Privacy Policy

Privacy policy of https://scuoladippocrate.life

DATA CONTROLLER

the IppocrateOrg Association domiciled Via dei Canova,15 6900 Lugano, CF 95100290121 and "HIPPOCRATE ETS FOUNDATION," with registered office in Padua, PD, Sottopassaggio Mario Saggin No. 2, CF 92324160289.

Types of Data Collected

Among the personal data collected by this website are cookies and common or contact data of those who browse the sites:

ippocrateorg
https://fondazioneippocrate.org;
origini
ippocrateorg

No sensitive data are collected unless anonymized and with the consents and for the purposes described in the information given to users

Common data may be freely provided by the User or automatically collected while browsing this Web Site. Unless otherwise specified, all data requested by this Web Site are mandatory and if the User refuses to communicate them, it may be impossible to provide a proper browsing service. In cases where certain data is indicated as optional, Users are free to refrain from communicating such data, without this having any consequence on the availability of the service or its operation.

In any case, at the time of data collection for the purpose of subscribing to the newsletter, an event, volunteer or sponsor application, the user is subjected to relative information ex art. 13 GDPR and is asked to flag the acknowledgement of the document as well as consents for direct and third-party marketing and profiling activities.

The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through this Web Site and warrants that he or she has the right to communicate or disseminate it, releasing the co-owners from any liability to third parties.

Third parties to whom data may be disclosed.

Any communication to third parties of the above-mentioned data takes place in accordance with the relevant notices issued to the data subjects and are optional. The third party recipients of such communication operate as autonomous data controllers or subject to the appropriate act of appointment, as external data controllers of the Company pursuant to Article 28 RegUE 679/2016. It is understood that the communication of data to third parties is made for the purpose of and within the limits of what is necessary to implement and follow up on the relationships between the co-owners and data subjects.

The updated list of Processors can always be requested from the Data Controllers.

Data processing

Mode of treatment

The Co-owners take appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data. The processing is carried out by means of computer and/or telematic tools, with organizational methods and logics strictly related to the indicated purposes by personnel of the co-owners (the appointees), designated by it by individual letter.

Place of processing

The Data are processed at the operational offices of the co-owners and at any other place where the parties involved in the processing are located. For more information, please contact the co-owners at the addresses in item #1 of the disclosure.

The User's Personal Data may be transferred to a country other than the country where the User is located including outside the European Union. To obtain further information about the processing location, the User may refer to the section on Personal Data processing details.

The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization under public international law or consisting of two or more countries, such as the UN, as well as regarding the security measures taken by the Data Controller to protect the Data.

Should any of the transfers just described take place, the User may refer to the respective sections of this document or request information from the joint owners by contacting them at the contact details given at the beginning.

Risk analysis

The main risks inherent in processed data can be summarized as:

- Accidental destruction of the data;
- improper access or dissemination of information.
-malfunctioning of the system and data base.

The level of the above risks is judged to be low, as data protection measures are put in place as listed below:

Regular data backups: Implementing regular backup procedures to prevent accidental data destruction. Backups enable recovery of data in case of loss or corruption.
Access control: Setting access restrictions to ensure that only authorized persons can access sensitive information. The use of multi-factor authentication can be included in this category.
Data encryption: Use of encryption techniques to protect data during transmission and storage, thereby reducing the risk of undue access or dissemination of information.
System security: Implementation of system-level security measures, such as firewalls, antivirus software and regular operating system updates, to prevent system and database malfunction.
Monitoring and auditing: Installation of monitoring and auditing tools to detect suspicious activities, monitor access to sensitive data, and record the actions of authorized users.
Staff training: Provision of regular training to staff on data security practices, including procedures to follow to avoid security incidents.
Emergency planning: Developing contingency plans to deal with situations such as data loss or system malfunction to minimize damage and quickly restore operations.
Regulatory Compliance: Adherence to regulations and data protection laws applicable to the industry, ensuring that business practices are in line with required security standards.

Site protection procedures

With the aim of ensuring availability, integrity and confidentiality of information, the co-owners have adopted specific IT security measures to protect the information from risks of loss or destruction, including accidental loss or destruction, of the stored data.

In particular, both physical and IT measures for access control, credential management, incremental backups, and intrusion detection systems have been provided.

In the event that the Data Controllers suffers data theft and has reason to believe that the data has been disclosed (data breach) it will activate - if appropriate - a report to the Supervisory Authority and communicate the incident to all Data Subjects.

Maximum response time 72 hours.

DATA PROCESSORS

All appointees are provided with written instructions to operate, within the scope of their assigned processing, with the utmost diligence and care and in compliance with the security measures prepared by the company.

EXTERNAL DATA PROCESSORS

External data controllers manage the data on behalf of the co-processors on the basis of an appropriate contract of appointment in which the entrusted tasks and responsibilities are specifically identified as stipulated in Article 28 of RegUE.

Managers shall comply with the instructions given by co-owners who, including through periodic audits, shall supervise the timely compliance with the processing provisions of the RegUE, including the security profile.

Specifically, the data controllers merely provide a platform that is fully managed by the Data Controllers. Their operations involve automated and passive management of personal data.

- IppocrateOrg Association
- HIPPOCRATES FOUNDATION ETS

Privacy Policy

FEATURED NEWS

In-person lecture First and Second Year | March 14-16, 2025

Introduction to the Advanced Diagnostics and Integrated Therapies Course.

Third-year introduction evening

Extension of First-Year Enrollment

Advanced Diagnostics and Integrated Therapies Course

First lecture biennium 2024-2026

Registration for the new two-year term is now underway!

Third Year Program

Calendar First Year 2024-2026

Biennium 2024-2026 presentation evening