Visitors Information Pursuant to Article 13 of the 2016/679 EU Regulation
This information is given to visitors who have access to the premises of VisMederi S.r.l.
Pursuant to Article 13 of the EU 2016/679 Regulation (hereinafter called GDPR) laying down provisions for the protection of individuals with regard to the processing of personal data, we hereby inform you that your personal data will be processed in compliance with the aforementioned law and confidentiality obligations to which VisMederi Srl is bound. The processing of your data will take place according to principles of correctness, lawfulness and transparency.
The Data Controller is VisMederi S.r.l. (hereinafter referred to as “Data Controller”), in person of its legal representative pro tempore Dott. Duccio Meiattini, with registered and operative office in Strada del Petriccio e Belriguardo n. 35, 53100 Siena, Italy. The Owner can be contacted through:
– Registered letter addressed to VisMederi S.r.l., Strada del Petriccio e Belriguardo n.35, 53100, Siena (SI), Italy
– E-mail at the following address firstname.lastname@example.org
Types of Data Object of Processing
The Data Controller will process the data that fall under the definitions set forth in articles 4 (1) and 9 (1) of the GDPR including, but not limited to, your name, surname, mobile phone number, health status: hereinafter and collectively called “Personal Data”.
Purpose, Legal Basis and Optional Nature of Processing
Your Personal Data will be processed without the need for specific consent, for the following purposes:
a)To allow your access to the premises;
b)For purposes connected to the obligations established by laws, regulations and community legislation, as well as by instructions given by authorities authorized to do so;
c)Any defensive purposes;
The legal bases of the processing for purpose a) are the articles 6 (1) (b), that is, “execution of a contract including the concerned party itself” and 9 (2) (b), that is, “fulfill the obligations and exercise the specific rights of the Data Controller or of data subject on the matter of labor law, social security and social protection” of the GDPR.
The legal bases of the processing for purpose b) are the articles 6 (1) (c) of the GDPR, that is, “need to fulfill a legal obligation, which the Data Controller is subject to”, as well as the pursuit of the legitimate interest of the Data Controller pursuant to Article 6 (1) (f) of the Regulations.
The legal basis of processing for purpose c) is Article 9 (2) (f) of the GDPR as the processing is necessary to ascertain, exercise or defend a right in court.
The provision of your Personal Data for the purposes indicated above (a-b-c) is optional, but in default, it will not be possible to finalize your working relationship with VisMederi S.r.l.
In relation to the aforementioned purposes, the processing of personal data takes place using manual, computerized and telematic tools with logic strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of data, in addition to compliance with specific obligations sanctioned by law.
Storage of Personal Data
Personal Data will be filed only for the time necessary for the purposes for which they are collected, respecting the principle of minimization referred to in Article 5.1. c) of the GDPR. Further information are available from the Data Controller.
Recipients of Personal Data
Personal Data may be shared with the following:
– Natural persons authorized by VisMederi S.r.l. to the processing of personal data pursuant to art. 29 of the GDPR for the performance of their job duties (e.g. employees and system administrators, etc.);
– Service providers (such as consultants, certification bodies, etc.) who typically act as controllers pursuant to art. 28 of the GDPR;
– Subjects, bodies or authorities to whom it is mandatory to communicate your Personal Data under the provisions of law or orders of the Authorities.
The complete and updated list of data recipients can be requested to the Data Controller at the above-mentioned contacts.
Extra EU Data Transfer
Regarding the possible transfer of Data to Third Countries, the Data Controller informs that the processing will be carried out according to one of the modalities permitted by the law in force, such as: the agreement of the affected party, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission. It is possible to have more information, upon request, from the Data Controller at the above-mentioned contacts.
Your Privacy Rights Pursuant to art. 15 and Following of GDPR
You have the right to ask the Data Controller, at any time, to access your Personal Data, to rectify or cancel them or to oppose their processing. You have the right to request the limitation of treatment in the cases provided for by Article 18 of the GDPR, as well as to obtain, in a structured format, in common use and readable by automatic devices, the data concerning it, in the cases provided for by Article 20 of the GDPR.
At any time, you may revoke the already given consent pursuant to art. 7 of the GDPR, without prejudice to the lawfulness of the processing carried out before the withdrawal of consent.
You can make a request for opposition to the processing of your data pursuant to Article 21 of the GDPR.
Requests must be sent to the Data Controller in writing at the addresses indicated above.
In any case, you are always entitled to submit a complaint to the competent supervisory authority (Guarantor for the Protection of Personal Data), pursuant to art. 77 of the GDPR, if you think that the processing of your data is contrary to the legislation in force.
The Data Controller