PRIVACY POLICY FOR THE PRIVATE AREA OF THE WEBSITE www.esaote.com/en-GB
- Introduction
Welcome to the Privacy Policy for the Private Area of the website www.esaote.com/en-GB (hereinafter “Private Area”). This document, prepared in compliance with Articles 13 of the General Data Protection Regulation (Regulation (EU) 2016/679, hereafter “GDPR”), outlines how your personal data is processed within this site section. This Policy applies exclusively to data processing activities within the Private Area and does not cover other website pages or external website accessible from links within this site section.
The section is intended for users who are at least 18 years old. By navigating the Private Area, users confirm that they meet this age requirement.
- Who is the controller of your personal data?
The data controller is Esaote S.p.A. (hereinafter, “Controller”, “Company” or “Esaote”), headquartered in Genova (GE), Via E. Melen n. 77, VAT No. 05131180969. Please contact us at [email protected].
- Who is the Data Protection Officer?
A Data Protection Officer (“DPO”) has been appointed and can be reached for further information about personal data processing at [email protected].
- What data we do collect and process?
- Data related to registration to the Private Area
Through the registration form for the Private Area, users are required to provide personal data such as first name, last name, country, email address, access password, main field of activity, clinical sector, area of interest.
- Data related to registration to the Private Area
- What do we do with the information we collect about you?
- Registration and access to the Private Area
Purpose: to allow users to register and manage their own account in the Private Area and access dedicated content. Providing personal data for this purpose is entirely optional; however, failure to do so will prevent registration access.
Lawful basis: performance of a contract to which the user is a party (Article 6(1)(b) GDPR).
Retention period: personal data is retained until the account is deleted, which users can do by emailing [email protected]. Upon account closure, data is retained for an additional period necessary to fulfil legal obligations and for the time frame allowed to assert legal claims, as determined by the statutory limitation periods under applicable Italian Civil Code provisions (Articles 2946 and following - e.g., up to 10 years).
- Direct Marketing
Purpose: to send commercial and promotional communications via email related to the products and services offered by the Controller. Providing personal data for this purpose is entirely optional and does not affect the enjoyment of the services available in the Restricted Area.
Lawful Basis: user consent (art. 6(1)(a) GDPR).
Retention Period: personal information is retained until consent is withdrawn, which can be exercised by contacting the data Controller at [email protected]. In any case, personal data is automatically deleted after 24 months from the user’s last interaction with the company’s content.
- Profiled Marketing
Purpose: to send personalized commercial and promotional communications based on user interest. Providing personal data for this purpose is entirely optional and does not affect the enjoyment of the services available in the Private Area.
Lawful Basis: user consent (art. 6(1)(a) GDPR).
Retention Period: personal information is retained until consent is withdrawn, which can be exercised by contacting the data Controller at [email protected]. In any case, personal data is automatically deleted after 24 months from the user’s last interaction with the company’s content.
- Compliance
Purpose: to meet legal obligations and regulatory requirement, including allowing users to exercise their privacy rights.
Lawful Basis: compliance with legal obligations to which the Controller is subject (art. 6(1)(c) GDPR).
Retention Period: personal information is retained for the duration required by applicable legal obligations.
- Exercise and defence of rights in judicial proceedings
Purpose: to prevent fraud and protect Esaote’s rights in legal proceedings.
Lawful Basis: legitimate interest of the Controller (art. 6(1)(f) GDPR).
Retention Period: personal information is kept for the entire litigation, extending until the expiration of appeal possibilities.
- Registration and access to the Private Area
- To whom we disclose or share your personal information?
Personal data can be shared with the following recipients:- Third parties acting as data processors, such as: (i) service providers for website and Private Area development; (ii) entities delegated to perform technical maintenance activities on the Private Area; (iii) individuals, companies, or professional firms providing assistance and consulting services to Esaote.
- Authorities or third parties where disclosure is mandated by law, including law enforcement agencies, regulatory bodies, or other governmental entities for compliance with legal obligations or as necessary to prevent or detect fraud.
- Who are the subjects authorized to process?
Personal data can be processed by the personnel and operators of the Company in charge of pursuing the purposes mentioned above, who have been expressly authorized to process by the Controller, have received appropriate operational instructions, and are bound by professional secrecy.
- How is Personal Information transferred internationally?
Data may be transferred outside the European Economic Area, with compliance ensured through adequacy decisions, standard contractual clauses, or other legal mechanisms. For more information contact [email protected].
- What are your rights and choices?
Users can exercise their rights by contacting [email protected], including access to the personal data, deletion or rectification, erasure, restriction, objection on legitimate interest grounds, and data portability, if technically feasible.
Consent can be withdrawn at any time, contacting [email protected]. However, it should be noted that the withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.
Users also have the right to file a complaint with the competent Supervisory Authority, pursuant to Article 77 of the GDPR, if data processing is suspected of violating regulations.