Centro Eudermia - Dermatology and Aesthetic Medicine in Cagliari

    Privacy Policy

    Data Controller

    Centro Eudermia - Dr. Alessandra Guicciardi

    c/o EUDERMIA, Edificio Y

    Via Filippo Figari, 7

    09131 Cagliari (CA)

    Italy

    Email: [to be added]

    Telephone: [to be added]

    Last updated: [publication date]

    This privacy policy describes how the personal data of users browsing the website dermatologocagliariguicciardi.com and of those who request treatments and services at Centro Eudermia are processed. This notice is provided pursuant to Regulation (EU) 2016/679 ("GDPR") and to Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 ("Privacy Code").

    1. Data Controller

    The data controller is Dr. Alessandra Guicciardi, as legal representative of Centro Eudermia, with registered offices at Via Filippo Figari, 7 - 09131 Cagliari (CA), Italy. For any matter concerning the processing of your personal data, you may contact the data controller by writing to [email to be added].

    2. Data Protection Officer (DPO)

    [To be defined with the DPO if appointed, pursuant to Art. 37 GDPR. Healthcare facilities that process health data on a large scale may be required to appoint a DPO. Once appointed, the DPO's contact details will be provided in this section.]

    3. Types of Data Processed

    The data controller processes the following categories of personal data:

    3.1 Browsing data

    The IT systems and software procedures that operate the website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified data subjects, but which, by its very nature, could allow users to be identified through processing and association with data held by third parties.

    This category of data includes IP addresses, the type of browser used, the operating system, the domain name and the addresses of the websites you arrived from (referrer URLs), information about the pages visited by users within the site, the time of access, the time spent on each page, the analysis of the internal path, and other parameters relating to the user's operating system and IT environment.

    3.2 Data provided voluntarily

    If you choose to send us WhatsApp messages or emails, or to use any contact form on the site, we will receive the sender's address, which is necessary in order to respond to your request, along with any other personal data contained in the message.

    3.3 Health data (special category pursuant to Art. 9 GDPR)

    Health data are processed exclusively within the doctor-patient relationship, at the practice, during specialist consultations, and within the medical record systems of Centro Eudermia. The website does not actively collect health data: we ask you not to send health information via WhatsApp, email or other unsecured channels, but to discuss this information in person during your appointment.

    4. Purposes and Legal Basis of Processing

    Personal data are processed for the following purposes:

    #PurposeLegal Basis
    aProvision of healthcare services (diagnosis, treatment, follow-up)Art. 9(2)(h) GDPR — purposes of preventive medicine, diagnosis, treatment
    bCompliance with legal obligations (tax, healthcare, accounting)Art. 6(1)(c) GDPR — legal obligation
    cResponding to enquiries sent via WhatsApp, email or site formsArt. 6(1)(b) GDPR — performance of pre-contractual measures
    dBrowsing statistics (in aggregated and anonymous form)Art. 6(1)(f) GDPR — legitimate interest
    eAny informational communications (newsletter, updates) — only with prior consentArt. 6(1)(a) GDPR — consent

    5. Methods of Processing

    Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific technical and organisational security measures are adopted to prevent the loss of data, unlawful or improper use and unauthorised access, in accordance with Art. 32 GDPR.

    The processing of health data takes place under strict confidentiality protocols, with access limited to authorised personnel and in accordance with the guidance of the Italian Data Protection Authority (Garante) on the processing of health data by healthcare professionals.

    6. Retention Period

    Personal data are retained for the following periods:

    • Browsing data: a maximum of 12 months, unless required to investigate criminal offences
    • Data relating to enquiries (email, WhatsApp): for the time necessary to handle the request, and subsequently for a maximum of 24 months
    • Medical records and health data: for the period required by Italian legislation on healthcare documents, generally no less than 10 years from the date of the last treatment, in accordance with the guidelines of the Italian Ministry of Health and the Data Protection Authority
    • Tax and accounting data: for the period required by Italian tax legislation, generally 10 years

    7. Communication and Disclosure of Data

    Personal data will not be disclosed or communicated to third parties except in the cases provided for by law or for the performance of the requested services. In particular, data may be communicated to:

    • Practice staff who are duly authorised and trained
    • Analysis and pathology laboratories for treatments requiring histological or laboratory tests
    • Consultant specialists for cases requiring a multidisciplinary assessment, always with your prior consent
    • Technical service providers for the website (hosting, maintenance) — these parties are appointed as data processors pursuant to Art. 28 GDPR
    • Competent authorities for legal obligations or upon their express request

    Data are not transferred outside the European Union, except in specific documented cases and subject to the adoption of adequate safeguards pursuant to Arts. 44-50 GDPR.

    8. Your Rights

    As a data subject, you have the right to:

    • Access your personal data (Art. 15 GDPR)
    • Rectification of inaccurate data or completion of incomplete data (Art. 16 GDPR)
    • Erasure ("right to be forgotten") in the cases provided for (Art. 17 GDPR)
    • Restriction of processing in the cases provided for (Art. 18 GDPR)
    • Data portability in a structured and readable format (Art. 20 GDPR)
    • Object to processing for reasons connected to your particular situation (Art. 21 GDPR)
    • Withdraw consent at any time, without affecting the lawfulness of processing based on consent given before its withdrawal
    • Lodge a complaint with the Supervisory Authority (the Italian Data Protection Authority, www.garanteprivacy.it)

    To exercise your rights, you may contact the data controller using the details provided in section 1.

    9. Cookies

    For detailed information about the cookies used by this website, please see our Cookie Policy.

    10. Changes to this Privacy Policy

    The data controller reserves the right to amend this privacy policy at any time. Changes will be published on this page and, where relevant, communicated by email to registered users. We recommend that you check this page from time to time to stay up to date.

    This privacy policy has been drafted in accordance with Regulation (EU) 2016/679 (GDPR) and Italian personal data protection law.