Xgate Privacy Policy
Pursuant to Article 13 of Legislative Decree No 196/2003 of 30 June, (the ‘Privacy Code’) and Article 13 of Regulation (EU) 2016/679 (the ‘GDPR’), Axenso S.r.l. (the ‘Controller’), with a registered office address at Via Gallarate 106, Milan, informs you that the personal data (the ‘Data’) you have provided in the centralised registration procedure on its various sites and apps (‘Xgate’) will be processed in accordance with the Code and the GDPR as described below.
Purpose of information
The present document aims to describe the procedures used to manage centralised registration on the Controller’s various sites and access to the range of digital services offered, in terms of processing the personal data of Users interacting with the relevant services offered by the Controller. The information is also provided pursuant to Article 13 of the Privacy Code, Article 13 GDPR and any Measures issued by the Data Protection Authority and Recommendations by the EU personal data protection authorities, met as the Working Party referred to in Article 29 of Directive No 95/46/EC. Information on data processing is provided only in relation to processing by the Controller through its own site and does not extend to processing by any third parties that might be consulted by the User via links. Axenso S.r.l. accepts no responsibility in relation to such processing, the User having to consult the individual privacy polices of such third-party sites. Users must read the present Privacy Policy carefully before providing their data, which supplements the content of the individual privacy polices present in the relevant sites/apps.
Nature of the data
Data that can be collected by the Controller are ‘common’ data, in other words information on your professional work, as well as personal details, the province where you are registered as a doctor and your registration number, specialisation, e-mail, etc. as given in the registration form, as well as contact information, including telephone number, for the purposes of checking and authenticating your professional profile. The Controller will under no circumstances collect sensitive information that can be related to your patients.
Purpose and methods of processing
Processing of your data will involve collection, recording, organisation, storage, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and distribution in such a way as to ensure their integrity and confidentiality by adopting the most advanced security tools. Processing will also be carried out electronically for the following purposes: a) allowing you to complete central registration on the various sites managed by the Controller, in order to facilitate access to professional content intended for professional Users; b) centralised authentication and registration for web and mobile (Single Sign On), including recovery of passwords used for accessing the Controller’s digital services; c) subscription to the individual services offered by the Controller through the individual sites/apps for which specific information is provided by the privacy policies of the individual sites/apps; d) sending of medical-scientific information or other pertinent details (e.g. congresses, seminars, conventions); e) sending of medical-scientific publications; f) market research and statistical analysis, using anonymous or aggregated data; g) fulfilling obligations laid down by the applicable laws, regulations, Community rules or by an order of the Supervisory Authority (such as accounting or tax disclosure obligations); h) exercising the rights of the Controller, for example the right of defence in court.
Personal data will be processed by the Controller for the time strictly necessary to achieve the above purposes, in any case not exceeding 10 years from the end of the service.
Centralised registration procedure (Xgate)
The aim of this procedure is to offer Users a single solution for accessing and availing of the services offered by the Controller and the scientific content available through its sites/apps. The User therefore has the option of registering once only and using the credentials created to access content on the Controller’s various sites/apps. Access to the sites is granted only to doctors and health professionals, and User checking and authentication procedures are also carried out to ensure that only professional Users register.
Once the registration form has been completed with the required data, a message will be sent to the e-mail address provided asking the User to confirm registration via the link provided in the e-mail (confirmed opt-in). After confirmation, registration will continue with cross-checking of the credentials provided by the User by accessing data in public registers (e.g. professional associations), followed up in all cases by a telephone call.
Centralised management of data collected through the sites/apps (Xgate)
As stated, the personal data provided during registration or visits to the Controller’s various sites/apps will be managed centrally, so as to enable single management of Users’ profiles and easier control over provision and use of their data. Data collected by the Controller and centralised in this manner can be used to fulfil specific User requests regarding the services and projects offered by the Company, and also, subject to the User’s specific consent, for profiling and medical-scientific information activities.
Medical-scientific information and profiling activities
Data collected centrally by the various sites/apps can be processed by the Controller, subject to the User’s consent, for sending material containing medical-scientific information (e.g. professional publications, invitations to events, etc.) via e-mail or by automated means. Consent is requested at the end of the registration form. Failure to provide consent will not affect registration for the sites/apps and the User can avail of their services.
To enable the User to refuse mailings easily, all communications relating to new services and functions offered by the Company will enable the User to unsubscribe from all similar communications in the future, obviously without affecting their ability to avail of the requested services.Furthermore, data collected may be used to improve the range of services and the medical-scientific information offered by Axenso S.r.l., making them more focussed on and relevant to the User's professional work. Processing of data for profiling is optional and will only be carried out where Users specifically consent to such processing at the end of the registration form.
For medical-scientific information and profiling purposes, personal data will be processed by the Controller for the time strictly necessary to achieve the above purposes, in any case not exceeding two years from the end of the service.
Users are also informed that they can exercise the rights referred to in Article 7 of the Privacy Code and Article 15 GDPR in relation to profiling activities, as further detailed below.
Scope of data disclosure
Date can be disclosed, solely for the above-mentioned purposes, to the following categories of entity:
(i) the Controllers’ parent companies, subsidiaries or related companies; (ii) persons, enterprises, associations or professional firms providing services or assistance to and engaged in consultancy work for Axenso S.r.l. (iii) companies assisting the Controller to manage sites/apps and related databases; (iv) entities entitled to access the data under primary or secondary legislation or under measures issued by the authorities authorised by law for the purposes, including Farmindustria. Such entities will use the data in their capacity as Controllers and/or Processors.
They can also access the data by virtue of being appointed by the Controller to perform certain processing operations, either as internal staff, acting in the capacity of persons in charge of processing and/or processors, for managing the relationship concluded between us, or external entities, acting in the capacity of processors and/or controllers.Personal data are stored on servers located outside the national territory. It is in any case acknowledged that the Controller, whenever necessary, will be entitled to move the servers to non-EU areas. In such cases, the Controller hereby warrants that the transfer of the data outside of the EU will be performed in accordance with the applicable laws, subject to the standard contractual provisions laid down by the European Commission.
Users provide their data on an optional basis; however any refusal to provide the data requested in the registration from will make it impossible to complete Axenso registration. Granting of consent for medical-scientific information and profiling activities is optional and failure to give such consent will not affect the User’s ability to use the services offered through the Controller’s sites/apps.
Controller
The Controller is Axenso S.r.l. with a registered office in Milan, in the person of its pro-tempore authorised representative.
An updated list of Processors and persons authorised for processing is kept at the Controller’s registered office.
Data subject’s rights
You are entitled at any time, including for the purposes of profiling activities, to exercise your rights under Article 7 of the Privacy Code and Article 15 GDPR, specifically the rights:
i. to obtain confirmation as to whether or not personal data concerning you exist, even if they have not yet been registered, and their disclosure in intelligible form;
ii. to obtain information on: a) the origin of the personal data; b) processing purposes and methods; c) the logic applied in case of treatment by means of electronic instruments; d) the identity and the contact details of the Controller, the Processors and the designated representative referred to in Article 5(2) of the Privacy Code and the Article 2(1) GDPR; e) entities or categories of entity to whom the personal data may be disclosed or who may have access to them as the designated representatives in the national territory, as Controllers or as Processors;
iii. to obtain: a. updating, rectification or, where it is in their interest, completion of the data; b) erasure, anonymisation or blocking of data that have been processed unlawfully, including data the storage of which is unnecessary for the purposes for which they have been collected or subsequently processed; c) certification to the effect that the operations under letters a) and b) have been notified, also with regard to their content, to the entities to whom the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
iv. to object, in whole or in part: a) to the processing of their personal data on legitimate grounds, even where the data are relevant to the purposes for which they have been collected; b) to the processing of their personal data in cases where they are used for advertising communication or directs sales or market surveys or commercial communication, by means of automated calling systems without human intervention, by e-mail and/or by means of traditional marketing methods by telephone and/or print mail. Please note that the data subject’s right of objection under point b) above, for direct marketing purposes using automated means extends to traditional methods, notwithstanding the data subject’s entitlement to exercise their right of opposition only in part. Therefore, the data subject can decide to receive communications by traditional or by automated means only, or to receive neither type of communication.
Where applicable, data subjects also have the rights referred to in Articles 16 to 21 GDPR (the right to rectification, the right to be forgotten, the right to restriction of processing, the right to data portability and the right to object), as well as the right to lodge a complaint with the Supervisory Authority.
You can exercise the above-mentioned rights at any time by sending:
– a registered letter with conformation of delivery to Axenso S.r.l.
– Operating headquarters – 106 Via Gallarate – 20151 Milan
– an e-mail to privacy@axenso.com