This Notice is provided, in compliance with Articles 13 and 14 of EU Regulation 679/2016 (hereinafter: “Regulation”), to users (hereinafter: “Users” or “User”) of the websites www.sanraffaele.it, www.cupsr.it, www.srlavoro.it in desktop version (hereinafter: “Site”) owned by San Raffaele S.p.A. headquartered at Via di Val Cannuta, 247 – ZIP code 00166 – Rome (RM), the Data Controller (hereinafter: “Data Controller”), and is intended to describe the manner in which the Site is managed with reference to the processing of personal data, as well as to allow the Users of the Site to know the purposes and methods of the processing of personal data by the Data Controller in the event of their being provided.
As specified in the terms of use of the site’s services, found in the “DISCLAIMER” section of the Site, the services offered by the Owner are intended for persons 18 years of age or older. Should the Controller become aware of the processing of data of minors under 18 years of age, it reserves the right to unilaterally discontinue the use of the service offered as well as to delete the data acquired.
Terms that are not defined in this Privacy Policy have the same meaning as described in the terms of use of the site services, found in the “DISCLAIMER” section of the Site.
1. Principles applicable to the processing of personal data
The Data Controller, pursuant to and for the purposes of the Regulations, announces that the aforementioned legislation provides for the protection of individuals with respect to the processing of personal data and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of confidentiality and fundamental rights.
2. Purpose, legal basis for processing, and optional nature of conferral
Personal data provided by Users through the use of the Site, will be processed for the purposes described below:
A. Delivery of the service “ONLINE VISIT RESERVATIONS”
I. The purpose of the service is to enable the Interested Parties to make reservations for examinations and specialist visits, performed possibly also through the support of telematic tools (telemedicine), at the Outpatient Clinics of San Raffaele.
In order to provide this service, it is necessary for the User to register through the Website, at the page:
https://www.cupsr.it/…/iscrizione.
There you will be provided with appropriate privacy information with related requests for consent referring to the described purposes.
The data required for Registration are limited to the provision of:
Name
Last name
Date of birth
Place of birth
Sex
Tax Code
Cell phone
E-mail address
When booking a visit, or subsequently, through the Reservation Portal by logging in with their credentials, the User must express specific consent to the processing of their personal and special data about the provision of a number of services provided by the Owner, listed below:
I. Notification by SMS regarding the occurrence of reservations made at one of St. Raphael’s Health Facilities. Consenting to receive the SMS will allow the receipt of a message as a reminder of the reservation made at one of the San Raffaele Health Facilities.
II. Carrying out market research, for the sole purpose of drawing up studies, including through special questionnaires, regarding your degree of satisfaction from the health services and services received by the Institute (this activity is aimed at ensuring, through monitoring the needs and opinions of users, constant improvement and adjustment of the health services offered).
III. Performing marketing activities and sending promotional campaigns by means of some SMS and/or e-mail messages. The purpose of the service is to provide, through the use of the email address provided, a newsletter service directly provided by the Holder through which industry information such as news and curiosities, as well as advertising emails, promotional activities, market research, opinion polls and other marketing activities will be sent. The processing, upon specific consent of the Data Subject, may also be carried out for the detection of the tastes, preferences and habits of customers, the degree of customer satisfaction, through a profiling activity, i.e. with the use of an automated process that, on the basis of the above-mentioned detections, is aimed at sending commercial information or advertising material, for direct marketing campaigns, for the provision of services for customer protection, for market research and other operations directly or indirectly related to marketing activities;
The legal basis for the provision of the services described is the consent legitimately given by you pursuant to Art. 4 par. 11) and 6 lit. a) European Regulation 16/679.
You will be asked for ad hoc consent for each purpose. Failure to consent for any of the purposes described does not affect processing for the purposes for which you gave your consent.
B. Provision of service “SENDING CURRICULUM VITAE”
I. The purpose of the service is to allow Interested Parties to send their CVs to apply for any current open job position and to possibly be contacted for a new one.
In order to provide this service, it is necessary for the User to register through the Website by going to http://www.srlavoro.it, selecting the job position of interest and clicking in the “Submit Your Resume” section. There you will be given further appropriate Disclosure referring to this specific purpose.
The data required for Registration are limited to the provision of:
Name
Last name
Nation
E-mail address
Cell phone
Residence/province
City
Province
Residential address
City of residence
ZIP code of residence
Province of residence
Diploma
Institute
Final grade
Year
CV, to be sent in electronic format.
II. The User, during registration, may provide additional personal data by way of optional and additional information that will be collected by the Owner if provided, such as:
Date of birth
Marital status
Phone
Degree Course
University
Registration year
Year
Final grade
Thesis title
Descrizione
Subject of master’s degree
Master organizer
Master year
Master Duration
Language knowledge
1st Language
Video presentation
2nd Language
3rd Language
Operating Systems
Applications
Company (current)
Role (current)
Year
Contract (current)
CCNL (current)
CCNL level (current)
Activities (current)
Company (previous)
Role (previous)
Year (previous)
Activities (previous)
The legal basis for the processing is Art. 6 lett. b) GDPR, i.e. the processing is necessary for the execution of pre-contractual measures taken at the request of the Data Subject.
Subsequently, in the event that the processing operations of personal data resulting from the management of the application process result in the need to process Your data considered special ex art. 9 GDPR, in particular data related to health, for the purpose of processing will require Your consent ex art. 9 lett. a) GDPR to be given at the time of application.
C. “CONTACT US” service delivery.
Your personal data may also be processed as a result of your request for contact by e-mail to the addresses given within the website. In this case, the legal basis for processing is Art. 6 letter b) GDPR or to respond to a special request from the Data Subject.
3. Methods of processing and storage of personal data
The Holder ensures that personal data are processed in full compliance with the Regulations, using manual, computer or telematic systems. Processing may also be carried out through automated tools designed to store, manage and transmit the data.
The data collected and processed will be protected with physical and logical methods to minimize the risks of unauthorized access, dissemination, loss, and destruction of data, in accordance with Articles 25 and 32 of the Regulations.
Data processing will last no longer than necessary to fulfill the purposes for which it was collected.
With reference to retention periods and processing methods the same are further specified in the respective Notices rendered for the provision of services above.
4. Recipients of personal data
Personal data collected may be processed by individuals or categories of individuals acting as Data Processors pursuant to Art. 28 of the Regulations or who are authorized to process data under Art. 29 of the Regulations.
In addition, for some services, the data may be disclosed to companies that collaborate or use the services of the Owner, with the sole purpose of providing the services requested by the User. The Owner, in the provision of data, aimed at the provision of services requested by the User, has ensured that such companies have appropriate requirements and take appropriate security measures for the protection of the same.
Specifically, the data provided by the User may be shared by the Owner with the following third parties solely to provide the services requested by the User or comply with other regulatory obligations:
Service Companies, which the Owner uses to provide services in order to equip itself with appropriate technological tools, such as systems and platforms for managing web servers, management and security applications.
Service Companies, which the Owner may use for the provision of services in order to equip itself with operational support in personnel selection processes.
Outside of the above-mentioned cases, personal data will not be communicated except to subjects, entities and Authorities to which communication is obligatory under provisions of law or regulation.
5. Transfer of data to a third country or international organization
Personal data collected through the Site are processed domestically and otherwise internally within the European Economic Area.
6. Navigation data collection
Computer systems and the technical and software procedures underlying the operation of the Site acquire, in the course of their normal operation, some personal data whose transmission is implicit in the access and operation mechanisms and protocols in use on the Internet.
Each time the User connects to the Site and each time he or she retrieves or requests content, access data is stored at our systems in the form of tabular or linear data files.
This category of data includes, for example, IP addresses, the domain names of the computers used by users connecting to the Site, the request from the User’s browser in the form of addresses in URI (Uniform Resource Identifier) notation, the date and time of the request to the server, the method used in submitting the request to the server, the amount of data transmitted, the numerical code indicating the status of the response given by the server and other parameters relating to the User’s operating system and computer environment.
This data may be used by the Data Controller for the sole purpose of obtaining anonymous statistical information on the use of the Site in order to identify Users’ favorite pages and thus provide increasingly appropriate content and to monitor its proper functioning.
At the request of the Authority, the data could be used to ascertain liability in case of hypothetical computer crimes against the Site or its Users.
7. About cookies, search engines, and location data
Cookies are intended to speed up the analysis of Internet traffic, make it easier for Users to access the services offered by the Site, and provide useful and relevant advertising to visitors. With the use of cookies, no personal data is transmitted or acquired and no User tracking systems are used.
If you do not want the information you provide to be collected through the use of cookies, you can implement a simple procedure in your browser that allows you to refuse the function of cookies.
Cookies are portions of information that can be stored on a computer while browsing a website in order to process and identify usage data. The cookie file is usually very small in size and does not contribute to the saturation of physical hard disk space. The cookie is transferred to the User’s disk for record-keeping purposes to “store” which areas of a website have been visited. This choice saves time, allowing the User to reach the main parts of a site previously visited more quickly. There are different types of cookies:
permanent, that is, they remain on the hard disk, even once the browser is closed;
temporary or session, which are stored only for the duration of browsing and are deleted from the computer when the browser is closed;
Third parties, generated by a website other than the one the User is visiting.
The cookies used are a combination of these three types: some serve only for opening and maintaining a session (temporary cookies). In this case, closing the session or browser will render them unusable by both the user and third parties, while physically remaining on the PC being used (permanent cookies). Third-party cookies are also issued for purely statistical purposes, for measuring aggregate information. In order to provide a site that meets the User’s expectations and interests, an analysis of the data collected on cookies is constantly carried out; this data indicates solely and anonymously how the site is used, i.e., the areas and sections that have been deemed of greatest interest and usefulness to surfers.
You have the option to set your browser to accept all cookies, only some, or reject them. We make it known, however, that the non-acceptance of cookies may result in the inability to provide the service in the case of access to some areas of the site. Please also note that at the end of each browsing session, the User can in any case delete both the browsing cache-memory and the collected cookies from his/her hard disk.
For more information on the use of Cookies, to check and, if necessary, to change your consent to the use of the types of cookies used, please see the “Cookie Policy” page.
8. Rights of the Interested Party
Pursuant to Articles 15 et seq. of the European Regulation 16/679, you as a data subject have the right to obtain access to your personal data, rectification, deletion of the same, to object to the processing and to request restriction of the processing.
Pursuant to Art. 7 para. 3 of the Regulations, the Data Subject has the right to obtain at any time the revocation of consent to the processing and request the deletion of his or her personal data by sending notice to the Data Controller at: privacy@sanraffaele.it. Following the User’s request for deletion, all of the User’s personal data will be deleted, subject to further retention as required by regulatory obligations.
9. Data Controller and Data Protection Officer.
In order to exercise the rights referred to in the preceding paragraph, the Data Subject may at any time contact the Data Controller and/or the Data Protection Officer for any communications regarding the processing of his or her personal data by sending communication to the contacts below:
The Data Controller:
Business Name: San Raffaele S.p.A.
Registered office address: Via di Val Cannuta, 247 – ZIP code 00166 – Rome (RM)
E-mail address: privacy@sanraffaele.it
The Data Protection Officer (DPO):
E-mail address: dpo@sanraffaele.it
10. Changes
This Notice may be subject to change. If any substantial changes are made in the use of data about the User by the Owner, the Owner will notify the User by posting them as prominently as possible on its pages.
PRIVACY: Data Protection Notice
This Notice is provided, in compliance with Articles 13 and 14 of EU Regulation 679/2016 (hereinafter: “Regulation”), to users (hereinafter: “Users” or “User”) of the websites www.sanraffaele.it, www.cupsr.it, www.srlavoro.it in desktop version (hereinafter: “Site”) owned by San Raffaele S.p.A. headquartered at Via di Val Cannuta, 247 – ZIP code 00166 – Rome (RM), the Data Controller (hereinafter: “Data Controller”), and is intended to describe the manner in which the Site is managed with reference to the processing of personal data, as well as to allow the Users of the Site to know the purposes and methods of the processing of personal data by the Data Controller in the event of their being provided.
As specified in the terms of use of the site’s services, found in the “DISCLAIMER” section of the Site, the services offered by the Owner are intended for persons 18 years of age or older. Should the Controller become aware of the processing of data of minors under 18 years of age, it reserves the right to unilaterally discontinue the use of the service offered as well as to delete the data acquired.
Terms that are not defined in this Privacy Policy have the same meaning as described in the terms of use of the site services, found in the “DISCLAIMER” section of the Site.
1. Principles applicable to the processing of personal data
The Data Controller, pursuant to and for the purposes of the Regulations, announces that the aforementioned legislation provides for the protection of individuals with respect to the processing of personal data and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of confidentiality and fundamental rights.
2. Purpose, legal basis for processing, and optional nature of conferral
Personal data provided by Users through the use of the Site, will be processed for the purposes described below:
A. Delivery of the service “ONLINE VISIT RESERVATIONS”
I. The purpose of the service is to enable the Interested Parties to make reservations for examinations and specialist visits, performed possibly also through the support of telematic tools (telemedicine), at the Outpatient Clinics of San Raffaele.
In order to provide this service, it is necessary for the User to register through the Website, at the page:
https://www.cupsr.it/…/iscrizione.
There you will be provided with appropriate privacy information with related requests for consent referring to the described purposes.
The data required for Registration are limited to the provision of:
Name
Last name
Date of birth
Place of birth
Sex
Tax Code
Cell phone
E-mail address
When booking a visit, or subsequently, through the Reservation Portal by logging in with their credentials, the User must express specific consent to the processing of their personal and special data about the provision of a number of services provided by the Owner, listed below:
I. Notification by SMS regarding the occurrence of reservations made at one of St. Raphael’s Health Facilities. Consenting to receive the SMS will allow the receipt of a message as a reminder of the reservation made at one of the San Raffaele Health Facilities.
II. Carrying out market research, for the sole purpose of drawing up studies, including through special questionnaires, regarding your degree of satisfaction from the health services and services received by the Institute (this activity is aimed at ensuring, through monitoring the needs and opinions of users, constant improvement and adjustment of the health services offered).
III. Performing marketing activities and sending promotional campaigns by means of some SMS and/or e-mail messages. The purpose of the service is to provide, through the use of the email address provided, a newsletter service directly provided by the Holder through which industry information such as news and curiosities, as well as advertising emails, promotional activities, market research, opinion polls and other marketing activities will be sent. The processing, upon specific consent of the Data Subject, may also be carried out for the detection of the tastes, preferences and habits of customers, the degree of customer satisfaction, through a profiling activity, i.e. with the use of an automated process that, on the basis of the above-mentioned detections, is aimed at sending commercial information or advertising material, for direct marketing campaigns, for the provision of services for customer protection, for market research and other operations directly or indirectly related to marketing activities;
The legal basis for the provision of the services described is the consent legitimately given by you pursuant to Art. 4 par. 11) and 6 lit. a) European Regulation 16/679.
You will be asked for ad hoc consent for each purpose. Failure to consent for any of the purposes described does not affect processing for the purposes for which you gave your consent.
B. Provision of service “SENDING CURRICULUM VITAE”
I. The purpose of the service is to allow Interested Parties to send their CVs to apply for any current open job position and to possibly be contacted for a new one.
In order to provide this service, it is necessary for the User to register through the Website by going to http://www.srlavoro.it, selecting the job position of interest and clicking in the “Submit Your Resume” section. There you will be given further appropriate Disclosure referring to this specific purpose.
The data required for Registration are limited to the provision of:
Name
Last name
Nation
E-mail address
Cell phone
Residence/province
City
Province
Residential address
City of residence
ZIP code of residence
Province of residence
Diploma
Institute
Final grade
Year
CV, to be sent in electronic format.
II. The User, during registration, may provide additional personal data by way of optional and additional information that will be collected by the Owner if provided, such as:
Date of birth
Marital status
Phone
Degree Course
University
Registration year
Year
Final grade
Thesis title
Descrizione
Subject of master’s degree
Master organizer
Master year
Master Duration
Language knowledge
1st Language
Video presentation
2nd Language
3rd Language
Operating Systems
Applications
Company (current)
Role (current)
Year
Contract (current)
CCNL (current)
CCNL level (current)
Activities (current)
Company (previous)
Role (previous)
Year (previous)
Activities (previous)
The legal basis for the processing is Art. 6 lett. b) GDPR, i.e. the processing is necessary for the execution of pre-contractual measures taken at the request of the Data Subject.
Subsequently, in the event that the processing operations of personal data resulting from the management of the application process result in the need to process Your data considered special ex art. 9 GDPR, in particular data related to health, for the purpose of processing will require Your consent ex art. 9 lett. a) GDPR to be given at the time of application.
C. “CONTACT US” service delivery.
Your personal data may also be processed as a result of your request for contact by e-mail to the addresses given within the website. In this case, the legal basis for processing is Art. 6 letter b) GDPR or to respond to a special request from the Data Subject.
3. Methods of processing and storage of personal data
The Holder ensures that personal data are processed in full compliance with the Regulations, using manual, computer or telematic systems. Processing may also be carried out through automated tools designed to store, manage and transmit the data.
The data collected and processed will be protected with physical and logical methods to minimize the risks of unauthorized access, dissemination, loss, and destruction of data, in accordance with Articles 25 and 32 of the Regulations.
Data processing will last no longer than necessary to fulfill the purposes for which it was collected.
With reference to retention periods and processing methods the same are further specified in the respective Notices rendered for the provision of services above.
4. Recipients of personal data
Personal data collected may be processed by individuals or categories of individuals acting as Data Processors pursuant to Art. 28 of the Regulations or who are authorized to process data under Art. 29 of the Regulations.
In addition, for some services, the data may be disclosed to companies that collaborate or use the services of the Owner, with the sole purpose of providing the services requested by the User. The Owner, in the provision of data, aimed at the provision of services requested by the User, has ensured that such companies have appropriate requirements and take appropriate security measures for the protection of the same.
Specifically, the data provided by the User may be shared by the Owner with the following third parties solely to provide the services requested by the User or comply with other regulatory obligations:
Service Companies, which the Owner uses to provide services in order to equip itself with appropriate technological tools, such as systems and platforms for managing web servers, management and security applications.
Service Companies, which the Owner may use for the provision of services in order to equip itself with operational support in personnel selection processes.
Outside of the above-mentioned cases, personal data will not be communicated except to subjects, entities and Authorities to which communication is obligatory under provisions of law or regulation.
5. Transfer of data to a third country or international organization
Personal data collected through the Site are processed domestically and otherwise internally within the European Economic Area.
6. Navigation data collection
Computer systems and the technical and software procedures underlying the operation of the Site acquire, in the course of their normal operation, some personal data whose transmission is implicit in the access and operation mechanisms and protocols in use on the Internet.
Each time the User connects to the Site and each time he or she retrieves or requests content, access data is stored at our systems in the form of tabular or linear data files.
This category of data includes, for example, IP addresses, the domain names of the computers used by users connecting to the Site, the request from the User’s browser in the form of addresses in URI (Uniform Resource Identifier) notation, the date and time of the request to the server, the method used in submitting the request to the server, the amount of data transmitted, the numerical code indicating the status of the response given by the server and other parameters relating to the User’s operating system and computer environment.
This data may be used by the Data Controller for the sole purpose of obtaining anonymous statistical information on the use of the Site in order to identify Users’ favorite pages and thus provide increasingly appropriate content and to monitor its proper functioning.
At the request of the Authority, the data could be used to ascertain liability in case of hypothetical computer crimes against the Site or its Users.
7. About cookies, search engines, and location data
Cookies are intended to speed up the analysis of Internet traffic, make it easier for Users to access the services offered by the Site, and provide useful and relevant advertising to visitors. With the use of cookies, no personal data is transmitted or acquired and no User tracking systems are used.
If you do not want the information you provide to be collected through the use of cookies, you can implement a simple procedure in your browser that allows you to refuse the function of cookies.
Cookies are portions of information that can be stored on a computer while browsing a website in order to process and identify usage data. The cookie file is usually very small in size and does not contribute to the saturation of physical hard disk space. The cookie is transferred to the User’s disk for record-keeping purposes to “store” which areas of a website have been visited. This choice saves time, allowing the User to reach the main parts of a site previously visited more quickly. There are different types of cookies:
permanent, that is, they remain on the hard disk, even once the browser is closed;
temporary or session, which are stored only for the duration of browsing and are deleted from the computer when the browser is closed;
Third parties, generated by a website other than the one the User is visiting.
The cookies used are a combination of these three types: some serve only for opening and maintaining a session (temporary cookies). In this case, closing the session or browser will render them unusable by both the user and third parties, while physically remaining on the PC being used (permanent cookies). Third-party cookies are also issued for purely statistical purposes, for measuring aggregate information. In order to provide a site that meets the User’s expectations and interests, an analysis of the data collected on cookies is constantly carried out; this data indicates solely and anonymously how the site is used, i.e., the areas and sections that have been deemed of greatest interest and usefulness to surfers.
You have the option to set your browser to accept all cookies, only some, or reject them. We make it known, however, that the non-acceptance of cookies may result in the inability to provide the service in the case of access to some areas of the site. Please also note that at the end of each browsing session, the User can in any case delete both the browsing cache-memory and the collected cookies from his/her hard disk.
For more information on the use of Cookies, to check and, if necessary, to change your consent to the use of the types of cookies used, please see the “Cookie Policy” page.
8. Rights of the Interested Party
Pursuant to Articles 15 et seq. of the European Regulation 16/679, you as a data subject have the right to obtain access to your personal data, rectification, deletion of the same, to object to the processing and to request restriction of the processing.
Pursuant to Art. 7 para. 3 of the Regulations, the Data Subject has the right to obtain at any time the revocation of consent to the processing and request the deletion of his or her personal data by sending notice to the Data Controller at: privacy@sanraffaele.it. Following the User’s request for deletion, all of the User’s personal data will be deleted, subject to further retention as required by regulatory obligations.
9. Data Controller and Data Protection Officer.
In order to exercise the rights referred to in the preceding paragraph, the Data Subject may at any time contact the Data Controller and/or the Data Protection Officer for any communications regarding the processing of his or her personal data by sending communication to the contacts below:
The Data Controller:
Business Name: San Raffaele S.p.A.
Registered office address: Via di Val Cannuta, 247 – ZIP code 00166 – Rome (RM)
E-mail address: privacy@sanraffaele.it
The Data Protection Officer (DPO):
E-mail address: dpo@sanraffaele.it
10. Changes
This Notice may be subject to change. If any substantial changes are made in the use of data about the User by the Owner, the Owner will notify the User by posting them as prominently as possible on its pages.
