Privacy Notice on the Processing of Personal Data
Last updated: July 2019
In compliance with applicable data protection laws, including Regulation (EU) 2016/679, we inform you about how Theras Lifetech S.r.l. will process your personal data, including health-related data, in the context of the trial period for medical devices for the continuous glucose monitoring system and/or insulin pumps, as well as in relation to the warranty that Theras Lifetech S.r.l. is required to provide for the devices in the event of a successful trial period.
The following information is provided to the individual to whom the personal data relates (hereinafter also referred to as the “data subject”), or to the person exercising parental responsibility, or to anyone representing the data subject (such as a legal guardian, trustee, or curator).
This privacy notice contains the key information regarding the processing of personal data currently carried out by Theras Lifetech.
DATA CONTROLLER
The data controller for personal data is Theras Lifetech S.r.l. (hereinafter also “Theras Lifetech”), with registered office in Salsomaggiore Terme (PR), at Via Matteotti No. 19, reachable via the following contacts:
Phone: +39 0524 587 874
Fax: +39 0524 587834
Email: privacy@theras-group.com
The Data Protection Officer (DPO) of Theras Lifetech can be contacted at dpo@theras-group.it or by phone at +39 051 520315
For full clarity and transparency, it should be noted that for types of data processing different from those described below, Theras Lifetech acts as a data processor on behalf of third parties (e.g., Local Health Authorities), and in such cases, inquiries regarding the processing of personal data should be addressed directly to those third parties.
PURPOSES OF DATA PROCESSING
heras Lifetech processes personal data for the following purposes:
- To provide any necessary assistance, including technical support, as well as an appropriate guarantee of proper functioning, for the entire period in which the devices are used by the patient;
- To allow Theras Lifetech to protect its corporate assets and, more generally, to safeguard its rights and manage any potential disputes;
- To fulfill legal obligations, including post-market surveillance and requirements related to device traceability in accordance with applicable law.
Providing the requested personal data for the purposes indicated above is optional; however, refusal to provide such data will make it impossible for Theras Lifetech, among other things, to provide any technical assistance for the devices used by the patient.
LEGAL BASIS FOR PROCESSING
Theras Lifetech processes personal data based on the following legal grounds:
- On the basis of its legitimate interest in conducting business activities (including providing the data subject with technical assistance and an appropriate guarantee of proper device functioning), protecting its corporate assets, and safeguarding its rights, including managing disputes, as provided for under Article 6(1)(f) of Regulation (EU) 2016/679; /li>
- To comply with a legal obligation to which Theras Lifetech may be subject, as provided for under Article 6(1)(c) of Regulation (EU) 2016/679; /li>
- Based on the consent explicitly given by the data subject for the processing of their personal data, as provided for under Article 6(1)(a) of Regulation (EU) 2016/679.
METHODS OF PROCESSING
Theras Lifetech processes personal data both with and without the use of electronic tools, within the limits of the purposes indicated and in compliance with applicable law, adopting measures to ensure the confidentiality and security of personal data.
Personal data are collected by individuals duly appointed by Theras Lifetech, who follow the directives provided by the company.
Theras Lifetech will take the necessary steps to keep personal data up to date, correct any data already acquired, and limit processing to data strictly necessary to achieve the purposes described above.
DISCLOSURE OF PERSONAL DATA
Theras Lifetech limits access to personal data as much as possible, making it available only to authorized personnel who need access to perform their duties, and, where necessary, to its IT service providers.
If a data subject contacts the technical support and assistance toll-free number, personal data may also be processed by the company engaged by Theras Lifetech to provide this service.
Theras Lifetech provides these parties only with the personal data necessary to perform the agreed-upon activities, and they act as appointed processors and/or data controllers.
Theras Lifetech also reserves the right to disclose certain personal data to third parties, including its legal advisors and/or consultants, to ensure compliance with legal obligations and/or respond to requests from public authorities and institutions for their institutional purposes, as well as to protect Theras Lifetech’s rights in court and/or before competent authorities.
RETENTION PERIOD OF PERSONAL DATA
Personal data are retained for the time necessary to achieve the specific purposes of processing and, in any case, no longer than the period established by applicable laws on the limitation of rights.
DATA SUBJECTS’ RIGHTS
You can contact Theras Lifetech at the above-mentioned contacts to receive a list of the data processors (i.e., Theras Lifetech service providers who carry out personal data processing operations).
Data subjects enjoy all the rights provided under Articles 15 to 22 of Regulation (EU) 2016/679, which can be exercised at any time.
In particular, data subjects have the right to:
- Obtain confirmation of whether their personal data exist and to verify their content, origin, and accuracy;
- Request the integration, updating, correction, deletion, or anonymization of personal data, as well as the limitation of personal data processing;
- Object, for reasons related to a particular situation, to the processing of personal data carried out on the basis of Theras Lifetech’s legitimate interest, provided that Theras Lifetech’s reasons for continuing the processing do not prevail (for example, the need to protect its rights in court);
- Lodge a complaint with the supervisory authority (for Italy, the competent authority is the Italian Data Protection Authority – Garante per la Protezione dei Dati Personali).
Furthermore, pursuant to Article 7(3) of Regulation (EU) 2016/679, you are informed that you can withdraw your consent at any time, without affecting the lawfulness of processing based on consent given prior to the withdrawal.
Data Protection Officer (DPO) Contact
Avv. ta Silvia Stefanelli - Studio Legale Stefanelli
dpo.tl@theras-group.com
T. +39 051 520315
