Information pursuant to the European Data Protection Regulation n. 679/2016
Short presentation and introduction
Dr Federico Usuelli, C.F. SSLFRC79A07F205F, P.IVA 02186250961, born in Milan, 07/01/1979, professionally domiciled in 20122 Milan, Viale Regina Margherita n. 39, is enrolled in the Professional Register of the Order of Doctors of Milan n. 38699 and is specialized in Orthopaedics and Traumatology.
This page describes how Dr Federico Usuelli (also defined below as "we"), as the Data Controller, collects and processes your personal data through the app federicousuelli.app.
We wish to point out that the attention paid to privacy, confidentiality and the protection of personal data of the users is our firm commitment.
We treat your personal data with the utmost care and in compliance with applicable privacy and security regulations (in particular the EU General Data Protection Regulation 679/2016) inspired by the principles of lawfulness, fairness, transparency, minimization and limitation of data required by the aforementioned legislation.
B. WHICH DATA DO WE COLLECT AND PROCESS?
The data that are processed by the Data Controller are personal data, identifying data and financial data (such as name, surname, address, telephone, e-mail, bank and payment references) - also defined below as "personal data" or even "data" - and data of particular relevance (capable of revealing the state of health, sexual life or genetic data, pursuant to art. 4.15 GDPR), communicated by you as necessary to the completion of the professional activities carried out by the Data Controller, as well as those spontaneously provided by you in order to fix an appointment and/or examination and/or professional medical examination remotely.
C. FOR WHICH PURPOSES DO WE USE YOUR DATA?
The main purpose is to provide the health care service requested and, therefore, the treatment is carried out for care purposes and it is mandatory to acquire your consent prior to the treatment.
In addition, with express and free consent, your contact details may be used to send you promotional communications, newsletters and informative emails about our services/products or about general information. The provision of data for marketing purposes is optional, the refusal does not imply any consequence, but it is impossible to receive promotional material.
The consent for this processing is to be expressed through the "flag" of the appropriate mailbox inside the form for data sending, bearing the words "I consent to the processing of my personal data for commercial and promotional purposes". You can revoke your consent and refuse to receive further promotional communications at any time by writing to [email protected].
Always with free and expressed consent, your contact details may be used to study your interests and define your individual profile. This activity is used to send you (where you have consented to receive our communications for advertising and commercial purposes) updates (including personalized) on our activities, in particular of our new services, of our special offers, surveys and/or opinions and other types of communication related to our services and for the elaboration of statistical and commercial research studies that are in line with your interests. Also in this case, the provision of data for profiling purposes is optional and refusal does not entail any consequences.
The consent for this processing is understood to be expressed through the "flag" of the appropriate mailbox inside the form for data sending, bearing the words"I consent to the processing of collection of my personal data for profiling purposes". You can revoke your consent and refuse to give your data for profiling purposes at any time by writing to [email protected].
Still with your expressed and free consent we may transfer your personal data (exclusively: name, surname, email, telephone number) to our partners operating in the field of physiotherapy, sales of medical products and sports goods for the purpose of carrying out marketing activities by those partners. Again, the provision of data for the purpose of carrying out marketing activities by third parties separated from the Owner is optional and the refusal does not entail any consequences.
The consent for this processing is to be expressed through the "flag" of the appropriate mailbox inside the form for data sending, bearing the words "I consent to the processing of my personal data to third parties indicated in the information by economic category of belonging for the purpose of carrying out commercial and promotional activities by the same third parties". You can revoke your consent and refuse to consent of the transfer of your data to third parties for promotional and commercial purposes at any time by writing to the email address [email protected].
Finally, always with your free and expressed consent, we may use your personal data for scientific research activities, for scientific publications and/or for conference presentations and webinars in which the Owner will participate or organize.
Also in this case, the provision of data for carrying out scientific research activities and/or for the presentation/organization of congresses/webinars is optional and the refusal does not entail any consequences. The consent for this processing is to be expressed through the "flag" of the appropriate mailbox inside the form for data sending, bearing the words "I consent to the processing of my personal data for scientific research purposes, for scientific publications or for conference presentations, webinars". You can revoke your consent and refuse to give your data for profiling purposes at any time by writing to [email protected].
In the table below we report (i) the methods of use of personal data; (ii) the type of personal data processed and (iii) the reasons and the legal basis for processing
Methods of use of personal data
Type of personal data processed
Reasons and the legal basis for processing
|To provide health care advice/ professional assistance that you requested as part of the services offered by the Owner.||Identity data, contact data, health data||Execute the contract for the exercise of the Owner professional/health activity. This use does not require your consent for the processing, being a processing for treatment purposes|
|To record and archive radiographic examinations on Osirix management software||Identity data, contact data, health data||Execute the contract and then provide you with the health benefits granted by the Owner. This use does not require your consent for the processing, being a processing for treatment purposes|
|To fulfil the obligations provided for by law, regulation, Community legislation or to fulfill an order of the Authority||Identity data, contact data, health data||The duty to fulfil the obligations of the Law to which the Owner is bound|
|To register as a new app user||Identity data, contact data||Execute the contract and then provide you with the health benefits granted by the Owner. This use does not require your consent for the processing, being a processing for treatment purposes|
|To manage and realize payments, commissions and expenses and to recover credit of the Owner||Identity data, contact data, financial data||This is a necessary use to protect our legitimate interests (such as, for example, issuing invoices, accepting payments for the services offered and recovering sums on credit)|
|To send advertising, marketing or commercial communications and/or market research||Identity data, contact data, marketing and communication data||Your explicit, freely given consent, revocable at any time|
|To analyze your habits and/or preferences regarding our services through profiling activities||Identity data, contact data||Your explicit, freely given consent, revocable at any time|
|To transfer your personal data to our partners operating in the fields of physiotherapy, in the field of sales of medical products and sports goods for the purpose of carrying out marketing activities by these partners||Identity data, contact data (only: name, surname, email address, telephone number)||Your explicit, freely given consent, revocable at any time|
|To provide the administration and protection of our business including the guarantee of proper management/use of this app (for example: solving technical problems, data analysis and study, testing, system maintenance, support, reporting and data hosting)||Identity data, contact data, technical data and tracking data||This is a necessary use to protect our legitimate interests (for example to ensure the proper management of our business, to ensure the provision of administrative and IT services, to ensure network security, and to prevent fraud). It is also necessary to fulfil an obligation under the law|
|To handle complaints or disputes involving our facility or our customers/users||Identity data, contact data, financial data, technical data, tracking data and, in general, all types of data relevant to the nature/character of the complaint/dispute||This is a use necessary to protect our rights or legitimate interests such as precisely defending our reasons in an active or passive claim dispute|
D. HOW WE PROTECT YOUR DATA?
The processing of data is carried out using mainly automated tools and for the time strictly necessary to achieve the purposes for which they were collected. The appropriate security measures, as provided for by Regulation (EU) 2016/679 on the Protection of Personal Data, are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.
E. TO WHOM WE SHARE YOUR INFORMATION?
The data you send through this app will not be diffused in any way, but may be transmitted to the competent bodies for administrative or institutional purposes, as required by current legislation. More precisely, the data may be communicated to recipients belonging to the following categories:
• administrative clerk working for the Data Controller and acting as Data Processor;
• medical professionals and healthcare personnel who collaborate with the Data Controller, with the functions of Data Processor or Data Processor;
• external entities entrusted by the Data Controller regarding the maintenance and assistance functions of IT systems (including the website) and communication;
• external tax consultants;
• authorities and public bodies who fulfill the legal obligations.
You can always request a copy of your personal data, information about the location where your personal data are processed and an updated list with the identification details of all the managers and persons in charge of the processing and of the system administrators authorized to process your data. You can request those information to the Owner at any time, using the contact details indicated in this statement.
F. HOW LONG DO WE KEEP YOUR DATA?
The processing of your personal data will be carried out through the following operations: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data.
The processing of your personal data will be carried out both with the use of paper media and with the help of electronic, IT and telematic tools, in the manner and with suitable tools to ensure the security and confidentiality of the data, in accordance with the provisions of art. 32 GDPR and the various Provisions subsequently issued, so that at least the appropriate level of data protection security required by law is guaranteed. In particular, the generation and storage of X-ray images will take place through the use of the software Osirix.
In compliance with the provisions of art. 5, paragraph 1, lett. e) of the GDPR, your personal data are stored in a modality that allows the identification of the data subject for a period of time not exceeding the achievement of the purposes for which the data are processed or according to the deadlines required by law. The verification of the obsolescence of the stored data in relation to the purposes for which they were collected is carried out periodically. In particular, with regard to the retention period of your data we observe that:
1. When the processing is necessary for the execution of a contract and/or the execution of pre-contractual measures, the data will be processed until the execution of this contract is completed and will be kept for the next 10 years, without prejudice to the legitimate interests of the Data Controller in the event of legal proceedings;
2. When the processing is necessary to fulfil a legal obligation to which the Data Controller is subject, the data will be kept until the law allows it;
3. When the processing is necessary for the pursuit of the legitimate interest of the Data Controller, the data will be kept until the law allows it;
4. When the processing is carried out for purposes of promotion and analysis of consumption habits and choices, and only if you have given us a specific consent (optional), we will keep the data collected for the time strictly necessary for the management of the purposes mentioned above, in accordance with the criteria based on compliance with current rules and the fairness and balance between our legitimate interest and your rights and your freedom. In the absence of specific rules that provide for different storage times, and in the absence of your explicit new consent that you will have to express us near the approach of the following deadlines, we will use your data for marketing purposes for a maximum of [•] months and thereafter we will delete them
5. When the processing is carried out for profiling purposes, and only if you have given us a specific consent (optional), we will keep the data collected for the time strictly necessary for the management of the purpose mentioned above in accordance with the criteria based on compliance with current rules and the fairness and balance between our legitimate interest and your rights and your freedom. In the absence of specific rules that provide for different storage times, and in the absence of your explicit new consent that you will have to express us near the approach of the following deadlines, we will use such data for a maximum time of [•] months and then we will delete them
The personal data will be kept for the fulfilment of the obligations (e.g. tax and accounting) that remain even after the termination of the contract (art. 2220 CC); for these purposes, the Data Controller will retain only the data necessary for its prosecution and for the following 10 years, without prejudice to the legitimate interest of the Data Controller in the event of legal proceedings/disputes.
LINKS TO OTHER WEBSITES
This website may contain references or links ("links") to other websites not controlled by us and with respect to which these Privacy Policies are not applicable. We are therefore not responsible for the content or for any processing of personal data carried out on these sites. We recommend that you review the information on each site linked to this to identify the possible processing of personal data.
WHAT ARE YOUR RIGHTS?
Under EU Regulation 679/2016, you are granted the following rights:
the right to ask the Data Controller for access to personal data (art. 15), rectification (art. 16), erasure or oblivion (art. 17), restriction of processing of personal data (art. 18), the right to data portability (art. 20) or to object to their processing (Art. 21), in addition to the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects affecting you or which similarly significantly affects you (Art. 22).
Requests may be exercised to:
dr Federico Usuelli, Viale Regina Margherita 39 20122 Milan
email: [email protected]
You also have the right to lodge a complaint with the competent supervisory authority (art. 77 of the Regulation) if you believe that the processing carried out by the Data Controller does not conform.
We therefore ask you to periodically review any changes to your Privacy.