Global Data Processing Policy

In accordance with Article 13 of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27/04/2016, hereinafter GDPR HEALTHWARE GROUP S.R.L., as Data Controller, informs you as follows:

A. The Purpose of data processing

Your personal data are processed exclusively:
A1) to purpose its own legitimate interest consisting in guaranteeing the security of the Site www.healthwaregroup.com and of the information exchanged on it, i.e., the ability of said Site to resist, with a given level of security, unforeseen events or illegal or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the relative services offered or made accessible

A2) for the fulfilment of pre-contractual obligations and to facilitate the continuation of communication with the customer
A3) Data acquisition to carry out marketing activities for sponsoring services to use our services to stay up-to-date on the latest digital health trends
A4) Data Transfer to third parties and transfer of data within the HEALTHWARE Group
A5) e-mail newsletters & further e-mail campaigns
A6) to comply with the obligations provided for by law, a regulation, Community legislation or an order of the Authority (such as, for example, anti-money laundering)
A7) Enforce the Controller’s rights (e.g., Right of defence, Art. 24 Const.).

B. Legal basis for processing

The legal basis for the processing is your consent as follows:

• The legal basis for the processing of data for the purposes under A1) and A2) is respectively Art. 6.1 lett. f) of the GDPR - legitimate interest - and Art. 6 paragraph 1 lett. b) of the Regulation (processing necessary for the performance of a contract or pre-contractual measures), as the processing is necessary for the performance of the activities agreed upon on a contractual basis. The provision of Personal Data for these purposes is optional, but failure to do so would make it impossible to initiate and/or continue the contractual/pre-contractual relationship.
• The legal basis for the processing for the purposes expressed in points A3), A4), A5) and A6) is your consent ex art. 6, paragraph 1, letter b) of the Regulation). The provision of your data for such purposes is entirely optional, but it is strictly necessary to fulfil the purposes described and therefore, the processing of data for such purposes requires your consent.
• The legal basis for the processing of data for the purposes referred to in points A6) and A7) is legitimate interest within the meaning of Article 6(1)(c) of the Regulation (processing necessary for compliance with a legal obligation to which the data controller is subject) and does not require your consent.

C. Type of personal data processed

The types of information we collect about you when you visit or interactive with this site are:

• Your contact details such as name and email address where you have contacted us through this site;

We collect your personal information when you:

• Browse and interact with the healthwaregroup.com website; or
• Use our contact forms to get in touch or register your interest.

D. Communication field

Within the limits pertinent to the purposes of the data processing indicated, only collaborators expressly authorised to process data and belonging to the organisational structure of the Data Controller may become aware of such data.

Please note that your data may be transmitted to the following recipients

- Authorised internal staff who process the data for the provision of the service

- Suppliers and/or partners for the processing of all or part of your personal data to the extent necessary for the performance of their services.

- External processors

E. Retention of Personal Data

Healthware retains the personal data only for the time necessary for the fulfilment of the purposes pursued. The data is kept for the period as follows:

• Marketing: 2 years
• Newsletter: 2 years

F. Your Rights

Under the law (articles 15-22 of the GDPR 2016/679) you have a number of rights that you can exercise free of charge. We have included a summary of these below; if you would like to discuss or exercise any of these, please contact us through the details provided.

1. Right of Personal data
   if you believe any of the personal data we hold about you is incorrect, you can request we update it
2. Right to Access
   you have a right to request a copy of the information that we hold about you, and how it has been processed
3. Right to rectification
   you have the right to request the rectification of your personal data if you find that it is inaccurate. You can also request to complete your personal data, taking into account the purposes of the processing concerned. This may lead to the provision of additional data.
4. Right to Data Portability
   in some circumstances, you have the right to receive the personal information about you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to a third party
5. Right to object
   in some circumstances, you can request that we temporarily suspend the processing of your data
6. Right to erasure
   in some circumstances, such as where we no longer have a justifiable reason to continue to process your data, you can request we delete it
7. Right to restriction of processing
   in some circumstances, the data subject shall have the right to obtain from the controller the restriction of processing.

Pursuant to existing law the data subject may also submit a complaint to the Data Protection Authority (Garante per la Protezione dei dati personali), Piazza di Monte Citorio n. 121 – 00186, Rome, – www.garanteprivacy.it ).

G. Contact

If you have any further questions about this policy or the way we process your data, please contact our Data Protection Officer (“DPO”), at dpo@healthwaregorup.com