Privacy Policy

La Ars Biomedica – SAF Gestioni Sanitarie srl, as the Data Controller under EU Regulation 679/2016, outlines the management and access procedures for its website concerning the processing of personal data of individuals who interact with the information services of Ars Biomedica, accessible from
www.arsbiomedica.it.
This privacy policy pertains solely to the Ars Biomedica website and does not extend to other websites that users may visit via hyperlinks.

DATA CONTROLLER

The Data Controller is Ars Biomedica – SAF Gestioni Sanitarie srl, located in Rome, via Luigi Bodio 58.
The Data Controller has appointed Dr. Francesco Parisi as the Data Protection Officer (DPO), who can be contacted at dpo@arsbiomedica.it for any information related to the processing of personal data by Ars Biomedica spa.

TYPES OF DATA PROCESSED

Data related to identified or identifiable individuals may be collected following access and consultation of this website.
Browsing Data
The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response from the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.
The data is used solely to obtain anonymous statistical information on the use of the site and to ensure its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical IT crimes against the site.
Voluntarily Provided Data by the User
The optional, explicit, and voluntary sending of emails, including via electronic forms, through this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

COOKIES

No personal data of users is acquired by the site in this regard.
No cookies are used to transmit personal information, nor are any kind of persistent cookies used, i.e., systems for tracking users.
The use of so-called session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server), necessary to allow secure and efficient exploration of the site.
The session cookies used on this site avoid the use of other IT techniques potentially prejudicial to the confidentiality of user navigation and do not allow the acquisition of personal data identifying the user.

PURPOSE, LEGAL BASIS, AND OPTIONAL OR MANDATORY NATURE OF PROCESSING

The Personal Data you provide through the Site will be processed by the Data Controller for the following purposes:
a) purposes of research/statistical analysis on aggregated or anonymous data, without thus being able to identify the user, aimed at measuring the functioning of the Site, measuring traffic, and evaluating usability and interest; b) purposes related to compliance with a legal obligation to which the Data Controller is subject; c) purposes necessary to ascertain, exercise, or defend a right in a judicial context or whenever judicial authorities exercise their jurisdictional functions.
The purpose under point a) does not involve the processing of Personal Data, while the purpose under point c) represents a legitimate processing of Personal Data under the Applicable Law since, once the Personal Data is provided, the processing is necessary to comply with a legal obligation to which the Data Controller is subject. In some cases (not part of the ordinary management of the site), the authority may request information under art. 157 of Legislative Decree 30 June 2003, n. 196 for control purposes on personal data processing. In these cases, a response is mandatory under penalty of administrative sanction.
The provision of Personal Data for the above purposes is optional, but failure to provide such data may make it impossible to fulfill a user’s request.

PROCESSING METHODS

Personal data is processed with automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access.
Security measures have been adopted to minimize risks concerning the confidentiality, availability, and integrity of personal data collected and processed.

SHARING, COMMUNICATION, AND DISCLOSURE OF DATA

The collected data may be transferred or communicated to internal collaborators or telematic service providers for activities strictly connected and instrumental to the purposes for which the data was collected (such as the operation of the Internet service, management of the IT and telematic system, fulfillment of specific consultancy requests). The personal data provided by users requesting informational material is used solely to perform the service or provision requested and is communicated to third parties only if necessary for that purpose (including companies providing packaging, labeling, and shipping services).
Outside of these cases, the data will not be communicated, nor granted to anyone, except:
there is explicit consent to share the data with third parties;
it is necessary to share the information with third parties to provide the requested service;
it is necessary to comply with requests from Judicial or Public Security Authorities.
No data deriving from the web service is ever disseminated.

PROCESSING OF SENSITIVE DATA

Any so-called “sensitive” personal data sent to us, and not strictly pertinent to the purposes of the collection or, in any case, not containing explicit and contextual written consent to their processing, will be immediately and definitively deleted. Sensitive data, under art. 9 of the European Regulation 2016/679, includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data aimed at uniquely identifying a natural person, data concerning health or sexual life, or sexual orientation of a person.

DATA SUBJECTS’ RIGHTS

Data subjects, under articles 15-22 of the European Regulation 2016/679, have the following rights:
the right to access personal data, which includes the right to obtain a copy of the processed personal data;
the right to receive personal data in a structured, commonly used, machine-readable, and interoperable format;
the right to obtain the updating, rectification, or integration of data;
the right to obtain the deletion, restriction, transformation into anonymous form, or blocking of data processed in violation of the law, including data whose retention is unnecessary for the purposes for which the data was collected or subsequently processed;
the right to obtain certification that the operations of updating, rectification, integration, deletion, restriction, transformation, or blocking of data have been brought to the attention, including in terms of their content, of those to whom the data has been communicated, except in cases where this proves impossible or involves a use of means manifestly disproportionate to the protected right;
the right to object, in whole or in part, on legitimate grounds, to the processing of personal data concerning them, even if pertinent to the purpose of the collection, and to processing carried out for purposes foreseen by the current legislation;
the right to lodge a complaint with the Data Protection Authority, according to the procedure available on the website (garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524) to report a violation of data protection regulations and request an investigation by the Authority.

CHANGES TO THIS PRIVACY POLICY

Ars Biomedica – SAF Gestioni Sanitarie srl periodically reviews its privacy and security policies and, if necessary, revises them in relation to regulatory, organizational changes, or technological evolution.
In case of policy changes, the new version will be published on this page of the site.

QUESTIONS, COMPLAINTS, AND SUGGESTIONS

Anyone interested in more information, contributing suggestions, or making complaints or objections regarding the privacy policies or how personal data is treated, can contact the Data Protection Officer, Dr. Francesco Parisi, at dpo@arsbiomedica.it.