Privacy Policy

The purpose of this document is to inform the individual (hereinafter “Data Subject”) regarding the processing of their personal data (hereinafter “Personal Data”) collected by the data controller:

DOCTORFLORENCE H24, with registered office at PIAZZA DELL UNITA ITALIANA 7 – 50123 FIRENZE, CF/VAT number 07140570487, email address, (hereinafter “Controller”), through the website DOCTORFLORENCE H24 (hereinafter “Application”).

Changes and updates will be binding as soon as they are published on the Application. In the event of non-acceptance of the changes made to the Privacy Policy, the Data Subject is required to cease using this Application and may request the Controller to delete their Personal Data.

Categories of Personal Data processed The Controller processes the following types of Personal Data voluntarily provided by the Data Subject:

Contact details: name, surname, address, email, telephone, images, authentication credentials, any further information provided by the Data Subject, etc. Employment relationship data: data entered in the curriculum vitae, data relating to the spouse or children, social security data, etc. The Controller processes the following types of Personal Data collected automatically:

Technical data: Personal Data produced by devices, applications, tools, and protocols used, such as information about the device used, IP addresses, type of browser, type of Internet service provider (ISP). This Personal Data may leave traces that, especially if combined with unique identifiers and other information received from servers, can be used to create profiles of individuals. Application browsing and usage data: such as visited pages, number of clicks, actions performed, session duration, etc. Data relating to the exact location of the Data Subject: for example, geolocation data that precisely identifies the Data Subject’s location, which can be collected via satellite network (e.g., GPS) and other means, collected with the prior consent of the Data Subject. The Data Subject can revoke consent at any time.

Failure by the Data Subject to provide Personal Data for which there is a legal or contractual obligation, or where they constitute a necessary requirement for the conclusion of the contract with the Controller, will result in the Controller being unable to establish or continue the relationship with the Data Subject.

The Data Subject who provides the Controller with Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication, or dissemination.

Cookies and similar technologies The Application uses cookies, web beacons, unique identifiers, and other similar technologies to collect the Data Subject’s Personal Data on the pages, links visited, and other actions performed when the Data Subject uses the Application. They are stored to be transmitted upon the Data Subject’s subsequent visit. The complete Cookie Policy can be viewed at the following address: xxxxx

Legal basis and purposes of processing The processing of Personal Data is necessary:

for the performance of the contract with the Data Subject, specifically: fulfillment of any obligation arising from the pre-contractual or contractual relationship with the Data Subject support and contact with the Data Subject: to respond to the Data Subject’s requests for legal obligation purposes, specifically: fulfillment of any obligation provided for by current regulations, laws, and regulations, in particular, in tax and fiscal matters on the basis of the Controller’s legitimate interest, for: email marketing purposes of the Controller’s products and/or services to directly sell the products or services of the Controller using the email provided by the Data Subject in the context of the sale of a product or service similar to that subject of the sale statistical purposes with anonymous data: to carry out statistical analyses on aggregated and anonymous data to analyze the behaviors of the Data Subject, to improve the products and/or services provided by the Controller and better meet the expectations of the Data Subject on the basis of the Data Subject’s consent, for: profiling of the Data Subject for marketing purposes: to provide the Data Subject with information about the products and/or services of the Controller through automated processing aimed at collecting personal information with the aim of predicting or evaluating their preferences or behaviors retargeting and remarketing: to reach with a personalized advertisement the Data Subject who has already visited or shown interest in the products and/or services offered by the Application using their Personal Data.

The Data Subject can opt-out by visiting the page of the Network Advertising Initiative marketing purposes of the products and/or services of the Controller: to send commercial and/or promotional information or materials, to carry out direct sales activities of the products and/or services of the Controller or to carry out market research through automated and traditional methods detection of the exact location of the Data Subject: to detect the presence of the Data Subject, to check access, times, and the presence of the Data Subject in a certain place, etc. On the basis of the Controller’s legitimate interest, the Application allows interactions with external platforms or social networks whose processing of Personal Data is governed by their respective privacy policies to which reference should be made.

The interactions and information acquired by this Application are in any case subject to the privacy settings chosen by the Data Subject on such platforms or social networks. This information – in the absence of specific consent to processing for further purposes – is used solely to enable the use of the Application and provide the requested information and services.

The Personal Data of the Data Subject may also be used by the Controller to defend themselves in court before the competent judicial authorities.

Methods of processing and recipients of Personal Data The processing of Personal Data is carried out using paper and computer tools with organizational methods and logics strictly related to the purposes indicated and by adopting adequate security measures.

Personal Data is processed exclusively by:

persons authorized by the Data Controller who have undertaken to maintain confidentiality or have an adequate legal obligation of confidentiality; subjects who operate autonomously as distinct data controllers or by subjects appointed as data processors by the Controller in order to carry out all processing activities necessary to pursue the purposes set out in this information notice (e.g., business partners, consultants, IT companies, service providers, hosting providers); subjects or entities to whom it is mandatory to communicate Personal Data by law or by order of the authorities. The aforementioned subjects are required to use appropriate guarantees to protect Personal Data and may only access those necessary to perform the tasks assigned to them.

Personal Data will not be indiscriminately disclosed in any way.

Location Personal Data will not be subject to any transfer outside the territory of the European Economic Area (EEA).

Retention period of Personal Data Personal Data will be kept for the period of time necessary to fulfill the purposes for which they were collected, in particular:

for purposes related to the execution of the contract between the Controller and the Data Subject, they will be kept for the entire duration of the contractual relationship and, after termination, for the ordinary prescription period of 10 years. In the event of judicial proceedings, for the entire duration thereof, until the expiration of the terms for the lodgment of actions for challenge for purposes related to the legitimate interest of the Controller, they will be kept until that interest is fulfilled for compliance with a legal obligation, by order of an authority and for judicial protection, they will be kept in compliance with the timeframes provided for by said obligations, regulations, and in any case until the expiry of the prescription period provided for by the laws in force for purposes based on the Data Subject’s consent, they will be kept until the consent is revoked At the end of the retention period, all Personal Data will be deleted