Avanguardia Medica

Privacy Policy App

Leggi Privacy Policy App in italiano

What data will be processed

Data: IP address

Definition: The public IP address with which your internet provider presents your device when connecting to the Internet.

Purpose: It is collected to enable verification and analysis in the case of suspicious activity.

Retention: Up to 12 months

Data: Temporary tokens

Definition: A randomly generated temporary code from your device.

Purpose: Temporary tokens allow the App to validate proper functioning indicators and other statistical data sent by the App.

Retention: Up to 5 minutes

Data: User account

Definition: Personal data you provide during registration (e.g., personal details, e-mail address, etc.).

Purpose: We process these data to allow registration of the account and the provision of medical assistance services.

Retention: Until account deletion request. If subscription is not renewed, account will be automatically deleted after 6 months.

Data: Health profile, services, prescriptions

Definition: Your health data provided to the physician during telephone services, and health data/documents processed by the physician.

Purpose: We process this data to enable provision of the medical assistance service.

Retention: Medical documents are kept for 10 years. Health data (anamnesis, patient notes, information on current medications) will be kept until account deletion request.

Data: Name and surname

Definition: Personal identity data you provide when registering.

Purpose: We process these data to allow online payments. Identity data are needed to perform and manage purchases of plans within

Retention: Until account deletion.

Data: Email address

Definition: Your e-mail address provided at registration.

Purpose: Used to send emails necessary for provision of the requested service, for example to enable communications with the physician.

Retention: Until account deletion

 

How the data will be used

  • Your personal data is processed respecting your privacy and according to strict internal procedures. Persons authorized to process your data are specially trained. Your health data are processed under the supervision of our Medical Director.
  • For specific functions of our App, we use services provided by third parties who operate either as independent data controllers or as data processors.
  • If such parties are identified as Data Processors, they are duly appointed and carefully evaluated, and they provide adequate guarantees in terms of security in their data processing. A list of entities processing data on our behalf is available upon request.

 

Permissions required by the MediPhonica App

1. Camera

The App may use your device’s camera when you set up a profile picture. This permission is optional; you are free to allow or deny access.

2. Image gallery

The App may access the gallery when you want to choose or change your profile picture. This permission is optional.

3. Biometric access

The App may use biometric features (fingerprint, face recognition) to allow you to access the App more quickly without entering the PIN. This permission is optional. We do not directly process biometric data; they remain on your device.

4. Push notifications

The App may use push notifications to inform you about important information (e.g. receipt of services or prescriptions). This permission is optional.

5. Statistical aggregate data

We might collect anonymous information related to the App download only for statistical purposes, such as number of users who downloaded or are using the App.

6. Providing your data

  • Providing personal data for these purposes is not mandatory, but refusal to supply them will make it impossible to provide the service.
  • Processing of these data does not require your consent insofar as it is necessary for service provision.
  • Collected data are not used for profiling users for offers of products/services or more general commercial purposes. No cookies or other user-tracking tools are foreseen.
  • The App stores some information via Apple Store, Google Play, or Windows Phone Store in the course of their normal operation; transmission of certain data is implicit in use of Internet protocols or device/smartphone hardware. The controller is not involved in those treatments and cannot be held responsible.
  • It is recommended to also refer to the privacy policies published by the aforementioned platforms.

 

Data Processors / Persons in charge of processing

  • Your personal data will be processed by persons specifically trained, operating under the responsibility of our Medical Direction.
  • We make use of an external consultant for maintenance and implementation of the App, acting as Data Processor.
  • At any time you may request an updated list of our Data Processors.

 

Third-party sharing

Some types of data may be shared with third-party services to enable specific App features, such as payment management, digital signature, sending email communications, management of security settings. The list of services we rely on is available upon request.

Data Controller
AVANGUARDIA MEDICA S.R.L.
Via Leone Pancaldo n° 68, 37138 Verona (VR), Italy.

Rights of the data subject

  • You can exercise all rights under Articles 15-21 of the GDPR. Requests should be addressed to the Data Protection Officer (DPO) of AVANGUARDIA MEDICA S.R.L.
    Email: dpo@avanguardiamedica.it
  • You can at any time stop all data collection by deleting your account. If subscription is not renewed and the user is inactive for 6 months, the account will be automatically deleted after prior email notification. Upon account deletion, all data not required to be retained by law will also be deleted.

 

User information (for medical/contractual services)

  • In accordance with EU Regulation 2016/679 (the “Regulation”), your personal data, collected for purposes of providing the requested performance, will be processed by Avanguardia Medica S.r.l., located at Via Leone Pancaldo n° 68, Verona (VR), as Data Controller.
  • Specifically, your personal data, provided by you or acquired from third parties, will be processed for:
    1. Proposing, finalizing contractual relationships and executing them by providing the services you requested (legal basis: necessary for preventive medicine, diagnosis and assistance; data processed by professionals bound by professional secrecy or under their direct responsibility; according to Article 9, paragraph 2 and 3 of the GDPR)
    2. Complying with related regulatory and fiscal obligations (legal basis: compliance with legal obligations under Article 6, paragraph 1, letter c, of the Regulation)
    3. Processing, sending, and storing of medical reports and results of consultations (legal basis: explicit consent given during the telephone consultation)
    4. Sending commercial and promotional communications (legal basis: your explicit consent)
  • Any processing of your personal data will respect the GDPR, the decisions of the Italian Data Protection Authority pursuant to Legislative Decree 196/2003 (and later amendments), and be guided by the principles of fairness, lawfulness, transparency, protecting your confidentiality and rights. Provision of data is voluntary but necessary to deliver health assistance services.
  • Processing of so-called “special categories” of data (in this case health-related data) will only occur if based on a proper legal basis; without that, it will be impossible to manage and deliver the services offered.
 
Diritti dell’interessato

You may:

  • Know what data are processed by the Controller
  • Exercise rights such as access, rectification, update, integration, deletion, restriction of processing, portability of data, revocation of consent
  • Obtain a copy of your data if stored outside the European Union, as well as information on where the data are stored or transferred
  • Oppose for legitimate reasons to particular processing

Submit requests to: Avanguardia Medica S.r.l., Via Leone Pancaldo n° 68 – Verona (VR), email: dpo@avanguardiamedica.it.

You also always have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) under Article 77 of the GDPR if you believe your data are being processed contrary to applicable law.

Data retention

• Avanguardia Medica S.r.l. retains personal data for the period necessary to provide medical services (those requested by the customer) and to comply with medical, fiscal, accounting or legal obligations.
• If the legal obligation to retain your data ends, we will delete or anonymize your data.
• We will not delete your personal data if there is another legal basis to keep them, for example a legitimate interest of Avanguardia Medica S.r.l., to defend against possible claims for damages.

Recipients of personal data

Your personal data may be shared for the purposes listed above with:
• Individuals authorized by the Controller to process personal data;
• Consultants, credit institutions for accounting/administrative purposes, contracting companies if work (even in part) is outsourced; some act as Data Processors;
• Entities or authorities to whom disclosure is required by law or by orders from authorities.
Regarding possible transfers of data to Third Countries, the Controller will ensure the processing is done in one of the legally allowed ways, for example your consent, adoption of Standard Contractual Clauses approved by the European Commission, selecting entities that adhere to international free data flow programmes or operating in countries considered safe by the EU Commission.
More info is available upon request to the Controller.

Security of personal data
  • Your personal data are processed securely by us or our carefully selected service providers. When service providers process health data on our behalf, we require high levels of protection.
  • We ensure very strict security measures are in place to protect your personal data to minimize risks of destruction, loss (including accidental), unauthorized access/use, or use incompatible with the purpose for which they were collected.
 
Amendments to this Policy

The Controller reserves the right to make changes to this privacy policy at any time, giving notice to users. Any modification, addition or update will be communicated in accordance with applicable regulations.