Website privacy notice for Personal Genomics Srl

Valid as of 04.06.2021

Reasons for providing the Privacy Notice/Your privacy is important to us

This Privacy Notice contains important information on your personal data being collected by visiting this website web www.personalgenomics.it (the “Website“) as a unregistered user (the “User”) in order to view and/or use the services [or the products] offered on the Website (the “Services”).

Our Company, which is part of the SOL Group, with registered offices at Verona, Via Roveggia, 43/B, P. IVA 04024620231, R.E.A. VR 385341, in its capacity as data controller (the “Company” or the “Data Controller”), informs you, pursuant to the applicable data protection laws (the “Privacy Laws”), including Regulation (EU) 2016/0679 (“GDPR”), that it will process its Users’ data in the manners and for the purposes detailed below.

The terms in this Privacy Notice apply exclusively to the Website only, and do not apply to other websites owned by the Data Controller or by third-parties, which the User may access through any of the links that may be included in the Website. If the User should access to a different website, we advise to carefully read the information on the processing of personal data applicable to said different website.

Consent

By visiting the Website, using the Services offered or interacting with the Company, the User confirms to have read and understood this Privacy Notice and gives its consent to the Company to collect, use, archive, transmit, and disclose the personal data collected through the Website in line with this Privacy Notice and under the Privacy Laws. [Except in case a user is already registered], the Company may request Users to provide their consent (for example, by checking a box), where it should deem it opportune to protect your rights, or where required under the applicable laws and regulations.

If you decide not to accept the conditions of this Privacy Notice, we would ask you not to visit this Website [not create an account (as defined below)] or otherwise use this Website or send your personal data, or give your consent when you are given the option under the Privacy Laws.

The Data Controller reserves the right to make modifications to this Privacy Notice at any time, publishing said modifications on this page. We ask you to check this page often, using as reference the date of the last modifications made, as indicated below. If you should decide not to accept the modifications made to this Privacy Notice, we would ask you to stop using this Website. You may also ask the Data Controller to remove your personal data. Unless otherwise specified, the above Privacy Notice shall continue to apply to the personal data collected up to that moment.

This Privacy Notice contains important information on the following:

Under the Privacy laws, the Data Controller processes the following personal data your provide (your “Personal Data”) when you navigate the Website [when you register in the Reserved Area]:
1. general identification data (such as, by way of example and not limitation, name, surname, e-mail address, etc.);

1.1 Data obtained when a User navigates the Website

The computer systems, cookie technology, and software procedures used for the running of the Website acquire, over the course of their normal operation, certain data which transmission is implicit to the use of the Internet. This information is not collected to be associated to identified data subjects; however, the nature of said data might, through processing and associations with data held by third parties, allow the identification of the Users who navigate a website.
This category of data include, by way of example, IP addresses or domain names of the computers used by the Users connecting to the Website, the pages viewed by Users within the Website, the domain names and the Internet addresses from which Users have accessed the Website (through referrals), the URL (Uniform Resource Identifiers) of the queries made, the time of queries, the method used to submit a query to a web server, the size of the file obtained in reply, the numeric code indicating the status of the reply from the web server, and the other parameters on the type of browser used (e.g., Internet Explorer, Google Chrome, Firefox), the operating system (e.g., Windows), and the User’s computer environment.
Such data are collected through first- party technical cookies [and third-party analytics cookies]. For more information on navigation data, we invite Users to read the Website’s Cookie Policy.

1.2 Personal Data provided by Users when registering with the Website

Most of the pages and content of the Website can be accessed and viewed by Users without requiring their registration and/or identification.
Users are responsible for the truthfulness of the personal data declared, published, or shared through this Website, and guarantee they have the right to communicate or diffuse them, holding the Data Controller harmless from any third-party liability.

The legal ground for the Processing of your Personal Data, collected through the Website, is your consent.

2.1 We wish to also inform you that your Personal Data shall be processed without your consent, under Article 6 of the GDPR, for the following purposes (the “Purposes”):

a) provide the maintenance and technical assistance required to ensure the proper operation of the Website and the services connected thereto;
b) improve the quality and the structure of the Website, and create new Website Services, functionalities, and/or characteristics;
c) allow the Data Controller to provide its Services;
d) allow the Company to exercise its rights in legal proceedings and to handle litigation;
e) comply with obligations of law and/or regulation;
f) the collaboration with the public authorities, and the prevention and suppression of unlawful acts, including by way of disciplinary measures;
g) for statistical and historical purposes, if any.

2.2 The data provided by the Registered User shall be processed, without the prior consent of the latter under Article 6, letter b) of the GDPR, for the following purposes:

a) to enable the Registered User to access the Reserved Area of the Website and to create and maintain a user account (“Account”);
b) to access the services offered by the Company to Registered Users and comply with any pre-contractual and contractual, legal, accounting, and tax obligations deriving therefrom, and to ensure an effective management of the business relations with the Company.

2.3 The data provided by the Registered User may be processed, with the prior consent of the latter under Article 6, letter a) of the GDPR, for the following purposes:

a) to allow the dispatch to the Register User of communications via e-mail on products, initiatives and/or Services offered by the Company, and or of newsletters or other advertisement, information, or promotional material.

The provision of data by Users is mandatory for the purposes of the service as per points 2.1 and 2.2 herein. Where Users should refuse to provide said data, the Company may be unable to provide the Services offered through the Website.
The provision of the data by Users is optional for the commercial purposes as per point 2.3 above. Where Users should refuse to provide said data, they will not receive any commercial communications on products, initiatives and/or services offered by the Data Controller. However, they may still access the services under points 2.1 and 2.2 above.
We inform you also that the processing of your Personal Data may, under Article 4 of the GDPR, consist in the following activities (the “Processing”): collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission or otherwise making available, alignment, interconnection, restriction, erasure, or destruction of the Personal Data.
We also inform you that your Personal Data:
• shall be processed in line with the principles of lawfulness, fairness, and transparency;
• shall be collected for the legitimate Purposes indicated above;
• shall be adequate, relevant, and limited to what is necessary for the Purposes for which they are processed;
• shall be stored, in a form that enables your identification, for a period of time not exceeding the attainment of the Purposes for which they are processed, and, in any case, not exceeding 1 year of their collection for the Purposes under point 2.1 and 2.2, and not exceeding 1 year of their collection for the commercial purposes under point 2.3 herein.
• shall be processed in a manner such as to ensure adequate security from the risk of destruction, loss, modification, distribution, or unauthorised access, by implementing technical and organisational security measures;
Your Personal Data may be processed through the use of paper media, automated, computer, or telecommunication tools, with organisational means and a logic strictly connected to the Purposes indicated above.
The Data Controller uses the most appropriate technological and security measures (electronic, computer, physical, organisational, and procedural) to ensure the security and confidentiality of the data processes. Such measures include maintaining a secure system for storing and using data, based on encryption, detection of intrusions, and prevention and protection software.
Users, however, acknowledge that the very communication of personal data via Internet sites presents risks connected to the disclosure of such data, and that no system is completely secure or immune from tampering and/or intrusions by third parties.
Without prejudice to the communications carried out in compliance of the obligations of law and/or regulation, your Personal Data may be made accessible, for the Purposes, to:
a) Employees and/or collaborators in our headquarters or territorial offices, duly authorised by the Data Controller, in their capacity as persons authorised to process Personal Data and/or system administrators.
Without the express consent of the User (under Article 6, letters b) and c) of the GDPR), the Data Controller may communicate the User’s data for the Purposes of the service as per points 2.1, letters d) and f), to supervisory and/or control bodies, judicial Authorities and any other entities to whom the Data Controller is under legal obligation to disclose such data for the performance of the above Purposes, in their capacity as autonomous data controllers.
The Users’ data shall not be disclosed to the public or to unknown parties.
In addition to the Data Controller, in certain cases the Personal Data may be accessed or processed, in the Data Controller Country and abroad, for the above Purposes, by categories of third-parties involved in the organisation of the Data Controller or the Website – who, if required, are appointed as Processors by the Data Controller – including, by way of example:
• providers of third-party technical services;
• couriers and postal services;
• hosting providers;
• information technology companies;
• experts or consultants (on legal, commercial, administrative, fiscal, tax, city planning, environmental, and quality and security matters, and on issues pertaining to financial statement certifications, the Group’s listing in the Stock Exchange, etc.) who have been assigned tasks for which the knowledge of the Users’ Personal Data is required;
• communication agencies;
• credit institutions
• insurance companies,
• companies within the SOL Group (for management, statistical, or data consolidation needs).
Your Personal Data shall not be transferred to recipients other than those indicated in this document.
Your Personal Data may be communicated abroad exclusively for the Purposes.
Your Personal Data may be transferred to non-EU Countries exclusively within the terms and with the guarantees provided for in the Privacy Laws and within the limitations of what is useful to best manage the service.
We wish you to know that, in your capacity as data subject, you have the legal right to revoke your consent to the processing of your personal data at any time. Furthermore, you may, at any time, exercise the following rights (“Your Rights”):
a) the “right of access” to your Personal Data as per Article 15 of the GDPR, and namely: obtain confirmation on the existence of Personal Data that concern you, including when not yet recorded, and obtain the communication thereof in intelligible form, and obtain the following information:
1. the purposes and methods of Processing of your Personal Data (including the existence of an automated decision-making process, including profiling as per Article 22, paragraphs 1 and 4 of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject), the categories of your Personal Data processed, the origin of your Personal Data, the period of retention of your Personal Data (where possible) or the criteria used to determine such period;
2. the identification details of the data controller, the processors, and the supervisor appointed under Article 5, paragraph 2, e) of the GDPR and in general of all the parties or categories of parties to whom your Personal Data have been or shall be communicated within the Country, and in particular whether or not there are third-Country recipients or international organisations involved (and, in such case, you shall also have the right to be informed on the existence of adequate guarantees under Article 46 of the GDPR with respect to the transfer of Personal Data);
3. the existence of your right, as Data Subject, to request from the data controller rectification or restriction of processing of personal data concerning you, or to object to such processing;
4. the right to lodge a complaint with the Privacy Supervisory Authority for the protection of your Personal Data (the “Privacy Supervisory Authority”);
b) the “right to rectification” as per Article 16 of the GDPR: the right to request the rectification or, where in your interest, to obtain completion of your Personal Data;
c) the “right to erasure”(right to be forgotten) as per Article 17 of the GDPR: the right to obtain the erasure, anonymisation, or blocking of data processed in violation of the law, including data which storage is not required with respect to the purposes for which your Data was collected or subsequently processed;
d) the “right to restriction of processing” as per Article 18 of the GDPR: the right to obtain restriction of processing in some of the cases provided for in the Privacy Law;
e) the right to request the Data Controller, under Article 19 of the GDPR, indication of the recipients to whom the Data Controller has disclosed any rectifications or cancellations or restrictions of processing (carried out under Articles 16, 17, and 18 of the GDPR, in compliance with the notification obligation, unless this proves impossible or involves a disproportionate effort);
f) the “right to data portability” as per Article 20 of the GDPR: the right to receive your Data (or transmit those Data to another controller) in a structured, commonly used and machine-readable format;
g) the “right to object” as per Article 21 of the GDPR: the right to object, in whole or in part,
1. on legitimate grounds, to the processing of your Personal Data, including where pertinent to the purpose for which they were collected;
2. to the processing of your Personal Data for the purpose of sending advertisement material or direct sale or to perform market surveys or for the purpose of marketing communication.
In the cases above, where necessary, the Data Controller shall inform the third parties to whom your Personal Data have been communicated of the exercise of your rights, except for specific cases (e.g., when such obligation proves to be impossible or involves a use of means that is manifestly disproportionate to the right being protected).
The Data Controller is Personal Genomics Srl with registered offices at Via Roveggia, 43/B 37136 Verona (VR) Italia P. IVA 04024620231.
The Processor is SOL SpA with registered offices at Via Borgazzi 27, Monza P. IVA 00771260965.
An updated list of any additional data Processors (to whom your Personal Data are disclosed, and who are duly appointed in writing), is available at the Company’s registered offices.
The Company exercised its right to appoint a DPO. The DPO is in Monza, Via G. Borgazzi n. 27 (MB-Italy). For any additional clarification or inquiry, you can contact the DPO, at: organismodpo@pec.sol.it.

Contact us for more information

    * You are a