INFORMATION pursuant to art. 13 of Regulation (EU) 2016/679 (hereinafter “GDPR”)
Dear Sir / Madam,
pursuant to Article 13 of the GDPR, we inform you that Panathleticon Medicina dello Sport S.r.l. (hereinafter “Panathleticon”) as Data Controller and the certifying Doctor, as as Data Processor, will process – for the purposes and methods set out below – the personal data you have provided or transmitted by the sports club you belong to, or acquired during any visits, analyzes, diagnoses, and / or therapies.
In particular, the following personal data will be:
a) personal and identification data (name and surname, date and place of birth, residence, telephone and fax numbers, email, tax code and / or VAT number, membership, membership company);
b) health data required for ascertaining medical fitness for competitive and non-competitive sports, provided for by Ministerial Decrees 18.02.1982, 04.03.1993, 24.04.2013, by Law no. 125 of 30.10.2013, by the D.M. 08.08.2014 and by further national and regional legislation in force and subsequently intervened, as well as more generally those acquired in the fulfillment of medical services performed in your favor;
c) biological samples;
d) other health data voluntarily provided by you relating to your state of health;
e) health data contained in the medical history sheet that is administered to you.
1. Legal basis and purpose of the processing
1.1. The treatments aimed at:
– carry out the medical sports assessments prescribed by the national and regional health regulations in force, including specialist visits that may become necessary, for the issue the prescribed suitability;
– manage the contractual, accounting, administrative and health profiles of the service provided (the use of fixed and mobile users or email addresses communicated by you, to remind you, fall within these purposes (via phone calls or SMS or e-mail) dates and deadlines of health visits);
– manage the health file and, where required, the production of diagnostic reports;
– manage the expiration / setting or cancellation of medical examinations, through the contact on the mobile (also via SMS) or fixed users indicated by you;
are based on your consent and on the obligations referred to in the aforementioned legislation to protect the health of the person.
1.2. The treatments aimed at updating you (via newsletter to the e-mail address provided) on the activities and services offered, as well as providing you with information on correct lifestyles are well founded on your consent.
2. Processing methods
The processing of your personal data is carried out, also with the aid of electronic means, by means of the operations indicated in art. 4 of the Code and art. 4 n. 2) GDPR and precisely: the treatment personal data may consist of the collection, registration, organization, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
In this regard, we represent to you how the structure has appointed a Medical Director, in the person of Dr. Fabio Faiola, who, on the basis of this assignment, supervises the management of your data in accordance with current legislation that governs its activity.
3. Mandatory nature of the conferment
The provision of data for the achievement of the purposes referred to in point 1.1. is required. Any refusal will not allow the provision of the requested health service, nor the issue of the medical certification required under the relevant health legislation, nor updating on any deadlines for scheduled visits.
The provision of data to achieve the purposes referred to in point 1.2 is optional.
4. Scope of data communication
4.1. Personal data may be disclosed to:
– Public structures (ATS for territory and Region) for the obligations required by sector regulations.
The personal data referred to in letters a) and c) may be disclosed to:
– the analysis laboratories, which carry out analytical tests on behalf of the Data Controller.
Personal data, limited to the certificate of suitability for competitive and non-competitive sports, will be communicated to your sports club for the purposes of the law. Any unfitness / suspension of sports activity pending investigations, will be communicated without any reference to the pathologies found or clinical diagnoses.
The data referred to in point a) will be transmitted to legal advisors, in the event of disputes, and tax consultants for legal obligations.
4.2. The above data will be transmitted to scientific research bodies in the statistical, epidemiological, biomedical or clinical fields or for scientific publications.
4.3. The above data will be transmitted to the U.O. Prevention of the General Health Department for the obligations referred to in the above-mentioned regulations.
4.4. The personal data you provide will not be disseminated.
5. Transfer of data abroad
5.1. Personal data are stored on servers located in Italy. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In that case,
The Data Controller ensures from now on that the transfer of data outside the EU will take place in accordance with the applicable legal provisions and in particular those referred to in Title V of the GDPR.
5.2. Your data will not be transferred outside the EU.
6. Data retention period
Your data will be kept for the period necessary to achieve the purposes for which they were acquired and in accordance with the specific provisions of the law in this regard. The test on the obsolescence of the data being processed with respect to the purposes for which they were collected and processed is carried out periodically.
7. Holder of the treatment
Panathleticon Medicina dello Sport S.r.l. – Via Aldo Moro, 14 25124 Brescia (BS) – tel. 030/2424969
8. Responsible for data protection
The undersigned company has appointed the D.P.O. can be contacted by email at the address: dpo@panathleticon.it.
9. Rights of the interested party
At any time you will be able to know the data concerning you, know how they were acquired, check if they are exact, complete, updated and well kept, to receive the data in a structured, commonly used and readable by automatic device, to revoke any consent given in relation to the processing of your data at any time and oppose in all or in part, to the use of the same and to lodge a complaint with the Guarantor for the protection of personal data.
These rights can be exercised through a specific request to be sent by registered letter – or certified email – to the Data Controller.