Privacy Policy

WHY THIS NOTICE
This page describes the management procedures of the website www.busattawellness.it (hereinafter referred to as the “Website”) as regards the processing of personal data acquired from website users. This information notice is provided pursuant to art. 13 of the EU Regulation 2016/679 (hereinafter referred to as the “Regulation”) to users interacting with the Website.
This privacy statement applies exclusively to the above-mentioned website and not to other websites that the users may access through hypertext links. By reading this policy, users will be informed of the terms and purposes of the collection and processing of personal data provided while browsing the Website.

THE DATA CONTROLLER
As a consequence of the use of this Website, personal information concerning identified or identifiable people might be collected and processed by the data controller. The personal data controller is the company Medpools srl, with registered office in via Carlo Rosselli, 2 36061 Bassano del Grappa VI Italia, that independently decides the terms and purposes of the data processing. In order to allow the users to access and use the Website and/or the service requested through the Website, personal data may be also processed by individuals appointed by Medpools srl as “Data Processors”.

TYPES OF DATA PROCESSED
The contents of this Website are intended for information only and sometimes are interactive (e.g.: newsletter subscription, uploading of purchase orders). While navigating the Website, information on the user might be acquired, such as, in particular:
- Navigation data
Information systems and software procedures used to operate the Site, during the normal course of operation, acquire some personal data whose transmission is implicit in the communication protocols of the Internet.
This category of data includes IP addresses, browser type, operating system, domain name and website addresses from which the site has been accessed, information on the pages entered or exited by the users within the site, access time, navigation length on each page, clickstream analysis and other parameters regarding the operating system and the user IT environment.
These technical information data are collected and used by the data controller in an aggregate and non-identifying form and may be used for the purposes of ascertaining responsibility in the event of hypothetical IT crimes jeopardising website security.
- Data provided voluntarily by the user
These are all personal information freely provided by the Website users to register and/or access a restricted area, to request information on a specific product or service and/or write to an e-mail address. In this case, the personal data shall be processed only after provision of the privacy policy to the user, in compliance with art. 13 of the EU Regulation and relating to the type of service requested through the Website that requires processing of personal data.
Medpools srl does not use cookies or other user profiling tools on this website.
For further information, please see our cookie policy.

DATA PROCESSING PROCEDURES
Data shall be mainly processed by using electronic procedures and media.
Personal data shall be processed by the data controller only for the provision of the service requested. The processing of personal data shall have a duration equal and not longer than the period of time necessary, as set out in the Recital 39 of the regulation, i.e. until the termination of the existing contractual relations between the data subject and the data controller, without prejudice to a further period of storage that may be required by law as provided for in the Recital 65 of the Regulation.

REDIRECTING TO EXTERNAL SITES
Medpools srl has implemented c.d. “social plugins” within its website. The social plugins are special tools that allow to embed social network features directly in the Website (e.g. Facebook “I like” feature).
All social plugins of the Website are marked with the relevant proprietary logo of the social network platform.
Upon visiting a page on our website and interacting with the plug-in (e.g. by clicking the “I like” button), or when you decide to leave a comment, the relevant information is sent by the browser directly to the social network platform and stored by the same.
For any information relating to the purposes, type and procedures of collection, processing, use and storage of personal data by the social network platform, as well as to know the procedures to exercise your rights, please see the privacy policy of each social network.

LINKS TO THIRD PARTY WEBSITES
Through this Website users can connect by means of specific links to other third party websites.
In this regard, it should be noted that Medpools srl must not be held responsible for any processing of personal data by third party websites and/or any management of the authentication credentials provided by third parties.

DATA SUBJECT’S RIGHTS
In accordance with article 15 of the Regulation, data subject is entitled to access his/her personal data, to ask for their amendment and updating in case they are incomplete or incorrect, to request their deletion if collected in breach of law or regulation and to object to their processing on legitimate grounds.
Here below we include a list of all rights that can be exercised at any time towards the data controller and/or the joint controllers:
- Right of access; pursuant to article 15, paragraph 1 of the Regulation, shall mean the right to receive confirmation by the data controller of the processing of personal data and in such case to have access to these personal data and to the following information: a) the purposes of the data processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or shall be disclosed in particular the recipients in third countries or international organisations; d) when possible, the foreseen legal storage period of personal data or if it is not possible, the criteria used for determining this period of time; e) the existence of the right of the user to request from the controller access to and rectification or erasure of personal data or restriction of processing of the personal data concerning the data subject or to oppose their processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of an automated decision-making process, including the profiling referred to in article 22, paragraphs 1 and 4, of the Regulation and at least in such cases, relevant information on the logic used as well as the importance and the consequences of such processing for the data subject. All this information can be found in the privacy policy that shall be always available in the section Privacy of the Website.
- Right to rectification: shall mean the right to obtain the correction, in compliance with article 16 of the Regulation, of any inaccurate personal data, taking into account the purposes of the data processing. Furthermore, the data subject shall have the right to obtain the completion of incomplete personal data, even by submitting a supplementary statement.
- Right to erasure: shall mean the right to obtain deletion of personal data without undue delay, in compliance with article 17, paragraph 1 of the Regulation. Furthermore, the data controller shall be required to cancel the personal data of the data subject, on the grounds of even one or more of the following reasons: a) personal data are no longer necessary in relation to the purposes for which they have been collected or otherwise processed; b) the data subject has withdrawn his/her consent to the processing of his/her personal data and there is no legal basis for their processing; c) the data subject objected to the data processing in compliance with article 21, paragraph 1 or 2 of the Regulation and there in no other prevailing legal ground for the processing of personal data; d) personal data have been unlawfully processed; e) it is required to delete personal data to comply with a legal obligation set out by the EU regulation or a provision of national law. In some instances, as provided for in article 17, paragraph 3 of the Regulation, data controller is entitled not to delete the personal data of the data subject when such processing is required to exercise, for example, the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, for purposes of archiving in the public interest, of historical and scientific research or for statistical purposes, to establish, exercise or defend a right in a legal claim pending before a court.
- The right to the restriction of personal data processing: shall mean the right to obtain the restriction of the processing pursuant to article 18 of the EU Regulation, where one of the following conditions is met: a) the data subject has contested the accuracy of his/her personal data (the restriction will continue for the period required by the data controller to verify the accuracy of those personal data); b) the processing of personal data is unlawful and the data subject doesn’t oppose their erasure and requests the restriction of their use instead; c) the controller no longer needs them for the accomplishment of its tasks but they have to be maintained for purposes of proof, to exercise or defend a right in a legal claim pending before a court; d) the data subject has objected to the processing of personal data pursuant to article 21, paragraph 1, of the EU Regulation, pending the verification whether the legitimate grounds of the controller override those of the data subject. In the event of restriction of processing, personal data shall, with the exception of storage, only be processed with the data subject's consent or for purposes of proof, to exercise or defend a right in a legal claim pending before a court, or for the protection of the rights of another natural or legal person or for reasons of substantial public interest.
- Right to personal data portability: shall mean the right to request at any time and obtain, in compliance with article 20, paragraph 1 of the EU Regulation, all personal data processed by the data controller and/or by joint data controllers in a structured, readable and commonly used format and to have them transmitted to another controller without any hindrance. In this case, the data subject concerned shall provide full identification details of the new data controller to whom he/she intends to transfer his/her personal data with his/her express written consent.
- Right to object to data processing: shall mean the right, pursuant to article 21, paragraph 2, of the EU Regulation and to Recital 70, to object at any time to the processing of his/her personal data when they are processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
- Right to lodge a complaint with a Supervisory Authority: shall mean the right to lodge a complaint with the Personal Data Protection Supervisor, without prejudice to any available administrative or judicial remedy, where the personal data processing carried out by the data controller and/or the joint data controllers, is considered in breach of the EU Regulation and/or the applicable provisions of law.

EXERCISE OF DATA SUBJECT’S RIGHTS
In order to exercise the above-mentioned rights, please contact the data controller and/or the joint data controllers as follows:

Medpools srl
via Carlo Rosselli, 2
36061 Bassano del Grappa VI
Tel. +39 0424 504994