, etc.) that perform outsourced activities on behalf of the Controller, acting as external data processors. The Controller may also communicate your data for the aforementioned purposes to:
  3. Supervisory bodies, Judicial Authorities, Police Authorities, Public Entities, and all those subjects to whom communication is mandatory by law for the fulfillment of said purposes. These subjects will process the data as independent data controllers. Only with your explicit and prior consent for the purposes mentioned in point 2.3), the Controller may communicate your personal data to third-party companies such as commercial partners and event organizers, which will process the data as external data processors. Personal data collected for the purposes mentioned in point 2.3) will only be accessible, with your consent, to our medical and administrative staff, limited to activities related to the reservation management process, as well as to the booking platform provider, acting as an external data processor. Your data will not be disclosed.
 
 

Data Retention Period

The data collected by the app during its operation is kept for the time strictly necessary to carry out the specified activities. At the end of this period, the data will be deleted or anonymized, unless there are further purposes for retaining them, such as security reasons in case of potential abuse. In such cases, the Controller will keep the personal data acquired for the time necessary to fulfill legal obligations and/or to assert and/or defend a right in the appropriate venues. Data collected for the purposes mentioned in point 2.3) will be processed and kept until the withdrawal of your consent. Data related to app reservations mentioned in point 2.3) will be processed and kept for the entire duration of the service you have booked.

 

Data Transfer

The personal data provided by the user is not subject to transfer outside the European Union; in any case, it is understood that, if necessary, the Controller may transfer personal data to non-EU countries, ensuring in advance that the transfer of personal data outside the EU complies with applicable legal provisions (starting from Regulation (EU) No. 679/2016) by entering into, if necessary, specific agreements to ensure an adequate level of protection of personal data or by adopting the standard contractual clauses provided by the European Commission for the transfer of personal data outside the EU. Automatically collected personal data from the app may be shared with servers located in non-EU countries through app hosting services; in this case, we ensure that the transfer complies with applicable legal provisions and that an adequate level of protection of personal data is guaranteed.

 

Nature of Data Provision

The provision of data for the purposes mentioned above is mandatory for everything required by legal and contractual obligations; therefore, any refusal to provide them in whole or in part may result in the impossibility for the Controller to provide the service. The non-provision of data for the purposes mentioned in the previous point 2.3) of the “Processing Purposes” paragraph will have no consequences on the provision of services. The provision of data for the purposes mentioned in point 2.3), finally, is optional but essential to perform the service; any refusal would, in fact, make it impossible for the Controller to perform the requested service.

  1. Rights of the Data Subject and Exercise Methods We inform you that, at any time and if the conditions are met, you can exercise your rights provided for in Articles 15 and following of the GDPR:

  • Obtain confirmation of whether or not personal data concerning you is being processed and, if so, obtain a copy in intelligible form.
  • Obtain the updating, rectification, or integration of your data.
  • Request the deletion of your data, within the limits allowed by the law.
  • Object, in whole or in part, to the processing of your personal data.
  • Restrict the processing in case of violation, request for rectification, or objection.
  • Request the portability of electronically processed data, provided on the basis of consent or contract.
  • Withdraw your consent to the processing of your data, if applicable.
  • In relation to entirely automated profiling, obtain human intervention from the Controller to express your opinion and contest the decision. If deemed appropriate, you can file a complaint with the Data Protection Authority.

To exercise your rights, you can contact the Data Controller at the following email address: info@paideiahospital.it.

You can also contact the Data Protection Officer (DPO) at the following address: dpo@paideiahospital.it.

Online test results

You can view or download a test result directly from our portal.

CHIRURGIA