Hai domande?

Get in touch with us

Logo Fertilymed

Privacy Policy

in accordance with art. 13 of Regulation EU 2016/679

 

Nature of Data Processing

Personal data are collected by FertilityMed and processed using electronic means in order to manage contact requests, bookings and information.

 

Data Controller

FertilyMed, Zona Hotelera, Puerto Cancún, UC-12, Lote 1-02,

Manzana 27, Cancún, C.P. 77500

Quintana Roo (México) is the Data Controller pursuant to and in accordance with Reg. UE 2016/679.

 

Data Processors

Users’ personal data may be processed by third parties acting as “External Data Processors” on behalf of the Data Controller. Third parties may include but shall not be limited to providers of IT services functional to the company’s activities, providers of cloud computing or other outsourced services, professionals and consultants.
Users have the right to obtain the list of any Data Processors appointed by the Data Controller by submitting a request as explained below.

 

Purposes of the Processing

Personal data will be retained by the Data Controller for the following purposes and in compliance with Regulation EU 2016/679 (GDPR):
1. to install technical cookies on users’ devices – optional as per cookie policy;
2. to make data available to third parties for purposes strictly necessary to provide the services requested by data subjects or to meet legal requirements;
3. to manage contact requests submitted via the form on the website;
4. to comply with data subject rights requests;
5. to make sure personal data are correctly and lawfully processed and ensure their confidentiality, including by applying adequate security measures;

6. subject to consent, to carry out promotional activities addressed to website users.
All processing will be carried out using electronic and telematic means, applying logics related to the purposes for which data were collected and in compliance with the applicable security regulations for the purposes specified. Consent for said processing purposes, except for the installation of optional cookies and the purposes in point 6, is mandatory; failure to provide consent will result in the impossibility to manage the activities listed in points 1 to 5 of this paragraph.

 

Data Recipients

For purposes in connection with the provision of the services requested by Data Subjects, personal data will be available to third parties who will act as Data Processors and provide services instrumental to meeting the service requests (including but not limited to health sector professionals, office administrators/accountants) or to whom data must be transmitted to comply with laws and local and EU regulations (for example, public entities). Data may also be provided to the competent members of law enforcement (ex. crime prevention and prosecution, including cybercrime), judicial authorities, public entities and authorities, or to exercise or defend rights in judicial proceedings. The list of all third-party Data Processors can be requested directly from the Data Controller as explained in this Privacy Policy.
Personal data will be made available to individuals expressly authorised by the Data Controller – and specifically appointed as Data Processors – who carry out processing activities essential to the purposes mentioned above; the categories of subjects appointed are specified in the policy. These are individuals who provide specific services, carry out administrative tasks, manage IT services, and interact with actual and potential associates.
Data are hosted in the United States of America (Tempe, Arizona).

 

Data Retention Period

Based on the purposes for which they are collected, data are retained for the following periods of time:
1. 1. to install technical and analytics cookies and other optional cookies on user devices: as per cookie policy( https://). a) user’s cookie preferences: 365 days.
2. to make data available to third parties for instrumental purposes essential to provide the services requested by the Data Subject or to comply with the law: until the user requests that data are erased or for the time required by law;
3. 3. to process the Data Subject requests to exercise their rights: up to 10 years from when data was collected.
The periods of time for which personal data are retained are specified in our data processing activity records.

4) Promotional activity: 2 years from consent.

 

Data Subject Rights

Data Subjects are guaranteed the following rights:
– Right to access data (Art. 15 Reg. EU 2016/679)
– Right to rectify data (Art. 16 Reg. EU 2016/679)
– Right to erase data (Art. 17 Reg. EU 2016/679)
– Right to limit data use (Art. 18 Reg. EU 2016/679)
– Right to data portability (Art. 20 Reg. EU 2016/679)
– Right to object to data processing (Art. 21 Reg. EU 2016/679.
When data processing is carried out following the provision of consent, Data Subjects have the right to revoke their consent at any time.

Data Subjects who believe their rights have been violated can file a complaint with the competent Data Protection Authority.
The Data Controller does not use automated decision-making processes.
All rights mentioned above can be exercised for free at any time, by contacting info@fertilymed.com.

 

Personal Data Security

The security measures used by the Data Controller to ensure all personal data are protected and kept confidential – including firewalls and SSL (Secure Socket Layer) protocol – meet the highest state-of-the-art technology standards. Furthermore, specific techniques are adopted to protect data from the risk of unauthorised access by third parties. In any case, the Data Controller guarantees the minimum security measures defined in the Data Protection Code and its subsequent amendments.
Users have different ways to check if they are operating in safe mode:
• by checking for a notification from the browser;
• by checking that the address of the page they are on starts with https;
• by checking the symbol that appears in the lower left or right side of the browser window: if a whole key or a locked padlock appears, it means that the SSL protocol is active.
In any case, the Data Controller adopts adequate security measures to prevent and protect the confidentiality, integrity, completeness, and availability of personal data. As required by personal data security regulations, technical, logistic and organisational measures have been implemented to prevent damage, including accidental loss, alterations, improper and unauthorised use of data. Similar preventive security measures are adopted also by third parties (external Data Processors) who process data on behalf of the Data Controller and following the rules of conduct and security instructions provided by the Data Controller, and under the Data Controller’s supervision.
The Data Controller shall not be responsible for any untruthful information submitted directly by the user (for example: wrong email or postal address, personal details), or for any other information concerning the user provided, even unlawfully, by a third party.

 

Browsing Data

The computer systems and software procedures used to operate this site acquire some personal data during their normal operation, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified users, but due to its nature, when elaborated and combined with data held by third parties, it may lead to their identification. This category of data includes: IP addresses, domain names of the computers used by users to connect to the site; the addresses in URI (Uniform Resource Identifier) format of the resources requested, the time when the request is made, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server (successful, error or similar) and other parameters concerning the user’s operating system and computer environment. These data are used solely for the purpose of obtaining anonymous statistical information on how the site is used and if it is working properly, and are deleted immediately after processing. These data could be used to ascertain liability in the event of hypothetical cybercrimes to the detriment of the site.