PRIVACY POLICY BIOGEA-ADITECH

Dear User, DIGI SAN S.r.l. and ADiTech S.r.l. have entered into a partnership to enhance the healthcare services offered to our users. As of today, you can measure and collect biometric parameters conveniently in a single device and have them automatically stored. But before proceeding, have you read and accepted everything found in the privacy section of the website (https://biogea.net/privacy)?

INFORMATION NOTICE PURSUANT TO EU REGULATION 679/2016

PREMESSE

Dear User,
With this information notice, the Data Controller, as defined below, wishes to explain the purposes for which your personal data is collected and processed, the categories of data involved, the rights granted to you under data protection regulations, and how to exercise them.
The Data Controller of your personal data is DIGI SAN S.R.L., with its registered office at Via Principe di Piemonte, n. 95 – 86100 Campobasso (CB) Italy. You may contact them at the following: Tel. +39 339-5723922; Certified Email: digisan@pec.it

Purpose, Type of Data Processed, and Legal Basis for Processing

Your personal data is collected and processed for the purposes listed below, with a specification of the type of data processed and the legal basis justifying the processing:

RECIPIENTS

Your data may be sent to the recipients or categories of recipients listed below:
Consultants and freelancers, either individually or in associations; healthcare organizations; medical and paramedical personnel using the Biogea software; public administrations; entities; cloud services. The Data Controller may disclose some of your data to parties engaged to carry out activities necessary for achieving the purposes indicated and described above (entities with which the Controller has entered into contracts for the provision of accounting management services, IT and software support and maintenance, medical services).
The aforementioned entities processing your data on behalf of the Controller have been expressly appointed as Data Processors. Your data will be disclosed to third parties only in cases provided for by law, such as disclosure to facilitate the possible exercise, in civil or criminal proceedings, of the right of defense in the event of unlawful acts, in response to requests from public authorities, and in all cases expressly provided for by applicable legislation.

DURATION OF PROCESSING

Your data will be processed by the Controller only for the time necessary for the above-mentioned purposes, in accordance with the principles of lawfulness, transparency, and fairness. Personal and/or special category data will be stored for civil, accounting, and tax purposes for a period of 10 years from the end of the contractual relationship with the Data Controller.

PROCESSING METHODS

Processing will be carried out through automated processes which do not involve profiling. Data acquisition occurs via Bluetooth connection. To use the App, the user must allow the App to access certain resources on their mobile device, including:

• Bluetooth: to enable the acquisition of vital parameters from the medical device;
• Location (GPS): to enable connection via Bluetooth;
• Network: to verify medical device requirements and for transmission of user and medical data.

Third-party software required for the functioning of the App (e.g., Apple Store, Google Play) may collect data implicitly transmitted through internet protocols, smartphones, and other devices. DIGI SAN S.r.l. is neither the controller nor responsible for this data collection.

TRANSFER OF PERSONAL DATA

Your data will not be transferred to non-EU countries and will be stored on Aruba Cloud and Google Cloud servers located within the European Union.

DATA SUBJECT RIGHTS

As a data subject, you may exercise the following rights at any time:

• Right of access – You have the right to obtain confirmation as to whether or not your personal data is being processed and, if so, to access such data and receive detailed information about the processing;
• Right to rectification – You have the right to request the correction of inaccurate personal data and the completion of incomplete data held by the Controller;
• Right to erasure – In certain circumstances, you have the right to request the deletion of your personal data without undue delay and the Controller is obliged to delete such data without undue delay;
• Right to restriction of processing – Upon the occurrence of certain conditions, you have the right to obtain the restriction of the processing concerning your data, when it is not relevant for the continuation of the contractual relationship or not necessary due to legal obligation;
• Right to data portability – You have the right to obtain the transfer of your data held by us in favor of a different controller;
• Right to object – You have the right to object, at any time and for reasons related to your particular situation, to the processing of your data carried out on the legal basis of legitimate interest, or of the performance of a task in the public interest or in the exercise of official authority, unless there are legitimate grounds for the Controller to continue the processing that override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims;
• Right to lodge a complaint – If you believe that the processing of your personal data infringes applicable data protection laws, you have the right to lodge a complaint with the competent national supervisory authority (https://www.garanteprivacy.it) or with the EUROPEAN DATA PROTECTION SUPERVISOR (https://www.edps.europa.eu).

You may exercise these rights by contacting the Controller at the details provided above.