Privacy Policy

Effective from May 25, 2018

1. Introduction
2. Information on the Statement
3. Rights and preferences: user choice and control
4. How to collect personal data
5. Personal data that is collected
6. Purpose of the use of personal data
7. Sharing of personal data
8. Storage and deletion of data
9. Transfer to other countries
10. Connections
11. Data protection
12. Children
13. Cookie Policy
14. Hosting and server infrastructure
15. Changes to the Privacy Statement
16. Contacts

1. Introduction

Thank you for choosing Sanident.

We want to offer our patients the best possible experience so that they can better appreciate our services. To do this we need to know the sensitive and health data of the people who decide to take care of us. This allows us through specific informed consents required for each individual intervention or health service to be able, for example, to perform radiological examinations or to be able to provide detailed information and precise diagnoses on the health of our patients. patients. Sanident has always operated in such a way as to offer an exceptional and specially customized service. That said, the privacy and security of the patient’s personal data are and will always be one of our top priorities. We therefore wish to explain in a transparent manner how and why we collect, store, share and use your personal data, as well as illustrate the controls and choices that you can exercise on when and how to share personal data.

This is our goal, and in this Privacy Policy (“Information”) we will explain in detail what we mean.

2. Information on the Statement

This Statement discloses the essential details regarding the relationship of the patient’s personal data with Sanident. The provisions of this Notice refer to all Sanident services and any related services (hereinafter “Sanident Service”). The terms governing the use of the Sanident Service are defined in our personalized Care Plans.

Occasionally, we may develop new services or offer additional services. Should the introduction of these new or additional services entail a change in the way in which we collect or process your personal data, additional explanations and terms or conditions will be provided. Unless otherwise specified, when we introduce such new or additional services, they will fall within the scope of this Notice.

The purpose of this Policy is to:

1. ensure that patients understand what personal data we collect about them, the reasons we collect and use them, and with whom we share them;
2. explain how we use the personal information that the patient shares with us in order to offer an extraordinary experience when using the Sanident service
3. illustrate the user’s rights and choices in relation to the personal data we collect and process about it and how we will protect your privacy.

We hope this helps to illustrate our privacy commitments. For further clarification on the terms used in this Statement, it is possible to send specific and personal requests by writing an email to privacy@sanident.com. For information on how to contact us in case of questions or concerns, please consult the CONTACTS section below in paragraph 14; in case of disagreement with the content of this Privacy Policy, remember that it is at the user’s discretion to use the Sanident Service.

3. Rights and preferences: user choice and control

The user may be aware of the fact that a new EU law, called the “General Data Protection Regulation or” GDPR “(General Data Protection Regulation), grants certain rights to individuals in relation to their personal data. We have therefore implemented additional transparency controls and access to privacy settings to help users enjoy these rights. To the extent that they are available and with the exception of the provisions of current legislation, the rights granted are as follows:

• right of access: the right to be informed and to request access to the personal data processed concerning the user (commonly known as “request for access to the data subject”);
• right of rectification: the right to request the modification or updating of the user’s personal data in the event of inaccuracy or incompleteness;
• right of cancellation: the right to request the definitive cancellation of personal data;
• right of limitation: the right to request that we temporarily or permanently interrupt the processing of all or some of your personal data;
• right of opposition:
  • the right to object at any time to the processing of personal data for reasons related to the specific situation of the user;
  • the right to object to the processing of personal data for direct marketing purposes;
• data portability right: the right to request a copy of your personal data in electronic format and the right to transmit such personal data for use in the service of others;
• right not to be subject to an automated decision-making process: the right not to be subject to a decision based solely on an automated decision-making process, including on profiling, if the decision has a legal effect on the user or involves an equally significant effect .

To allow the user to easily exercise these rights and to record their preferences in relation to Sanident’s use of personal data, it is possible to request access to the following settings via a specific request to be sent to privacy@sanident.com :

• Privacy settings allows you to control some of the categories of personal data we process, to access personal data and includes a link to the specific section where you can get more information on how Sanident uses personal data and what your rights are;
• Notification settings – allows you to choose which communications to receive from Sanident and manage the personal data available.

If we send electronic marketing messages based on the user’s consent or otherwise permitted by current legislation, the user may, at any time, revoke this consent or express his opposition without incurring any cost. Electronic marketing messages received by Sanident (eg those sent by e-mail) will also include a waiver mechanism within the message itself (eg a revocation link in the e-mails we send to users ).

To find out more about the rights relating to the General Data Protection Regulations described above and the control methods we offer to all Sanident users in relation to these rights, consult the section on user rights. For any questions about privacy, rights or how to exercise them, contact our Data Protection Authority by sending an email to privacy@sanident.com. We will respond to your requests within a reasonable period of time after verifying the identity of who made the request. In the event of dissatisfaction with the way in which we use personal data, it is also possible to contact the Italian data protection authority or the local data protection authority and to file a complaint.

4. Method of collecting personal data

We collect your personal information in the following ways:

1. at the time of completing the personal health card or the collection of anamnestic data for the presentation of Sanident care plans: when the user decides to pay a visit to Sanident, we collect some personal data that allow us to use this service, such as e-mail address, date of birth, sex and country, general health status and the patient’s historical health documents.
2. Through the use of the Sanident Service: when using the Sanident service, we collect personal data relating to the use of the service, such as informed consents for health procedures, radiological investigations and clinical and surgical treatments.
3. Personal data collected that allows us to provide additional elements / features: from time to time, the user can also provide us with additional personal data or give us permission to collect further personal data, for example to provide him with additional information or features. The data will not be modified without the prior consent of the user. The user will always have the possibility to change his mind and withdraw his consent at any time.
4. From third parties: we will receive personal information about you and your business from third parties, including financial partners or clinical and medical institutions we work with to provide the Sanident Service (see the section SHARING YOUR PERSONAL DATA 7 below). We will only use this personal information if you have consented to the sharing of data by third parties or by Sanident, or if Sanident has a legitimate interest in using personal data to provide you with the Sanident Service.

We use anonymous and aggregated information for purposes that include the testing of our IT systems, research, data analysis, the creation of marketing and promotion models, the improvement of the Sanident Service and the development of new features within the Service Sanident.

5. Personal data that is collected

The following tables show the categories of personal data that we collect and use:

Personal data collected when registering for the Sanident Service

Categories of personal data

Description of the category

Registration data of personal health card and patient care plan

This is personal information provided by the patient or collected by us to enable the Sanident Service. This includes the e-mail address, telephone number, date of birth, gender, postal code and country, general health status and the patient’s historical health records. Some of the personal data we request to provide is necessary to create the personal health card. The user also has the possibility to provide us with further personal and health data in order to complete the personalized medical history. The specific personal data we collect depends on the type of therapy or surgery the patient will have to undergo. For example, for more invasive interventions a more in-depth list of exams to be produced for the preparation for the intervention may be necessary (such as three-dimensional CT Cone-Beam radiological examinations, cardiological examinations, preparatory visits to sedation and anesthesia, specific examinations for control of degenerative and metabolic diseases).

Personal data collected through the use of the Sanident Service

Categories of personal data

Description of the category

Usage data of the Sanident Service

This is the personal data that is collected about you when you use the Sanident Service may be included: Specific information on drug therapies Information on patient interactions with Sanident including date and time of any requests carried out, appointment booking service, receipt also in electronic format of fiscal, asset and income documentation of the patient to obtain on request of the same access to financial services offered by third parties (banks and financial) in order to pay in installments necessary for the care and surgery performed by Sanident doctors. Specific informed consent for treatments and surgical operations involving the possibility of injury, absorption of ionizing radiation, contraindications or post-intervention recovery difficulties for the patient. This information may also include data relating to the use of third party applications and systems of digital signature acquisition. User Content including messages sent and / or received by Sanident and interactions with Sanident Customer Service. Photographs of the patient with full face or dental arches for the realization of custom-made dental prostheses, Imprints of dental arches obtained through analog casts or digital scanning systems. Two-dimensional and three-dimensional radiological examinations preserved on digital support, images of ecotomographies and digital health contents Filming of surgical operations also with the aid of audiovisuals and operating microscopes with variable magnifications Technical data which may include information on URLs, cookie data, user IP address, types of devices used to access or connect to the Website or Sanident Web Applications, unique device IDs, attributes, type of network connection (eg WiFi, 3G, LTE, Bluetooth) and provider, network and device performance, browser type, language, information that allow the management of digital rights, operating system and version of the Sanident application.

Personal data collected with your permission that allows us to provide additional elements / features

Categories of personal data	Description of the category
Mobile data provided voluntarily	The user also has the possibility to express his consent to the collection of further personal data from his mobile device so that we can provide elements / features that improve the experience obtained through the Sanident Service on the website or during the use of specific applications . We will not access the personal data listed below under any circumstances without first obtaining the user’s consent: personal photos Precise position of the mobile device Voice data Voice data
Payment details	The exact personal data collected will vary depending on the payment method (eg direct payment of the services in the clinic or access to the payment plan in installments via financial or bank), but will always include information such as: Name surname; date and place of birth; type of credit or debit card, expiration date; Postal code; cellphone number; transaction history details; income documents and other patrimonial indications (when requested by the credit institutions that collaborate with Sanident) upon specific written request from the patient we will provide your personal data to the financial companies and banks that will process the payments to enable them to complete a solvency check and the possibility of agreement of the installment plan.
Marketing data	This personal data is used to allow Sanident and its partners / service providers to send marketing communications: by email, while using Sanident services directly from third parties. To learn more about the personal data collected and the control available to you in relation to the marketing communications that you will receive, you can request by mail at privacy@sanident.com

6. Purpose of the use of personal data

When the user uses Sanident services, various technologies are used to process the personal data collected for various reasons.
The following table shows the purposes of the processing of personal data and the relative legal provisions on which we base ourselves to be able to legally process the personal data used for these purposes. (Paragraph 5 “Personal data collected“)

purpose of processing personal data	Law provisions for processing purposes	Categories of personal data used by Sanident for processing purposes
To deliver, customize and improve the Sanident service and other services and products offered by Sanident, for example by providing personalized content, as well as recommendations and advertising (for products and services of the companies of the Sanident group and in compliance with the provisions of health law. )	Execution of a contract Legitimate interests	Personal health card registration data Service usage data
To understand how the user uses Sanident services to ensure functionality and innovate services as well as develop new products and services.	Execution of a contract Legitimate interests	Personal health card registration data Service usage data
To process the payment, in order to prevent or detect fraud, including fraudulent payments and fraudulent use of Sanident services.	Execution of a contract Compliance with legal obligations Legitimate interests	Payment details
To communicate with the patient, directly or through one of our partners, to: marketing, research, surveys, promotional purposes, by e-mail, sms or by telephone in accordance with the authorizations eventually communicated to us.	Consent Legitimate interests	Survey data Marketing data
To communicate with the patient for purposes related to the services offered by Sanident.	Execution of a contract Legitimate interests	Account registration data Service usage data

7. Sharing of personal data

We have defined the categories of recipients of personal data collected by Sanident Srl.

• Authorities responsible for law enforcement and data protection

We will share your personal information when we believe in good faith that this is necessary to comply with a legal obligation under applicable law or to respond to a valid legal proceeding, such as a search warrant, a court order or a summons in judgment.

We will share your personal information even when we believe it is necessary in good faith for our own or a third party’s purposes relating to national security, law enforcement, litigation or criminal investigations, the protection of any person’s safety or to prevent deaths or imminent injuries, unless we believe that the interests of the patient or his rights and fundamental freedoms that require personal data protection prevail over such interests.

• Other companies of the Sanident group

We will share your personal information with other companies in the Sanident Group to carry out our daily activities and to enable us to manage and provide the services of
Sanident.

• Buyers of our business

Buyers of our business

In this case, Sanident will continue to guarantee the confidentiality of the patient’s personal data and will communicate it before they are transferred to the buyer or are regulated by a different Privacy Policy.

Sanident will not in any way provide the personal data of its patients to third parties that go beyond the aforementioned.

8. Storage and deletion of data

We keep the personal data of our patients for the time necessary to provide the service and for as long as required by current health regulations.

If requested, we will cancel the patient’s personal data, always in accordance with the current health regulations.

9. Transfer to other countries

Sanident may share patient’s personal data nationally and internationally with other companies in the Sanident Group in order to perform the activities specified in this Notice.

Sanident will ensure that the transfer of personal data always takes place in compliance with applicable privacy laws and always in compliance with the standard contractual clauses approved by the European Commission.

10. Connections

On our web platforms we may display third-party advertisements and other content that refer to third-party websites. We cannot control or be held responsible for the privacy practices and third party content. If you click on an advertisement or a third party link, keep in mind that you are abandoning the Sanident Service and that the personal data provided will not be governed by this Policy. For information on how to collect and process personal data, read the Privacy Policy of these individuals.

11. Data protection

We are committed to protecting the personal data of our patients. For our servers we adopt advanced technical and organizational measures in the field of information security; however, remember that no system is ever completely secure.

12. Minors

Data relating to minors will always be collected upon the signature of an informed consent form from a parent or legal guardian.

13. Cookie Policy

This Website uses Cookies. To learn more and to view the detailed information, the User can consult the Cookie Policy.

14. Hosting and server infrastructure

The hosting service is provided by:

– Infomaniak Network SA through its proprietary servers.
Server physical location: Switzerland.
Personal Data: various types of Data as specified in the Infomaniak Privacy Policy which is responsible for the processing of data, processing the data on behalf of the owner, is located outside the European Economic Area but acts in accordance with European standards.

– So you Start through proprietary server of the company OVH S.r.l. – Registered office: Via Leopoldo Cicognara, 7 – 20129 Milan (MI) – Italy.
Physical location of servers: France.
Personal Data: various types of Data as specified in the OVH Privacy Policy.

15. Changes to the Privacy Statement

We may occasionally make changes to this Policy.

When we make substantial changes, we will notify the patient by e-mail.

Be sure to read these warnings carefully.

16. Contacts

Thank you for reading our Privacy Policy. If you have questions about this Policy, please contact our Privacy Guarantor by writing to privacy@sanident.com or by writing to us at the following address:

Sanident Srl
Via Settembrini, 6
Milan
20124
Italy.

Sanident Srl is the data controller for the purposes of processing personal data pursuant to this Statement.

See you soon and remember

Your smile is our mission.

---

Last modification: 11/06/2018