Effective from 25 May 2018
- Information on the Disclosure
- Rights and preferences: choice and control of the user
- Methods of collecting personal data
- Personal data that is collected
- Purpose of using personal data
- Sharing of personal data
- Data retention and deletion
- Transfer to other countries
- Data protection
- Hosting and server infrastructure
Thank you for choosing Aiser.
We want to offer our patients the best possible experience so that they can enjoy our services to the fullest. To do this, we need to know the sensitive and health data of the people who decide to entrust their medical treatment to us. This allows us, through specific informed consent required for each individual intervention or health service, to be able, for example, to perform radiological examinations or to provide detailed information and precise diagnoses on the state of health of our patients. Aiser has always worked to offer an exceptional and specially personalized service. That being said, the privacy and security of patient personal data are and will always be one of our top priorities. Therefore, we wish to explain transparently how and why we collect, store, share and use your personal data, as well as illustrate the controls and choices that you can exercise over when and how to share your personal data.
2. Information on the Disclosure
This Notice explains essential details regarding the patient’s personal data relationship with Aiser. The provisions of this Notice refer to all Aiser services and any related services (hereinafter “Aiser Service”). The terms governing the use of the Aiser Service are defined in our Personalized Care Plans.
Occasionally, we may develop new services or offer additional ones. Should the introduction of these new or additional services result in a change in the way we collect or process your personal data, further explanations and additional terms or conditions will be provided. Unless otherwise specified, when we introduce such new or additional services, they will fall within the scope of this Policy.
The purpose of this Notice is to:
- make sure patients understand what personal data we collect about them, why we collect and use it, and who we share it with;
- explain how we use the personal data the patient shares with us in order to offer an amazing experience when using the Aiser service
- illustrate your rights and choices in relation to the personal data we collect and process about you and how we will protect your privacy.
3. Rights and preferences: choice and control of the user
You may be aware that a new European Union law, called the “General Data Protection Regulation” or “GDPR” (General Data Protection Regulation), confers certain rights to individuals in relation to their personal data. Therefore, we have implemented additional transparency controls and access to privacy settings to help users exercise these rights. To the extent available and with the exception of the provisions of the law in force, the rights granted are the following:
- right of access: the right to be informed and to request access to the personal data processed concerning the user (commonly known as “access request to the interested party”);
- right of rectification: the right to request the modification or updating of the user’s personal data in the event of inaccuracy or incompleteness;
- right of cancellation: the right to request the definitive cancellation of personal data;
- right of limitation: the right to request us to temporarily or permanently stop the processing of all or some of your personal data;
- right to object:
- right to object to the processing of personal data at any time for reasons connected with the specific situation of the user;
- the right to object to the processing of personal data for direct marketing purposes;
- right to data portability: the right to request a copy of one’s personal data in electronic format and the right to transmit such personal data for use in the context of the service of others;
- right not to be subject to an automated decision-making process: the right not to be subject to a decision based exclusively on an automated decision-making process, including in the matter of profiling, if the decision has a legal effect on the user or entails an equally significant effect .
To allow the user to exercise these rights easily and to register their preferences in relation to the methods of use of personal data by Aiser, it is possible to request access to the following settings by means of a specific request to be sent to firstname.lastname@example.org:
- Privacy Settings allows you to control some of the categories of personal data we process, to access your personal data and includes a link to the specific section where you can get more information on how Aiser uses personal data and what your rights are;
- Notification settings – allows you to choose which communications to receive from Aiser and manage the personal data available.
If we send the user electronic marketing messages based on the user’s consent or otherwise permitted by current regulations, the user may, at any time, revoke this consent or express his opposition without incurring in any cost. Electronic marketing messages received by Aiser (e.g. those sent by email) will also include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the emails we send to users ).
To find out more about the rights relating to the General Data Protection Regulation described above and the control methods we offer to all Aiser users in relation to these rights, consult the section dedicated to your rights. For any questions about privacy, rights or how to exercise them, contact our Data Protection Authority by sending an email to email@example.com. We will respond to user requests within a reasonable period of time after verifying the identity of the person who made the request. If you are unsatisfied with the way in which we use your personal data, you can also contact the Italian data protection authority or the local data protection authority and make a complaint about it.
4. Methods of collecting personal data
We collect your personal data in the following ways:
- at the time of filling in the personal health card or collecting anamnestic data for the presentation of Aiser care plans: when the user decides to visit Aiser, we collect some personal data that allow the use of this service, such as e-mail address, date of birth, gender and country, general health status and historical health records of the patient.
- Through the use of the Aiser Service: when you use the Aiser service, we collect personal data related to the use of the service, such as informed consent for health procedures, radiological investigations and clinical and surgical treatments.
- Personal data collected that allow us to provide additional elements / features: from time to time, you may also provide us with additional personal data or give us permission to collect additional personal data, for example to provide you with additional elements or functionalities. The data will not be changed without the prior consent of the user. The user will always have the possibility to change his mind and withdraw consent at any time.
- From third parties: We will receive personal data about you and your business from third parties, including financial partners or clinical and medical institutions we work with to provide the Aiser Service (see PERSONAL DATA SHARING section 7 below). We will only use this personal data if you have consented to the sharing of data by third parties or Aiser, or if Aiser has a legitimate interest in using the personal data to provide you with the Aiser Service.
We use anonymous and aggregated information for purposes which include testing our IT systems, research, data analysis, creating marketing and promotion models, improving the Aiser Service and developing new features within the Aiser Service.
5. Personal data that is collected
The following tables indicate the categories of personal data we collect and use:
Personal data collected when registering for the Aiser Service
|Categories of personal data||Category description|
|Registration data of personal health card and patient care plan||This is personal data provided by the patient or collected by us to enable the Aiser Service. This includes the patient’s email address, telephone, date of birth, gender, postcode and country, general health status, and historical health records. Some of the personal data we ask you to provide is necessary to create your personal health record. The user also has the possibility to provide us with further personal and health data in order to complete the personalized medical history profile. The specific personal data we collect depends on the type of therapy or surgery that the patient will have to undergo. For example, for more invasive interventions, a more in-depth list of tests to be produced for the preparation for the intervention may be necessary (such as three-dimensional Tac Cone-Beam radiological examinations, cardiological examinations, visits to prepare for sedation and anesthesia, specific examinations for control of degenerative and metabolic diseases).|
Personal data collected through the use of the Aiser Service
|Categories of personal data||Category description|
|Usage data of the Aiser Service||This is the personal data that is collected about the user when using the Aiser Service and can be included: Specific information on drug therapies Information on the patient’s interactions with Aiser including date and time of any requests Specific informed consent for treatments and surgical interventions that foresee the possibility of injury.This information may also include data relating to the use of third-party applications and systems carried out, appointment booking service, receipt, also in electronic format, of fiscal data, assets and the patient’s income documentation to obtain, at the request of the same, access to financial services offered by third parties (banks and financial companies) in order to pay in installments the payments necessary for the treatments and surgeries operated by Aiser doctors. absorption of ionizing radiation, contraindications or difficulties in post-surgery recovery for the patient. acquisition of the digital signature. User Content including messages sent and / or received by Aiser and interactions with Aiser Customer Service. Photographs of the patient with full face or of the dental arches for the realization of customized dental prostheses, Impressions of the dental arches obtained through analog casts or digital scanning systems. Two-dimensional and three-dimensional radiological examinations stored on digital support, images of ultrasound scans and digital health contents Filming of surgical interventions also with the aid of audiovisuals and operating microscopes with variable magnification Technical data that may include information on URLs, cookie data, IP address user, types of devices used to access or connect to the Site or Aiser Web Applications, unique device IDs, attributes, type of network connection (e.g. WiFi, 3G, LTE, Bluetooth) and provider, network performance and device, browser type, language, information that allow the management of digital rights, operating system and version of the Aiser application.|
Personal data collected with your permission that allows us to provide additional elements / features
|Categories of personal data||Category description|
|Mobile data provided voluntarily||The user also has the possibility to express his consent to the collection of further personal data from his mobile device to allow us to provide elements / features that improve the experience obtained through the Aiser Service on the website or while using specific applications. Under no circumstances will we access the personal data listed below without first obtaining the user’s consent: personal photos, Precise location of the mobile device, Voice data, The user’s contacts.|
|Payment details||The exact personal data collected will vary depending on the payment method (eg direct payment of services in the clinic or access to the payment plan in installments through a financial institution or bank), but will always include information such as: Name, surname; date and place of birth; type of credit or debit card, expiration date; Postal code; cellphone number; transaction history details; income documents and other asset information (if requested by credit institutions collaborating with Aiser) upon specific written request of the patient we will provide his personal data to the financial companies and banks that will deal with the processing of payments to allow them to complete a check of solvency and possibility of agreement of the installment financing plan.|
|Marketing data||This personal data is used to allow Aiser and its partners / service providers to send marketing communications: by e-mail, while using Aiser services directly from third parties. To find out more about the personal data collected and the control it has in relation to the marketing communications that will be received, you can make a request by email by writing to firstname.lastname@example.org.|
6. Purpose of using personal data
When the user makes use of the Aiser services, various technologies are used to process the personal data collected for various reasons.
The following table indicates the purposes of the processing of personal data and the related legal provisions on which we rely in order to legally process the personal data used for these purposes. (Paragraph 5 “Personal data that are collected”)
|purpose of the processing of personal data||Laws for the purposes of processing||Categories of personal data used by Aiser for the purposes of processing|
|To provide, customize and improve the Aiser service and other services and products offered by Aiser, for example by providing personalized content, as well as recommendations and advertising (for products and services of Aiser group companies and in compliance with the provisions of the law on health matters. )||Performance of a contract Legitimate interests||Personal health card registration data Service usage data|
|To understand how the user uses Aiser services to guarantee functionality and innovate services as well as develop new products and services.||Performance of a contract Legitimate interests||Personal health card registration data Service usage data|
|To process the payment, in order to prevent or detect fraud, including fraudulent payments and fraudulent use of Aiser services.||Execution of a contract Fulfillment of legal obligations Legitimate interests||Payment details|
|To communicate with the patient, directly or through one of our partners, for: marketing, research, surveys, promotional purposes, by e-mail, text message or by telephone in accordance with any authorizations you may communicate to us.||Consent Legitimate interests||Survey data Marketing data|
|To communicate with the patient for purposes related to the services offered by Aiser.||Performance of a contract Legitimate interests||Account registration data Service usage data|
7. Sharing of personal data
We have defined the categories of recipients of the personal data collected by Aiser S.A.
- Authorities responsible for law enforcement and data protection
We will share your personal data when we have a good faith belief that this is necessary to comply with a legal obligation under applicable law or to respond to a valid legal process, such as a search warrant, court order or subpoena. judgement.
We will also share your personal data when in good faith we deem it necessary for our or third party purposes relating to national security, law enforcement, criminal litigation or investigation, protecting the safety of any person or to prevent death or imminent injuries, unless we believe that the interests of the patient or his fundamental rights and freedoms that require the protection of personal data prevail over these interests.
- Other companies of the Aiser group
We will share your personal data with other Aiser Group companies to carry out our daily activities and to enable us to manage and provide the services of Aiser.
- Buyers of our business
We will share your personal information should we sell our business to buyers.
Aiser will not in any way provide the personal data of its patients to third parties other than the aforementioned.
8. Data retention and deletion
We keep the personal data of our patients for the time necessary to provide the service and for as long as required by current health regulations.
If requested, we will delete the patient’s personal data, always in accordance with current health regulations.
9. Transfer to other countries
Aiser may share the patient’s personal data nationally and internationally with other companies of the Aiser Group in order to carry out the activities specified in this Notice.
Aiser will ensure that the transfer of personal data always takes place in compliance with applicable privacy laws and always in compliance with the Standard Contractual Clauses approved by the European Commission.
11. Data protection
We are committed to protecting the personal data of our Patients. For our servers we adopt cutting-edge technical and organizational measures in the IT security sector; however, please note that no system is ever completely secure.
Data relating to minors will always be collected upon signing an informed consent form from a parent or legal guardian.
14. Hosting and server infrastructure
The hosting service is provided by:
- Infomaniak Network SA through its proprietary servers.
Physical location of servers: Switzerland.
- So you Start through proprietary servers of the company OVH S.r.l. – Registered office: Via Leopoldo Cicognara, 7 – 20129 Milan (MI) – Italy.
Physical location of servers: France.
We may occasionally make changes to this Policy.
When we make substantial changes, we will notify the patient by e-mail.
Therefore, be sure to read these notices carefully.
14 Rue du Rhone
Aiser S.A. is the data controller for the purposes of processing personal data pursuant to this Notice.
See you soon and remember,
Your smile is our mission.
Last modified: 29/12/2021