INFORMATION ON THE PROCESSING OF PERSONAL DATA

Meedox Application – Last Updated: December 2024

Before you provide us with your personal data – in accordance with the provisions of the General Data Protection Regulation, Regulation (EU) 2016/679, and Legislative Decree No. 196/03 as amended – it is necessary that you review a series of details that can help you understand the reasons why your personal data will be processed, explaining what your rights are and how you can exercise them.

1. Data Controller

The Data Controller is: Meedox Srl (VAT No. 15776151001), headquartered in Italy, email privacy@meedox.com, PEC: meedoxsrl@pec.it.

2. Data Protection Officer (DPO)

The DPO of Meedox Srl is Dr. Eng. Vincenzo Vitiello (VAT No. 06290551214, contactable at the following email address: dpo@meedox.com).

3. Purposes and Legal Basis for Processing Personal Data

By using the App and accessing the related Service, some of your personal data, including data capable of revealing your health status, will be processed in accordance with current data protection regulations. The use of the App and the Service, in particular, involves the processing of the following types of data:

a) Authentication data (email address, username, password) necessary to access the Application and the Service;
b) Purely technical data (such as, by way of example: operating system version, browser used, device type, etc.) that may be automatically acquired by computer systems queried by your device when retrieving and/or sending data and information related to the use of the App and the web Service;
c) Common personal data (such as name, surname, date of birth, place of birth, and gender) that will be processed to authorize specific processes related to the execution of the Service (such as, by way of example, acceptance of legal notices, setting visibility criteria applied to specific documents or information, expressing or revoking consent for healthcare operators to consult the health archive, managing authorization processes for accessing social and health documents related to minors);
d) Common and specific personal data (relating to any prescriptions uploaded in the App).
e) Synthetic evaluation and profiling data (e.g., the Meedox rating or other summary indices), generic, anonymized, and not capable of revealing data that discloses your health status.

Regarding authentication data (a), technical data (b), and data related to requests in point (c), please note that this data will be processed for purposes strictly related and instrumental to the execution of the App and the website’s functionalities.

For the data processed under letters a), b), c), and e), the legal basis for the above purposes is the data subject’s consent under Article 6, paragraph 1, letter a) of Regulation (EU) 2016/679. This data may also be processed to comply with any legal obligations. Only the authentication data (a) and technical data (b) – after complete anonymization – may be processed to generate statistical information on the use of the Application and to verify its functionalities.

With your explicit consent, data under letters a), b), c), and e) may be used to send commercial offers, including through focused and selected analyses, and to deliver advertisements and/or commercial offers based on anonymized profiling of your data, designed to highlight information and commercial offers tailored to your interests when accessing the site’s pages and services.

4. Methods of Data Processing

Processing will be carried out using electronic or automated tools, in accordance with the principles of necessity and minimization, and only for the time strictly required to achieve the pursued purposes. The Data Controller adopts technical and organizational measures appropriate to ensure a level of security suitable for the type of data processed.

5. Nature of Data Provision

Providing authentication data (a) and technical data (b) is mandatory. Failure to provide this data will make it impossible for the user to access the App and the web portal, and for Meedox Srl to deliver the Service.

Regarding data processed in the context of “transmission requests” you make to authorize specific processes (c), data provision is mandatory for executing the App and the Service (e.g., accepting terms of use). Failure to provide this data will prevent access to the App and the Service.

6. Data Recipients and Scope of Communication

Your data will be processed exclusively by the Data Controller, authorized persons, and appointed data processors – Meedox Srl, represented by the acting administrator – and any additional suppliers of the Controller, along with their trained personnel to ensure the same level of security provided by the Controller.

Data under letters d) and e) will be processed based on your consent, requested on appropriate site pages and preceded by our specific notice or via cookies (see the cookie policy section). In this case, providing data is entirely voluntary, and if consent is not given, the data will not be collected or used for these purposes.

You may withdraw consents at any time without affecting the lawfulness of processing based on consent given before withdrawal.

Aside from the above cases, your personal data will never be shared with third parties, except to fulfill any contractual and/or legal obligations. The data will not be disseminated.

7. Transfer of Personal Data to Non-EU Countries

The collected and processed data is not transferred to companies or entities outside the European Union.

8. Data Retention Period

The data processing operations performed by the Application entail a retention period equal to the period of use of the App and the Service. After these retention periods, data may be further retained only to fulfill specific legal obligations.

9. Automated Processing and Profiling

The personal data provided is not subject to any fully automated decision-making process, including profiling, that could produce legal effects or significantly impact you.

10. Data Subject’s Rights

As a data subject, you may exercise the following rights in cases expressly provided by law (Articles 15 et seq., Regulation (EU) 2016/679):

a) Request access to your personal data and/or its correction or deletion from the Data Controller;
b) Request restriction of processing or object to processing;
c) Exercise the right to data portability (i.e., data communication in a structured, commonly used, machine-readable format), including transmitting your personal data to another controller;
d) Withdraw consent at any time (without affecting the lawfulness of processing before consent withdrawal);
e) Lodge a complaint with the supervisory authority (the Italian Data Protection Authority). Requests for exercising rights should be sent to privacy@meedox.com, via PEC to meedoxsrl@pec.it, or by registered mail to Piazza Sallustio 3 – 00187 Rome.

Cookie Policy

Express Consent for the Use of Cookies and Other Profiling Technologies Required for Registration

In line with company policy, which respects privacy protection, Meedox uses:

• Technical cookies necessary for the application’s functionality:

  • User profile
  • Registration account
  • Device information (operating system version, browser used, device type)

• Profiling cookies used to create user profiles and deliver targeted advertisements based on preferences. User consent is required for this purpose.

• Third-party cookies installed by third parties on the site/app. The Data Controller provides links to third-party notices and consent forms. Users give or deny consent directly to the third party.

Information provided by the Data Controller and stored in the Controller’s IT systems (including through cookies) may be cross-referenced with other data for analytical and profiling purposes, ensuring pseudonymization of all information.

To review or request your personal data or file a complaint, email privacy@meedox.com.