Privacy Policy about Medical Expo

In compliance with the obligations deriving from the European Regulation for the Protection of Personal Data n. 679/2016 GDPR and the national legislation on the protection of personal data, below you can find all the information related to the processing of your personal data.

We would like to clarify that the processing of your data takes place in compliance with the law.

 

1. On what occasions does this information apply?

This information is directed to you, if you have requested information and / or a quote of our products, by filling out a form on a third-party site that promotes our products.

 

2. Who do we get your data from?

We have received your data from third-party companies, which promote our products through their site. Your data is transferred to us only if you have specifically requested a quote on one of our products or if you have requested the sending of our price list.

We carefully evaluate the legitimate acquisition and transfer of data by our suppliers, if you do not show any interest in the products that we offer, we will immediately delete your data from our database.

 

3. Why do we process your data?

Based on the preferences you indicated in the form you filled out, we will process your data for one or more of the following purposes:

  1. To allow you to receive (by post, by e-mail or by telephone) communications about our products, our promotions and our activities in general (marketing);
  2. To allow us to further personalize the promotion and newsletter services, by sending you targeted and relevant content (profiling).

 

4. What data do we process?

To enable you to receive the above services, we collect and process your:

(a) personal data such as name and surname, email, professional qualification;

(b) any company or body of origin to which it belongs to;

(c) telephone number;

(d) type of areas or products of interest or previously purchased products.

 

5. On what legal basis can we process your data and for how long do we do it?

Purpose Legal basis Retention time
1.

 

 

2.

The treatment for the purpose n. 1 is justified by the need to implement pre-contractual measures adopted at your own request (Article 6 Lett b) GDPR);

The treatment for the purpose n. 2. it is justified by the pursuit of our legitimate interest to offer you additional products, in line with those already of your interest, after evaluating the balance of your interests, fundamental rights and freedoms (soft spam) (Article 6 Letter f) GDPR) .

 

The processed data will be kept for the time necessary to process your request for a quote.

The processed data will be kept until you notify us that you no longer want to be contacted and in any case no later than 5 years from the collection of your consent.

 

 

 

In the event that the data, collected for the aforementioned purposes, must be processed for the further purpose of protecting our rights in court, the processing, which will be based on our legitimate interest, after balancing your interests, rights and freedoms fundamental, will take place for as long as necessary to pursue the purposes described.

The data may be transmitted to the Authorities, if requested by them. In this case, the Authorities will operate as autonomous Controllers and the transfer will take place on the basis of legal obligations.

 

6. How and where do we process your data?

Your data is processed according to the principles of correctness, lawfulness and transparency, always protecting your privacy and your rights.

The treatments will take place with means (physical and technological) suitable to guarantee security and confidentiality at all times, according to company best practices.

For the management of preferences and for sending communications aimed at pursuing the aforementioned purposes, we use the Customer Relationship Management Software (CRM) offered in cloud computing by Salesforce.com Italy S.r.l., a company of the Salesforce Group. com, Inc.

The Data we process through CRM is stored in two data centers owned and managed by Salesforce, located in geographically distinct locations, to ensure greater security and constant data availability.

Salesforce data centers are located within and outside the European Union and their location can be changed over time at Salesforce’s discretion. To check the location of Salesforce data centers, you can consult the link.

 

Salesforce is committed with us to guarantee, pursuant to Art. 46 GDPR, adequate security standards, including measures for the secure transmission and storage of data, as well as the physical protection of their servers, adopting binding corporate rules and signing a specific legal act according to the standards of the European Commission and based on to the rulings of the European Court of Justice (Shrems II).

Salesforce, as External Data Processor and its selected suppliers, has the possibility to access the data of the interested parties to improve and refine their services, for example to solve technical problems, to refine the sending procedures or for commercial purposes, in order to geographically locate the area from which the recipients of the e-mails come.

However, Salesforce will not use your information to contact them directly, nor will it send it to third parties.

It is important that you know that, every time you select LINK to subscribe, edit and unsubscribe, contained in the emails, a direct link is activated to the Salesforce site on whose navigation data management practices we have no responsibility. If you want to know how your browsing data is collected and processed by Salesforce, please consult the Salesforce Privacy Policy at the following link.

7. What happens if you do not communicate your data or do not give consent to the processing?

The provision of personal data is necessary for the purposes indicated above.

Below we explain what happens if you do not communicate your data:

Data Type

Personal data, name, surname, email and / or telephone number, professional qualification

Company or body of origin,

Type of areas or products of interest, activities carried out, emails read.

 

 

Consequences

We will not be able to provide you with the services you have requested.

No consequences in relation to the provision of the services requested by you.

We will not be able to customize the services offered to you.

 

8. Which are the categories of data subjects who access your data?

Within the limits of the obligations, purposes and tasks indicated above, your data:

  • will be processed exclusively by our employees, collaborators, suppliers, consultants and professionals, expressly appointed by us, subject to the assignment of specific instructions necessary for compliance with the legislation on the protection of personal data. The updated list of the categories of data processors and persons in charge of processing is kept at our registered office, at your disposal.
  • Together with the selected external managers we use, we take appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of your data.

Your data may be communicated by us to our distributors, based on the geographical area from which you contact us and always within the limits where this is necessary for the pursuit of the aforementioned purposes or to comply with legal obligations. Our distributors will operate as independent Data Controllers.

 

9. Is your data processed with automated processes?

The profiling process takes place in a fully automated manner, and has the sole purpose of offering you targeted promotions or information. Profiling takes place on the basis of the selected or purchased products, the emails found and the information you provide by completing the surveys we propose.

Following an evaluation of the consequences of the profiling activity, we have considered that these do not produce legal effects, nor significantly affect your person or your rights, also because, at any time, you can ask to be deleted from our lists without prejudice to the legitimate processing of data carried out before your cancellation.

 

10. What are your rights?

You can, at any time, exercise your rights, as provided by the GDPR and by the locally applicable legislation, in particular with regards to the Legislative Decree 196/2003 and subsequent amendments, most recently referred to in the Legislative Decree 101/2018.

Specifically, you have the right to access your personal data; to obtain the correction or cancellation of the same or the limitation of the processing that concerns you; to oppose the treatment; to data portability; to withdraw consent, where this is the legal basis of the processing (the withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the withdrawal); to lodge a complaint with the supervisory authority (for Italy, the supervisory authority is the Guarantor Authority for the protection of personal data). The exercise of the aforementioned rights may take place by sending a request to the references indicated in this statement.

You have the right to check and change your preferences at any time, as well as to communicate that you no longer want to receive our communications of our products, by clicking on the appropriate buttons at the bottom of each email received.

In this case, your profiling data will be anonymized with a secure process managed by our supplier Salesforce and stored anonymously.

 

11. Procedures for exercising the right

You can exercise your rights at any time, referred to in point 6 above, by sending:

  • a registered letter with return receipt to Sentinel CH. S.p.A. Via Robert Koch 2 P IVA 07118040158.
  • an e-mail to sentinel@pec.sentinel.it.

 

12. Owner, managers and agents

The Data Controller is Sentinel CH. S.p.A., with registered office in Milan, Via Robert Koch 2 VAT number 07118040158 e-mail sentinel@pec.sentinel.it

The updated list of data processors and persons in charge of processing is kept at the registered office of the Data Controller.