he Data Controller informs the data subject that the Personal Data provided through the entry into contact with the Data Controller, (i) either data not falling under the special categories of personal data as listed in Art. 9 GDPR, (ii) or special data as per Art. 9 GDPR (health data necessary to provide the requested service), concerning the same (even in the case of a person operating as a sole proprietor, small entrepreneur, professional) or its employees, agents, representatives or collaborators (the "Data"), will be processed in accordance with the provisions set forth in the GDPR, the Privacy Code as amended by Legislative Decree 101/2018 and the relevant national legislation. The processing is carried out according to the conditions of lawfulness provided for in art 6 GDPR, for the purposes inherent to the relationship established with the Data Controller, therefore, its legal basis for as required under art 13 lett. c) GDPR finds justification in the reasons for which the relationship with the Data Controller is established and in this case:

• in relation to navigation on this website;
• filling out the relevant contact form or equivalent tool.

collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, comparison or interconnection, restriction, deletion or destruction.

Therefore, data will be acquired and processed:

(a) Browsing data. As a result of your visit to https://www.ambimed-group.com and the related pages visited from the home page address, in fact, the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols (e.g. IP address). These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

b) Personal data sent through the form or on the contact page, are the data of a personal nature sent using the e-mails indicated on the website, or by making purchases/reservations through the form or otherwise the platform, specifically common personal and contact data: first name, last name, date and place of birth, residence, CF/P.IVA, e-mail, telephone number; health data related to the health services requested (so-called special data).

Purpose and legal basis of processing. With regard to navigation the purpose is to allow the navigation of the site, while with reference to the common and/or particular data conveyed through the platform or sending through e-mail will be to provide the information and/or book the services requested. As for the legal basis they are adopted:

- from art.6 of reg. Cit:

(b) the processing is necessary for the performance of a contract to which the data subject is a party or the execution of pre-contractual measures taken at the request of the same (non-particular personal data);

(c) processing is necessary to fulfill a legal obligation to which the data controller is subject (tax and business administrative requirements);

f) legitimate interest, i.e. to occasionally communicate its own promotional initiatives or legislative updates (cd. soft spam), or protection of its computer systems, defense in a possible judgment, sending cd. customer satisfaction questionnaires to assess the level of satisfaction with the service (questionnaires will be anonymous).

- Art. 9, par.2 lett:

(a) the data subject has given his or her explicit consent to the processing of such personal data for one or more specific purposes (health data necessary for the reservation and/or provision of the requested reservation;

• Occupational medicine scope, Art. 9(2) Reg. cit. letters:

(b) processing is necessary for the purposes of fulfilling the obligations and exercising the specific rights of the data controller or the data subject in the field of labor law and social security and social protection, insofar as it is authorized by Union or Member State law or by a collective agreement under the law of the Member States, subject to appropriate safeguards for the fundamental rights and interests of the data subject;

(h) processing is necessary for the purposes of preventive or occupational medicine, assessment of the employee's ability to work, health or social diagnosis, care or treatment, or management of health or social care systems and services on the basis of Union or Member States' law or in accordance with the contract with a health professional, subject to the conditions and safeguards referred to in paragraph 3 of Art. 9 reg. cit;

Method of processing. The data will be processed in paper and/or electronic form by persons specifically authorized to process the data, it is also specified that no processing is carried out on the basis of automated decision-making processes. The provision of data is optional, however, failure to provide it may make it impossible to perform the service.

The data will be processed in paper and/or electronic form by individuals specifically authorized to process the data, it is also specified that no processing is carried out on the basis of automated decision-making processes. The provision of data is optional, however, failure to provide it may make it impossible to perform the service.

communication to partners/suppliers with whom the initiatives will be developed - subjects who will be appointed as external data controllers under Art. 28 GDPR or co-owners in the event that personal data will be communicated to them, such processing may take place throughout the EU and non-EU territory (countries falling under the cases ex art 45 and 46 GDPR, using/verifying: adequacy decision or equivalent instrument such as the Data Privacy Framework in force with the USA, the SCC - Standard Contractual Clauses, in addition to any additional measures that may be deemed necessary and in compliance with the aforementioned Title V GDPR). We also remind you that the processing of data related to the web services offered by the site placed in Hosting at companies located in Italy/Europe whose name will be communicated upon motivated request, are carried out only by collaborators and authorized third parties in the case of occasional maintenance operations or by our manager.

In relation to the data that you provide or directly send us your CV (from here on only CV) we inform you that in our capacity of Data Controller we will use the data indicated in the form or CV sent to us to verify the correspondence with the ideal candidate we are possibly looking for, we also specify that in accordance with art. 111 bis of Legislative Decree 101/2018 for this type of processing the information referred to in art.13 GDPR will be provided at the first contact after sending the CV, otherwise the data will be deleted as soon as it is clear that no contact will be made without sending any further information. However, should you provide data in a partial or incorrect manner it may be impossible for us to evaluate you for the requested job position and we will proceed to deletion as above.

Data will be retained for a maximum of 2 years and otherwise for as long as necessary to fulfill the purpose of collection, unless otherwise required by law.

The Data Controller also informs that the rights of rectification under Art 16 GDPR, the right to be forgotten under Art 17 GDPR, the right to restriction of processing under Art 18 GDPR as well as the right of access to the personal data provided and to all consequential information as listed under Art 15 GDPR are guaranteed.

Data subjects also have the right to:

1. To request from the data controller access to the personal data and the rectification or erasure of the same or the limitation of the processing concerning them;
2. To object to their processing;
3. To data portability under Article 20 GDPR (where technically possible);
4. Where the processing is based on Article 6(1)(a) or Article 9(2)(a) to withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal;
5. To lodge a complaint with a supervisory authority;

To exercise the rights listed above or to obtain more information, simply send an e-mail to the following e-mail address: dpo@Ambimed-group.com

indicating in the subject line: "exercise of rights ex GDPR" and including in the body of the email the right you want to exercise, as well as your name, surname and email address where you want to receive a response from Ambimed. The Holder once processed what has been received will send relative feedback in the terms indicated by art 12 GDPR.

The Owner in peculiar situations adopts specific notices accompanied by the relevant consents to be given in order to allow the data processing, in addition, the Owner warns you that if it intends to further process personal data for a purpose different from that for which they were collected, before such further processing will provide the person concerned with information about this different purpose and any further relevant information, collecting, in the case specific consent.

Please note that the sending of electronic mail messages by visitors to the site, to the addresses indicated therein for the purposes explained from time to time, involves the acquisition and subsequent processing of the sender's address and other personal data included in the message in the manner and for the purposes already indicated in the above information.

A Cookie is a small text file that is deposited by a website on the hard drive of the user's device, Cookies thus uniquely identify the browser of the surfer. Cookies do not harm the computer and do not contain viruses. Cookies have the function of streamlining Web traffic analysis or signaling when a specific site is visited and allow Web applications to send information to individual users.

Only the user can decide to manually delete cookies from their device or provide for their automatic deletion when the installed browser is closed.

For more information please visit ns cookies policy.

During the period of data retention, the owner reserves according to legitimate interest as the legal basis for processing the right to soft send its own commercial or other partner offers in connection with the services requested by the data subject, or send non-soft marketing communications if the data subject has given consent, in any case, one can request deletion from the mailing list.