GKSD Healthcare Management & Consulting SRL (hereinafter, “GKSD”), GKSD Healthcare Management Co is an investment company whose main focus is the field of healthcare provision, hospital support, construction, monitoring, advisory, insurance assessment and legal & fiscal services.
GKSD considers the protection of the personal data of its and/or customers to be of fundamental importance, ensuring that the processing of personal data, carried out in any manner, whether automated or manual, takes place in full compliance with the safeguards and rights recognized by the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, relating to the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data (hereinafter the "Regulation").
GKSD - with registered office in Via Senato 12 – Milan, 20121 – Italy in the person of the actual legal representative, assumes the role of Data Controller (hereinafter "Data Controller") according to the relevant definition in article 4 at point 7 of the Regulation, " ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”.
For the purposes of compliance with the aforementioned legislation on privacy, the Data Controller indicates the following e-mail address for the appropriate communications: firstname.lastname@example.org.
Your data may be shared with:
- appointed personnel of GKSD and possibly its professionals who are committed to confidentiality or have an adequate legal obligation of confidentiality, for the sole purposes listed in the relevant paragraph;
- subjects delegated and / or appointed by the Data Controller to carry out activities strictly related to the pursuit of the purposes listed in the relevant paragraph (including technical maintenance interventions on the systems), acting as data processors;
- people, companies or professional firms that provide assistance and support to the Data Controller to ensure the proper functioning of the Web Site, acting as autonomous controllers, joint controllers or as data processor;
- subjects, bodies or authorities to whom the communication of your personal data is mandatory by virtue of legal provisions or orders of the competent authorities.
Type of data processed and purposes of the processing relating to navigation on the Website
The website https://www.gksdhealthcare.com/ offers informative and, sometimes, interactive contents. While browsing the WebSite, information about the user can then be acquired in the following ways:
The computer systems and software procedures used to operate the Web Site may acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and the addresses of websites from which access or exit was made, information on the pages visited by users within the Web Site, the access time, the stay on the single page, the analysis of the internal path and other parameters relating to the operating system and the user's IT environment. These technical / IT data are collected and used exclusively in an aggregate and non-identifying manner and could be used to ascertain responsibility in the event of hypothetical computer crimes against the Web Site.
Data provided voluntarily by the user
The personal data expressly provided by the users will be communicated to third parties only if the communication is necessary to fulfil the users' requests.
Legal basis and Purposes of processing
The Data Controller processes personal data deriving from the navigation of the Web Site and those that the user has voluntarily provided in connection with the use of the Web Site itself.
In particular, personal data may be used for the following purposes and in accordance with the following legal bases:
- Guarantee and verify the correct functioning of the Web Site, as well as improve the user browsing experience. The data collected for the purposes specified above are processed mainly in an anonymized form. They are used solely for the purpose of obtaining statistical information on the use of the Web Site and to check its correct operation and are deleted every 6 months.
The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Web Site.
The legal basis for the processing of navigation data is the legitimate interest of the Data Controller to allow the correct use of the Web Site contents.
- Manage the requests forwarded by the user when filling in the contact form (personal data acquired are: name, telephone number, e-mail address, as well as any specific content included in the body of the message) or the Newsletter form. The legal basis for the processing of data voluntarily provided by the user is the necessity to provide the service requested, in compliance with article 6, paragraph 1, lett. b) of Regulation.With reference to such data, please note that they are used solely for the purpose of responding to requests received. The user is, in fact, the sole owner of his or her data and may request that it be changed or deleted at any time: see below the section "rights of the data subject".
Furthermore, the Data Controller will not use the data provided for purposes other than those listed above and only within the limits indicated from time to time in any further information notice accompanying the different, specific service that the user may have requested.
- Ensure compliance with legal obligations, regulations and community standards, in accordance with article 6, paragraph 1, lett. c) of Regulation.
- On the basis of the users’ specific consent, for the installation and deployment of statistical and marketing cookies, belonging to GKSD (first party cookies) or to third parties
Methods of data processing
The processing of personal data is carried out mainly using electronic procedures and media, without excluding manual processing, for the time strictly necessary, in accordance with article 5 of the Regulation.
Personal data will be processed by the Data Controller limited to what is necessary for the pursuit of the described purposes. In particular, personal data will be processed for a period of time equal to the minimum necessary, as indicated by Recital 39 of the Regulation.
Personal data is stored on servers located within the European Union. These servers are owned by GKSD.
The Data Controller may transfer the personal data collected outside the EU. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place after signing the standard contractual clauses adopted by the European Commission and, in any case, in accordance with the applicable data protection law.
GKSD uses your data to ensure an efficient response to the requests you have made. The provision of your data for this purpose is optional, but failure to provide them could make it impossible to provide the requested services.
Your personal data are processed by the indicated subjects, in accordance with the provisions of current legislation. In particular, to ensure the security of your data taking into account the state of the art and the implementation costs, as well as the nature, object, context and purposes of the processing, as well as the risk of varying probability and severity for rights and freedoms of our users, we have adopted appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
The storage of personal data will take place in paper and / or electronic form and for the time strictly necessary to pursue the indicated purposes.
With reference to the processing of data relating to the provision of the requested services, we inform you that we will process your data for the time strictly necessary to process your request.
Redirect to external sites
The Website could use the so-called social plug-in. Social plug-ins are special tools that allows to incorporate the features of the social network directly within the website (eg the "like" function of Facebook).
All social plug-ins on the Web Site are marked with the respective logo owned by the social network platform.
When you visit a page of the Web Site and interact with the plug-in (eg by clicking the "like" button) or decide to leave a comment, the corresponding information is transmitted from the browser directly to the social network platform (in this case Facebook) and stored by it.
Link to / from third party sites
From the Web Site it is possible to connect through specific links to other third-party websites.
In this regard, in no way can the Data Controller be held responsible for any management of personal data by third party websites and for the management of authentication credentials provided by third parties.
Rights of the data subjects
As foreseen by article 15 of the Regulation, the data subject can access their personal data, request their correction and updating, if incomplete or incorrect, request their cancellation if the collection took place in violation of a law or regulation, as well as oppose to the processing for legitimate and specific reasons.
In particular, we list below all the rights that can be exercised, at any time, towards the Data Controller and / or the joint Data Controllers:
Right of access: the right, pursuant to article 15, paragraph 1 of the Regulation, to obtain from the Data Controller confirmation that personal data is being processed or not and, in this case, to obtain access to such personal data and the following information:
- the purposes of the processing;
- the categories of personal data in question;
- the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
- when possible, the retention period of personal data provided or, if not possible, the criteria used to determine this period;
- the existence of the right of the data subject to ask the Data Controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
- the right to lodge a complaint with a supervisory authority;
- if personal data are not collected from the data subject, all available information on their origin;
- the existence of an automated decision-making process, including profiling referred to in article 22, paragraphs 1 and 4, of the Regulation and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of this processing for the data subject.
Right of rectification: right to obtain, pursuant to article 16 of the Regulation, the rectification of personal data that are inaccurate, taking into account the purposes of the processing; moreover, it is possible to obtain the integration of personal data that are incomplete, also by providing an additional declaration.
Right of cancellation: the right to obtain, pursuant to article 17, paragraph 1 of the Regulation, the erasure of personal data without undue delay and the Data Controller will have the obligation to delete your personal data, if only one of the following reasons:
- the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
- the data subject wants to have revoked the consent on which the processing of the personal data is based and there is no other legal basis for their processing;
- the data subject has opposed the processing pursuant to article 21, paragraph 1 or 2 of the Regulation and there is no longer any legitimate overriding reason to proceed with the processing of personal data;
- the personal data have been unlawfully processed;
- it is necessary to delete personal data to fulfill a legal obligation provided for by a community regulation or internal law.
In some cases, as provided for by article 17, paragraph 3 of the Regulation, the Data Controller is entitled not to delete your personal data if their processing is necessary, for example, to exercise the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, for the assessment, exercise or defense of a right in court.
Right to restriction of processing: this is the right to obtain the restriction of processing, pursuant to article 18 of the Regulation, in the event that one of the following hypotheses occurs, the data subject:
- has contested the accuracy of his personal data (the limitation will last for the period necessary for the Data Controller to verify the accuracy of such personal data);
- the processing is unlawful but you have opposed the cancellation of your personal data, requesting, instead, that its use be limited;
- although the Data Controller no longer needs it for the purposes of processing, the personal data are used to ascertain, exercise or defend a right in court;
- opposed the processing pursuant to article 21, paragraph 1, of the Regulation and is awaiting verification of the possible prevalence of the Data Controller's legitimate reasons with respect to his own.
Right to data portability: the right to receive, pursuant to article 20, paragraph 1 of Regulation, all personal data processed by the Data Controller in a structured, commonly used and machine-readable format or request their transmission to another data controller. In this case, it will be the responsibility of the data subject to provide us with all the details of the new data controller to which he/she intends to transfer his personal data by providing us with written authorization.
Right to object: pursuant to recital 70 and article 21, paragraph (2) of Regulation, you have the right to object, at any time, to the processing of your personal data if they are processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
Right to lodge a complaint with the supervisory authority: without prejudice to the right to appeal in any other administrative or judicial forum, if you believe that the processing of personal data carried out by the Data Controller is in violation of Regulation and/or other applicable data protection legislation, you may lodge a complaint with the competent Data Protection Authority.
To exercise all the rights described above, you may contact the Data Controller:
- by sending an e-mail to the mailbox email@example.com
- by calling the phone number +39 02 8935 4826