Information on personal data processing pursuant to article 13, Legislative Decree 196/2003). HTClinic, owner of the data processing system, wishes to inform you that all data that are forwarded on a voluntary basis shall be processed with IT means for the management thereof and for the purpose of sending our periodic prospectus. With your consent, the information provided to us may be used by the processing system’s owner in order to inform you on HTClinic’s initiatives and conduct market and statistical research in connection with our products as well as in order to make direct contact feasible so that you may be provided with scientific explanations on the methods used. The data forwarded to the Group by you may not under any circumstances be disclosed to third parties. At any time, the interested party may exercise the rights to access, correct, make additions to the data and object to the use thereof by sending a written notice to HTClinic, owner of the data processing system, to the following address: HTCLINIC AG, Alpenstrasse 1, P.O. Box, 6304 Zug, Switzerland [email protected], (pursuant to article 7, L.D. 196 of June 30th, 2003). By virtue of the same article, interested parties may exercise the right to demand the deletion, anonymification or freezing of any data processed in violation of the law as well as the right to object to the processing thereof on legal grounds. LOCATION AND MODE OF DATA PROCESSING The processing related to this web page’s web services takes place exclusively in HTClinic’s registered office by specialized technical personnel of the Service responsible for data processing. This web page and the data gathered through specific data gathering forms are filed with the Group‘s server provider, namely with the company ΙΤnet S.r.l., Via Cesare Giulio Viola no 48 – 00148 Roma. HTClinic is formally responsible for the data Terms and conditions and privacy policy processing, pursuant to article 29, L.D. 196 of June 30th, 2003 (Privacy Code). Specific security measures are taken so that the loss or illegal or improper use of or unauthorized access to the data may be averted. HTClinic adopted all the fundamental security measures provided for by the law. HTClinic, based on primary international standards, has also adopted additional security measures for the minimization of risks related to confidentiality, availability and integrity of the personal data that were gathered and processed. For the provision of complete information, HTClinic states below articles 7 and 13 of L.D. 196/2003. Article 7 (Right to access personal data and other rights) 1. The interested party shall be entitled to request confirmation of whether there are or are not personal data concerning him/ her even if such data are not registered and may also request that these be clearly communicated to the interested party. 2. The interested party shall be entitled to information on a) the origin of personal data, b) the purpose and process of data processing, c) the tactic that is followed in the event of electronic processing, d) the identification details of the owner, the persons responsible for processing and the representative appointed pursuant to article 5, sub-par. 2, e) the persons or categories of persons to whom the data may be transferred or who may be informed in this respect in their capacity of appointed representative of the persons responsible or commissioned in the state territory. 3. The interested party shall be entitled to request: a) an update on or the correction of the data or, at any time he/ she wishes, additions to the data, b) the deletion, anonymification or freezing of the data that were processed in violation of the law, including the data that are not required to be kept in connection with the purposes for which they were gathered or subsequently processed, c) confirmation that the actions stated in letters a) and b) were communicated, as to their content, to the persons to whom the data were communicated or divulged, except where compliance with this obligation is impossible or entails the use of means that are obviously disproportionate in connection with the protected right. 4. The interested party shall be entitled to object in whole or in part: a) on legal grounds, to the processing of personal data pertaining to the same, even when it takes place in relation to the purposes for which such data were gathered, b) to the processing of personal data pertaining to the same, with the purpose of sending promotional material or for the direct sale or conduct of market research or commercial announcements. Article 13 (Provision of information) 1. The interested party or the person in possession of the personal data shall be informed in advance and in writing on: a) the purposes and processes of data processing, b) the mandatory or optional nature of providing the data, c) the repercussions of any refusal to answer, d) the persons or categories of persons to whom such personal data may be disclosed or who may be informed on such data in their capacity as persons responsible or commissioned, as well as the context of data disclosure, e) the rights stated in article 7, f) the identification details of the owner and, if appointed, of the representative thereof in the state territory, pursuant to article 5, as well as the details of the person responsible for the processing. In the event that the owner has appointed more than one person responsible, at least one of them shall be indicated, stating the web page of the contact network or the manner in which an updated list of the names of the persons responsible may be easily disclosed. When a contact person is appointed who is to give answers to the interested party, on the occasion of exercising the rights stated in article 7, the name of this contact person shall be stated. 2. The provision of information stated in sub-section 1 includes the details required by specific provisions of this code and may not include details that are already known to the person providing the data or when the knowledge thereof may substantially hinder an inspection or audit by a public agency, which is conducted for the protection or security of the state or the prevention, identification or suppression of offences. 3. The Warrantor may identify, by its own decision, simplified information processes that are provided primarily through phone services for the support and information of the public. 4. In the event that the personal data are not gathered with the help of the interested party, the information stated in sub-section 1, including the categories of the processed data, shall be provided to the interested party at the time of data registration or, when such data may be disclosed, not beyond the first disclosure. 5. The provision stated in sub-section 4 shall not apply in the event that: a) data are processed as required by law, a regulation or the EU legislation, b) data are processed for the conduct of protective investigations as stated in law 397 of December 7th, 2000, provided that data processing takes place for such purposes, solely for the period required in order for such purposes to be achieved, c) the provision of information to the interested party entails the use of means, which the Warrantor, indicating possible proper measures, states that they are obviously disproportionate in connection with the protected right, or the provision of information proves impossible according to the Warrantor
