Privacy Policy

PRIVACY INFORMATION PURSUANT TO ART. 13 of EU Reg. 2016/679 (GDPR)

Health 3000, for the execution of contractual relationships, obtains data, acquired verbally or through third parties, classified as "personal data" and "special or sensitive data" by EU Regulation no. 2016/679 (GDPR), as integrated by national legislation (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018). This regulation first requires that those processing personal and special/sensitive data inform the data subject about the processed data and all elements qualifying the processing, which, in any case, must be carried out with correctness, lawfulness, and transparency, safeguarding the confidentiality and rights of the data subjects. To this end, and in compliance with Article 13 of the GDPR, the following information is provided:

Data Controller – Health 3000 with legal and operational headquarters at Via Giuseppe Galati 100, ZIP code 00155, city Rome, represented by its legal owner residing there.

Type of data processed – Health 3000 processes personal data (name and surname, address, telephone number – landline and/or mobile – economic data for billing purposes related to the contract).

Purpose of processing – The above-mentioned data are processed for contractual purposes and are collected at the time of contract subscription. They are processed, managed, and archived for administrative, legal, and tax purposes. Additionally, after the contract's conclusion, personal data may be processed for commercial purposes only if explicitly authorized (e.g., sending emails, mail, phone messages, newsletters, commercial and/or advertising communications about products and services offered by the Controller, as well as phone contacts for commercial purposes and/or satisfaction surveys of service quality; sending commercial and/or promotional communications from third parties via email, mail, phone contacts/messages).

Legal basis of processing, Obligation or option to provide data, and consequences of any refusal – The data subject has the right to revoke consent at any time without affecting the lawfulness of the processing carried out before the revocation. The provision of data that Health 3000 is obligated to know, to fulfill legal obligations, is mandatory. Failure to provide such data by the data subject will result in the impossibility of establishing or continuing the relationship.

Processing methods and technologies used – Data processing is carried out using tools and procedures suitable to ensure security and confidentiality, both on paper and electronically. The website www.health3000.com activates methods of automatic information collection (technical cookies) necessary for proper navigation, automatically deleted upon expiration or session closure. The data processed are managed on computer support in a system with remote hosts protected by appropriate protection systems (backups, firewalls, security certificates, etc.).

Navigation data – The computer systems and software programs used for the site's operation collect some personal data, the transmission of which is implicit in the use of Internet communication protocols. Although these are not collected to be associated with identified individuals, they could, through processing and association with data held by third parties, allow identification of users. These data are used solely for statistical information on the use of the site and to ensure its proper functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site. Health 3000 does not use automated decision-making processes, does not carry out any profiling activities, and does not record, store, or process data related to the choices, habits, and purchasing preferences of its customers, nor creates profiles (individual and/or aggregated) for targeted offers.

Communication and disclosure – The collected data will not be "disclosed," i.e., made known to indeterminate subjects in any way. The data may be "communicated" to one or more determined and identified subjects, including personnel within Health 3000 as data processors and/or system administrators, subjects authorized by law, regulation, or community legislation, subjects who need access to the data for purposes auxiliary to the relationship between the data subject and Health 3000, and electronic document managers as required by new regulations on accounting and electronic invoicing.

Communication and disclosure abroad – Personal and special data collected during contract execution are not transferred abroad. The only website is hosted in the UK (adequacy decision of 28/6/2021 by the European Commission).

Retention period – The Controller will process personal data for the time necessary to fulfill the purposes described, not exceeding 5 years from the contract execution for Service Purposes and not exceeding 5 years from consent collection for Marketing Purposes.

User rights – In accordance with the GDPR, data subjects can exercise the following rights against Health 3000:

  • Right of access to personal data (Article 15 of the GDPR).
  • Right to rectify or erase (right to be forgotten) the data or limit the processing (Articles 16, 17, and 18 of the GDPR).
  • Right to object to processing (Article 21 of the GDPR).
  • Right to data portability (Article 20 of the GDPR).
  • Right to withdraw consent.
  • Right to lodge a complaint with the supervisory authority (Privacy Guarantor – www.garanteprivacy.it).

Minors – Health 3000 services are not explicitly intended for minors under 16 years of age. Health 3000 does not intentionally collect personal information related to minors. If information on minors is unintentionally recorded, the Controller will promptly delete it upon user request.

Exercise of rights – Data subjects can exercise their rights at any time by sending a request by mail to: Health 3000 Via Giuseppe Galati 100, ZIP code 00155, city Rome, attention Privacy Office, or by email to: privacy@health3000.com; or by phone. The data subject will receive confirmation of the execution of their request/exercise of their right within 30 days of the request.

Controller, Data Processor, and Representatives – The data controller is Health 3000 with legal headquarters at Via Giuseppe Galati 100, ZIP code 00155, city Rome, represented by its legal representative. The Data Protection Officer (DPO) can be contacted for the exercise of the rights mentioned above and/or for any clarifications on data protection matters, reachable at the headquarters phone number 06 500811 or at the email address rpd@health3000.com. The updated list of data processors and those authorized to process data is kept at the legal headquarters of the data controller.