Pursuant to art. 13 EU Regulation 2016/679
Dear Data subject,
With this policy (the “Policy”), we intend to renew our commitment to ensuring that the processing of your personal data, collected for the proper functioning of the e-learning platform for Continuing Medical Education (CME) (www.elearning.scientificseminars.com) (the “Platform”), takes place in full compliance with the protections and rights recognized by the Regulation (EU) 2016/679 (“GDPR” or the “Regulation”) and other applicable rules on the protection of personal data.
The term personal data refers to the definition contained in art. 4 paragraph 1 of the Regulation, i.e. “any information concerning an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier or to one or more features of his or her physical, physiological, genetic, mental, economic, cultural or social identity” (the “Personal Data”).
This Policy- drafted on the basis of the principle of transparency and including all the elements required by art. 13 of the Regulation – aims to provide you in a simple and intuitive way with all the useful and necessary information so that you can give your Personal Data in a conscious and informed way and, at any time, exercise your rights under the GDPR.
The company that will process your Personal Data for the purposes set out in this Policy and that, therefore, will play the role of data controller, i.e. “the natural or legal person, public authority, service or other body that, individually or jointly with others, determines the purposes and means of the processing of personal data”, is Scientific Seminars International Foundation, Via di Porta Pinciana 6, 00185 – Rome, VAT No.: 08448781008 (the “Data Controller”).
DATA PROTECTION OFFICER
The Data Controller, to facilitate relations with data subjects, has appointed a Data Protection Officer (the “DPO”), identifying SAPG Legal Tech S.r.l. with registered office in Via Durini n. 15, 20122 – Milan (MI).
As provided for by art. 38 of the GDPR, you may freely contact the DPO for all matters relating to the processing of your Personal Data and/or should you wish to exercise your rights as provided for in this Policy, by sending a written communication to the email address: firstname.lastname@example.org.
POURPOSE AND LEGAL BASIS OF THE PROCESSING
Your Personal Data – such as name, surname, date of birth, date of graduation, e-mail, telephone number, professional qualification, medical experience, professional registration code – will be processed by the Data Controller in order to ensure the proper functioning of the Platform. This processing will be lawful according to art. 6, paragraph 1, letter b) of the Regulation, i.e. by virtue of the execution of a contract or pre-contractual measures taken at the request of the Data subject.
In particular, the processing is essential to:
- access the Platform;
- enroll in CME training courses;
- take part in e-learning sessions both in live and asynchronous mode;
- download didactic material;
- take end-of-course exams;
- obtain training credits.
The refusal to provide Personal Data will determine the impossibility of entering into the contract for the proper functioning of the Platform and to execute the same.
The processing of your Personal Data will also be lawful by virtue of art. 6, paragraph 1 letter f), of the GDPR, i.e. by virtue of the pursuit of the legitimate interest of the Data Controller in order to optimize the operation of its systems, to improve the training experience, to avoid fraudulent activities and increase the security of the Platform, as well as to prevent and repress any illegal or fraudulent conduct to the detriment of the same and of its counterparties to the performance of the economic transactions indicated therein.
In addition to the above, your Personal Data may be processed by the Data Controller for the following and additional purposes:
- Direct Marketing – This term refers to the carrying out of promotional activities (using both automated and traditional methods) for products and/or services of interest to you that are sold and/or provided by the Data Controller. Regarding this purpose of direct marketing, it should be noted that, pursuant to art. 6 paragraph 1 letter. f) of the Regulation and art. 130 paragraph 4 of the Privacy Code (so-called soft spam exception), the Data controller may carry out this activity based on its legitimate interest, regardless of your explicit consent, as explained in Recital 47 of the Regulation in which it is “considered legitimate interest of the Data controller to process personal data for direct marketing purposes. This will be possible because of the assessments made by the Controller regarding the possible and possible prevalence of your interests, rights and fundamental freedoms that require the protection of Personal Data over its own legitimate interest in sending direct marketing communications. Moreover, you may lawfully object at any time (even partially) to receiving promotional communications, without this affecting in any way the processing for other purposes.
SUBJECTS TO WHOM YOUR PERSONAL DATA MAY BE COMMUNICATED
Your Personal Data may be managed, on behalf of the Data Controller, exclusively by personnel expressly authorized to process it (pursuant to art. 29 GDPR) and by third parties expressly appointed as data processors (pursuant to art. 28 GDPR), in order to properly carry out all processing activities necessary to pursue the purposes set forth in this Policy.
Where required by law or in order to prevent or repress the commission of a crime, your Personal Data may also be disclosed to public bodies or judicial authorities.
STORAGE PERIOD OF PERSONAL DATA
Considering the principle of limitation of the storage period, governed by art. 5.1 lett. e) of the GDPR, your Personal Data will be processed and stored by the Data Controller limited to what is necessary to pursue the purposes set forth in this Policy, as well as – if necessary – for an additional storage period that may be imposed by law.
DATA SUBJECT RIGHTS
You may at any time exercise your rights under Art. 15 et seq. of the GDPR against the Data Controller. In particular, you have the right to obtain:
- confirmation that your Personal Data is or is not being processed and to obtain access to the data and the following information: purpose of processing, categories of Personal Data, recipients and/or categories of recipients to whom the data has been and/or will be communicated as well as the relevant storage period;
- the rectification of your Personal Data that is inaccurate and/or the integration of your Personal Data that is incomplete, also by providing a supplementary declaration
- the erasure of your Personal Data, in the cases provided for by the GDPR;
- the restriction of processing in the cases provided for by the privacy legislation in force;
- the portability of your Personal Data and, in particular, request the Personal Data provided to the Data Controller and/or request the direct transmission of your Personal Data to another data controller;
- the opposition to the processing of your Personal Data at any time, for reasons related to your particular situation, in full compliance with the privacy legislation in force.
In order to exercise your rights, you may contact the Data Controller at the following e-mail address, attaching a copy of your identity document: email@example.com
In any case, if you believe that the processing of Personal Data is contrary to the Privacy Regulations, you will always have the right to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati personali) pursuant to art. 77 GDPR.
TERRITORIAL SCOPE OF PROCESSING
Your Personal Data will be processed by the Data Controller within the territory of the European Union.