This document (‘Privacy Policy’) aims to illustrate the processing operations carried out by Orthofix S.r.l., in its quality as data controller (hereinafter the ‘Controller’ or ‘Orthofix’) pursuant to the data protection legislation in force, including Regulation (EU) 2016/679 (the ‘GDPR’) and any applicable national laws, by means of the personal data collected in connection with the registration of the users to the webinars organized by or on behalf of Orthofix (the ‘Webinars’), both on proprietary or third parties’ platforms.
Due to the professional and high-specialized nature of the Webinars, the users to whom this Privacy Policy is addressed are mainly healthcare professionals (‘HCPs’). Nonetheless, the information provided herein shall apply to anyone who registers, or attempts to register, to the Webinars (including the HCPs, the ‘Participants’).
The processing of Participants’ personal data will take place in full compliance with the applicable data protection legislation.
In order for a User to enroll for a Webinar and allow the Controller to ascertain the latter’s identity, the User will be required to register and provide the following personal data: name, surname, place of work/hospital, city, region, country, email, professional profile, specialty (where requested).
Moreover, the User will have the possibility to send written requests of information to Orthofix, via dedicated forms, in which no more data will be requested than those indicated above, or by writing to specific email addresses managed by the Controller.
In case of refusal to provide such data, Orthofix may find itself in the impossibility to satisfy the User’s requests, or provide the latter with the services requested (including allowing his/her registration to the Webinars).
In any case, Orthofix will never request/collect particular categories of personal data.
The Users’ personal data identified above will be processed by Orthofix for the purposes of:
The User is entitled to withdraw at any time the consent given in relation to the activities described under d) and e) above, it being understood that any processing operations carried out until the moment of such withdrawal shall remain fully lawful and valid.
Should the data be collected in the future also for purposes other than those described above, it will be duty of Orthofix, on one hand, to provide adequate information to the Users relating to such new purposes in order to enable transparency and user awareness and, on the other hand, ensure that a valid legal basis (such as the data subject’s consent) exists, where needed, to undertake the relevant processing activities.
The personal data are collected and processed lawfully and fairly, exclusively for the above purposes and in accordance with the fundamental principles established by the applicable legislation, with special regard to the GDPR.
Processing operations may take place both manually and electronically, in any case under technical and organizational measures that ensure the security and confidentiality of the data, especially in view of reducing the risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to the Users’ personal data.
The processing will be carried out, under the authority of the Controller, only by people who have been duly authorized to access and process the data in accordance with the instructions provided for by Orthofix, on a need-to-know basis, and the applicable data protection laws and regulations.
Subject to lett. c) and e) above, the Users’ personal data will not be shared with third parties.
Should the data be made available by Orthofix to any other third-party suppliers or partners (such as service or hosting providers, IT companies, communication agencies, or else) in order to enable them to perform specific services connected to or necessary for the fulfilment of the purposes listed above, it will be responsibility of the Controller to appoint such third parties as data processor by virtue of their capacity, experience and reliability and to provide them with specific instructions regarding the security of the data, according to Art. 28 of the GDPR. The updated list of data processors can be accessed at any time by sending a written request to Orthofix, as specified below.
It remains understood that Users’ personal data must be communicated to third parties, such as public or judicial authorities, to comply with their binding orders and requests, as well as with applicable legal provisions.
Personal data will be kept in a format that allows the identification of the Users for no longer than necessary to fulfill the purposes for which the data have been originally collected.
In more detail:
Subject to the above, the Users’ personal data will be kept in identifiable form for those further periods which are required or expressly permitted by the applicable laws, e.g. in order to fulfil orders issued by competent Authorities, as well as to enforce or protect the rights of the Controller (consistent with the retention periods and statutes of limitations provided for by the law).
As soon as no longer necessary in accordance with the above, the data will be cancelled or anonymized.
Given the international nature of Orthofix’s business activities, the data may be transferred and so processed abroad, still for the sole purposes described above, by the companies belonging to Orthofix Group which are established inside the European territory (mainly in France, Germany) and outside the territory of the European Union (mainly in the UK, U.S. and Brazil).
In all cases, should the data be transferred to other non-EU countries, the relevant transmission will be subject to specific data protection guarantees, as required by the law, e.g. through the adoption of Standard Model Clauses as approved by the European Commission, or other equivalent safeguards.
The User can at any time exercise his/her rights in accordance with the applicable data protection legislation, including:
To exercise these rights, or for any further information and/or clarifications, please write to privacy@orthofix.it.
The Data controller is Orthofix S.r.l., a company duly incorporated under Italian law, with registered at Via Vittor Pisani no. 16, Milan (Italy).
The Controller shall have the right to amend and/or integrate this Privacy Policy over time in order to comply with new legal provision and/or include new services. For this reason, each User is invited to periodically visit this page.
Below is highlighted the date when the last version of this policy has been uploaded.
I have read and understood the Privacy Policy above and, therefore, I hereby consent to the processing of my personal data by Orthofix S.r.l.:
I consent I do not consent
I consent I do not consent
Last Update: 01/07/2020
Want more info about upcoming events, resources and customized training possibilities?