INFORMATION ON THE PROCESSING OF PERSONAL DATA
EX ART. 13-14 EU REG. 2016/679

Un Gancio Al Parkinson, in its capacity of Data Controller of your personal data, pursuant to and in accordance with EU Regulation 2016/679 (General Data Protection Regulation) hereinafter referred to as "GDPR", hereby informs you that the aforementioned regulation provides for the protection of the data subjects with regard to the processing of personal data and that such processing will be based on the principles of correctness, lawfulness, transparency and protection of your confidentiality and your rights.

Your personal data will be processed in accordance with the legal provisions of the aforementioned legislation and the confidentiality obligations therein.

Purpose of processingIn particular, your data will be processed for the following purposes related to the implementation of legal and contractual obligations:

• legally required fulfilments in the field of taxation and accounting
• diagnosis, treatment and therapy patients
• customer management
• patient registration and administration
• customer satisfaction survey
• customer invoicing history

The processing of functional data for the fulfilment of these obligations is necessary for the proper management of the relationship and their provision is mandatory for the implementation of the purposes indicated above. The Data Controller also makes it known that failure to provide or incorrect communication of any of the mandatory information may make it impossible for the Data Controller to guarantee the appropriateness of the processing itself.

For the purposes of the aforementioned processing, the Data Controller may become aware of special categories of personal data and in detail: state of health. The processing of personal data for these special categories is carried out in compliance with Article 9 of the GDPR.

Treatment modalities: Your personal data may be processed in the following ways:

• by means of electronic computers using directly managed or programmed software systems.
• Manual processing by means of paper archives.

All processing is carried out in compliance with the methods set out in Articles 6, 32 of the GDPR and through the adoption of appropriate security measures.

Access to the aforesaid means is allowed only to authorised operators, previously appointed as Data Processors or Processors, who attend specific training courses and are periodically updated on privacy rules and made aware of the respect and protection of the patient's dignity and confidentiality. All the Practice's operators who access computerised data are identifiable and provided with a personal password; access to data is only permitted for purposes related to the operator's role and only for the time strictly necessary to process the service for which the patient has come to the Practice. The Practice does not carry out profiling of its patients' data. Inside the premises it is forbidden, for the confidentiality of users, to record audio, video and take photos.

Communication: The data will not be disseminated in any way, but may be transmitted to the competent bodies for administrative or institutional purposes, as required by current legislation. More specifically, the data may be communicated to recipients belonging to the following categories:

- persons within the firm acting as data processors;
- medical professionals and healthcare personnel, including those with occasional collaborative relationships with the firm;
- external parties entrusted with the maintenance and support of information and communication systems;
- external tax consultants;
- Authorities and Public Bodies competent by law.
- Health card system for entering the electronic 730.
- Insurance Companies
Subjects belonging to the above-mentioned categories either act as data controllers or operate independently as separate data controllers.
Data may only be passed on to family members or acquaintances with the express permission of the person concerned.

Data transfer abroad
Personal data are stored on servers located within the European Union. In any case, it is understood that the Data Controller may also move the servers outside the EU if necessary. In this case, the Data Controller assures as of now that the transfer of data outside the EU will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided for by the European Commission.

Storage period. Personal and sensitive data will be retained for the time provided for by current legislation: in particular, data relating to each care episode, collected in the relevant health record, will be retained indefinitely, as long as the contractual care relationship lasts.
At the end of the contractual relationship, the firm will retain the data for a period not exceeding the statutory period for the protection of its legal and defence rights.

Rights of the data subject: In your capacity as Data Subject, pursuant to Art. 15 of the GDPR, you have the right to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to the personal data and the following information:(a) the purposes of the processing;b) the categories of the data concerned;c) the recipients or categories of recipients to whom the personal data have been or will be disclosed;d) the period for which the personal data are to be retained or the criteria determined to determine that period;e) request from the Controller access to the data, rectification or erasure of the personal data or restriction of the processing of the personal data concerning you or to object to their processing;f) with reference to any consent given, the right to withdraw, at any time, the consent given;g) the right to lodge a complaint with the Data Protection Authority;h) the right to data portability.
(i) The data subject shall have the right to object, in whole or in part, on legitimate grounds, to the processing of personal data concerning him/her, even if pertinent to the purpose of collection.

Owner : The Data Controller of the data, in accordance with the law, is "Un Gancio Al Parkinson" via Scipione Ammirato, 35/2 Firenze (FI) C.F. and P.IVA 94281100480 in the person of its protempore legal representative.

_________________________

Please note that the information on this site is intended to present our structure, also providing up-to-date and independent health information in our specialised fields, and this without in any way wishing to replace the role of the Family Doctor, the Treating Specialist or the Health Facility treating the users of the site, all in full compliance with the guidelines concerning the application of Articles 55, 56 and 57 of the Code of Medical Ethics.

Data controller: 'Un Gancio Al Parkinson' (VAT No.: 94281100480), with registered office in Florence 50136, Via Scipione Ammirato 35/2.

This information is provided only for the website www.traininglabfirenze.it in relation to the personal data of its users and not for other websites that may be consulted by the user through links. The processing therefore concerns the personal data of those who interact with the web services that can be accessed electronically from the address http://www.ungancioalparkinson.org.

In particular, the holder may acquire:
1) The name, e-mail address and any other common personal data entered by users of the site http://www.ungancioalparkinson.org in the contact form, or the same data sent by the user to the e-mail address info@ungancioalparkinson.org indicated on the owner's site; this optional and voluntary sending entails the subsequent acquisition of the name, e-mail address and any other personal data entered in the electronic form filled in or in the e-mail communication sent, as well as other data of the sender/user, all for purposes strictly related to the requests of the interested party. In any case, we do not store, and therefore do not process, sensitive personal data of users, which, where entered and/or sent spontaneously by the user, will be anonymised in our computer and/or telematic archives without being able to trace back, even indirectly, to the identity of the user, thus losing the character of personal data subject to legislative protection.

2) Curricula containing common personal data sent spontaneously by users to the e-mail addresses indicated on the data controller's website (www.ungancioalparkinson.org), data processed for purposes strictly connected and instrumental to any informational interview with the user for the purposes of inclusion in the data controller's structure, where the data subject will be provided with any further information on the processing of personal data, subject to any acquisition of consent in the case of sensitive personal data.

The data referred to in points 1 and 2 will be processed and stored in written form and/or on magnetic, electronic or telematic support. The provision of data is optional; refusal to provide such data may result in no response to the user's requests.

3) Navigation data: the computer systems and software procedures used to operate this website (www.ungancioalparkinson.org) automatically acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site.