Privacy Policy

Privacy Policy for Users

MultiMedica S.p.A. (hereinafter referred to as MultiMedica), with registered office in via Fantoli 16/15, IT-20138 MILAN, as Data Controller of your Personal Data (hereinafter, for the sake of brevity, the “Data Controller”), owner of the website http://www.multimedica. it (hereinafter, the “Site”), as the owner of the processing of personal data of users who navigate and who are registered on the Site (hereinafter, the “Users”) provides below the privacy policy pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, the “Regulation” or “Applicable Regulations”).

This Site and any services offered through the Site are reserved for persons over the age of eighteen. The Owner therefore does not collect personal data relating to persons under 18 years of age. At the request of Users, the Owner will promptly delete all personal data involuntarily collected and relating to persons under 18 years of age.

The Owner takes into the utmost consideration the right to privacy and protection of personal data of its Users. For any information in relation to this privacy policy, Users may contact the Owner at any time, using the methods described in point 4.

1 – Purpose of the treatment


Users’ personal data will be lawfully processed by the Owner for the following purposes:

a – Navigation of the site, in relation to the possibility of collecting user data necessary at a technical level, such as the IP address, while browsing the site.
b – Submission of information material on MultiMedica services, upon specific request of the interested party.
c – Response to your requests for information, received by us through the appropriate contact form.
d – Registration to the reserved area of the site, through which to access the online booking section
e – Obligations under the law, i.e. to fulfil obligations under the law, an authority, regulation or European legislation.
f – Receipt of curricula used for the selection of personnel, through the appropriate insertion form. Specific information will be conveyed on the relevant page.
g – Purposes of prevention, treatment, diagnosis and rehabilitation and administrative-accounting activities connected and instrumental to the management of relations with the patient (such as acceptance, booking of visits and examinations, registration of exemptions, attestations and certifications relating to the state of health, reporting on the website).
h – Access to the patient’s health record, in which the clinical reports made by MultiMedica can be consulted. This management is optional and integrates the online report: it allows not to delete automatically after 45 days the reports from the site and to keep them for future consultations. This processing purpose is provided for in point 4 (archive of reports) of the Privacy Guarantor’s guidelines on online reporting in 2009.

The provision of personal data for the processing purposes indicated above is optional but necessary to use the services offered by the Owner on the Site, since failure to provide them will make it impossible for the User to register on the Site.

With reference to the purposes referred to in points 1/a, 1/b, 1/c, 1/d, the legal basis of the processing is in fact the performance of the services provided through the Site and requested by you (pursuant to Article 6, paragraph 1, letter b of Privacy Regulation 2016/679); with reference to the purposes 1/f and 1/h referred to in the previous paragraph, the legal basis of the processing is your free express consent (pursuant to Article 6, paragraph 1, letter b). a of the Privacy Regulation 2016/679); with reference to the purposes referred to in point 1/e of the previous paragraph, the legal basis of the processing is to fulfil a legal obligation to which the data controller is subject (pursuant to Article 6, paragraph 1, letter c of the Privacy Regulation 2016/679). With reference to the purposes referred to in point 1/g of the previous paragraph, the legal basis of the processing is to provide the online reports requested by the data subject (for which a specific information notice with explicit consent has been provided) at the time of registration for the delivery of clinical reports through the website (pursuant to Article 9, paragraph 2, letter a of Privacy Regulation 2016/679).

2 – Methods of processing and storage times of data


The Owner will process the Users’ personal data using manual and computerized tools, with logic strictly related to the purposes and, in any case, so as to ensure the security and confidentiality of the data.

The personal data of the Users of the Site will be stored for the time strictly necessary to carry out the purposes described in paragraph 1 above, in accordance with the specific regulations for the storage of health data or as necessary for the protection of the interests of both Users and the Owner. The data of the online report will be processed on the web platform for 45 days as required by the Privacy Guarantor guidelines of 2009 (web doc. no. 1679033, resolution 36/2009). The data in the Patient Dossier will be kept until the request for deletion by the data subject (this data constitutes a copy of the data contained in MultiMedica S.p.A.’s Electronic Health Dossier and its deletion will not affect the data in MultiMedica S.p.A.’s Electronic Health Dossier).

3 – Scope of communication and dissemination of data


Employees and/or collaborators of the Owner in charge of managing the Site may become aware of the Users’ personal data. These subjects, who are formally appointed by the Owner as “authorized to process”, will process the User’s data exclusively for the purposes indicated in this notice and in compliance with the provisions of the Applicable Regulations.

Users’ personal data may also be disclosed to third parties who may process personal data on behalf of the Owner as “External Data Processors”, such as, by way of example, IT and logistics service providers functional to the operation of the Site, outsourcing or cloud computing service providers, professionals and consultants. The data may also be communicated to the Financial Administration and/or other public authorities where this is required by law or at their request. Users have the right to obtain a list of any data processors appointed by the Data Controller, by making a request to the Data Controller in the manner indicated in paragraph 4 below.

4 – Rights of the Interested Parties

Users may exercise the rights granted to them by the Applicable Law by contacting the Holder in the following ways:

In accordance with the Applicable Regulations, users may exercise their rights under art. 15 et seq. of the Regulation, in the manner provided for in art. 12 of the same. If you believe that your data processing is in breach of the Regulation, you have the right to lodge a complaint with a supervisory authority (in the Member State in which you are habitually resident, in the Member State in which you work or in the Member State in which the alleged breach occurred). The Italian Control Authority is the Guarantor for the protection of personal datahttp://www.garanteprivacy.it/garante@gpdp.it with headquarters in Piazza Venezia 11, 00187 Rome.