Terms and conditions for sale

• Who we are
• How to book our services through the online calendar
• How to modify a booking
• Payment and invoicing methods
• Cancellation and refund policy
• Other user obligations
• Information on the processing of personal data

 

Who we are

Ambimed operates in the fields of prevention, protection, and safety, providing healthcare services for the protection of health during travel, business trips, and everyday life, to both individuals and companies.

These Terms and Conditions govern the use of the website www.ambimed-group.com owned by Ambimed Srl, with registered office at Corso Italia 1, 20122 Milan MI, VAT No. 1500980963, and the offer of services to users. Access to the site is free, and the use of the data contained therein is subject to full compliance with the indicated Terms and Conditions, which are deemed accepted without reservation upon viewing, accessing, and using the Ambimed-group.com website.

 

How to book our services through the online calendar

Booking can be done directly on Ambimed's website www.ambimed-group.com

Ambimed reserves the right to decide, at any time, to modify, add, and rectify the services offered to patients. Some of the services offered may be provided on request and by appointment, even at the patient's location. Prices may be changed at any time, at Ambimed's discretion. The user will be charged according to the price list in effect at the time of booking, even if it is not visible on the website for maintenance or updating reasons.

 

How to modify a booking

Each user can request changes to their booking within the 24 working hours preceding the appointment time. For example: "for an appointment scheduled for Thursday at 12:00, the user must request the modification by 12:00 on Wednesday." To request a modification to the booking, it is necessary to call the number 02/87399117 or send an email to prenotazioni@ambimed-group.com.

Our central office hours are from Monday to Friday, from 9:00 to 13:00 and from 14:00 to 18:00. The modification will be considered valid only after receiving a confirmation email from an Ambimed operator. The appointment can be rescheduled a total of two times. From the third request for modification, the appointment will be canceled, and 20% of the payment will be retained to cover management and collection expenses.

 

Payment and invoicing methods

The only accepted online payment method is via credit or debit card, and the user will be redirected to the payment management portal. The accepted cards are:

• Visa (credit and debit cards)
• MasterCard (credit and debit cards)
• American Express.

Once the payment is completed, the user will automatically receive an email confirming the booking and a summary email of the economic transaction (automatically generated from the electronic payment portal). All users who pay electronically can benefit from a 19% tax deduction on the income tax return for the following year.

 

Cancellation and refund policy

Within the 48 working hours before the appointment, the user can cancel their booking and receive a full refund or reschedule the activity for another date. Appointments canceled with less than 48 working hours' notice, except for force majeure or other reasons that objectively and demonstrably prevent the user from receiving the service, will not be refunded. If the service cannot be provided for any reason attributable to the clinic (e.g., sudden unavailability of the doctor), an alternative appointment will be proposed within the next 72 working hours. If the alternative is not suitable for the user's needs, Ambimed will provide a full refund of the amount paid.

 

Other user obligations

The customer declares to possess the technical knowledge necessary to ensure the correct use, administration, and management of the service. The user agrees to provide updated, correct, and truthful personal data and to keep access credentials confidential and secure. The user is solely responsible, directly and indirectly, for any improper or unauthorized use of the website. The user is solely responsible for the security of their access data, such as email and password. The Company is not responsible for the loss of any information related to the user's account or for damages resulting from the failure to comply with the above security obligations. Moreover, the user agrees to report any suspicious activities related to their account, such as unauthorized use or access by third parties.

 

Information on the processing of personal data by ambimed s.r.l.

This document concerns the privacy policies regarding personal data processed by AMBIMED S.r.l., VAT No. 11500980963, Corso Italia n.6, 20122 Milan (MI), email info@ambimed-group.com , as Data Controller (hereinafter the Controller or Ambimed). The Controller has also appointed a Data Protection Officer, reachable at the email address: dpo@ambimed-group.com.

The text describes, in accordance with EU Regulation No. 2016/679 (the "GDPR"), the procedures for processing personal data of data subjects carried out by the Controller, who can be contacted using the following email addresses: info@ambimed-group.com, dpo@ambimed-group.com.

As required by Article 12 of the GDPR, the Controller provides the following information as a measure to provide data subjects with the information required by Articles 13 and 14 of the GDPR and the communications required by Articles 15 to 22 and 34 of the GDPR concerning the processing of the data provided. This information is general and provided to all those who interact with the Controller.

Types of data processed. The Controller informs the data subject that personal data provided through contact with the Controller, browsing data, and personal data, including: (i) (i) data not belonging to special categories of personal data as listed in Article 9 of the GDPR, and, (ii) (ii) special data as referred to in Article 9 of the GDPR, concerning the data subject (including the case of a person acting as an individual business owner, small entrepreneur, or professional), or their employees, agents, representatives, or collaborators ("Data"), will be processed in accordance with the provisions of the GDPR, the privacy code as amended by Legislative Decree No. 101/2018, and the relevant national legislation.

The processing, carried out based on the lawfulness conditions provided for in Article 6 of the GDPR, i.e., for purposes related to the relationship established with the Controller, has its legal basis, as required by Article 13 (c) of the GDPR, in the reasons for establishing the relationship with the Controller, more precisely in relation to:

• navigation on this platform (navigation data)

• the sending of personal data through the use of the platform for booking healthcare services.

Navigation Data. The computer systems and software procedures used to operate this website acquire some personal data during their normal operation, the transmission of which is implicit in the use of Internet communication protocols. This data is used solely to obtain anonymous statistical information about the use of the site and to check its proper functioning and is deleted immediately after processing. The data may be used to ascertain responsibility in case of hypothetical computer crimes against the site (please refer to our cookie policy).

Personal Data of Common and Special Nature. This includes personal data sent through the platform, such as any information concerning an identified or identifiable natural person, such as personal and contact details (name, surname, age, gender, email, phone number, billing address), while with regard to special data (health data), this includes the data necessary for booking and allowing subsequent healthcare provision.

Purpose of the processing. The data is requested to fulfill the service requested by the customer in the field of medical services, specifically related to travel medicine and/or occupational medicine, including the use and consultation of any necessary diagnostic documentation to provide the service.

Legal basis. The processing is carried out based on the lawful conditions outlined in Article 6 of the General Data Protection Regulation (GDPR), for purposes related to the established relationship with the Data Controller. Therefore, the legal basis, as required by Article 13 letter c) of the GDPR, is justified by the reasons for establishing the relationship with the Data Controller, specifically under Article 6 letter b) and/or c). Additionally, the legal basis for processing special categories of data is as provided under Article 9(2) letters b), f), g), h), and i) of the GDPR.

Processing methods. Data processing will be carried out in both paper and electronic form by individuals specifically authorized for this purpose. It should be noted that no processing based on automated decision-making takes place. Providing the data is optional; however, failure to provide the data may make it impossible to perform the requested service. Some navigation data (referring to our cookies policy) are automatically acquired by the system. Data processing carried out by the Data Controller will include management, organization, use, storage, database creation, statistics, and communication with partners involved in the initiatives. These partners will be appointed as data processors under Article 28 of the GDPR, or joint controllers if personal data is communicated to them.

Data communication. Your data, including your medical history, may be communicated when necessary for the provision of the service or the performance of tasks to affiliated doctors, affiliated facilities, other healthcare and hospital entities, affiliated pharmacies, other public and private entities, only in cases provided by law or regulations, in compliance with applicable legislation, or upon your specific request or instruction. Your data will not be subject to dissemination.

Transfer of data abroad. Your data may be transferred abroad in accordance with the provisions of the GDPR and the amended privacy code, Legislative Decree 101/2018. This includes processing within the entire European Union (EU) and beyond the EU borders, in countries falling under Article 45 and 46 of the GDPR or as otherwise permitted by the provisions of Title V of the GDPR.

Data retention. The data will be retained for a maximum of 5 years or for the time necessary to fulfill the purpose of collection and any legal requirements. Particularly, healthcare facilities and potential occupational health physicians of the affiliated company may retain these data for a longer period if required by law or regulations.

Commercial communications. Processing based on legitimate interest is conducted in accordance with the soft-spam modality, referring to "light" communications aimed at informing the data subject about our future initiatives, such as monthly newsletters, statistical analysis, promotional material, and promotion of conferences and meetings related to the topics, products, or services with which the data subject has been in contact. The data subject retains the option to remove their name from the mailing list or equivalent tool through which they receive our communications at any time.

Rights of data subjects. The Data Controller guarantees the rights of rectification under Article 16 of the GDPR, the right to be forgotten under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, as well as the right to access personal data provided and all related information as listed in Article 15 of the GDPR. Data subjects also have the following rights:

1. Request access to personal data and request their rectification or erasure, or request the restriction of processing related to them;
2. Object to the processing of their data;
3. Exercise data portability according to Article 20 of the GDPR;
4. Revoke consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, if processing is based on Article 6(1)(a) or Article 9(2)(a) of the GDPR;
5. Lodge a complaint with a supervisory authority.

To exercise the above rights or obtain more information, data subjects can send an email to the following email address: dpo@Ambimed-group.com

The email subject should be "Exercise of GDPR rights," and the body of the email should specify the right the data subject wishes to exercise, along with their name, surname, and email address where they want to receive Ambimed's response. The Data Controller will respond to the request as required by Article 12 of the GDPR.

Additional uses. In specific situations, the Data Controller adopts specific information accompanied by the related consents to allow data processing. The Data Controller also notifies data subjects that, if they intend to process personal data for a purpose other than the one for which it was collected, they will provide the data subject with information regarding this different purpose and any other relevant information, collecting consent if necessary.

Application of regulations. The Data Controller regularly updates this information and generally complies with privacy regulations, adapting them to new provisions. For any questions or doubts about these privacy regulations, you can contact us at any time by writing to: dpo@Ambimed-group.com

Complaints. We will respond to users who submit formal written inquiries and/or complaints to the email address dpo@Ambimed-group.com to investigate the reported issue. We commit to collaborating with competent authorities to resolve any complaints regarding the processing of personal data that are not resolved directly between the Data Controller and individual data subjects.

Provision of data and consent to processing. Except for any legal obligations, providing the requested personal data is optional but necessary to fully achieve the aforementioned purposes.