Informaon pursuant to arcles 13 and 14 of Regulaon (EU) 2016/679 In
This disclosure, pursuant to arcles 13 and 14 of Regulaon (EU) 2016/679 (hereinaer referred to, for the sake of brevity, simply as "GDPR"), the informaon
relang to the processing of personal data connected to the use of the BRM Follow-up mobile applicaon.
The data controller
data controller is BRM Extremies Srl (VAT number 08683610961), based in Civate (LC), in via Papa Giovanni XXIII n. 9 – 23862, tel.: 0341 1693087, ordinary e-mail:
info@brm-extremies.com, PEC: brlextremiesrl@legalmail.it, in the person of its pro tempore legal representave.
The interested pares and the data processed
The interested pares are the natural persons whose personal data the Data Controller processes through the BRM Follow- up applicaon and its funcons, who
are idenfied or idenfiable:
a. the doctors who register on the applicaon (hereinaer referred to, for brevity, simply as the "Doctors" or, in the singular, as the doctor");
b. paents, whose data are entered by the Doctors for the management of the follow-up (hereinaer indicated, for the sake of brevity, simply as the “Paents” or,
in the singular, as the “Paent”).
The Doctors' data processed through the BRM Follow-up applicaon are common personal data (name and surname, any other personal data, e-mail address,
password, type of prosthesis with which the individual doctor works, etc.).
Paent data processed through the BRM Follow-up applicaon are common personal data (name and surname, date of birth, e-mail address and - oponally -
telephone number) and parcular data (sex, age and weight of the paent , date of the operaon, implanted medical device, any images of the operaon, x-rays
and other diagnosc tests, video recordings of the paent limited to the area affected by the operaon or through measures aimed at prevenng the recovery of
the face or other characterisc elements); the e-mail address of the Paent is collected and processed to send the confirmaon of the manifestaon of consent to
the registraon of the same and to allow him to possibly exercise his rights.
The Owner recommends that the Doctor take the images and film the Paent, liming the area to be filmed to a minimum and absolutely avoiding filming the face
and other characterisc bodily elements (taoos, other idenfying elements).
At the me of saving the Paent's data in the mobile applicaon, the Doctor declares that he is entled to store and in any case process the Paent's data by means
of this tool.
Purpose of the treatment
The personal data of the interested pares are processed for the purposes listed in this paragraph:
1. Registraon of the Doctor's account on the BRM Follow-up mobile applicaon;
2. Paent Registraon;
3. Inseron of any images of the operaon, x-rays and other diagnosc invesgaons, video recordings of the Paent limited to the area affected by the operaon
or by means of a device aimed at prevenng the recovery of the face or other characterisc elements;
4. Making paent follow-up data available for subsequent Doctor visits as well as for sharing with other Doctors who follow the paent;
5. Making follow-up data available to the paent;
6. Sending newsleers to the Doctor regarding the acvity of the Owner.
Processing methods
The processing of personal data takes place using IT and telemac tools with logic strictly related to the purposes and, in any case, in such a way as to guarantee
the security and confidenality of the data in compliance with the regulaons in force. The treatment is carried out with electronic processing methods, through
management and storage systems with cung-edge hardware and soware: in order to provide high quality services to the interested pares, the Data Controller
can use services provided by specialized companies which are promptly made aware of his responsibilies by signing a specific contract for the appointment of
data controller pursuant to art. 28 GDPR.
The data is stored on servers located at the Data Controller's registered office, as well as possibly at the headquarters of external managers and their suppliers,
within the European Union. The Data Controller will not transfer User data outside the European Union, unless the condions set out in Arcles exist. 45 et seq.
GDPR.
Legal basis of the processing
For the purpose indicated above in n. 1 the legal basis of the treatment is constuted by the art. 6 par. 1, lit. b) GDPR (i.e. the execuon of
a contract - as well as the provision of related services - or the execuon of pre-contractual measures adopted at the request of the Doctor). For the purposes
indicated above in numbers 2, 3 and 4, the legal basis for the processing of the paent's common personal data is art. 6 par. 1, lit. a) GDPR (i.e. the free, specific,
informed and unequivocal consent of the Paent who - informed by the Doctor regarding the characteriscs of the processing of his data - expresses his consent
to the same, to then confirm it by contacng the e-mail by the mobile applicaon); for the same purposes, the legal basis for the processing of the paent's
parcular data is art. 9 par. 2, lit. a) GDPR (i.e. the free, specific, informed and unequivocal consent of the Paent who - informed by the Doctor regarding the
characteriscs of the processing of his data - expresses his consent to the same, to then confirm it by contacng the e-mail by the mobile applicaon).
For the purpose indicated above in n. 5 the legal basis the legal basis of the processing is constuted for common personal data by art. 6 par. 1 lit. a) GDPR and for
parcular data from the art. 9 par. 2, lit. a) GDPR (in both cases it is the free, specific, informed and unequivocal consent of the Paent, who expresses it by
consulng the data concerning him or by downloading them).
For the purpose indicated above in n. 6 the legal basis of the treatment is constuted by the art. 6 par. 1, lit. a) GDPR (i.e. the free, specific, informed and unequivocal
consent of the Doctor).
Compulsory or oponal nature of the provision of data and consequences of a possible refusal to answer
The provision of data is oponal for the purposes referred to in numbers 1., 2., 3., 4. and 5.; failing that, the services rendered by the BRM Follow-up applicaon
cannot be provided to the Doctor and the Paent and, for the purposes referred to in art. 6, the newsleer about the acvity of the Owner cannot be sent to the
Doctor.
Communicaon and disseminaon
The personal data of Doctors and Paents are processed by the Data Controller, by any Data Processors and by the Persons authorized to process them. Paent
data may be communicated, subject to the consent expressed by the same, to other Doctors who treat them, by extending access to the pernent files to them.
Storage mes
In the event of a request for cancellaon of the account by the Doctor, it is removed.
In the event of withdrawal of consent by the paent, or inacvity for more than 24 months aer the conclusion of the follow-up on the relevant file, his data can
only be stored aer radical and irreversible anonymizaon of the same, for scienfic and stascal purposes.
In case of revocaon of the Doctor's consent to the sending of the newsleer, his e-mail address will be removed from the relevant mailing list.
Existence of an automated decision-making process
There is no automated decision-making process.
Rights of the interested
party As an interested party, the subjects connected to the client companies as well as the company representaves of these companies can exercise the following
rights: access to data (art. 15 GDPR); recficaon (art. 16 GDPR), cancellaon (art. 17 GDPR), limitaon of data processing (art. 18 GDPR); data portability (art 20
GDPR) where applicable; opposion to the treatment (art. 21 GDPR). Interested pares can exercise their rights at any me by contacng the Data Controller at
the addresses indicated above and, if they believe that their rights have been violated, they can appeal to the Guarantor for the protecon of personal data.
