IINFORMATION ON THE PROCESSING OF PERSONAL DATA
(1) Reference legal basis
The LPD published on 6 September 2023 and entered into force on 1 September 2023 (RO 2022 491), art. 19 'Obligation to
inform on the collection of personal data' (hereinafter also referred to as 'DPA') and the European Regulation on the Protection of Personal Data (Reg. n. 679/2016 of 27 April 2016 on the protection of natural persons with regard to the processing and the free movement of particular data, in particular art. 13 of the regulation, later also referred to as 'GDPR') have the purpose of ensuring that the processing of data is carried out in compliance with the rights, fundamental freedoms and dignity of natural persons, with particular reference to confidentiality and personal identity.
(2) Owner of the treatment
Medi Clinic Luxury SAGL - a company governed by Swiss law with registered office in Lugano (Switzerland), at Corso Elvezia n. 9/A 6900, CHE322904259 is the data controller of the personal data that has communicated to us by purchasing our services on the website www.telemedicum.ch pursuant to the GDPR and the LPD in question.You can request the complete list of data processors by sending us a simple email to privacy@telemedicum.ch.
(3) Legal base Them
Legal basis for the processing of personal data is the performance of a contract to which you are a party (Art. 6.1, lett. (b) GDPR) or, as appropriate, the pursuit of the legitimate interest of the Data Controller (art. 6.1, lit. f) GDPR).
(4) Failure to communicate data
The provision of your personal data is optional, but your refusal will make it impossible to purchase some or all of the services offered by the Data Controller.
(5) Purpose of processing
The Data Controller ensures that all data collected through the free compilation of the purchase form will be processed exclusively for the management of the purchase of the services offered by the Data Controller and the issue of the relevant voucher.
This information does not refer and does not regulate the services offered by third parties (possibly accessible by means of links placed on the site) and related methods of processing your personal data.
We advise you to read carefully on the websites of third parties their privacy policies on how they will treat your personal data and how they will be possibly shared. The data controller has no control over these third parties and therefore disclaims any responsibility for the processing of your personal data carried out by these sites.
No data will be stored about your payments, which will be managed by Stripe. To understand how Stripe manages your data, visit the website https://stripe.com/it/privacy.
(6) Recipients of personal data
Your personal data may be disclosed to:
• public and private parties, which, if strictly established ex lege, may access the data pursuant to legal provisions, within the limits provided by the rules themselves (by way of example and not exhaustive: the offices of the financial administration, etc.);
• subjects who need to access your data for purposes ancillary to the relationship between you and the Data Controller, to the extent strictly necessary to carry out the ancillary tasks entrusted to them - after signing an appointment as an authorised person/external data controller or equivalent confidentiality agreement;
• to third parties, in case of your express consent to the transfer of your data. In any case, your personal data will not be disclosed or, except as indicated above, communicated to third parties.
(7) Methods of treatment
It communicates that the data processing indicated in this Information are also carried out with the help of electronic and/ or automated computer, through terminals and PCs connected to the network with a central computer and, however, by means of appropriate means to ensure adequate security and confidentiality. Moreover, the applied methodologies guarantee the non-interference between the processing related to the various purposes and the access limited only to those responsible and/or authorised to the processing for each of the purposes inherent in your relationship with the Data Controller.
(8)Rights of interested parties
We remind you that the GDPR and the LPD give you the exercise of specific rights, including those to obtain confirmation of the existence or not of your personal data even if not yet registered, the disclosure in an intelligible form of the same data, their origin and the logic and purposes of the processing itself, in particular you have the right to obtain:
• the confirmation that the processing of your personal data is or is not in progress in that case, to obtain access to it ;
• rectification of your inaccurate personal data, or integration of your incomplete personal data;
• the deletion of your data, if there is one of the reasons provided by the Regulation;
• the limitation of the processing of your data when one of the hypotheses provided by the Regulation is met;
• the right to request a complete and up-to-date list of all Data Processors and authorised processors of your personal data.
(9) Personal data protection
The Data Controller uses highly advanced security technologies and periodic backups to protect the integrity and confidentiality of your data.
(10) Will keep your personal data
For as long as necessary to fulfill the obligations provided by law, to resolve disputes and enforce the agreements concluded. Your personal data will then be stored, as required by law, for a period of time not exceeding that necessary to achieve the purposes for which we are processing them. In any case, we will take every care to avoid excessive storage of your data, proceeding periodically to verify our archives.
(11) Information
You can exercise the rights mentioned above at any time by sending a simple request to this e-mail address privacy@telemedicum.ch to the physical address indicated in the paragraph the Owner. We will contact you or inform you as soon as possible and in any case within 30 (thirty) days from the date of your request.
(12) Reclamation
When you believe that the data protection legislation regarding the processing of your data has been infringed, also has the right to lodge a complaint with the local data protection authority within the European Economic Area ('EEA'). You can find the references of each Authority, depending on the country in which it is located, by clicking on this link http://www.garanteprivacy.it/web/guest/home/footer/link.