DIESSE Diagnostica Senese S.p.A. (CF and PI 05871140157), in the person of the Chief Executive Officer and legal representative, Dr. Massimiliano Boggetti, with registered office in Milan, Via Solari 19, as Data Controller (hereinafter, "Data Controller"), guarantees compliance with the regulations concerning protection of personal data of natural persons, pursuant to art. 13 EU Regulation n. 2016/679 (hereinafter, "GDPR") and with the Legislative Decree n. 196/2003 modified by Legislative Decree 10 August 2018, n. 101, providing the following information about the processing of data communicated or otherwise collected.
The Data Controller processes personal data of natural persons of identifying, biographical or commercial type (for example, name, surname, company name, address, telephone number, e-mail, bank and payment details), communicated when stipulating contracts with the Data Controller.
Personal data of natural persons are treated:
A) without the express consent of the interested party (Article 6 letter b), c) e) GDPR), for the following purposes:
B) only with the previous specific consent of the interested party (Article 7 of the GDPR), which will be specifically requested, for the following Marketing Purposes:
C) without the express consent of the interested party, for the pursuit of a legitimate interest of the Data Controller (Article 6, paragraph 1, point f) GDPR) for direct Marketing purposes on electronic and individual basis.
The collected data will be object of treatment based on the principles of correctness, lawfulness, transparency and protection of privacy and rights. They may be processed by means of both paper and electronic archives (including portable devices) and processed in ways strictly necessary to meet the aforementioned purposes.
In case of contact request through specific sections of the website www.diesse.it, the Personal Data processed by the Data Controller are name, surname and e-mail address, as well as all those communicated to the Data Controller by the interested party when sending any request of information, by completing the online contact form or by sending these requests to the address provided in the web page.
In this case the Personal Data will be processed to allow the sending of the requested information, or commercial communications and newsletters, as described in Section 2 by the Data Controller.
For this purpose, it will be necessary to provide those Personal Data marked with the symbol *.
Sending the information requests as indicated in Section 2, the users explicitly approve this Policy and consent to the processing of their data for the purposes referred to this Section.
Referring to the Marketing Purpose as indicated in point 2B), it should be noted that, pursuant to Article 6, paragraph 1, point f) of the Regulation, the Data Controller may in any case carry out this activity based on the legitimate interest of the Data Subjects, regardless of their consent and in any case up to their opposition to such processing as better explained in Recital 47 of the Regulation in which "processing of personal data for direct marketing purposes is considered legitimateā. This will also be possible following the assessments made by the Data Controller regarding the potential and possible prevalence of the interests, fundamental rights and freedoms of the interested party requiring the protection of Personal Data on their legitimate interest in sending direct marketing communications.
The processing of personal data for the purposes referred to this Section may be either automated (for example: emails automatically generated based on the profile, etc.) and manual (for example: email aimed to promote a certain product / service, etc.).
The given consent is always revocable (totally or limited to some of the purposes for which it was provided), without prejudice to the lawfulness of the treatment based on consent made prior to revocation, by contacting the Data Controller through the channels reported in the Website ("Contact" section and footer).
Browsing on the website of the Data Controller requires the use of cookies. For cookie specifications please read the Cookies Policy (link to the Cookies policy page).
If the interested party accesses the website www.diesse.it through the use of his / her social profile (eg Facebook profile or Instagram profile), the collection of Personal Data will be carried out by the Data Controller at third parties or at the social service provider used to access the Internet site. In this case the interested party can read this information on the website.
The data provided, processed for the purposes indicated above, will be kept in our archives for administration, accounting, contractual activities, as well as management of any dispute.
The Data Controller will process the personal data of natural persons for the all duration of the contractual relationship to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of such relationship and for no more than 2 years from data collection for Marketing Purposes.
All this is done without prejudice to what may be provided for or imposed by law and / or mandatory provisions for the Owner.
The provision of data for the purposes referred to in art. 2.A) and 2.C) is mandatory. In their absence, the regular performance of our services cannot be guaranteed, nor the regular pursuit of all the purposes referred to in art. 2.A) and 2.C).
The provision of data for the purposes referred to in art. 2.B) is optional. Where requested, the interested party may then decide to not provide any data or to subsequently deny the possibility of processing data already provided: in this case, the interested party will not receive newsletters, commercial communications and advertising material concerning services and services offered by the Data controller.
Without prejudice to communications made in compliance with legal and contractual obligations, all data collected may be made accessible and / or disclosed to third parties for the purposes referred to in art. 2.A), 2.B) and 2.C), to:
Personal data of natural persons may be transferred to countries extra-UE, for the only purpose of cloud backup provided by a supplier (Carbonite, Inc.) located in the U.S.A. and certified in compliance with in the EU-U.S. Privacy Shield agreement.
Personal data of natural persons are not subject to disclosure, nor to profiling, nor to any decision-making process in whole or in part automated.
It is hereby announced that the legislation on the protection of personal data gives individuals the opportunity to exercise specific rights. In particular, each interested individual has:
the right of access, expressly provided for by art. 15 of the GDPR, namely the ability to access all personal information concerning such individual;
the right of rectification, expressly provided for by art. 16 of the GDPR, namely the possibility of obtaining the update of inaccurate personal data concerning such individual without justified delay;
the right to be forgotten, expressly provided for by art. 17 of the GDPR, consisting of the right to cancel personal data concerning the interested person;
the right to limit processing in case of one of the hypotheses provided for by art. 18 of the GDPR;
the right to data portability, expressly provided for by art. 20 of the GDPR, that is the right to obtain, in an interoperable format, their personal data and / or the right to see their personal data transmitted to another data controller without impediments by this Company;
the right of withdrawal of consent at any time, expressly provided for by art. 7 of the GDPR;
the right to lodge a complaint with the Guarantor in the event of a breach in the processing of data pursuant to art. 77 of the GDPR;
the right to judicial remedy in case of unlawful data processing, even against the actions taken by the Guarantor pursuant to Article 78 of the GDPR;
the right to oppose at any time the processing for sending commercial communications and advertising or direct sales material, by sending an email to privacy@diesse.it expressly requesting the cancellation of their names from the advertising list.
The interested party may at any time exercise the rights, or make communications, by sending:
The Data Controller is DIESSE Diagnostica Senese S.p.A. (C.F. and P.I. 05871140157), in the person of the Chief Executive Officer and legal representative, with registered office in Milan, Via Solari 19.
The updated list of names and contacts of the Designated person for the processing of personal data and the Authorized person/people for the processing of personal data is kept in the Data Controller headquarters in Siena (Via del Pozzo 5, Monteriggioni).
The Data Controller has not appointed a Data Protection Officer (DPO), as there is no obligation pursuant to art. 37 GDPR EU 2016/679.
This Privacy Policy may be updated to reflect ongoing legal, technical and commercial developments, or a refinement of our methods of processing personal data. In the event of substantial changes to the Privacy Policy, appropriate steps will be taken to inform you, in line with the importance of the changes introduced. We will also request your consent to any substantial modification of the Privacy Policy if required by applicable data protection laws.