GDPR POLICY

Information on the application of the Legislative Decree 196/03 and of the GDPR - EU REGULATION 2016/679

We wish to inform you that the Legislative Decree n. 196 of 30 June 2003 "Personal Data Protection Code" integrated and amended by EU REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT, provides for the protection of persons and other subjects regarding the processing of personal data.
According to the law, this treatment will be based on principles of fairness, lawfulness and transparency and protection of your privacy and your rights.
Pursuant to Article 13 of the Legislative Decree. n. 196/2003, as complemented by the articles 13 and 14 of the GDPR - EU REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT, we hereby provide you with the following information:
1. The data you provide will be processed for the following purposes:
• to enter the personal data in the company's computer databases;
• for the keeping of ordinary accounting and VAT;
• for the management of receipts and payments;
• for the exchange of communications regarding the economic, administrative and commercial activity of the company by telephone, post, courier, fax, e-mail;
• to satisfy the obligations provided for by the law, by regulations, by community legislation, by civil and fiscal laws.
• for any data profiling.
2. The processing of personal data is carried out using both paper and electronic media with the observance of all precautionary measures, in order to ensure security and confidentiality. The data will also be managed and protected in environments where access is not allowed to the public and is under constant control.
3. The provision of data is optional and any refusal to provide such data may result in non-performance of the contract or the interruption of the relationship.
4. The data may be communicated to: all the subjects to whom the faculty of access to such data is recognized by virtue of regulatory provisions; to our collaborators, employees, agents and suppliers, within the scope of their duties and/or any contractual obligations with them, concerning commercial relations with the interested parties; to post offices, shippers/couriers for sending documents and/or materials; to all those natural persons and/or legal persons, public and/or private (legal, administrative and fiscal offices, labour consulting offices for the compilation of pay slips, Judicial Offices, Chambers of Commerce, Chambers and Labour Offices, etc.), when the communication is necessary or functional to the performance of our activity and in the manner and for the purposes described above; to banks for the management of receipts and payments arising from the performance of contracts.
5. The holder of the data processing (Data Controller) pursuant to the law is Medi-Pragma S.r.l. (51, Via Vincenzo Lamaro, Post Code 00173, Rome, Tel. +39 06845551, e-mail: medipragma@medipragma.com) in the person of its legal representative pro tempore.
The Data Processor of your personal data: (I) Administrative office Mgr. (II) Database management Mgr. (III) Information technology service Mgr. (contact details: at the company's head office).
6. The period of data retention is THREE YEARS according to the Code of Ethics and Good Conduct for the processing of personal data for statistical and scientific purposes.
Pursuant to Art. 7 of the Privacy Code and Articles 13 to 23 of the GDPR - EU Regulation 2016/679, available at this link: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679 , the interested party can assert his/her rights.
The following is a full list of the provisions of art. 15 of the EU 2016/679 and art.7 of the Privacy Code.

Art. 15 - Right of access by the data subject
1. The data subject shall have the right to obtain from Medi-Pragma S.r.l confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data are not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
3. The controller shall provide a copy of the personal data undergoing processing. 2For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. 3Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
Art. 7 (Right to Access Personal Data and Other Rights)
1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.
2. A data subject shall have the right to be informed:
a) of the source of the personal data;
b) of the purposes and methods of the processing;
c) of the logic applied to the processing, if the latter is carried out with the help of electronic means;
d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2);
e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
3. A data subject shall have the right to obtain:
a) updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. A data subject shall have the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.