PRIVACY POLICY
AND INFORMED CONSENT FOR THE
PROCESSING OF
PERSONAL AND SENSITIVE DATA
Information ex Art. 13 of Italian Legislative Decree 196/2003 on the processing of personal and sensitive data
Pursuant to and by effect of Art. 13 of Legislative Decree no. 196 of 30/06/2003 "Personal Data Protection Code" and in compliance with the "Guidelines governing on-line medical reports" adopted by the Italian Personal Data Protection Authority for the Protection of Personal Data with the provision of 19 November 2009, we would like to inform you that your health-related common and sensitive personal data (in particular, data contained in the photos and medical reports that you have submitted) will be processed based on principles of correctness, lawfulness and transparency and protection of your privacy and rights.
You are hereby informed as follows:
1. Nature and purpose of the data processing
Your common personal and sensitive data necessary
to initiate the consultation process comprise your personal data (first name, surname, date of birth, etc.),
your telephone contact details, your email address, photos of the affected parts of your body submitted by
you and/or medical records containing additional health-related sensitive personal data.
2. Optional supply of data and consequences of refusal
The provision of your personal
data is not compulsory but it is necessary in order to perform the service. Any refusal to provide these
data precludes the undertaking of the aforementioned service.
3. Method of data processing With regards to online data storage, data is processed both on paper and
electronically, with the aid of electronic instruments that ensure safety and privacy, pursuant to the provisions
of Italian Legislative Decree 196/2003 and the aforementioned provision of the Italian Personal Data Protection Authority,
carried out exclusively by persons who have been appointed for this task.
4. Communication and
dissemination of data
Your personal data, as provided for the online consultation service, will not
be disseminated in any way, in accordance with current legislation. Personal data will be processed in accordance
with procedures that ensure safety and privacy. In particular, data submitted shall be stored on the Veincareteam
and AppwoRx, LLC secure servers, archived through Secure Socket Layer (256-bit SSL) encryption and transmitted with
SSH Key Authentication. Processed data shall not be disseminated to third parties and may only be communicated to
our employees and collaborators, who are bound by the same privacy guarantee.
5. Data controller
The data controller and data processor is Dr. Jean Daniel Rostan,
Via Ravadera, Torre Pellice, Italy - email jerostan (at) me.com.
6. Rights of interested parties
The subjects to whom the data refer may exercise the rights provided for in Art.7 of the Privacy Code at
any time, by contacting the data processor. In particular:
6.1 - The interested party has the right to obtain confirmation of the existence or non-existence of personal
data of which that individual is the subject, even if not yet recorded, and communication of such data in an
intelligible form.
6.2 - The interested party has the right to know:
a) the origin of the personal data;
b) the processing purposes and methods;
c) the logic applied in the case of processing carried out with the aid of electronic instruments;
d) data identifying the controller, processors and designated representative pursuant to Article 5;
e) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of them
in their capacity as designated representatives in the territory of the State, or as processors or appointed persons.
6.3 - The interested party has the right to obtain:
a) updates, corrections or, if in his/her interest, supplements to the data;
b) deletion, transformation into an anonymous form or blocking of the data processed in violation of the
law, including data which do not need to be stored in relation to the purposes for which the data were
collected or subsequently processed;
c) a statement that those to whom the data have been communicated or disseminated have been made aware
of the operations as per parts a) and b), including as regards their content, except when this
obligation is found to be impossible or entails the use of means manifestly disproportionate to the right protected.
6.4 - The interested party has the right to oppose, wholly or in part:
a) for legitimate reasons, the processing of personal data of which the individual is the data subject,
even if pertinent to the purpose for which they were collected;
b) the processing of personal data of which the individual is the data subject for the purposes of
posting of advertising material or direct marketing or for the purposes of market research or commercial communication.
