Information regarding the processing of personal data

This notice regulates the procedures followed by Linari Medical in relation to the processing of personal data carried out, in its capacity as Data Controller of personal data (for brevity, hereinafter also only “Data Controller“), collected through the navigation of the site www.emianopsia.com (hereinafter also only “Site“) and belonging to all those (the “Data Subjects“) who interact with the site itself, in accordance with European Regulation No. 2016/679, General Data Protection Regulation (hereinafter “GDPR“).

Users may be subject to different levels of protection, for more information we refer to the dedicated page.

The site may contain links to the Internet pages of other entities that operate independently and to whom this policy does not extend.

Data controller, external data processors and authorized parties

Linari Medical srl is an innovative start-up company operating in the medical field of neuro-visual tele-rehabilitation of hemianoptic patients that was established as a spin-off from Linari Engineering srl. Linari Medical srl, in particular, has patented an innovative technology for remote visual rehabilitation of visually impaired brain-damaged patients called AvDesk.

Pursuant to Articles 13 and 14 of the GDPR, therefore, the following information is provided regarding the processing of personal data of the Interested Parties.

The Data Controller is Linari Medical srl (VAT ID: IT02316700505), with registered office at Via Gaetano Malasoma no. 26, 56121 – Pisa (PI), in the person of the legal representative pro tempore (hereinafter, “Linari Medical” or also just the “Owner”).

The contact details are as follows:

  • phone: +39 050.7219193
  • email: info@linarimedical.com

Data Processors are all those who under a service contract or in relation to their role are appointed by the Controller to process the personal data of Data Subjects, according to specific competence and professionalism, rendered in a specific agreement between the Controller and External Data Processors.

Persons authorized to process personal data are employees or internal employees of the enterprise who by role and function process personal data in the course of business operations in accordance with precautions and rules prescribed by law and upon instructions as well as under the control and direction of the employer – Data Controller.

An updated list of any data processors is available at the Controller’s office.

An updated list of any data processors is available at the Controller’s office.

Categories of personal data and source of data

Personal data may be freely provided by the User or, in the case of usage data, automatically collected during the use of this Website. The User assumes responsibility for third party personal data obtained, published or shared through this website.

Personal data are collected for using the following services:

Advertising

This type of service allows User Data to be utilized for advertising communication purposes. These communications are displayed in the form of banners and other advertisements on this Website, possibly based on User interests.
This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below.
Some of the services listed below may use Trackers to identify Users or they may use the behavioral retargeting technique, i.e. displaying ads tailored to the User’s interests and behavior, including those detected outside this Website.
For more information, please check the privacy policies of the relevant services.
Services of this kind usually allow Users to opt out of such tracking. Users may learn how to opt out of interest-based advertising more generally by visiting the relevant opt-out section in this document.

Google Ads conversion tracking (Google Ireland Limited)

Google Ads conversion tracking is an analytics service provided by Google Ireland Limited that connects data from the Google Ads advertising network with actions performed on this Website.

In order to understand Google’s use of Data, consult Google’s partner policy.

Personal Data processed: Trackers; Usage Data.

Place of processing: Ireland – Privacy Policy.

Category of personal information collected according to the CCPA: internet or other electronic network activity information.

This processing constitutes:

  • a sale according to the CCPA, VCDPA, CPA, CTDPA and UCPA

Google Ads Customer Match (Google Ireland Limited)

Google Ads Customer Match is an advertising service provided by Google Ireland Limited that allows matching Data that Users have shared with the Owner to existing Google accounts in order to target them or similar Users with personalized ads.
Users can opt out of Google’s use of personalized advertising by visiting Google’s Ads Settings.

In order to understand Google’s use of Data, consult Google’s partner policy.

Personal Data processed: country; email address.

Place of processing: Ireland – Privacy Policy.

Category of personal information collected according to the CCPA: identifiers.

This processing constitutes:

  • a sale according to the CCPA, VCDPA, CPA, CTDPA and UCPA
  • a sharing according to the CCPA
  • targeted advertising according to the VCDPA, CPA, CTDPA and UCPA

Google Ads Smart Bidding (Google LLC)

Google Ads Smart Bidding is an advertising service provided by Google LLC that maximizes conversions by using various bidding strategies. These strategies may include optimizing bids based on Customer Match lists as well as the User’s device information and behavioral activity.
Users can opt out of Google’s use of personalized advertising by visiting Google’s Ads Settings.

In order to understand Google’s use of Data, consult Google’s partner policy.

Personal Data processed: device information; geographic position; language; page views.

Place of processing: United States – Privacy Policy.

Category of personal information collected according to the CCPA: internet or other electronic network activity information; geolocation data; inferences drawn from other personal information.

This processing constitutes:

  • a sale according to the CCPA, VCDPA, CPA, CTDPA and UCPA
  • a sharing according to the CCPA
  • targeted advertising according to the VCDPA, CPA, CTDPA and UCPA

Analytics

The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.

Google Analytics 4 (Google LLC)

Google Analytics 4 is a web analysis service provided by Google LLC (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
In Google Analytics 4, IP addresses are used at collection time and then discarded before Data is logged in any data center or server. Users can learn more by consulting Google’s official documentation.

In order to understand Google’s use of Data, consult Google’s partner policy.

Personal Data processed: number of Users; session statistics; Trackers; Usage Data.

Place of processing: United States – Privacy PolicyOpt Out.

Category of personal information collected according to the CCPA: internet or other electronic network activity information.

This processing constitutes:

  • a sale according to the CCPA, VCDPA, CPA, CTDPA and UCPA

Building and running this Website

Key components of this Website are built and run directly by the Owner by making use of the software listed below.

WordPress (self-hosted) (this Website)

This Website is built and run by the Owner via a CMS software (Content Management System) called WordPress.

Personal Data processed: language.

Category of personal information collected according to the CCPA: inferences drawn from other personal information.

This processing constitutes:

  • a sale according to the VCDPA, CPA, CTDPA and UCPA
  • a sharing according to the CCPA
  • targeted advertising according to the VCDPA, CPA, CTDPA and UCPA

Contacting the User

Mailing list or newsletter (this Website)

By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Website. Your email address might also be added to this list as a result of signing up to this Website or after making a purchase.

Personal Data processed: email address; first name; last name.

Category of personal information collected according to the CCPA: identifiers.

This processing constitutes:

  • a sale according to the CCPA, VCDPA, CPA, CTDPA and UCPA

Heat mapping and session recording

Heat mapping services are used to display the areas of this Website that Users interact with most frequently. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of User behavior.
Some of these services may record sessions and make them available for later visual playback.

Microsoft Clarity (Microsoft Corporation)

Microsoft Clarity is a session recording and heat mapping service provided by Microsoft Corporation.
Microsoft processes or receives Personal Data via Microsoft Clarity, which in turn may be used for any purpose in accordance with the Microsoft Privacy Statement, including improving and providing Microsoft Advertising.

Personal Data processed: clicks; country; device information; diagnostic events; interaction events; layout details; mouse movements; page events; positional information; scroll-to-page interactions; session duration; time zone; Trackers.

Place of processing: United States – Privacy Policy.

Category of personal information collected according to the CCPA: identifiers; internet or other electronic network activity information; geolocation data.

This processing constitutes:

  • a sale according to the CCPA, VCDPA, CPA, CTDPA and UCPA

Hosting and backend infrastructure

This type of service has the purpose of hosting Data and files that enable this Website to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Website.

Some services among those listed below, if any, may work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.

Microsoft Azure (Microsoft Corporation)

Microsoft Azure is a hosting service provided by Microsoft Corporation.

Personal Data processed: various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy.

Category of personal information collected according to the CCPA: identifiers.

Tag Management

This type of service helps the Owner to manage the tags or scripts needed on this Website in a centralized fashion.
This results in the Users’ Data flowing through these services, potentially resulting in the retention of this Data.

Google Tag Manager (Google Ireland Limited)

Google Tag Manager is a tag management service provided by Google Ireland Limited.

In order to understand Google’s use of Data, consult Google’s partner policy.

Personal Data processed: Trackers; Usage Data.

Place of processing: Ireland – Privacy Policy.

Category of personal information collected according to the CCPA: internet or other electronic network activity information.

User database management

This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to this Website, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks’ profiles) and used to build private profiles that the Owner can display and use for improving this Website.
Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Website.

HubSpot Lead Management (HubSpot, Inc.)

HubSpot Lead Management is a User database management service provided by HubSpot, Inc.

Personal Data processed: city; email address; first name; last name; phone number; physical address; profession; Trackers.

Place of processing: United States – Privacy Policy.

Category of personal information collected according to the CCPA: identifiers; internet or other electronic network activity information; employment related information.

Purposes and legal basis for processing

Personal data collected through the site will be processed for the purposes

PurposeData processedLegal basis
1. Providing the information necessary to conclude the contract proposalPersonal and contact information (first name, last name, email, phone number, city and job title)Carrying out pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR)
2. Provide the information necessary to become an author of the Emianopsia magazine.Personal and contact information (first name, last name, email, phone number, city and job title)Data subject request (Art. 6(1)(a) GDPR)
3. Newsletter subscription managementPersonal and contact information (first name, last name and email)Data subject request (Art. 6(1)(a) GDPR)
4. Communications of a commercial nature for direct marketing purposesPersonal and contact information (first name, last name, email, phone number, city and job title)Consent to direct marketing (Art. 6(1)(a) GDPR)

Mode of treatment

The processing of personal data is carried out by means of manual, computerized and telematic tools with logic strictly related to the purposes stated in this document and, in any case, in such a way as to ensure the security and confidentiality of the data in accordance with current regulations.

In the case of processing carried out with electronic and other processing methods and management and storage systems including with state-of-the-art hardware and software, Linari Medical may use third-party service companies who will be made aware of their responsibilities by notice of appointment as Data Processor pursuant to Art. 28 of the GDPR. The updated list of Data Processors is kept at the registered office of the Data Controller.

Recipients or categories of recipients

Personal data may be made accessible to, brought to the attention of, or communicated to the following individuals, who will be appointed by the Data Controller, as appropriate and as defined above, as data processors or authorized persons:

  • employees and/or collaborators in any capacity of the Owner;
  • Public or private entities, natural or legal persons, which the Controller uses for the performance of activities instrumental to the achievement of the above purpose or to which the Controller is obliged to communicate personal data, by virtue of legal or contractual obligations.

Personal data provided by users are used for the sole purpose of performing the requested service or performance and are disclosed to third parties only if this is necessary for that purpose. Outside of these cases, personal data will not be disclosed unless provided for by contract or law or unless specific consent is requested from the Data Subject. 

In this sense, personal data could be transmitted to third parties but only and exclusively in the event that:

  1. there is explicit consent of the Data Subject to share the data with third parties; 
  2. there is a need to share information with third parties in order to provide the requested service; 
  3. this is necessary to comply with requests from judicial or public security authorities.

Subjects belonging to the categories to which the data may be communicated will carry out the processing of such data and use them, as the case may be, in their capacity as Data Processors/Sub-Processors expressly appointed by the Data Controller/Responsible pursuant to the law or, rather, as autonomous Data Controllers.

The Controller designates as authorized persons all employees, including pro tempore employees, and collaborators, including occasional collaborators, who perform tasks involving the processing of personal data.

In any case, personal data will not be disclosed beyond the scope of subjective processing necessary for the conduct of business and in concert with what is required by law or permitted by the Data Subject.

Retention period

The data collected will be retained for a period of time not exceeding the achievement of the purposes for which they are processed (principle of “storage limtitation,” Art. 5, paragraph C, GDPR), without prejudice to cases of compliance with a legal obligation or order of an authority.

Verification of the obsolescence of retained data in relation to the purposes for which they were collected is carried out periodically. At the end of the retention period, personal data will be deleted, destroyed, or anonymized, subject to any statutory retention periods. Therefore, upon the expiration of this period, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

Place of processing

Data will be processed by the Data Controller at its registered office and operational headquarters.

Transfer of personal data outside – EU

For technical and/or operational issues, the personal data of the Data Subjects may be transferred by Linari Medical to countries outside – EU, such as in case of cloud storage with servers located outside the territory of the European Union.

In such a case, the Data Controller assures as of now that non-EU data transfer will be regulated in accordance with the provisions of Chapter V of the Regulations and authorized under specific EU decisions. All necessary precautions will then be taken to ensure the full protection of personal data relying on such a transfer:

  1. on appropriateness decisions of third country recipients made by the European Commission;
  2. on adequate guarantees provided by the third party recipient under Art. 46 of the Regulations;
  3. on the adoption of binding enterprise standards.

Rights of data subjects

The data subject has the right to ask the Data Controller:

  • access to the data;
  • data portability;
  • opposition to processing;
  • rectification of data, restriction of data processing, deletion (oblivion) of data;

as well as by:

  • revoke consent to the processing of their personal data;
  • propose complaints to the supervisory authority (Privacy Guarantor).

Ways of exercising rights

To exercise the above rights, the data subject may contact the Data Controller by registered mail with return receipt to Linari Medical S.r.l., Via Gaetano Malasoma, no. 26, 56121 – Pisa (PI) or an e-mail message to: info@linarimedical.com.

Minors

Minors under the age of 18 should not give information or Personal Data to Linari Medical without the consent of the persons exercising parental responsibility over them. In the absence of such consent, it will not be possible to respond to the child’s requests.

The Data Controller urges all those who exercise parental responsibility over minors to inform them about the safe and responsible use of the Internet and the web.

Changes

The Data Controller reserves the right to make changes to this policy at any time by informing Data Subjects on the Site. We ask, therefore, that you consult this page periodically, taking as reference the date of last modification indicated.

Specific information on the use of cookies

The Cookie Policy page describes the types and purposes of cookies used.

revision 2, april 2024