INFORMATION CONCERNING THE PROCESSING OF PERSONAL DATA
According to the D.
Lgs. 196/2003, adjusted by the D. Lgs. 101/2018 to the GDPR 679/16 EU (Articles 13, 14) 

DATA CONTROLLER

Thema S.r.l.
Via Saragat, 5 40026 Imola (Bo) – ITALY – VAT No. 02770361208
Telephone +39 0542 643496 Email: info@thema-med.com;

FINALITY OF DATA PROCESSING

1. Supply goods and services in the following fields: 

• Regulatory and technical consultancy for the medical sector 

• Commercialization of goods and services 

• Production, translation, layout and management of technical documentation 

• Design, realization of advertising graphics activities 

• Training in regulatory affairs and advanced training in technical and professional field

• Initial importer services

PERSONAL DATA PROCESSING METHODS

1. Data shall be processed in accordance with the principles of lawfulness, correctness and transparency respecting the privacy, dignity and rights of interested parties;

2. Data are processed with electronic devices and on paper in compliance with appropriate technical organizational measures referred to in Art. 29 GDPR 679/16 EU;

3. Data shall be processed, in accordance with the principles of necessity and proportionality by authorized entities appropriately trained within the structure;

4. External entities authorized to process data are configured as joint controllers, managers, designated or authorised according to the type and mode of access. The requirements of such entities shall be verified in advance and the implementation of the necessary and appropriate technical organizational measures shall be regularly monitored; 

LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA 

The processing of personal data is based on the execution of a contract to which the person concerned is a party or for the implementation of pre-contractual measures taken at the latter’s request: 

NATURE OF DATA PROVISION

With regard to contractual purposes, the nature of the provision of data is mandatory, the failure to provide data does not make possible the provision of services or products; 

INFORMATION COLLECTED BY THE DATA CONTROLLER 

The information collected and the purpose for which is requested are described below: 

1. Personal data identifying the subject and contact details for commercial and administrative management;

2. Tax data for contractual administrative management;

3. Banking data for economic obligations deriving from the contract 

RECIPIENTS OF THE INFORMATION

With regard to contractual purposes, personal data of the interested party can be transferred to third parties belonging to the categories described below: 

– Authorised entities within the Organization of the data controller;

– Consultants and collaborators for purposes related to the provision of services;

– Company consultants and collaborators operating as Joint Controllers, Managers, designated or entities authorized to the treatment in legal, administrative, tax, insurance and data processing matter, by way of example and not exhaustive;

– Couriers and delivery companies for the delivery of orders;

– Institutions, Institutes, authorities, entities generally related to legal obligations, regulations, measures, including, by way of example and not exhaustive, Revenue Agency, Inps, Inail; 

TRANSFER OF INFORMATION OUTSIDE THE EU 

1. Personal data may be transferred to foreign countries of the European Union or outside the EU and transmitted to private companies and institutional Bodies for purposes related to the services requested and for needs of the territorial competence. Data are sent to cross-border processing, according to the principles of necessity, only information strictly necessary. The transfer of data takes place only under the following conditions:

– Countries covered by adequacy decisions pursuant to Art. 45 GDPR 679/16 EU (list available at the address: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy- protection-personal-data-non-eu-countries_en)

– In the absence of adequacy decisions, the processing, with reference to Art. 46 GDPR 678/16 EU, shall be done by agreement with the recipient of the data in compliance with clauses similar to those established by the GDPR 679/16 EU

– In the absence of adequate guarantees, the Data Controller, with reference to Art. 49 GDPR 679/16 EU, if the transfer is necessary to follow up a contract  or for legal reasons communicates the data using all appropriate measures to minimise the risk associated with the transfer such as, where possible, minimization and pseudonomization of data, verification of the reliability of the recipient; 

STORAGE OF PERSONAL DATA 

1. Data are kept limited to the duration of the contract or service. After the termination of the contractual relationship, data are stored for 10 years and subsequently destroyed, except from legal obligations; 

CHANGE OF CONSENT OPTIONS

1. The information processed under the provision of consent provides for the possibility of revocation at any type by contacting the contact details indicated in this notice to the e-mail address info@thema-med.com

RIGHTS OF THE DATA SUBJECT 

1. The rights of the data subject (art. from 15 to 22) provide for the possibility to:

a) Ask the Data Controller for access to personal data and to information concerning the purposes of the processing, to the categories of personal data processed, to the recipients or categories of recipients to whom the data are communicated and access to the data retention period;

b) Ask the Data Controller the rectification of personal data;

c) Ask the Data Controller the erasure of personal data;

d) Ask the Data Controller the limitation of the processing of personal data;

e) Ask the Data Controller the portability of personal data;

f) Object to the processing of personal data in the cases provided for;

g) Object to automated decision-making processes related to personal data, including profiling;

h) Exercise withdrawal of consent to the processing of personal data in the cases provided for;

i) Lodging a complaint with a supervisory authority. 

The detailed description of the rights of the data subject can be consulted on the Regulation for the protection of personal data GDPR 679/16 EU Art. from 15 to 22;