Information relating to data processing personal data pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”) Swiss legislation in data protection matters (LPD – ART. 28 CC).
Privacy Policy
DATA PROTECTION INFORMATION PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679 ("GDPR") SWISS DATA PROTECTION LEGISLATION (LPD - ART. 28 CC).
Procrea Centro Fertilità Svizzera italiana SA considers the protection of personal data of its current and potential patients of fundamental importance. The contents of this webpage aim to provide you, in a simple and intuitive manner, with all the information required by Articles 13 and 14 of Regulation (EU) 2016/679 ("GDPR") as well as the relevant Swiss data protection legislation (LPD - art. 28 CC).
The data controller is Procrea Centro Fertilità Svizzera italiana SA, located at Via Clemente Maraini 8, 6900 Lugano, Switzerland. The data controller acquires and processes your personal and sensitive data for the purposes specified below.
*** *** ***
Data, legal basis, processing purposes, third parties
The personal data you provide, including identifying information (name, surname, mobile, residential address, email), voluntarily communicated during the completion of the form on this website, will be processed with a focus on minimization and transparency. They fall into the following categories:
-
Personal identifying data (name, surname, mobile, residential address, email) voluntarily communicated during the completion of the form on this website.
-
These data will be used within the limits and for the pursuit of the purposes, and based on the legal bases indicated below:
-
Information and initial consultation for the provision of assisted reproductive health services through prevention, diagnosis, treatment, surgical interventions, therapy, laboratory activities, cryopreservation of biological material, and patient assistance (Art. 9 par. 2) letter h) healthcare professional contract).
-
Providing your data is optional, but refusal to provide such data may result in the non-execution/non-prosecution of the relationship.
Processing is carried out by automated means, including tools to store, manage, and transmit the data, ensuring security and confidentiality. Data collection does not involve processing through automated decision-making processes - profiling.
Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access.
-
In paper form, data are processed and stored at the company's headquarters located at Via Clemente Maraini 8, 6900 Lugano, Switzerland, or at the headquarters of the Data Processors.
-
In electronic form, on the computers/devices of the Controller/Processors, and servers managed by the Controller.
The data of minors will not be processed without the explicit consent of parents or legal guardians.
Data will not be indiscriminately disclosed, meaning not made known to unidentified subjects in any way, including making them available or consulting them.
Data may be communicated, meaning made known (also for any treatments) to one or more specified subjects strictly relevant to the fulfillment of obligations, tasks, and purposes as mentioned above:
-
Other healthcare facilities (complete list available upon request) for the patient's request for specific assisted reproductive techniques, related investigations and analyses, as well as entities and organizations providing transport services for biological samples, assistance (e.g., ambulance services).
-
Providers of IT services as external Data Processors - System Administrator.
-
Public entities, both Swiss and of other nationalities, guaranteeing participation in health expenses, as well as private insurance and pension entities, as indicated by you, for administrative and reporting purposes of the services provided.
-
Entities performing supervisory and control functions in health matters, judicial police, hygiene and safety appropriateness of health and healthcare services, certifications, and reports; Public entities performing health planning, prophylaxis, health statistics, and epidemiological analysis functions; Entities performing authorization, accreditation, contractualization, and certification activities within quality systems.
-
Legal offices, medical-legal consultants, as well as the insurance company and insurance broker with whom the Controller has signed an appropriate third-party liability policy.
In addition, personal/sensitive data may become known to be processed by:
-
Our employees, collaborators, even freelance and external consultants of the Controller or employees/collaborators of other centers belonging to the same group as the Controller.
-
You can obtain an updated list of our Data Processors by requesting it by mail or email using the contact details below. Your data will be processed outside the European Economic Area or in Switzerland at the Controller or at duly appointed external Processors.
*** *** ***
Exercise of rights
The data subject has the following rights according to Articles 15 to 22 of the GDPR:
Right of access:
The client has the right to obtain confirmation of whether or not personal data concerning them is being processed, access to the data, and the following information:
-
Purposes of processing;
-
Categories of personal data processed;
-
Recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations;
-
The retention period of personal data;
-
The existence of the data subject's right to request the rectification or erasure of personal data or the restriction of processing concerning the data subject or to object to such processing;
-
The right to lodge a complaint with a supervisory authority;
-
Where the data is not collected from the data subject, all available information about its source;
-
The existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Right to rectification:
You have the right to obtain the immediate rectification of inaccurate data and the right to have incomplete or inaccurate personal data completed.
Right to erasure:
You have the right to obtain the erasure of personal data for one of the following reasons:
-
The personal data are no longer necessary for the purposes for which they were collected or processed;
-
The data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
-
The data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
-
The personal data have been unlawfully processed;
-
The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
Right to restriction of processing:
You have the right to obtain the restriction of processing in the following cases:
-
The accuracy of the personal data is contested by the data subject;
-
The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
-
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims;
-
The data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to notification:
The Controller is obliged to communicate any rectification, erasure, or restriction of processing of personal data to each recipient to whom the data has been communicated. Upon your request, the Controller must inform you about the recipients to whom your personal data has been sent.
Right to data portability:
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.
Right to object:
You have the right to object at any time to the processing of personal data. In this case, the data will no longer be processed unless the Controller demonstrates compelling legitimate grounds for the processing, or it is necessary for the establishment, exercise, or defense of legal claims. Your data will be retained for a necessary period: to achieve the purposes of the processing and to comply with civil and tax laws and any other legal obligations, respecting your rights.
*** *** ***
Contact details
Requests to exercise your rights, as mentioned above, can be submitted by mail to the Data Controller Procrea Centro Fertilità Svizzera italiana SA, Via Clemente Maraini 8, 6900 Lugano, Switzerland, or to the email address privacy@procrea.ch. You can contact the Data Protection Officer ("DPO") appointed by the Controller under Articles 37 et seq. GDPR by sending an email to dpo@procrea.ch.
You always have the option to file a complaint with the Data Protection Authority (www.garanteprivacy.it).
*** *** ***
One of the principles applicable to the processing of your personal data concerns the limitation of the retention period, regulated by Article 5, paragraph 1, point e) of the regulation, which states "personal data are kept in a form that allows the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the data is processed solely for archiving purposes in the public interest, scientific or historical research, or statistical purposes, in accordance with Article 89(1), subject to the implementation of appropriate technical and organizational measures required by this regulation to protect the rights and freedoms of the data subject."
In light of this principle, your personal data will be processed by the Controller only to the extent necessary to achieve the purposes stated in this Information. In particular, your personal data will be processed for a period equal to the minimum necessary, as indicated by Consideration 39 of the Regulation, to fulfill the relationships between you and the Controller (request for information/initial consultation for healthcare services), except for any additional retention period imposed by mandatory health, civil, and tax regulations, and compliance with any other legal obligation connected to the applicable law of the data subject, as also provided by Consideration 65 of the Regulation.