Information pursuant to art. 13 of EU Regulation 679/2016 General Data Protection Regulation (‘GDPR’)
Mastelli Srl hereby wishes to inform you in advance of both the use of your personal data and your rights, notifying you of the following:
I. DATA CONTROLLER
The data controller is Mastelli Srl, with registered office in Sanremo (IM), Via Bussana Vecchia 32 VAT No. 00069630085.
The company’s internal Privacy Contact Person is Dr. Maria Claudia Torlasco, who can be contacted by e-mail at privacy@mastelli.it.
The Data Protection Officer (DPO), Fulvio Benedetti, can be contacted at privacy@mastelli.it.
The up-to-date list of the persons responsible for processing, with their areas of competence, can be obtained directly from the company.
II. PERSONAL DATA BEING PROCESSED
The personal data which can be subject to processing are personal data, data concerning your professional activity, data concerning your relations with MASTELLI, e.g. Name and Surname; Date and place of birth; Tax code; Professional title; Professional Register entry data, Office and mailing addresses, telephone numbers; Job sector, Specialisations, Publications, Professional network, Position/qualification within the hospital or similar.
III. COLLECTION, LEGAL BASIS
III.1. This data will be provided by the person concerned by accessing a specific website, and will be collected and stored on the company’s servers in execution of the registration request on https://www.mastelli.com.
III.2. The legal basis of the processing for the purposes indicated below is constituted, depending on the case, by the fulfilment of regulatory obligations, the execution of a contract, your express consent, or the legitimate interest of MASTELLI.
IV PURPOSES AND OBLIGATORY OR OPTIONAL NATURE OF PROCESSING
IV.1 Management of the medical-scientific information activity (also vis-a-vis) on drugs and medical devices marketed by MASTELLI and related activities (purpose connected to the fulfilment of obligations and legitimate interest of the Company, pursuant to art. 6 paragraph 1 lett. c and f of the GDPR);
IV.2 Sending of communications for the purpose of scientific information and/or medical interest: sending of communications relating to professional refresher courses and scientific collaborations and related material, by telephone, electronic or computerised means (e.g. web conference, SMS, WhatsApp, LinkedIn, Instagram, web-based/online communications) (this purpose may be pursued if you grant us your consent, pursuant to art. 6 paragraph 1 lett. a of the GDPR);
IV.3 Sending communications other than medical/scientific information (a purpose that can be pursued if you grant us your consent, pursuant to art. 6 para. 1, lett. a of the GDPR), about Company initiatives that we believe may be of interest to you or for sending newsletters and commercial material;
IV.4 Handling of reports relating to Drug Safety Monitoring (purpose related to the fulfilment of obligations, pursuant to art. 6 para. 1, lett. c of the GDPR);
IV.5 Administrative/accounting/fiscal fulfilments, including the management of this information notice and of the consents you have granted (purposes connected to the fulfilment of obligations and legitimate interests of the Company, pursuant to art.6 para. 1, lett. c of the GDPR);
V. RECIPIENTS
V.1. Your data will be made available to our suitably trained and authorised internal staff, to third parties such as service providers involved in the organisation of events and owners of training and information platforms involved by Mastelli Srl for the above-mentioned purposes.
V.2 The data may also be communicated to the Italian Regulatory Authorities, as well as to the Control Bodies of the Code of Ethics Confindustria Medical Devices and of the Farmindustria Code of Ethics for the fulfilment of obligations provided for by law.
V.3. Your data may be communicated to our Scientific Informants who may use them for possible visits to your practice.
V.4 The third parties who will carry out processing on behalf of MASTELLI, will be appointed as external supervisors pursuant to art. 28 GDPR, after verification of their security measures, including those to prevent loss of data, unlawful or incorrect use and unauthorised access, or processing that is not permitted or does not comply with the aforementioned purposes.
VI. DATA PROCESSING AND STORAGE
All personal data provided will be processed in accordance with the principles of lawfulness, correctness, relevance and proportionality, by means of computer and telematic applications and possibly also in paper format, to the extent strictly necessary to pursue the purposes described above. In any case, personal data will be kept for a period of time not exceeding that which is strictly necessary to achieve the stated purposes. Personal data that does not need to be stored for the stated purposes will be deleted or made anonymous. It should be noted that the information systems used to manage the information collected are configured in such a way as to provide access only to authorised processors with appropriate credentials.
VII. YOUR RIGHTS
Finally, you are reminded that as a data subject, pursuant to art. 15 et seq. of the GDPR you may exercise the following rights:
Art. 15 – Right of access to personal data concerning you; Art. 16 – Right to rectify inaccurate or incomplete personal data; Art. 17 – Right to erasure if expressly indicated grounds exist; Art. 18 – Right to restriction of processing in the cases expressly indicated; Art. 20 – Right to data portability by receiving the data in a structured format so that it can be transmitted to another data controller if the conditions are met; Art. 21 – Right to object to processing on grounds relating to your particular situation; Art. 22 – Right not to be subject to a decision based solely on automated processing, including profiling.
Right at any time to withdraw consent pursuant to art. 7 c. 3 of the GDPR, without prejudice to the lawfulness of processing carried out on the basis of consent subsequently withdrawn.
The above-mentioned rights may be exercised by written request to the Data Controller to be sent to the following contact details: MASTELLI SRL, Via Bussana Vecchia 32, 18038 Sanremo (IM) tel. 0184.5111 We inform you that you can also exercise your rights at any time by writing to privacy@mastelli.it, the appointed DPO can also be contacted at this same address. In relation to processing that you consider to be non-compliant with the law, you may also exercise your right to complain to the Supervisory Authority which, for Italy, is the ‘Garante per la protezione dei dati personali’ (Italian Data Protection Authority).