Privacy Policy pursuant to Article 13 of Legislative Decree no. 196 of 30 June 2003 and Articles 13-14 of EU Regulation 2016/679 (GDPR)

SERVIZI DIAGNOSTICI S.R.L., as the Data Controller pursuant to the GDPR, is aware of the importance of personal data protection and commits to observing the rules of conduct established by the GDPR, by Legislative Decree no. 196 of 30 June 2003 (Personal Data Protection Code), and by the remaining applicable privacy legislation, aimed at ensuring secure online navigation through the protection of personal data.

We therefore wish to inform you that the current privacy legislation provides for the protection of individuals and other subjects with regard to the processing of personal data.

According to the indicated legislation, such processing will be based on the principles set forth in Article 5 of the GDPR, and in particular on fairness, lawfulness, transparency, and data minimisation, as well as the protection of your privacy and your rights.

Therefore, in compliance with the provisions of EU Regulation 2016/679, this privacy policy provides due information regarding the processing of data provided by you and describes the personal data processing activities carried out by Servizi Diagnostici S.r.l. through the website www.servizidiagnostici.com.

It is specified that this privacy policy is not to be considered valid for other websites/social platforms that may be accessed via links present on the Data Controller’s domain websites, to which reference is made, remembering that Servizi Diagnostici S.r.l. is not to be considered in any way responsible for third-party websites.

The collection and processing of personal data occur only when necessary for the sections of the website being visited in relation to the execution of services requested by the user (e.g., info request, newsletter) or when the user himself decides to communicate his personal data to the Company in various ways (e.g., verbally, by filling in the appropriate fields where requested, via e-mail, etc.).

Where provided for by EU Regulation 2016/679 and/or Italian law, user consent will be required before proceeding with the processing of their personal data. If the user provides personal data of third parties, they must ensure that the communication of such data to the Data Controller and the subsequent processing for the purposes specified in the applicable privacy policy comply with EU Regulation 2016/679 and applicable legislation. In such circumstances, this privacy policy illustrates the methods and characteristics of collecting and processing the user’s personal data:

The data provided by you will be processed to allow you to use the information service that the site offers in relation to the topics and purposes that Servizi Diagnostici S.r.l. deals with.

This information service may also take place via newsletters or email to promote initiatives undertaken by our company, or to promote conferences or studies, and in-depth analyses on topics of our interest, even if coming from third parties.

The information we send may also be of a commercial nature, without prejudice to the need for your explicit consent, which can be revoked at any time.

Furthermore, the processing of your data may also be aimed at fulfilling civil, fiscal, accounting, and administrative management obligations based on any applicable regulations.

Processing will be carried out both manually and with the aid of IT tools, always in compliance with the provisions of Article 32 of the GDPR. Personal data collected with this registration may be processed by authorized data processors assigned to manage the requested services and marketing activities.

The IT systems and software procedures used to operate this website may acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

Visiting and consulting the Website generally do not involve the collection and processing of the user’s personal data, except for navigation data and cookies as specified on the website.

This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses. Additionally, personal data voluntarily provided by the user may be processed when they interact with the Website’s functionalities or request to use the services offered on the Website (e.g., via email, by filling in the appropriate fields, etc.).

For more information, please consult our cookie policy at the following link (insert Iubenda link here).

All this data is processed, for the strictly necessary time, solely for the purpose of obtaining anonymous statistical information on the use of the site and to check its regular operation.

The data could be used to ascertain responsibility in case of hypothetical cybercrimes against the website by the competent authorities and/or in any case if requested and/or acquired by them.

As a rule, the Data Controller does not ask the Data Subject to provide so-called “special categories of data,” meaning, as provided for by the GDPR (Art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a physical person, data concerning health or a person’s sex life or sexual orientation.

However, such data may be voluntarily provided by the Data Subject (in particular in the dedicated “quote” section of the site).

The provision of data is:

  • mandatory for data identified as “mandatory fields”, and any refusal to provide such data will result in the non-execution of the requested service.

  • optional for data identified as “optional fields”; any failure to provide such data will not affect the provision of the service.

User data will be processed on the basis of a legitimate interest of the Data Controller, in fulfillment of legal obligations, or with the consent expressly given by the user, where required.

In particular, the Data Subject’s data may be processed for:

a) requesting information/informative material and sending applications

The processing of the Data Subject’s personal data takes place to carry out preliminary and consequent activities related to the request for information and/or sending of informative material.

The legal basis for such processing is the fulfillment of services related to the request for information and/or sending of informative material, and compliance with legal obligations.

b) IT security

The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its suppliers (third parties and/or recipients), the Data Subject’s personal data related to traffic to the extent strictly necessary and proportionate to ensure the security of networks and information.

The legal basis for such processing is compliance with legal obligations and the Data Controller’s legitimate interest in carrying out processing aimed at protecting company assets and the security of its systems.

Data may be communicated to:

  • controlled and affiliated companies, private entities, associations, foundations, non-profit organizations, legal entities, partnerships or capital companies, sole proprietorships exclusively for purposes related to the provision of the service you have joined;

  • private entities and legal persons carrying out instrumental activities connected to or supporting those carried out by Servizi Diagnostici S.r.l. for the execution of operations or services you have joined, who will act as independent data controllers for the data provided;

  • public bodies and organizations that have, by law, regulation, or community directive, an obligation or right to know them.

In accordance with EU Regulation 2016/679, personal data is stored and retained for the time strictly necessary for the purposes and specific objectives for which it is collected and, in any case, for the period indispensable to comply with contractual and legal obligations, unless the Data Subject explicitly expresses their wish to remove them.

In particular, they will be retained for the entire duration of the processing and, in any case, no longer than a maximum period of twelve months from its termination.

It should also be added that, in the event that a user forwards personal data to the Data Controller that is not requested or not necessary for the execution of the requested service, the Data Controller cannot be considered the controller of this data and will proceed with its deletion as soon as possible.

Once processing needs cease, the data is deleted and/or destroyed.

The Data Controller is Servizi Diagnostici S.r.l. – via Gaetano Doninzetti, 14 – 00041 Ciampino (Rome) – e-mail: “fornitori@servizidiagnostici.com” The Data Protection Officer is domiciled for the position at the aforementioned headquarters of Servizi Diagnostici S.r.l.

The Data Controller assumes no responsibility for untrue data provided directly by the user, nor in the event that data concerning them has been provided, even without their consent or against their will, by a third party.

User data will not be transferred outside the European Union.

Should this become necessary, we will ensure that the recipient, acting as data processor, complies with the provisions of the GDPR, including the rules specifically dictated for the transfer of personal data to third countries, guaranteeing that such transfers occur on the basis of an adequacy decision or the signing by the processor of standard contractual clauses for data protection approved by the European Commission.

All information on the transfer of personal data to third countries can be requested by contacting the Data Controller at the addresses indicated in the previous paragraph 7.

  1. In accordance with the provisions of Chapter III, Section I, GDPR, the Data Subject may exercise the rights indicated therein and in particular:

The Right of access (Art. 15 GDPR), which consists of obtaining confirmation as to whether or not personal data concerning you is being processed and, if so, receiving information relating to:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.

Right to rectification (Art. 16 GDPR) – which consists of obtaining, without undue delay, the rectification of inaccurate personal data concerning you and the completion of incomplete personal data, also by providing a supplementary statement.

Right to erasure (Art. 17 GDPR) (“right to be forgotten”) – which consists of obtaining, without undue delay, the erasure of personal data concerning you if one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the Data Subject withdraws consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a), and where there is no other legal ground for the processing;
  • the Data Subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the Data Subject objects to the processing pursuant to Article 21(2);
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of EU Regulation 2016/679.

Right to restriction of processing (Art. 18 GDPR) – which consists of obtaining restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
  • the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • although the Data Controller no longer needs the personal data for the purposes of the processing, they are required by the Data Subject for the establishment, exercise or defence of legal claims;
  • the Data Subject has objected to processing pursuant to Article 21(1) of EU Regulation 2016/679 pending the verification whether the legitimate grounds of the Data Controller override those of the Data Subject.

Right to data portability (Art. 20 GDPR) – The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller without hindrance from the Data Controller.

Right to object (Art. 21 GDPR) – The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6(1)(e) or (f), including profiling based on those provisions. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.

  • Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Where the Data Subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  • In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the Data Subject may exercise his or her right to object by automated means using technical specifications.
  • Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the Data Subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Automated individual decision-making, including profiling (Art. 22 GDPR) – The Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Right to lodge a complaint with the supervisory authority – To lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), Piazza Venezia 11, 00187, Rome (RM) – Italy.

The Data Subject may exercise their rights by sending a written communication to the contact details indicated in paragraph 7 – Data Controller.

The exercise of your rights as a data subject is free of charge pursuant to Article 12 of the GDPR.

The Data Subject may revoke consent to the processing of their personal data at any time by sending a communication using the methods indicated above in point 10.