Privacy Policy
1. PURPOSES AND METHODS OF PROCESSING
Any data gathered will be acquired in compliance with current regulations and will be processed for institutional purposes related and/or instrumental to the provision of access to the website www.yushuhealthcare.com including any additional services requested by the user, in particular:
to perform a service (such as full access to the functions of the website). To this end, the data may be communicated to third parties whose cooperation Yushu Healthcare S.r.l. may and/or is required to avail itself of for the fulfilment of the aforementioned purposes. It is, however, possible to consult the website without providing any personal data, although certain functions may not be available and certain services may not be provided, as explained and specified as appropriate in this privacy policy.
b) to comply with general legal obligations.
c) for Yushu Healthcare S.r.l. internal operational and management requirements and regarding the services and/or products offered.
In the event of the explicit and optional granting of consent, the data will be processed for marketing and/or commercial promotion purposes, including the sending of printed and/or digital advertising material relating to the services and/or products offered by Yushu Healthcare S.r.l. All profiling activity is excluded.
The data will be processed in a lawful and correct manner and used exclusively for the purposes set out in the preceding paragraphs; please also refer to Art. 5 for further details. The data will be processed using instruments that guarantee the security and confidentiality of the same, using paper and/or automated tools to store, manage and transmit the data. The data will be stored for the period of time prescribed by law. Data subjects whose data will be processed will be able to exercise their right to be forgotten as provided for in article 17 of the G.D.P.R. 2016/679.
2. NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF REFUSING TO PROVIDE THEM
Consent to the processing of data for the purposes set out in article 1 paragraphs 1 and 2 is compulsory exclusively for the purposes indicated in relation to each service, subject to the provision of information in the manner established by law. In other words, the consequences of any refusal to answer or to grant consent are always made explicit and are related to each service rendered. For instance, refusal to grant consent for relative processing may prevent consultation of the website with all its functions (in the case of cookies), receipt of the newsletter (in the case of the newsletter service) or receipt of advertising material (in the case of article 1, paragraph 2). Therefore, the user is informed in a manner appropriate to each specific case, but in any case they may consult the website even if they deny consent to the processing of personal data where required; in this case, certain functions or features may be disabled.
3. DATA CONTROLLER
On consulting this website and using one or more services, data relating to identified or identifiable persons may be processed. The data controller is Yushu Healthcare S.r.l., with registered offices in Turin, Corso Re Umberto no. 8, postal code 110121, Tax Code and Enrolment in the Business Register no. TO – 1318809 09208340019 – VAT No. 12824390012
4. PLACE WHERE DATA ARE PROCESSED
Processing related to the web services referred to on the website www.yushuhealthcare.com are carried out at Yushu Healthcare S.r.l. headquarters, except in the case of explicit exceptions, and is carried out exclusively by the technical staff of Yushu Healthcare S.r.l. responsible for processing. The website hosting service is provided by Kinsta Inc, which guarantees Yushu Healthcare S.r.l. compliance with the regulations in force for matters within the scope of its responsibility. Data will be processed and stored within the EU. Data acquired via the web, or in any case deriving from web services, may be communicated to technological and instrumental partners that the Data Controller uses to provide the services requested by users/visitors.
5. TYPES OF DATA PROCESSED/SPECIFIC FORMS OF PROCESSING
Different types of personal data may be processed in accordance with the service provided. Specific information regarding each form of processing can be found in this article. Data subjects are invited, in particular, to read article 7 (“Rights of data subjects”).
5.1 Navigation data
The computer systems and software procedures put in place to render this website functional will, during normal operation, acquire personal data for which transmission is implicit for the navigation of the websites. This information is not collected for the purpose of being associated to identified data subjects; however, due to their nature, they could enable users to be identified through means of processing and association with data held by third parties. This category of data includes IP addresses or the domain names of computers used by users who connect to the website, URL addresses for the requested resources, the time of the request, the method used to make the request to the server, the size of the file received in response, the numerical code indicating the status of the response provided by the server and other parameters relating to the operating system and the platform adopted by the user.
The aforementioned data are used solely to gather anonymous statistical information regarding the use of the website and in order to monitor its correct functioning and are cancelled immediately after being processed. The data may be used to ascertain responsibility in the case of any information technology offences committed against the website. However, save for this situation, web contact data are not held for more than seven days. With reference to cookies, please refer to paragraph 5.3.
5.2.1 Data voluntarily provided by the data subject (communications)
The optional, explicit and voluntary sending of communications by means of contact forms on the website or by email to the addresses indicated on this website entails the subsequent acquisition of the data communicated by the sender, including their email address and Curriculum Vitae (if sent), as well as consent to receive messages in response to their requests. Enquiries may also be made by telephone to the numbers indicated on the website.
Personal data provided in this way are used solely for the purpose of fulfilling or responding to requests submitted and are only disclosed to third parties if this is necessary for said purpose.
5.2.2 Data provided voluntarily by the data subject (to receive communications for marketing and/or promotional purposes)
Each data subject may voluntarily provide their personal data to Yushu Healthcare S.r.l. in order to receive commercial or promotional communications in any form, by both physical and digital means. In every communication, the data subject is reminded that they may withdraw consent at any time by informal request. Data are deleted at the request of the data subject.
6. UPDATES TO THE PRIVACY POLICY
This Privacy Policy may be amended, also as a result of changes in laws or regulations, technological developments or the provision of new services or modifications to services already rendered. Data subjects are therefore invited to periodically consult the Privacy Policy of Yushu Healthcare S.r.l.
7. RIGHTS OF DATA SUBJECTS
An individual is considered identifiable (DATA SUBJECT) where they can be directly or indirectly identified, with particular reference to an identifier like name, an ID number, location data, an online identifier or to one or more characteristic elements of the individual’s physical, physiological, genetic, psychological, economic, cultural or social identity (article 4, paragraph 1 of the G.D.P.R. 2016/679). Data subjects have the right to obtain, at any time, confirmation of the existence or otherwise of said data and to be informed of their content and origin, to verify their accuracy or to request that they be completed, updated or rectified. (article 12 of the G.D.P.R. 2016/679). In accordance with the same Article, users have the right to request deletion, anonymisation or blocking of processed data found to be in violation of legislation, and, in any event, to oppose the processing of data, for legitimate reasons. At the end of this privacy policy, the full text is provided for article 12 of the G.D.P.R. 2016/679.
Requests are to be made:
– by email to: info@yushuhealthcare.com or
– by post to Yushu Healthcare S.r.l. Via Cavour n. 21, 10123 Turin.
Article 12
Transparent information, communication and modalities for the exercise of the rights of the data subject.
The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
The controller shall facilitate the exercise of data subject rights under Articles 15 to 22. In the cases referred to in Article 11(2), the controller shall not refuse to act on the request of the data subject for exercising his or her rights under Articles 15 to 22, unless the controller demonstrates that it is not in a position to identify the data subject.
The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Information provided under Articles 13 and 14 and any communication and any actions taken under Articles 15 to 22 and 34 shall be provided free of charge. If the Data Subject’s requests are unfounded or excessive, in particular due to their repetitive character, the controller may either:
a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
b) refuse to act on the request.
The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.
Without prejudice to Article 11, where the controller has reasonable doubts concerning the identity of the natural person making the request referred to in Articles 15 to 21, the controller may request the provision of additional information necessary to confirm the identity of the data subject.
The information to be provided to data subjects pursuant to Articles 13 and 14 may be provided in combination with standardised icons in order to give in an easily visible, intelligible and clearly legible manner a meaningful overview of the intended processing. Where the icons are presented electronically they shall be machine-readable.
The Commission shall be empowered to adopt delegated acts in accordance with Article 92 for the purpose of determining the information to be presented by the icons and the procedures for providing standardised icons.