PRIVACY POLICY FOR THE PROCESSING OF PERSONAL DATA

(PURSUANT TO EU REGULATION 679/2016; D.Lgs. 101/2018; D.Lgs. 196/2003)

This policy is provided pursuant to Articles 13 and 14 of Regulation 679/2016 (EU) (“GDPR”) to those who access and browse the www.qura.tech website.

This policy describes the methods for managing the Website and processing personal data referable to users who access the Website; therefore, any third party website to which the User may be redirected from the Website is to be considered excluded.

The users’ and patients’ privacy are very important to QURA S.R.L.S. Although the purpose of the www.qura.tech website is to facilitate the sharing of information and knowledge (including X-ray images, case notes and other medical content), QURA S.R.L.S. keep personal information secure and use it only for the purposes described in this privacy statement.

1 – Purpose and legal basis of data processing

The users’ personal identification data are collected in order to satisfy their requests. In this regard, several forms on the Website, required to be filled in by the users, allow for management and follow-up of requests made by the users.

Furthermore, data may be acquired by the Data Controller, even indirectly, considering that, while browsing the Website, IP addresses or domain names, URI (Uniform Resource Identifier) ​​addresses of requested resources, the time of request, the method used to submit a request to the server and the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the users’ IT environment are tracked. Furthermore, data collection can also take place through third-party sources such as:

  • Other third parties (Google Chrome, Mozilla Firefox, Apple Safari, Internet Explorer)

QURA S.R.L.S. may also combine collected Personal Identification Data with other data publicly available and received from third parties or data that refer to Personal Identification Data received from third parties. The collection and use of Personal Identification Data are carried out in accordance with this Policy for the purposes described therein.

Provided data will be processed for:

a) purposes related to the correct and complete execution of the signed order (for this purpose, consent is not necessary as the processing of the data is related to the execution of the order);
b) for purposes related to the exercise of the rights of the owner (e.g. defense in court);
c) for purposes related to the fulfillment of obligations established by law or regulation as well as for the fulfillment of obligations established by anti-money laundering legislation (for this purpose, consent is not necessary as the processing of data is related to compliance with these obligations/provisions of law and/or regulation);
d) ordinary marketing activities (e-mails, direct mail, text messages, newsletters, commercial or advertising communications, etc.).

The data provided will be treated in a lawful, correct and transparent manner and exclusively for the purposes indicated above. Data processing will not exceed these purposes.

2 – Types of processed data

The types of processed data are substantiated in “Personal Data”, i.e. information suitable for identifying, directly or indirectly, a natural person. While browsing the Website, the following data may be processed:

  • name and surname
  • contact details (i.e. telephone and e-mail address)
  • IP, domain name, URL used
  • browsing data
  • browser version

Data are voluntarily provided in this context to use our services and purchase our products.

3 – Redirect to external websites

The Website uses so-called social plug-ins, i.e. tools that allow for incorporation of social media features directly into a website. Each of the social plug-ins on the Website can be identified by the logo owned by each social media platform. Should a user interact with a social plug-in, the information referable to the interested party is directly communicated to the social media platform processing his/her data as an independent owner. Therefore, in order to obtain more information on the purposes and methods of data treatment, exercisable rights and retention of personal data, please directly consult the privacy policy of each applicable social network.

4 – Cookies 

Cookies are small text files that websites visited by users send to their terminals, where they are stored to be re-transmitted to the same websites at the users’ subsequent visit. In general, the company uses so-called technical cookies necessary to provide the user with the best available Website functionality. Cookies can be disabled or refused at any time changing the browser cookie settings, despite browsing on the Website and use of its contents could be compromised.

5 – Types of cookies used

QURA S.R.L.S. also use:

  • “analytics cookies” when used directly by the Site Operator to collect information, in aggregate form, on the number of users and how they visit the website;
  • navigation or session cookies (for authentication);
  • functionality cookies, which allow users to browse according to a series of selected criteria (for example, language, products selected for purchase, etc.), in order to improve the service provided.

ATTENTION: disabling technical and/or functional cookies may result in the Site not being available for consultation; certain services or functions of the Site may also not be available or may not work properly and users may be forced to modify or manually enter specific information or preferences each time they visit the Website. The User can exercise his right to opt-out when accessing the Website by clicking on the appropriate information banner. Below are links containing information on third-party cookies:

Type of cookie and ownerOperation and purposePersistence time

Technical cookies

QURA S.R.L.S.

google.com

– activities strictly necessary for the functioning of the website;

– saving preferences;

– statistical activities

– persistent

– subordinated to browser settings

Analytical cookies

google.com

– statistical activities– subordinated to the third-party policies of the cookie manager

Navigation or session cookies

QURA S.R.L.S.

– activities strictly necessary for the functioning of the website

– persistent

– subordinated to browser settings

Functionality cookies

QURA S.R.L.S.

– activities strictly necessary for the functioning of the website

– persistent

– subordinated to browser settings

 

6 – Transfer of personal data

The server farm hosting the Website is located is in Italy. Data are not transferred to third-party companies located outside the European Economic Area. Should this transfer become necessary, we will make sure that all Data recipients have adopted appropriate security measures to ensure Data protection.

7 –  Processing methods

The processing of provided Personal Data is based on principles of correctness, lawfulness and transparency; it will be carried out in an automated and/or manual manner, in compliance with the security measures pursuant to Article 32 of the GDPR. It should be noted that the processing of Personal Data will be carried out in accordance with the operations indicated in Article 4, paragraph 2) of the GDPR; therefore, the processing method may consist of collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.

8 –  Mode of use of collected personal identification data

QURA S.R.L.S. collect Personal Identification Data relating to private customers, visitors to the Site and others to be able to offer an experience that meets their specific needs. QURA S.R.L.S. may collect, use and disclose Personal Identification Data for one or more of the following purposes:

  • Fulfillment of quotes and/or orders;
  • Response to requests for marketing material, information, etc.;
  • Sending administrative and other types of communications;
  • To send the User important information relating to the Site, any changes to the terms, conditions and policies implemented or other administrative information;
  • Customer care. To track, process and answer questions addressed to customer service and to optimize and improve customer experience, QURA S.R.L.S. may also transmit the User’s Personal Identification Data to third party service providers or affiliated organizations in order to allow such third parties to track, process and answer questions addressed to customer service;
  • Internal business purposes. For internal commercial purposes, such as data analysis, audits, new product development, Site improvement, service improvement, identification of usage trends and visit patterns, determination of the effectiveness of promotions and compliance with contractual obligations.

9 – Third party sites

The Site may contain links to third party websites. These linked sites are not controlled by QURA S.R.L.S., who are not responsible for the privacy policies or contents of such linked sites (or of any links on a linked site). These links are provided for convenience only and the inclusion of a link on the Site does not imply the approval of the linked site by QURA S.R.L.S. If the User decides to access third party websites linked to the Site, he does so at his sole risk according to the terms and conditions of use and the privacy policies of such websites. If the User provides Personal Identification Data through a third party website, the Personal Identification Data provided will be treated in accordance with the privacy policy of said third parties.

10 – Communication of data to third parties

The Data will be processed by the Data Controller, the Data Processor and the appointed persons in charge pursuant to Article 30 of the Privacy Code and Article 29 of the GDPR. Data may also be disclosed to companies/professional firms that provide assistance, consultancy, collaboration to the Data Controller in accounting, administrative, fiscal, legal, tax and financial matters, to public administrations within the limits established by law or regulation and to third party service providers to whom such communication is necessary for the fulfillment of the services covered by the contract. In any case, the use of these service providers will only take place subject to a commitment on their part to comply with the legislation on privacy. Data are not subject to disclosure.

11 – Intention of the Data Controller

The Data Controller has no intention of transferring any provided data to a third country or to an international organization.

12 – Data retention period

Provided data will be kept for a period of time not exceeding 1 (one) year from the request (sent by email to info@qura.tech) to delete user information from the database. Once the terms indicated above will have elapsed, Data will be destroyed. Finally, we reserve the right to keep the so-called log-in and log-out data for a longer period, in order to be able to manage any crimes committed against the Website (hacking activities).

13 – Compulsory or optional nature of providing data and consequences of a refusal to respond

The provision of data for the purposes indicated in point 1 a) and b) is necessary for the correct and complete execution of an order and any refusal in this regard will make it impossible to perform the services covered by the order. The provision of data for the purposes indicated in point 1 c) is mandatory as it is necessary for the fulfillment of regulatory obligations. The provision of data for the purposes indicated in point 1 d) is optional.

14 – Existence of an automated decision-making process

There is no automated decision-making process.

15 – Rights of the interested party and methods of exercise

The interested party owns the rights referred to in Articles 15-22 of EU Regulation 2016/679 (access to personal data, rectification or cancellation [”right to be forgotten”] of personal data or limitation of data processing, right to object to their treatment, right to portability of data, right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal, right to lodge a complaint with a supervisory authority). Rights can be exercised at any time by sending a registered letter with a return receipt to the company to the attention of its Administrator and pro tempore legal representative, or an e-mail to info@qura.tech or to the certified email address quraeliasrls@pec.it

16 – Data Controller and Data Processor

The Data Controller and Data Processor is QURA S.R.L.S., in the person of its Administrator and pro tempore legal representative, with headquarters in Via Conversano, 190 – 70013 Castellana Grotte (BA), VAT number IT08470290720, PEC: quraeliasrls@pec.it

 

17 – Changes to the policy

The Data Controller reserves the right to make changes to this Policy at any time. The date of the last update of this Policy is shown at the top of this page. In the event of substantial changes to this Policy, the Data Controller will communicate on the Site that its privacy policy has been changed, providing a link to the new version. In the event of substantial changes to the methods of use of the User’s Personal Identification Data, QURA S.R.L.S. will inform the User by e-mail using the e-mail address specified in their account (where applicable) and/or through notifications published on the home page of the Site, offering the opportunity to refuse such new or different methods. Any changes to the Policy will become effective upon publication of the new version of the Policy on the Site. Use of the Site after the publication of these changes implies acceptance by the User of the new version of the Policy in force.