Privacy Policy

Information regarding the processing of personal data

(ex Articles 13 and 14, EU Reg. 2016/679)

  1. Foreword

EU Regulation 2016/679 on “Protection of individuals with regard to the processing of personal data and the free movement of such data” (hereinafter “EU Regulation 2016/679” or “GDPR”) contains a set of rules aimed at ensuring that the processing of personal data is carried out with respect for the fundamental rights and freedoms of individuals.

This information notice regulates the procedures followed by Linari Medical S.r.l. in relation to the processing of personal data carried out in its capacity as Data Controller (for brevity, hereinafter also only “Holder“) collected through browsing the Site (hereinafter also just “Website“) and belonging to all those (the “Interested) who interact with the Site itself.

As a result of browsing and consulting this Site, data relating to identified or identifiable persons may be processed.

This policy is provided solely for this Website and not also for other websites that may be consulted by the User through links on the home page and other Sections of the Website (for which please refer to their respective privacy policies/policies).

  1. Subjective definitions: data controller, external data controllers and authorized parties.

Linari Medical S.r.l. is an innovative start-up company operating in the medical field of neuro-visual tele-rehabilitation of hemianoptic patients that was established as a spin-off from Linari Engineering S.r.l.

Linari Medical S.r.l., in particular, has patented an innovative technology for remote visual rehabilitation of visually impaired brain-damaged patients called AvDesk.

Pursuant to Articles 13 and 14 of the GDPR, therefore, the following information is provided regarding the processing of personal data of the Interested Parties.

The Data Controller is Linari Medical S.r.l. (P.IVA 02316700505), with registered office at Via Gaetano Malasoma no. 26, 56121 – Pisa (PI), in the person of the legal representative pro tempore (hereinafter, “Linari Medical” or also just the “Owner”).

The contact details are as follows:

Phone: +39 050.7219193


Data Processors are all those who under a service contract or in relation to their role are appointed by the Controller to process the personal data of Data Subjects, according to specific competence and professionalism, rendered in a specific agreement between the Controller and External Data Processors.

Persons authorized to process personal data are employees or internal employees of the enterprise who by role and function process personal data in the course of business operations in accordance with precautions and rules prescribed by law and upon instructions as well as under the control and direction of the employer – Data Controller.

An updated list of any data processors is available at the Controller’s office.

  1. Categories of personal data and source of data

Through the Site may be collected and processed:

– browsing data, collected automatically while browsing the Linari Medical S.r.l. Website;

– Personal data voluntarily provided by the Data Subject through the forms on the Site.

Navigation data

When connecting to the Site, the computer systems and software procedures in charge of their operation automatically and indirectly administer and/or acquire certain information (such as, but not limited to, so-called “cookies” as specified in the “Cookie Policy“). The processing of this data is necessary for the Owner in order to ensure the best possible browsing experience and to provide all features and services through the Site. It is, however, possible to limit the processing of such personal data by recourse to certain features made available by the Site (with reference, in particular, to the transmission of cookies or similar tools – on this point, please refer to the Site’s “Cookie Policy“) or by the browsing device or browser/application. In such an event, navigation on the Site may be limited and some of its features/services may be inaccessible.

Data voluntarily provided by the visitor

Requests for contact and/or information forwarded by Interested Parties through the e-mail and/or telephone channels on the Site, as well as through the “Contact Us” section made available by the Data Controller, may involve the collection and subsequent processing of personal data of the requesting parties (by way of example, first name, last name, e-mail address, telephone number and additional personal data contained in the e-mail message or freely provided by telephone).

Personal data held by Linari Medical are usually collected directly from the Data Subject. In particular, the Interested Party can provide his or her personal data by filling in and sending the forms in the various sections of the Site to access and request information about the services offered by the Company.

The information that visitors to the Site will deem to be made public through the services and tools made available to them is provided by the User knowingly and voluntarily, releasing this Site from any liability for any violations of law. It is up to the User to verify that he or she has consent for the input of personal data of third parties or content protected by national and international regulations.

The Site requires the Data Subject to create his or her own account to complete and manage online purchases, treatment processing, protocols, and referral packages. When registering, data such as first name, last name, membership number, e-mail address and password are requested. Additional information may be requested in relation to specific services. The Data Subject’s personal data are used for account management, to provide and optimize the Owner’s products and services.

Personal data will be processed in accordance with the purposes set out below and will be based on the principles of fairness, lawfulness, transparency and protection of the confidentiality and rights of the Data Subject.

Visual Analytics

“We use Microsoft Clarity to better understand the needs of our users and to optimize the service and experience. Microsoft Clarity is a technology service that helps us better understand our users’ experience (e.g., how much time they spend on what pages, what links they choose to click, what users do and don’t like, etc.) and this allows us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data about the behavior of our users and their devices. This includes a device’s IP address (processed during the session and stored in unidentified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and preferred language used to view our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling any data collected on our behalf.

For more details, please see the Microsoft Clarity website.

Interaction with social networks and external platforms

Twitter Tweet button and social widgets (Twitter, Inc.).

Twitter’s Tweet button and social widgets are services for interacting with the social network Twitter, provided by Twitter, Inc.

Personal Data Processed: Cookies and Usage Data.

Place of processing: United States – Privacy Policy.

Facebook’s Like button and social widgets (Facebook, Inc.).

The Facebook “Like” button and social widgets are Facebook social network interaction services provided by Facebook, Inc.

Personal Data Processed: Cookies and Usage Data.

Place of processing: United States – Privacy Policy.

Linkedin social button and widgets (LinkedIn Corporation)

The LinkedIn social button and widgets are LinkedIn social network interaction services provided by LinkedIn Corporation.

Personal Data Processed: Usage Data; Tracking Tool.

Place of processing: United States – Privacy Policy.

YouTube social button and widgets (Google Ireland Limited)

The YouTube social button and widgets are YouTube social network interaction services, provided by Google Ireland Limited.

Personal data processed: Usage Data.

Place of processing: Ireland – Privacy Policy.

YouTube Video Widget (Google Ireland Limited)

YouTube is a video content display service operated by Google Ireland Limited that allows this Application to embed such content within its pages.

Personal Data Processed: Usage Data; Tracking Tool.

Place of processing: Ireland – Privacy Policy.


The services contained in this section allow the Data Controller to monitor and analyze traffic data and serve to track User behavior.

Facebook Ads conversion tracking (Facebook pixel) (Facebook Ireland Ltd)

Facebook Ads conversion tracking (Facebook pixel) is a statistics service provided by Facebook Ireland Ltd that links data from the Facebook ad network with actions taken within The Facebook pixel monitors conversions that can be attributed to Facebook, Instagram, and Audience Network ads.

Personal Data Processed: Usage Data and Tracking Tool.

Place of processing: Ireland – Privacy Policy.

Linkedin Ads conversion tracking (Linkedin pixel) (Facebook Ireland Ltd)

Linkedin Ads conversion tracking (Linkedin pixel) is a statistics service provided by Linkedin Ireland Ltd that links data from the Facebook ad network with actions taken within
The Linkedin pixel monitors conversions that can be attributed to Linkedin listings.

Personal Data Processed: Usage Data and Tracking Tool.

Place of processing: Ireland – Privacy Policy.

  1. Purpose and legal basis for processing.

Personal data collected through the Site will be processed for the purposes:

  1. Acknowledge requests for information from the Interested Party by sending e-mail to the e-mail address and more generally to the contact channels indicated on the Site as well as through the dedicated “Contact” section;
  2. enable the registration of the Interested Party to the restricted area of the Site through the creation and subsequent technical and administrative management of the Interested Party’s account;
  3. c) for the execution of sales contracts to which the Data Subject is a party or for pre-contractual activities adopted at the request of the Data Subject, including the management of orders, payments made, processing of therapies, protocols and referral packages;
  4. d) for the fulfillment of legal obligations, including any administrative and accounting activities, related to the sale and management of the contract;
  5. (e) to ascertain, exercise or defend a right in court;
  6. f) for legitimate interest possibly consisting of the need to preserve and protect corporate assets and the security of physical and digital locations owned by the Owner.

The legal basis for the processing is:

– for the purposes referred to in (a) and (f) above by the legitimate interest of the Controller in acknowledging requests for contact or information (Art. 6(1)(f), Reg. EU 2016/679);

– For the purpose of the letter (b) and c) from the performance of a contract to which the Data Subject is a party or pre-contractual measures (Art. 6, par. 1, lett. (b), Reg. EU 2016/679);

– For the purpose of the letter (d) and (e) from fulfilling a legal obligation (Art. 6(1)(c), Reg. EU 2016/679).

Data processing carried out under any of the above legal bases is carried out in an essential and minimal form.

The provision of data, as well as their communication to the categories of subjects indicated in par. 6, is not compulsory, but any refusal by the Interested Party to provide their data will result in the objective impossibility for Linari Medical to execute the services requested, to respond to requests for contact or information and/or to be able to fulfill legal obligations.

  1. Mode of treatment

The processing of personal data is carried out by means of manual, computerized and telematic tools with logic strictly related to the purposes stated in this document and, in any case, in such a way as to ensure the security and confidentiality of the data in accordance with current regulations.

In the case of processing carried out with electronic and other processing methods and management and storage systems including with state-of-the-art hardware and software, Linari Medical may use third-party service companies who will be made aware of their responsibilities by notice of appointment as Data Processor pursuant to Art. 28 of the GDPR. The updated list of Data Processors is kept at the registered office of the Data Controller.

  1. Recipients or categories of recipients

Personal data may be made accessible to, brought to the attention of, or communicated to the following individuals, who will be appointed by the Data Controller, as appropriate and as defined above, as data processors or authorized persons:

– Employees and/or collaborators in any capacity of the Owner;

– Public or private entities, natural or legal persons, which the Controller uses for the performance of activities instrumental to the achievement of the above purpose or to which the Controller is obliged to communicate personal data, by virtue of legal or contractual obligations.

Personal data provided by users are used for the sole purpose of performing the requested service or performance and are disclosed to third parties only if this is necessary for that purpose. Outside of these cases, personal data will not be disclosed unless provided for by contract or law or unless specific consent is requested from the Data Subject. In this sense, personal data could be transmitted to third parties but only and exclusively in the event that (a) there is explicit consent of the Data Subject to share the data with third parties; (a) there is a need to share information with third parties in order to provide the requested service; (b) this is necessary to comply with requests from judicial or public security authorities.

Subjects belonging to the categories to which the data may be communicated will carry out the processing of such data and use them, as the case may be, in their capacity as Data Processors/Sub-Processors expressly appointed by the Data Controller/Responsible pursuant to the law or, rather, as autonomous Data Controllers.

The Controller designates as authorized persons all employees, including pro tempore employees, and collaborators, including occasional collaborators, who perform tasks involving the processing of personal data.

In any case, personal data will not be disclosed beyond the scope of subjective processing necessary for the conduct of business and in concert with what is required by law or permitted by the Data Subject.

  1. Retention period

The data collected will be retained for a period of time not exceeding the achievement of the purposes for which they are processed (“principle of limitation of storage,” Art. 5, GDPR), without prejudice to cases of compliance with a legal obligation or order of an authority.

Verification of the obsolescence of retained data in relation to the purposes for which they were collected is carried out periodically. At the end of the retention period, personal data will be deleted, destroyed, or anonymized, subject to any statutory retention periods. Therefore, upon the expiration of this period, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

  1. Place of processing

Data will be processed by the Data Controller at its registered office and operational headquarters.

  1. Transfer of personal data outside – EU

For technical and/or operational issues, the personal data of the Data Subjects may be transferred by Linari Medical to countries outside – EU, such as in case of cloud storage with servers located outside the territory of the European Union.

In such a case, the Data Controller assures as of now that non-EU data transfer will be regulated in accordance with the provisions of Chapter V of the Regulations and authorized under specific EU decisions. All necessary precautions will then be taken to ensure the full protection of personal data relying on such a transfer: (a) On appropriateness decisions of third country recipients made by the European Commission; (b) on adequate guarantees provided by the third party recipient under Art. 46 of the Regulations; (c) On the adoption of binding enterprise standards.

  1. Rights of data subjects

The data subject has the right to ask the Data Controller:

– access to the data;

– data portability;

– opposition to processing;

– rectification of data, restriction of data processing, deletion (oblivion) of data;

as well as by:

– Revoke consent to the processing of their personal data;

– Propose complaints to the supervisory authority (Privacy Guarantor).

  1. Ways of exercising rights

To exercise the above rights, the data subject may contact the Data Controller by registered mail with return receipt to Linari Medical S.r.l., Via Gaetano Malasoma, no. 26, 56121Pisa (PI) or an e-mail message to:

  1. Minors

Minors under the age of 18 should not give information or Personal Data to Linari Medical without the consent of the persons exercising parental responsibility over them. In the absence of such consent, it will not be possible to respond to the child’s requests.

The Data Controller urges all those who exercise parental responsibility over minors to inform them about the safe and responsible use of the Internet and the Web.

  1. Changes

The Data Controller reserves the right to make changes to this policy at any time by informing Data Subjects on the Site. We ask, therefore, that you consult this “Section” periodically, taking as reference the date of last modification indicated.

Date of last modification

December 2021