- Data Controller and contact details The data you provide as a user of the Ketonet application (hereinafter the "App") will be processed by the Italian Glut1 Onlus Association, C.F. 96067790186, with registered office in Via Ferrucci, 6, Milan, which can be contacted at the e-mail address [email protected], As Data Controller (hereinafter "Owner" or "Glut1").
- Types of data processed The Data Controller may process, in accordance with this Policy, the following personal data collected through the App: personal data (eg name, surname); contact details (e.g. e-mail, telephone); browsing data (e.g. IP address, online identifier and the so-called timestamp, or the exact time when you gave your consent); data relating to physical characteristics (eg: weight, height, age); particular categories of data such as, for example, data relating to the state of health and medical treatments carried out (e.g. drugs taken, episodes of malaise, diet followed,).
- Purpose, legal basis and explanation
Purpose Legal Basis Explanation a) Registration, access and use of the App Execution of the contract and / or pre-contractual measures
We will process your personal data for the creation of a personal account in order to be able to use the services offered by the App.
b) Use of the "Clinical Data" section of the App by the user Consent The data will be processed to allow monitoring of the user following the diet and to allow the user to send such data to the reference nutritionist. c) Fulfillment of legal obligations Legal obligation We will process your personal data to fulfill any legal, accounting and tax obligations. d) Compliance with orders from judicial authorities or other public authorities Legal obligation We may have to provide your data to judicial or other public authorities by virtue of legal obligations or express requests. e) Establishment or defense of a right Establishment or defense of a right Processing is necessary to ascertain, exercise or defend a right in court or whenever the judicial authorities exercise their judicial functions;
- Nature of the provision In relation to the purpose a) of the previous paragraph, the provision of personal data is optional. However, failure to provide it will make it impossible for the Owner to allow registration on the Site and the functions connected to it. In relation to the purpose b) the provision of personal data and consent to their treatment is optional. In relation to the purposes b), c), d) and e) of the previous paragraph, the provision of personal data is mandatory. Failure to provide it will make it impossible for the Owner to proceed with the conclusion of the contract and the management of all activities related to it as well as the fulfillment of obligations under current legislation.
- Methods of data processing Your personal data are processed with the support of computer and / or paper means and are protected by adequate security measures suitable to guarantee confidentiality and security. The use of any fully automated decision-making process is not envisaged.
- Data communication For the purposes indicated in par. 3, your personal data may be transferred to the following categories of recipients, located within the European Union: The data will be transmitted to the attending physician, as well as to the dietician and other health professionals indicated by you, who will process them as Autonomous Owners; to our internal administrative staff; service providers who provide assistance and / or advice to the Data Controller with reference to the activities of the sectors (for example legal and accounting, insurance, companies or entities appointed by us as responsible for the specific treatment); subjects who need to access data for purposes related to the contractual relationship in place with Glut1, within the limits strictly necessary for the performance of their duties (such as, for example, IT service providers, hosting providers); subjects and authorities whose right of access to Users' personal data is expressly recognized by law, regulations or provisions issued by the competent authorities. These recipients, depending on the circumstances, will process personal data as owners, or data processors. These subjects may act, depending on the circumstances, as independent data controllers or data processors. A complete list of the Managers can be requested by contacting the Data Controller at the following address: [email protected]
- Data transfers abroad Personal data may be freely transferred outside the national territory to countries located in the European Union. Any transfer of the User's personal data to countries located outside the European Union will take place, in any case, in compliance with the appropriate and appropriate guarantees for the purposes of the transfer itself pursuant to the applicable legislation and in particular of articles 45 and 46 of the GDPR.
- Data retention terms The User's personal data will be kept for the period of time necessary for the pursuit of the specific purposes for which they were collected, as indicated in this statement. Once the terms indicated above have elapsed, the User's data may be deleted, anonymized and / or aggregated.
- Rights of the interested parties You have the right, at any time, to ask the Data Controller for access to your personal data (Article 15), the rectification (Article 16) or the cancellation (Article 17) of the same, or the limitation of the processing (Article 18) or to oppose their processing (Article 21), to the portability of your personal data (Article 20) and finally to lodge a complaint with the Supervisory Authority (Guarantor for the Protection of Personal Data). You can assert your rights as expressed by EU Regulation 2016/679, by contacting the Data Controller, by sending an e-mail to [email protected] or by writing to the Data Controller's office indicated above.
- Changes and updates The Owner reserves the right to make changes to this information whenever necessary. Users will be notified of significant changes and additions through the Website.