This Policy is aimed at illustrating the means and purposes of the processing of personal data carried out by Lynkeus, in its quality of data controller (hereinafter ‘Lynkeus’ or the ‘Controller’), through the website www.myhealthmydata.eu (hereinafter the ‘Website’).
The processing of the User’s personal data will take place in compliance with the applicable data protection legislation, with particular regard to the Regulation (EU) 2016/679 (the ‘GDPR’) concerning the protection of natural person with regard to the processing of personal data, as well as free movement of such data.
1. DATA CONTROLLER
The Controller is Lynkeus S.r.l., with registered offices in Via Livenza n. 6, Rome (00198).
2. THE WEBSITE
This Website aims to provide information regarding MyHealthMyData (hereinafter ‘MHMD’), a project funded by the European Union’s Horizon 2020 research and innovation programme.
It has been designed in order to minimize the collection and the processing of Users’ personal data, as well as to exclude the processing of such data in all cases when the purposes described below can be achieved with different and more privacy-preserving means.
3. CATEGORIES OF PERSONAL DATA COLLECTED
Traffic and Internet data
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes, among others, IP addresses, browser type, operating system, the domain name and website addresses from which the User logs in or out, the information on pages visited by User within the Website, the time of access, time period of User’s staying on a single page, the internal path analysis and other parameters regarding the User’s OS and computer environment.
These technical / IT data are collected and used only in an aggregated and not immediately identifiable manner. They could be used to ascertain responsibilities in case of crimes against the Website, or upon public authorities’ request.
Personal data provided by the User
The provision of personal data by the User (e.g. name, surname, email address, etc.) implies the acquisition of such data by Lynkeus and their subsequent processing for the sole purposes set out below.
4. PURPOSE AND LEGAL BASES OF THE PROCESSING
The User’s personal data will be processed by the Controller solely for the following purposes:
- allowing the User to easily and correctly navigate the Website. This processing is necessary to run the Website and to allow the User to access its contents, according to Art. 6.1, b) of the GDPR;
- fulfill any request made by the User through the contact form available on the Website. This processing is needed to provide the Users with the information they have directly requested, according to Art. 6.1, b) of the GDPR;
- complying with the obligations set forth by applicable laws and regulations and to ascertain responsibilities in case of any computer crimes against the Website. As this processing is mandatory by law, User’s consent is not required according to Art. 6.1, c);
- delivering the MHMD newsletter to the User. As this processing is optional, User’s consent must be acquired before processing the User’s personal data for this purpose.
5. METHODS OF THE PROCESSING, DATA RETENTION AND DATA SECURITY
The personal data are collected and processed lawfully and fairly, solely for the purposes described above and in accordance with the fundamental principles established by the applicable legislation.
Personal data may be processed either manually, through information technology tools or electronically, but always under technical and organizational measures that enable ensuring their security and confidentiality, especially for the purposes of preventing any risk arising from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data.
The processing operations will be carried out only by persons who have been duly authorized and instructed by the Controller.
6. COMMUNICATIONS TO THIRD PARTIES
The personal data collected by the Controller will not be shared or communicated to third parties, unless upon specific consent of the data subject or as otherwise required by applicable laws.
Should the communication to third-party suppliers or partners of Lynkeus (e.g. service providers, hosting providers, IT companies, communication agencies) be necessary for organizational, administrative or support needs, it will be the Controller’s responsibility to appoint such parties as data processors by virtue of the capacity, experience and reliability demonstrated.
It remains understood that the Users’ personal data can be made available to third parties, such as competent and police authorities, whenever this is required by applicable law or by an order issued by them.
7. DATA RETENTION
The personal data will be kept in a format that allows User’s identification only for the time strictly necessary to fulfill the purposes for which the data have been originally collected and, in any case, within the limits set forth by applicable laws and regulations, as well as to enforce or protect the rights of the Controller, where necessary.
In particular, the data provided by the User in relation to MHMD newsletter will be retained for a maximum of 24 months.
When no longer necessary, the data will be immediately cancelled or made anonymous.
8. TRANSFER OF DATA ABROAD
The User’s personal data will not be transferred outside the European Economic Area (hereinafter, the ‘EEA’).
In any case, should a transfer of the data outside the EEA become necessary in the future, it will be carried out in accordance with the provisions of the GDPR and the User will be timely informed about this processing.
9. REDIRECT TO OTHER WEB SITES
The Website incorporates links which allow the User to connect to other websites run by third parties. The Controller assumes no responsibility regarding the processing of personal data which may take place through and/or in connection with third-parties’ websites.
Therefore, each User who accesses such web pages and/or social platforms through the Website must carefully read the relevant privacy policies in order to better understand how their personal data will be processed by the third parties which, as autonomous controllers, will provide and manage such websites.
10. DATA SUBJECTS’ RIGHTS
In compliance with applicable law, Users can exercise their rights at any time, including:
- accessing their personal data, obtaining evidence of the purposes pursued by the Controller, the categories of data involved, the recipients to whom they may be disclosed, the applicable storage period, the existence of automated decision-making processes;
- having incorrect personal data referred to them rectified without delay;
- having their data erased in the cases provided for by the law;
- obtaining restrictions to processing, where possible;
- requesting portability of the data provided to the Data Controller, e. receiving them in a structured, commonly used and machine-readable format, also for transmitting such data to another controller, without any hindrance by the Controller, in all situations where it is required by the law in force;
- objecting to the processing of their data for marketing and commercial purposes;
- easily withdrawing any consent they have previously given, without this affecting in any manner the lawfulness of the processing operations carried out before;
- lodging a complaint to the data protection Supervisory Authority (please, find here the list of the Data Protection Authorities in Europe).
To exercise these rights, or for any further information and/or clarifications, please write to the Controller, by sending an email to firstname.lastname@example.org.