DATA PROCESSING BY DR. VRANJES FIRENZE S.P.A. FOR MARKETING AND PROFILING PURPOSES
This statement regulates the handling of personal data when using the website at https://drvranjes.com/eu/privacy-policy, Dr. Vranjes Firenze S.p.A., with head offices in Via S. Pertini, 5 - Località Antella 50012 Bagno a Ripoli (Florence), Italy, VAT no. 06511260488, email firstname.lastname@example.org, (herein “Holder”), in compliance with current rules governing data protection, including, in particular, the EU Regulation 2016/679 (herein “GDPR”).
1. Identity and contact details of the data holder
Data Holder is Dr. Vranjes Firenze S.p.A. No representative has been appointed as the Holder is based in Italy.
2. Contact details of the person in charge of the data protection
The Holder has placed Andrea d’Anna in charge of data protection and can be contacted at the holder’s head offices or via e-mail at email@example.com
3. Data handling methods
3.1 Cookie and environmental data
Navigation, functional and session cookies: allow the site to work properly. Use of so called session cookies (that are not stored permanently on the device in question and are automatically deleted when the browser is shut down) is strictly limited to the transmission of identification codes for the individual sessions and is employed for the safe and efficient use of the site. They can be divided into:
- activities strictly required for operational purposes: cookies used to save the User session and carry out other activities solely required to operate the application, for example in relation to the distribution of traffic; - saving preferences, optimisation and statistics activities: cookies used to save the browsing preferences and optimise the User’s browsing experience. These Cookies include, for example, those for language setting and the assessment or management of statistics by the site's Holder.
Statistical cookies: the site uses statistical cookies created directly by the data holder, as first party, or supplied by third parties. In the latter case, suitable measures have been adopted to reduce identification power, via the masking of significant parts of the IP addresses handled. Furthermore, the use of these third party statistical cookies is dependent on contractual limitations that commit the third party to use them exclusively for providing the service, storing them separately and not “enriching them” or “intersecting them” with other information that they are in possession of. As far as the Google Analytics cookies are specifically concerned, the information that can be retrieved from the cookies on the use of the site by users will be transmitted by the browser of the person in question to Google Inc. based in 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States and stored in the company’s servers.
The Google privacy regulations that we would ask you to read can be found at the following address:
Browsing data and environmental variables: The computing systems and procedures designated to operating the site, automatically acquire certain personal data about the browsing of the person in question, during regular operations, including environmental variables. Some examples of the data in this category include:
IP addresses of the computers employed by the user availing themselves of the service;
number of accesses;
date and time when access was made;
URL where the browser was before displaying this page;
operational system used.
Profiling cookies: the site uses profiling cookies supplied by third parties. In detail, the following are used:
- interaction with social networks and external platforms: this kind of service allows you to interact with social networks, or with other external platforms, directly from this application’s pages. The interaction and information acquired by this application is, in any case, subject to the User's privacy settings specific to each social network.
If an interaction service with the social networks is installed, it is possible that, even if Users do not use the service, traffic data will still be collected regarding the pages where it is installed.
AddThis (Addthis Inc.): is a service provided by Clearspring Technologies Inc. that displays a widget that allows for interaction with social networks and external platforms and sharing the contents of this application. Depending on the configuration, this service can show widgets belonging to third parties, for example, handlers of social networks on which to share the interactions. In this case, even third parties that distribute widgets will be informed of the interaction made and the data used relative to the pages on which this service is installed.
Facebook Re-marketing (Facebook, Inc.): is a Re-marketing and Behavioural Targeting service provided by Facebook, Inc. that links the activity of this Application to the Facebook advertising network.
AdWords Re-marketing (Google, Inc.): is a Re-marketing and Behavioural Targeting service provided by Google Inc. that links the activity of this Application to the AdWords advertising network and Doubleclick Cookie.
- Statistics: the services contained in this section allow the Data Holder to monitor and analyse the traffic data and are used to keep track of the User’s behaviour.
Google Analytics with anonymised IP (Google Inc.): is a web analysis service provided by Google Inc. (“Google”). Google uses the Personal Data collected to track and examine the use of this Application as well as fill in reports and share them with other services developed by Google. Google could use the Personal Data to contextualise and personalise the adverts on its own advertising network. This Google Analytics integration makes your IP address anonymous. Anonymisation works by abbreviating the User’s IP address within the confines of EU member states or other countries adhering to the European Economic Space agreement. Only in exceptional cases will the IP address be sent to Google servers and abbreviated in the United States. Personal Data collected: Cookies and Data used.
Monitoring of Facebook Ads conversions (Facebook, Inc.): is a service of statistics provided by Facebook, Inc. that links the data from the network of Facebook adverts with the actions carried out within this Application.
3.2 Data provided voluntarily by the person in question
The optional data freely provided by the person in question by sending an e-mail to the addresses on the site can be acquired for the ends indicated in point 4.
In particular, as well as the e-mail address needed to reply to the sender, other personal data contained in the relative communication will be handled.
4. Handling purposes and juridical basis for handling
In order to send direct marketing communications, newsletters, advertising, via traditional contact systems and automated IT systems, including sales or advertising communications via e-mail or SMS, or for market research and analysis. In this case, it is the consensus, expressed in compliance with this statement, that represents a juridical foundation.
For profiling activity and to establish habits and preferences. In this case, it is the consensus, expressed in compliance with this statement, that represents a juridical foundation.
5. Means for expressing consensus
Consensus to handle personal data via non-technical cookies can be expressed:
By clicking a specific box in a banner.
6. Source from where personal data originates
Only data provided by the person in question will be handled, in compliance with this regulation, collected from the website.
7. Recipients and possible categories of personal data recipients
Recipients of the person in question’s personal data could be:
communication firms that carry out commercial communication and profiling work on behalf of the Holder and appointed to handle the data;
firms that offer IT company services, in particular, those that offer hosting services.
8. Data categories
The personal data of the person in question will be handled.
9. Data transfer
The Holder's intention is to transfer personal data to a third party Country or international organisation. These subjects could be represented, for example, by
communication firms that perform communication work for the Holder;
firms that offer IT company services, including, in particular, those that offer hosting services;
communication firm service suppliers.
Transfer of personal data to these subjects, if settled in a third party Country or international organisation, is done in the presence of an adequacy decision from the European Commission that has assessed how the third party Country, territory or one or more specific sectors within the third party Country, or international organisation in question, guarantee a suitable level of protection of its rights. In any case, the Holder – should they see fit – reserves the right to finalise specific separate agreements that oblige these subjects to adopt adequate safety measures, including organisational safety measures, aimed at providing appropriated guarantees of their rights. In particular, Google Inc. is contractually bound to guarantee suitable protection of the rights of the person in question. The data could, therefore, be transferred to the following countries: UK and United States of America. In order to receive a copy of this data or the place where it has been made available, just send a request to the following e-mail firstname.lastname@example.org.
10. Storage period of personal data
The personal data handled for marketing purposes is handled and stored until the person in question revokes consensus or requests its deletion.
Personal data handled for the purpose of establishing preferences is handled and stored for a period no longer than 12 months from when it was collected.
The Holder reserves the right, in any case, to request that the party in question renew their consensus for data handling and/or checks the consensus already expressed.
11. Option to provide consensus and consequences of denied consensus
With regard to handling personal data for marketing purposes, the communication of personal data is not a contractual requirement. Providing personal data is optional; however, if this data is not communicated, no marketing activities will be possible;
With regard to handling personal data for profiling purposes, the communication of personal data is not a contractual requirement. Providing personal data is optional; however, if this data is not communicated, no profiling activities will be possible.
12. Rights of the person in question
12.1 Right to oppose
With regard to the personal data handled via technical cookies in order to allow for the website to work properly, communication of personal data is not a contractual obligation, but one founded on the Holder's legitimate interest, in as much as, without consensus to handle the data, it will not be possible to provide a perfectly functioning website.
Consensus should be considered optional in relation to non-technical cookies. In the latter case, failed communication of this data will only result in the impossibility to provide a personalised service. In relation to data provide voluntarily via e-mail, consensus should be considered optional. However, failure to communicate this data will make it impossible to reply to the person in question;
In relation to the data communicated for contractual and pre-contractual purposes, the communication of personal data is a contractual obligation and a requirement for carrying out the pre-contractual negotiations and to finalise the contract. The person in question has the option to provide personal data; however, in the absence of this data being communicated, it will not be possible to finalise any contract or carry out any contractual negotiations;
With regard to data provided voluntarily via e-mail, failure to communicate this will make it impossible to reply to the person in question.
12.2 Other rights
The Holder also intends to inform the person in question of the existence of the following rights in his/her favour:
Right of access by the person in question: the person in question has the right to obtain confirmation from the Holder that personal data regarding him/her is being handled and, if this is the case, to obtain access to the personal data and specific information, in compliance with art. 15 of the GDPR.
Amendment right: the person in question has the right to obtain an amendment of inaccurate personal data that regards him/her without undue delay. Having taken into account the purposes of handling the data, the person in question has the right to obtain the integration of incomplete personal data, by even providing a supplementary declaration, in compliance with art. 16 of the GDPR.
Right to data deletion, including the right to withdraw consensus: the person in question has the right to have his/her personal data deleted by the Holder without undue delay and the Holder is obliged to delete this personal data without undue delay, or to withdraw consensus, if the reasons defined in art. 17 of the GDPR are present. As far as the right to withdrawal is concerned, the person in question also has the right to withdraw consensus at any time without compromising the legitimacy of the handling based on the consensus presented prior to withdrawal.
Right of data handling limitation: the person in question has the right to obtain a limitation from the Holder on the handling of the data when the circumstances set out in art. 18 of the GDPR are resorted to.
Right to data portability: the person in question has the right to receive the data regarding them in a structured format, for common use and legible from automatic devices, provided by the Holder and has the right to transmit this data to another holder without impediments from the Holder in the cases, and under the conditions, specified in art. 20 of the GDPR.
13. Exercising one’s rights
Requests to exercise one’s rights indicated in this statement, including, in particular, the right to deletion and withdrawal of consensus given, should be addressed to the Holder at the following e-mail email@example.com. Alternatively, it is possible to exercise one’s rights by sending relative communication by registered return post letter to Via S. Pertini, 5 - Località Antella 50012 Bagno a Ripoli (Florence).
14. Statement accessibility
The statement can be accessed at https://drvranjes.com/eu/privacy-policy, as well as from the Holder. If expressly requested by the person in question, the information can also be verbally communicated over the phone to the Holder, as long as the identity of the person in question has been established.