Privacy Policy
Alleanza Contro il Cancro (Alliance Against Cancer) with registered office at via Giorgio Ribotta 44, 00144 Rome, and tax code 97262520584 (hereinafter, the “Data Controller”) hereby provides the following privacy policy pursuant to Article 13 of the EU Reg. 2016/679 (“GDPR” or the “Regulation”), in its capacity as the data controller of the processing of the personal data of visitors (hereinafter, the “Visitors”) to its website healthbidata.it (hereinafter, the “Site”).
1. Types of data processed and purposes of processing
Navigation data
In the course of their normal operation, the computer systems and software procedures used to operate this Site acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, make it possible to identify Visitors. This category of data includes the IP addresses or domain names of the computers used by Visitors who connect to the Site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the Visitor’s operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Site. Browsing data is processed for the legitimate interest of the Data Controller in order to ensure the security of the Site, to check its proper functioning and to obtain statistics on its use (Art. 6, para. 1, lett. f) of the Regulation).
Data communicated by the user
The optional, explicit and voluntary sending of messages to the Controller’s contact addresses, of private messages sent by users to the Controller’s profiles/pages on social media (where this possibility is provided for), involve the acquisition of the sender’s contact data, necessary to reply, as well as all the personal data included in the communications. This data is processed in order to comply with your request as well as for the purpose of pursuing our legitimate interest (Art. 6, para. 1, lett. f) of the Regulation) to control the quality of the support services we offer, also through third party providers, to verify the effectiveness of the support service and to adequately direct the training of the personnel authorised to process it.
2. Further processing purposes: newsletters
With the visitor’s consent (Art. 6, para. 1, lett. a of the Regulation), personal data will also be processed by the Controller in order to provide the newsletter service, which consists of sending e-mails containing commercial communications and information on the activities carried out by the Controller. The Visitor’s consent is optional and not granting it will not affect the possibility of visiting the Site or receiving a response to their requests. The Visitor may deactivate the newsletter service at any time by clicking on the unsubscribe link at the bottom of each newsletter or by contacting the Controller in the manner indicated below.
3. Processing methods and storage times
Visitors’ personal data will be processed by means of manual and computerised tools, with logic strictly related to the purpose thereof and, in any case, in such a way as to guarantee the security and confidentiality of such data. Specific security measures will therefore be adopted to prevent data loss, illicit or improper use of data and abusive access. Browsing data is deleted immediately after it has been processed (except where required for the investigation of criminal offences by Judicial Authorities), unless further retention is necessary to comply with legal obligations or to pursue our legitimate interest as set out in paragraph 1 above.
The data provided by you will be retained in accordance with the ordinary statute of limitations and, where consent has been requested, until the Visitor withdraws consent to processing.
4. Scope of data communication and dissemination
Visitors’ personal data may be disclosed to the employees and/or collaborators of the Data Controller in charge of managing the Site, assisting Visitors and responding to their requests or sending promotional communications. These subjects, who are formally appointed by the Data Controller as “Data Processors”, shall process the Visitor’s data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Privacy Code and the Regulation.
Visitors’ personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller in their capacity as “external data processors”, such as, by way of example, suppliers of IT and logistical services functional to the operation of the Site, suppliers of outsourcing or cloud computing services, professionals and consultants, and companies in charge of sending promotional emails on behalf of the Data Controller.
Visitors’ personal data will not be disclosed to independent third party data controllers and will not be disseminated in any other way.
We will also continue to monitor the development of systems for the transfer of data internationally in accordance with the Regulation and undertake to carry out data transfers in a lawful manner in accordance with the data protection laws in force in each case.
To find out the full list of third countries where data may be transferred and the security measures adopted, you can always contact the Controller at the contact details below.
5. Cookies
Cookies are used on the Site. Please read the Cookie Policy of the Site.
6. Visitors’ Rights
Visitors, free of charge and without any formality, may exercise the following rights under Articles 15 to 22 of the Regulation: the right to request access to personal data (i.e. the right to obtain from the Controller confirmation as to whether or not personal data concerning them is being processed and, if so, to obtain access to personal data, obtaining a copy thereof, and to the information referred to in Article 15 of the Regulation) and rectification (i.e. the right to obtain the rectification of inaccurate data concerning them or the completion of incomplete data) or erasure of the data (i.e. the right to obtain the erasure of the data concerning them, if one of the reasons indicated in Art. 17 of the Regulation exists) or the limitation of the processing concerning them (i.e. the right to obtain, in the cases indicated by Article 18 of the Regulation, the flagging of the data stored with a view to limiting their processing in the future), as well as the right to data portability (i.e. the right, in the cases indicated under Article 20 of the Regulation, to receive from the Controller, in a structured, commonly used and machine-readable format, the data concerning them, as well as to transmit such data to another data controller without impediment). Visitors also have the right to revoke their consent at any time. Revocation of consent does not affect the lawfulness of the processing based on the consent before revocation. Visitors also have the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them in accordance with Article 6 paragraph 1, lett. e) or f) of the Regulation, including profiling on the basis of these provisions.
The Visitor also has the right to file a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
7. How to contact the Data Controller/Data Protection Officer and exercise your rights
Visitors may contact the Data Controller and/or exercise their rights in the following ways: (i) by sending a registered letter with return receipt to the registered office at Via Giorgio Ribotta 5, 00144 Rome, (ii) by sending an email to dirgen@alleanzacontroilcancro.it.
Alleanza Contro il Cancro has appointed a DPO, who can be contacted by e-mail at campo@alleanzacontroilcancro.it.
Version: 21 December 2023