In accordance with article 13 of the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter “GDPR”), BIOS-THERAPY PHYSIOLOGICAL SYSTEMS FOR HEALTH (hereinafter Bios-Therapy) with registered office in Loc. Aboca 20, Sansepolcro 52037 (AR) – Arezzo Italy, as the Controller, is obliged to provide users with information relating to the personal data processing carried out therein.
This document represents the “Privacy Policy” (subject to appropriate future updates) of this website.
The Data Controller is Bios – Therapy, Physiological Systems For Health S.P.A. located at Loc. Aboca 20, 52037, SANSEPOLCRO (AR).
The DPO is Avv. Giuseppe Serafini. Email: dpo@biostherapy.it.
This document constitutes the "Privacy Policy" of BIOS-THERAPY.
I. – Notices and Protection of Minors.
The processing of personal data will apply the principles of lawfulness, fairness, and transparency. Personal data will be collected for specific, explicit, legitimate purposes (purpose limitation) and will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (data minimization).
They will always be up-to-date and accurate and stored for no longer than necessary for the consultation of this site, except for the fulfillment of legal and fiscal obligations that set longer retention periods (storage limitation). Personal data will be processed by adopting all appropriate security measures to ensure their integrity, confidentiality, and unavailability by unauthorized third parties (integrity and confidentiality).
II. Reference standards and legal grounds for processing.
The processing operations, which we will detail below, are legally based on the rules governing your right to the protection of your personal data, your right to privacy, and finally those that allow you to express or withdraw, at any time, your informed consent to the processing operations, namely:
1. the fulfillment of contractual obligations assumed by BIOS-THERAPY in your favor at the time of site consultation (Art. 6 letter b) of the GDPR);
2. the fulfillment of obligations or orders to which the Data Controller is subject by law or by order of the Authority (Art. 6 letter c) of the GDPR);
3. The legitimate interest of the Data Controller in fraud prevention and the exercise of its economic activity through the best possible organization of its resources (Art. 6, letter f) of the GDPR).
III. – Nature of the data subject to processing.
Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services upon request. In any case – where required by law – you will be asked from time to time for consent to the processing of your personal data. It is possible to navigate the public area of this site without providing any personal information. In this case, BIOS-THERAPY collects only browsing data that do not allow tracing your identity (for more details on the use of cookies for web analysis purposes, see the paragraph of this Privacy and Cookie Policy below).
Such data, which do not allow tracing your identity, are analyzed by BIOS-THERAPY to improve its offer and Services. The personal data you send to BIOS-THERAPY during navigation will be used only to provide the requested functions and Services.
The following categories of personal data concerning you will be or may be processed for the purposes indicated below:
(a). – General personal data and identifying data.
The optional, explicit, and voluntary sending of emails to the addresses indicated on the BIOS-THERAPY sites entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
(b). – Technical processing.
Non-identifying data, automatically recorded by logical protection and access control devices to the domain (LOG FILES), are also processed. Such personal data will be used exclusively for network traffic control towards BIOS-THERAPY domains.
These are information not collected to be associated with identified data subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. These data are used solely to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of any computer crimes against the site: except for this possibility, the web contact data do not persist for more than seven days.
(c). – Cookies.
BIOS-THERAPY processes pseudonymized data and data analysis procedures related to the pages of BIOS-THERAPY domains you visited, detected through cookie files. Through these technologies (which allow understanding your browsing preferences by checking the areas of the domain www.biostherapy.it. already visited), BIOS-THERAPY can customize its services to your needs without making unnecessary registrations. For more detailed information on the use of cookies on the site www.biostherapy.it. you can consult the Cookies Policy available here.
IV. – Sources of data and nature of provision.
We will collect your data, directly from you, through your interactions with this site, as well as from third parties. The provision of your personal data is not generally mandatory but, in some cases, it is necessary, and therefore mandatory, to allow you to use the features of this site.
IV.I – Data which it is necessary to provide.
The provision of certain personal data is necessary, and therefore mandatory, to fulfill your specific requests; you are always free not to provide your personal data, but in this case, it may be impossible for the Data Controller to meet your requests, meet your needs or allow you to use, in their entirety, all the features available on the site www.biostherapy.it.
IV.II – Data which it is optional to provide.
As specified in the previous point, you may choose not to provide some or all of the types of data specified above, but in this case, you will not be able to fully use the features of this site.
V. – Purposes of Processing.
BIOS-THERAPY, in addition to the processing necessary in relation to legal, regulatory, or Authority order obligations, will carry out, exclusively with your consent, if necessary, the functional operations to allow you to benefit from the services present on this site.
VI. – Methods of processing your personal data.
In relation to all the purposes indicated, your personal data will be processed electronically and on paper. The processing of data will be carried out in such a way as to ensure their logical and physical security and confidentiality and may be carried out through manual, electronic, and telematic tools designed to store, transmit and share the data themselves. The logic of the processing will be strictly related to the purposes pursued.
VI.I. – Data security and storage.
Except as specified in the cookie policy, your personal data will be stored within the European Union, and the related security policies are reviewed in accordance with Best Practices in the field.
Traceability of Access and operations. Audit Log. Each access to the data will be recorded in specific Log tables. The related information will contain the timestamp of access, the identifier of the user who accessed the data; the type of data accessed, the owner of the data, the operation performed, the application from which access was made.
VI.II. – Profiling, automated decision-making process.
BIOS-THERAPY will not carry out profiling operations.
VII – Recipients.
The personal data referred to in this information may be known by any Data Processors or Authorized persons:
1. within BIOS-THERAPY, qualified personnel, each limited to their own competencies and tasks and based on the tasks assigned and instructions given;
2. outside BIOS-THERAPY, third parties, also specifically designated as Data Processors – which BIOS-THERAPY uses for various services and exclusively to perform such services – each limited to their own competencies and tasks and based on the tasks assigned and instructions given.
VII.I. – Communication of data (to specific external parties).
BIOS, for ordinary management, accounting, and administrative activities, may communicate your personal data, after obtaining your consent in the manner prescribed by law, where required, in compliance with security measures, to third-party service providers solely to perform the service you requested, such as: – postal service companies, – legal and notary firms, – consultants, also in associated form, – other service companies, as well as to additional subjects in compliance with any legal obligations (such as insurance institutions, police forces, judicial authority, etc.). The list of such subjects to whom the data may be communicated is available at the Data Controller's headquarters.
VIII. – Transfer of personal data abroad.
BIOS-THERAPY does not transfer personal data abroad on its own initiative. However, some third-party service providers may have their servers physically located abroad (as in the case of email providers). In any case, the transfer of data abroad will take place exclusively within the framework and in compliance with EU Reg. 679/2016 Art. 44 et seq., that is, in compliance with the adequacy decisions of the European Commission and, in the absence of an adequacy decision, based on specifically signed standard contractual clauses.
IX. – Withdrawal of Consent, Privacy Enquiries, Access and Reply
Articles 15 to 22, GDPR grant data subjects the exercise of specific rights. Article 15 GDPR recognizes the right of data subjects to access their personal data and obtain a copy. The right to obtain a copy of the data must not infringe the rights and freedoms of others.
With the access request, the data subject has the right to obtain from BIOS-THERAPY confirmation as to whether or not their personal data is being processed and to know the purposes and categories of data processed, the third parties to whom the data are communicated, and whether the data are transferred to a non-EU country with adequate safeguards.
The data subject also has the right to know the retention period of their personal data and has the right to request the rectification of inaccurate data and the integration of incomplete data, the deletion (right to be forgotten) under the conditions indicated by Art. 17, GDPR, the restriction of processing, the withdrawal of consent, data portability, and the right to object, at any time and without having to provide justifications, to processing for direct marketing purposes.
The rights may be exercised by email to the address of the Data Protection Officer of BIOS-THERAPY, or by ordinary mail to the address indicated below. BIOS-THERAPY may need to identify the data subject by requesting a copy of their identity document.
The data subject who believes that the processing of their personal data violates the provisions of the GDPR or national data protection legislation has the right to lodge a complaint with the Data Protection Authority based in Rome, pursuant to Art. 77 GDPR and/or to take legal action.
For the exercise of these rights, or to obtain any other information regarding them and, more generally, the processing of your personal data, requests can be sent via email to the following address: dpo@biostherapy.it – by ordinary mail to Bios – Therapy, Phisiological Systems For Health S.P.A. with registered office at Loc. Aboca n. 20, – 52037 – Sansepolcro (AR), Italy.
X. – Questions About Privacy Access and Response.
If you have questions or wish to have more information about the processing of your personal data or exercise your rights, you can send an email to dpo@biostherapy.it. You can contact us at the same address for answers regarding the management of information by BIOS-THERAPY. Before BIOS-THERAPY can provide or modify any information, it may be necessary to verify your identity and answer some questions. A response will be provided as soon as possible.
XI. – Data Processors.
The complete list of Data Processors is available at the Data Controller's headquarters.
