Data Protection Notice
WEBSITE DATA 'PRIVACY' POLICY
SERENITY MAINTENANCE HOSPITAL
MTD ALL. 15
Rev. 02 DATED 17.05.2022
1. Introduction
The Company SERENITY S.R.L. (hereinafter also "Data Controller" or "Company") takes the protection of the user's personal data seriously and is committed to their protection.
This Information Notice ("Privacy Policy") describes the personal data processing activities carried out by SERENITY S.R.L. R.S.A through the website https://www.residenzaserenity.it /, the relative commitments undertaken by the same Data Controller in this sense according to which it may process the user's personal data when the user visits the Website and uses the services and functionalities present on the Website. In the sections of the Site where the user's personal data are collected, a specific notice is published pursuant to Art. 13 /15 of EU Reg. 2016/679.
Where required by EU Reg. 2016/679, the user's consent will be requested before processing his or her personal data. If the user provides personal data of third parties, he/she must ensure that the communication of the data to the Company SERENITY S.R.L.and the subsequent processing for the purposes specified in the applicable privacy policy complies with EU Reg. 2016/679 and applicable legislation.
2. Identification details of the data controller, data processor and data protection officer
Data controller
Data controller
Serenity S.r.l.
Via Oberdan, 3
73057 Taviano (LE)
Mail: residenza.serenity@gmail.com
PEC: serenity.srl@pec.it
Data Processors
The full list of Data Processors is available at the Data Controller's office
3. Type of data processed
Visiting and consulting the Site does not generally entail the collection and processing of the user's personal data except for navigation data and cookies as specified below. In addition to the so-called "surfing data" (see below), personal data voluntarily provided by the user when interacting with the Site's functionalities or requesting to use the services offered on the Site may be processed. In compliance with the Privacy Code, SERENITY S.R.L. may also collect the user's personal data from third parties in the performance of its activity.
4. Cookies and navigation data
The Site uses "cookies". By using the Site, you consent to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the hard disk of the user's computer. There are two main categories of cookies: technical cookies and profiling cookies.
Technical cookies are necessary for the proper functioning of a website and to allow the user to navigate; without them, the user may not be able to view pages correctly or use certain services.
Profiling cookies have the task of creating user profiles in order to send advertising messages in line with the preferences expressed by the user while browsing.
Cookies can also be classified as:
- session' cookies, which are deleted immediately when the browser is closed;
- persistent' cookies, which remain in the browser for a set period of time. They are used, for example, to recognise the device connecting to a site by facilitating authentication operations for the user;
- own' cookies, generated and managed directly by the operator of the website on which the user is browsing;
- third-party' cookies, generated and managed by parties other than the operator of the website on which the user is browsing.
5. Cookies used on the site
The Site uses the following types of cookies:
1) own, session and persistent cookies, necessary to enable navigation on the Site, for internal security and system administration purposes;
2) third-party, session and persistent cookies, necessary to allow the user to use multimedia elements on the Site, such as images and videos;
3) third-party, persistent cookies used by the Site to send statistical information to the Google Analytics system, through which SERENITY S.R.L. can perform statistical analysis of access/visits to the Site. The cookies used pursue exclusively statistical purposes and collect information in aggregate form. By means of a pair of cookies, one of which is persistent and the other a session cookie (expiring when the browser is closed), Google Analytics also saves a log with the start time of the visit to the Site and the exit time from the Site. You can prevent Google from collecting the data by means of cookies and the subsequent processing of the data by downloading and installing the browser plug-in at the following address: http://tools.google.com/dlpage/gaoptout?hl=it
The Site may contain links to other sites (so called third party sites) SERENITY S.R.L. does not have any access to or control over cookies, web beacons and other user tracking technologies that may be used by third party sites that the user may access from the Site www.residenzaserenity.it does not have any control over the contents and materials published by or obtained through third party sites, nor on the relevant methods of processing the user's personal data, and expressly disclaims any relevant responsibility for such eventualities. The user is required to check the privacy policy of the third party sites that he/she accesses through the Site and to inform him/herself of the conditions applicable to the processing of his/her personal data. This Privacy Policy applies only to the Site as defined above.
6. Retention of personal data
Personal data are stored and processed through computer systems owned by SERENITY S.R.L. and managed by the same or by third party technical service providers; for further details please refer to the section "Scope of accessibility of personal data" below. The data are processed exclusively by specifically authorised personnel, including personnel in charge of extraordinary maintenance operations.
7. Purposes and methods of data processing
SERENITY S.R.L. may process the user's common and sensitive personal data for the following purposes: use by users of services and functionalities present on the Site, management of requests and reports from its users, management of applications received through the Site, etc.
In addition, with the further and specific consent acquired with the form (as per annex 16 bis to the MTD) optional of the user, the Company may process personal data for marketing purposes, i.e. to send the user promotional material and/or commercial communications pertaining to the services of the RSA , at the addresses indicated, both through traditional methods and/or means of contact (such as, paper mail, telephone calls with operator, etc.) and automated means (such as, communications via internet, fax, e-mail, sms, applications for mobile devices such as smartphones and tablets -ccd. APPS, social network accounts -e.g. via Facebook or Twitter-, automated operator phone calls, etc.).
Personal data are processed in both paper and electronic form and entered into the company's information system in full compliance with EU Reg 2016/679, including security and confidentiality profiles and inspired by the principles of
fairness and lawfulness of processing. In accordance with EU Reg 2016/679the data are kept and stored until the data subject requests deletion.
8. Security and quality of personal data
Serenity S.r.l. is committed to protecting the security of the user's personal data and complies with the security provisions of the applicable legislation in order to avoid loss of data, illegitimate or unlawful use of data and unauthorised access to them. Furthermore, the information systems and computer programmes used by SERENITY
S.R.L. are configured in such a way as to minimise the use of personal and identification data; such data are processed only for the achievement of the specific purposes pursued from time to time. The Company uses many advanced security technologies and procedures to favour the protection of users' personal data; for instance, personal data are stored on secure servers located in places with protected and controlled access. The user can help SERENITY S.R.L. to update and keep his personal data correct by communicating any change in his address, qualification, contact information, etc.
Scope of data communication and access
The user's personal data may be disclosed to:
- all persons to whom the right of access to such data is recognised by virtue of regulatory provisions;
- to our collaborators, employees, within the scope of their duties;
- to all those natural and/or legal, public and/or private persons when such communication is necessary or functional for the performance of our activity and in the manner and for the purposes set out above;
Nature of provision of personal data
The provision of certain personal data by the user is obligatory in order to allow the Company to manage communications, requests received from the user or to contact the user in order to follow up on his/her request. This type of data is marked with an asterisk symbol [*] and in this case the provision of such data is obligatory in order to allow the Company to follow up on the request, which, failing this, cannot be processed. On the contrary, the collection of other data not marked with an asterisk is optional: failure to provide such data will have no consequences for the user.
12. Rights of the data subject
12.1 Right of access and rectification (Art. 15 and 16 GDPR)
The data subject has the right to obtain from the controller confirmation as to whether or not personal data relating to him are being processed and, if so, to obtain access to the personal data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations;
(d) the intended period of retention of personal data or, if this is not possible, the criteria used to determine that period;
(e) the existence of the right of the data subject to request from the controller the rectification or erasure of personal data concerning him or her or to object to the processing of personal data concerning him or her;
(f) the right to lodge a complaint with a supervisory authority;
(h) the existence of an automated decision-making process, including profiling, and, at least in such cases, meaningful information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
12.2 Right to erasure, so-called 'right to be forgotten' (Art. 17 GDPR)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him/her without undue delay and the controller shall be obliged to erase the personal data without undue delay if one of the following grounds applies
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) and if there is no other legal basis for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) and there is no overriding legitimate ground for processing, or objects to the processing pursuant to Article 21(2);
(d) personal data have been unlawfully processed;
(e) the personal data must be erased in order to comply with a legal obligation laid down by Union or Member State law to which the controller is subject;
(f) the personal data was collected in connection with the provision of information society services as referred to in Article 8(1) of EU Reg. 2016/679.
12.3 Right to restriction of processing (Art. 18 GDOR)
The data subject has the right to obtain from the data controller the restriction of processing when one of the following cases occurs:
(a) the data subject contests the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of such personal data;
b) the processing is unlawful and the data subject objects to the deletion of the personal data and requests instead that their use be restricted;
(c) although the data controller no longer needs them for the purposes of processing, the personal data are necessary for the establishment, exercise or defence of legal claims by the data subject;
(d) the data subject has objected to the processing pursuant to Article 21(1) EU Reg 2016/679 pending verification as to whether the legitimate grounds of the data controller override those of the data subject.
12.4 Right to data portability (Art. 20 GDPR)
The data subject has the right to receive in a structured, commonly used and machine-readable format the personal data concerning him/her that he/she has provided to a data controller and has the right to transmit those data to another data controller without hindrance from the data controller.
13. Withdrawal of consent to processing
The data subject has the right to withdraw consent to the processing of his/her personal data by sending a registered letter with advice of receipt to the following address Serenity S.r.l., via Oberdan, 3, 73057 Taviano (LE) or a pec: serenity.srl@pec.it or an e-mail: amministrazione.serenity@gmail.com accompanied by a photocopy of your identity document, with the following text: <>.
Upon completion of this operation, your personal data will be removed from the archives as soon as possible.