Privacy Policy Quiddis Health App

Last update: March 28, 2024

 

Introduction

Grammelot S.r.l. (VAT number 09562620964), with registered and operational headquarters at Via Casale no. 5, Milan (MI), as Data Controller, informs you that the Personal Data provided by you upon registration and during the use of the Quiddis Health App are processed[1] by the undersigned, in accordance with European and national regulations on the protection of personal data (EU Regulation 2016/679, hereinafter “GDPR” and Privacy Code as amended by Legislative Decree 101/2018).

This information is provided pursuant to Article 13 of Regulation (EU) No. 2016/679 (hereinafter the “GDPR”).

[1] The term “processing of data” refers to “any operation or set of operations, performed with or without the aid of electronic or automated means, concerning the collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.”

 

Purposes of Processing and Legal Bases

Grammelot S.r.l. states that registration and use of the Quiddis Health App require the provision of personal data, which will be processed in full compliance with the GDPR and applicable national regulations.

Pursuant to these laws, such processing will be based on the principles of fairness, lawfulness, and transparency, protecting your privacy, rights, and freedoms.

The purposes of processing through the use of the platform are as follows:

1. Provision of training courses accessible to external and internal users of the corporate organization through the platform, as well as management of issues related to course/webinar delivery. Legal basis for processing: processing is necessary for the performance of a contract to which the data subject is a party under Article 6.1.b GDPR;
2. Monitoring of the platform for knowledge and statistical purposes to evaluate participation trends in courses. Legal basis for processing: pursuit of the legitimate interests of the Controller under Article 6.1.f GDPR;
3. For external speakers to the organization for the purpose of managing the contractual relationship, related obligations (administrative and accounting), as well as for the provision subject to the contract, relating to the delivery of courses including educational and training materials that will be uploaded to the platform. Legal basis for processing: processing is necessary for the performance of a contract to which the data subject is a party under Article 6.1.b GDPR;
4. For internal speakers within the organization of Grammelot S.r.l. for the provision of courses, including educational and training materials, which will be uploaded to the platform. Legal Basis for processing: consent of the data subject under Article 6 letter a GDPR (obtained during hiring in connection with employee information);
5. To conduct checks on internal and external speakers for the management of the verification process regarding compliance with company policies and ongoing selection procedures. Legal basis for processing: pursuit of the legitimate interests of the Controller under Article 6.1.f GDPR;
6. To enforce and/or defend the rights of the Controller out-of-court, judicially, manage disputes, and arbitrations. Legal basis for processing: pursuit of the legitimate interests of the Controller under Article 6.1.f GDPR.

 

Nature and Methods of Processing

The processing of data concerning you will be carried out through the Quiddis Health App predominantly in an automated manner, observing the security measures, technical and organizational, specifically adopted by Grammelot S.r.l..

The processing will concern common personal data: name, surname, personal and business email address where it allows the identification of the individual, image, and voice of speakers and participants in the course/webinar.

Personal data will be processed mainly at the Data Controller’s registered office in Milan and/or at the locations where any Data Processors appointed pursuant to Article 28 of Regulation (EU) 2016/679 are located, and will not be transferred outside the European Economic Area.

The provision of personal data is mandatory for the purpose of allowing access to the platform and participating in activities related to it. Failure to provide personal data will result in the impossibility for the data subject to benefit from the platform and the courses including educational materials uploaded therein.

The provision of Personal Data will take place by filling in the appropriate predefined fields within the platform.

 

Categories of Recipients to Whom Personal Data May be Disclosed

Personal Data provided by users on the platform may be disclosed to employees or collaborators of the Data Controller, for activities related to the provision of activities connected to the platform, and to Data Processors appointed pursuant to Article 28 of the Regulation, who, operating under the direct authority of the Controller, process data and receive appropriate instructions in this regard. The same will happen – by the Data Processors appointed by the Controller – towards the employees or collaborators of the Data Processors.

Public bodies and administrations	for checks and controls in compliance with tax and civil obligations
Banks and Credit Institutions	for carrying out economic/financial transactions (payments/collections)
Law firms, consulting firms, notaries, accountants	for consultancy activities in their respective areas of professional competence
IT infrastructure maintenance companies, software providers	for normal HW/SW maintenance activities, software production and delivery, or for any data restorations
Certification bodies and accreditation bodies	for verification activities for obtaining and/or maintaining certifications acquired by Grammelot S.r.l.
Communication agencies and communication and marketing consultants, video production companies, photographers, and image editing, video conferencing software solutions providers, electronic platform managers to send marketing campaigns	for activities related to event registration; for any subsequent image editing activities and content processing.

 

Duration of Processing and Data Retention

The data provided will be kept for a period not exceeding that necessary for the purposes specified in this information, following the details reported below, or for a longer period for purposes permitted by law, and, in any case, upon the fulfillment of the aforementioned purposes, they will be deleted without undue delay.

In particular, with reference to the section “Purposes of Processing and Legal Bases” for the purposes number:

1. For the entire duration of the contractual relationship between the Data Controller and the registered user (whether external referring to the service contract or internal referring to the employment contract), and, after its conclusion, for a maximum of 10 years pursuant to Article 2214 of the Italian Civil Code and Presidential Decree 660/1973 (Keeping accounting records);
2. For the entire duration of the contractual relationship between the Data Controller and the registered user (whether external referring to the service contract or internal referring to the employment contract);
3. For the entire duration of the current contractual relationship and, after its conclusion, for a maximum of 10 years pursuant to Article 2220 of the Italian Civil Code (Keeping accounting records);
4. Until the termination of the employment relationship and beyond its termination in the event of non-revocation of the consent given by the employee upon hiring. This revocation may also occur during the ongoing employment relationship with Grammelot S.r.l. in accordance with the GDPR;
5. For the entire duration of the current contractual relationship and, after its conclusion, for a maximum of 20 years;
6. For the entire duration of out-of-court and judicial disputes until the expiration of the limitation periods of the right and/or expiry of the action and/or the possibility of challenging actions.

 

Data Protection Officer (DPO)

Grammelot S.r.l., on a voluntary basis, has appointed a Data Protection Officer who can be contacted via email at the following address: support@quiddis.com .

Below, by way of example and not exhaustively, are scenarios in which the DPO may be contacted and/or it is advisable to contact them:

• If you want to exercise a right recognized by the European Regulation;
• If you want to challenge the rejection of a request to exercise a right or believe that the response was unsatisfactory or did not arrive within the indicated timeframe;
• If you believe you have suffered a violation of your personal data during processing by the Controller or the Data Processor;
• If you believe that the information provided to the data subject is not sufficiently clear and transparent;
• If you believe it is necessary to receive clarifications or further information about the processing of your personal data (purpose, legal basis, retention periods, processing methods, etc.);
• If you need information to file a complaint with the Supervisory Authority.

 

Data Subject’s Rights

At any time, the data subject may exercise their rights against the Data Controller in accordance with Articles 15 to 21 of the GDPR, the full text of which is hereby invoked.

The data subject shall have the right to request from the Controller access to their personal data, rectification, erasure, or restriction of processing, and shall also have the right to object to processing, as well as the right to receive, in a structured, commonly used, and machine-readable format, the data concerning them. Moreover, the data subject may, at any time, withdraw consent for processing based on such legal basis (purpose 4) without affecting the lawfulness of processing based on consent before its withdrawal.

Finally, the data subject may lodge a complaint with the competent Supervisory Authority if they believe that their rights have not been respected, in violation of the principles of the GDPR, according to the methods indicated, for example, on the website of the Supervisor, accessible at the internet site https://www.garanteprivacy.it/web/garante-privacy-en/home_en  The exercise of these rights may be initiated by sending communication via email to the address support@quiddis.com.

Additionally, the Client may lodge a complaint with the competent Supervisory Authority if they believe that their rights have been violated, in violation of the principles of the GDPR, according to the methods indicated, for example, on the website of the Supervisor, accessible at the internet site https://www.garanteprivacy.it/web/garante-privacy-en/home_en.

The exercise of these rights may be initiated by sending specific communication to the certified email address grammelot@pec.it.

 

Changes to the Information

This information may be subject to updates in accordance with national and European regulatory provisions as well as due to operational choices made by Grammelot S.r.l. Unless otherwise specified, this information will continue to apply to personal data processed up to that time.