Rev. 1 – May 25, 2018
MediMatic, in order to protect the security and privacy of your personal data, conducts its business in compliance with the European General Data Protection Regulation (EU) 679/2016 (GDPR) and applicable national law on data privacy protection and data security. This document intends to help you understand what data MediMatic Srl, together with its subsidiaries (MediMatic AS and MediMatic Inc), may collect, use and share and how such data is protected to avoid unauthorized use.
MediMatic, to the extent necessary, collects, processes, registers, stores and transfers Personal Data provided offline through Forms or online through Websites and/or Applications while, for example, but not limited to: visiting the Websites; using Applications; filling in offline or online registration Forms; contacting customer service; reporting non-compliance; submitting job applications; clicking on social media buttons; providing feedback; answering to surveys and other activities.
MediMatic can collect Personal Data on a consent basis or without the consent of the involved Data Subject if: a) a legal obligation must be fulfilled; b) a contract in which the Data Subject is party has to be performed or will be performed; c) there are legitimate interests, public interests or vital interests to protect that prevail on the rights of the involved Data Subject; d) an authority has requested MediMatic to process Personal Data.
MediMatic can ask you to provide, depending on the purpose of each Processing and to the extent necessary, different kind of Personal Data including, but not limited to, name, surname, date and place of birth, title, address, telephone, mobile, email address, language, country, nationality, identity card, driver’s license number, national registration number, passport number, curriculum information, employer, occupation, client number, credit card, preferences, interests, feedbacks.
MediMatic may also use Personal Data you provided to third parties, for example to service providers, or Personal Data that fall within the public domain such as commonly acknowledged Personal Data, Personal Data visible on your own website or blog or posted on your publicly accessible social media profile.
Purpose of Use
The personal data indicated above may be used for a variety of purposes. For example, but not limited to: Bookkeeping and Accounting; Customer Management; Supplier Management; Payroll Management; Quotations and Sales; Request for Proposals and Purchase Orders; Contracts; Customer Service; Customer Maintenance and Monitoring Activities; Promotional Events; Direct Marketing; Quality Management and Improvement; Recruitment and Selection; Legal Claims and Disputes; Fraud or Crime Prevention.
Personal Data from Websites and Applications
The Websites may use third party search engine and web analytics services. These services use “cookies” to help the website analyze how you are using it. The information generated by the cookie about your use of the website will be transmitted to and stored by such third party servers and this information will be used for the purpose of evaluating your use of the website, compiling reports on website activity for the website operators and providing other services relating to website activity and internet usage. This information may also be transferred to other third parties, where required to do so by law, or where such third parties further process the information. By using the website, you consent to the processing of data about you in the manner and for the purposes set out above.
MediMatic Srl Web sites can contain links to other Web sites. MediMatic Srl is not responsible for the privacy practices or the content of other Web sites.
Disclosure to Third Parties
For the above purposes, MediMatic may need services, counselling and/or assistance from third parties. In this regard, to the extent necessary, we can transmit or disclose Personal Data we collected to any natural person or legal entity, to subcontractors and Business partners that are third parties with respect to MediMatic.
Except in case of legitimate interest of the third party, MediMatic will make sure to have in place a data processing agreement with such third party under the provisions of Regulation (EU) 679/2016 (GDPR), asking the third party to comply with the principles and the provisions of the same Regulation and to align on appropriate security standards.
MediMatic uses your Personal Data to the extent necessary and only with the aim of pursuing the purposes described above. Once the aim no longer exists, we commit to delete the Personal Data, unless archiving them is required by law, at international, European or national level.
The personal data that we collect from you may be transferred to, and stored outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for MediMatic or for one of our suppliers, in which case the third country's data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place.
The reference criteria for storing your Personal Data is the legal retention period. The period can be longer where needed for the exercise of our rights.
Rights of the party concerned
If you have any questions about the protection of your Personal Data or the exercise of your rights as listed below, you can contact us at any time by writing to MediMatic Data Protection Officer. MediMatic will need to verify your identity in as much detail as possible, in order to avoid that someone else tries to exercise your rights. You will therefore be asked to provide a valid identification document when making such a request.
You have the right to ask us not to process your personal data for marketing purposes. Where you have consented to us using your personal data, you can withdraw that consent at any time.
If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.
Where you have provided your data to us through electronic means and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine-readable format.
If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. Unless no impediment or incompatibility arise according to law or legitimate interests, you can also ask us to erase your Personal Data.
Data Protection Officer
The contact details of MediMatic’s Data Protection Officer are:
|Address:||(to the attention of) Data Protection Officer
Viale Cembrano 4C
16148 Genova, Italy
Complaints may be filed with MediMatic in writing, addressing the communication to MediMatic’s Data Protection Officer or directly with the Supervisory Authority. Individuals will not be retaliated against by MediMatic for filing a complaint.
Through its Website or Applications MediMatic does not process any Personal Data of natural persons aged under 16, neither does it make commercial offers to or tries to contact them, unless their legal representative has consented.
MediMatic has implemented adequate security measures in order to maintain integrity and security and prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed, in line with the European General Data Protection Regulation (EU) 679/2016 (GDPR).
Changes to Data Protection Policy
MediMatic regularly seeks to improve their efforts in protecting Personal Data. This Data Protection Policy can be changed or updated in light of upcoming legislations, both at international, European and national level. MediMatic will inform you of all substantive changes of this Data Protection Policy via offline or online means.
You can always find the most recent version of our Data Protection Policy available at www.medimatic.com/global/privacy-policy.