Iscriviti alla nostra newsletter per ricevere i nostri ultimi aggiornamenti
© 2024 Come Stai S.p.a. P.IVA 13043690968. All Rights Reserved.
Realizzato da comestai.io
Privacy notices for drivers in accordance with the EU’s General Data Protection Regulation (‘GDPR’)
Information as of September 2023
The information we have provided below gives you an overview of our approach to processing your personal data and your rights under the provisions of data protection legislation in connection with the use of our “comestai” app.
In case of emergency please contact emergency room.
The personal data processed depend largely on the services or products you use in any given case.
Classification:
Data controller under Article 4(7) GDPR for drivers in the territory of Italy:
come stai S.p.a.
(“comestai“)
Via Angelo Rizzoli, 4
20132 Milano Italia
email: dpo.italy@comestai.io
The easiest way to reach our data protection officer is by sending an email to dpo.italy@comestai.io or writing
to the above address.
We aim to inform you about the various types of personal data we process and the purposes for which we do this below.
2.1- comestai App services
When the comestai App is used, users can search for a specific health service and use the selected service. To operate the comestai App you must provide personal data, which we process to provide the given service. Additional voluntary information that may also be provided is marked accordingly (optional).
In the context of the search for a doctor service, the following personal data will be processed in accordance with Article 6(1.) (b) GDPR for the performance of the contract:
First and last name, picture of the profile, date of birth, address, city, ZIP code, country, email address, mobile phone number, spoken languages, height, weight, social ID, GPS location data while logged in to the comestai App, information about your terminal equipment (device ID, access time for the comestai App, browser type and operating system), information about ratings (1-5 star(s), as well as the average rating), user ID, password, Privacy Policy acceptance, News and personalised offers acceptance. Each service can request additional data that will be explicitly requested.
Optional entries will be processed only if entered.
You either enter the personal data (e.g., your name) at the time of registration or we receive it directly from your terminal equipment (e.g., GPS location data). You approve the transmission of your GPS location, camera usage, multimedia contents access and the possibility to make a call or send SMS data via your terminal equipment’s usage operating system (smartphone, tablet, etc.). GPS data of your location will be used to match position in selected area by the comestai App.
2.2-Payments
User Payments will be made via certifies channels, i.e. PayPal, Stripe, bank gateway, etc..
To make the payment available, comestai App will send to those subjects the following data: first and last name, email address and all other data requested by legislation.
Without these payment channels, our comestai App cannot work. You can get updated terms and conditions and privacy notice on payment gateway internet sites.
2.3-Fault elimination, customer services and improvement of functionality
To make it possible to eliminate malfunctions in the comestai App, to answer specific user inquiries about functionality and to adapt the comestai App to the needs of users, the following personal data are processed for the performance of the contract in accordance with Article 6(1.)(b) GDPR:
First and last name, picture of the profile, date of birth, address, city, ZIP code, country, email address, mobile phone number, spoken languages, height, weight, social ID, GPS location data while logged in to the comestai App, information about your terminal equipment (device ID, access time for the comestai App, browser type and operating system), information about ratings (1-5 star(s), as well as the average rating), user ID, password, Privacy Policy acceptance, News and personalised offers acceptance. Each service can request additional data that will be explicitly requested.
2.3 (a)-News and personalised offers
You will receive offers and advertising from us if you have agreed to receive news and personalised offers (advertising, vouchers, and promotions) and to the display of usage-based advertising (‘retargeting’) during the registration process or subsequently in the profile of the comestai App in News and personalised offers and have operated the toggle positioned there accordingly. This concerns personalised (sent only to you and based on an analysis of the comestai App usage frequency) advertising sent electronically (email, SMS, MMS, in-App messages, push messages) to your terminal equipment (smartphone, tablet, PC, etc.). To send you personalised advertising, we will process your usage data. Usage data are information about the number of App installations, usage frequency, patient search and doctor availability. Based on these data, you will then receive special offers and advertising from us.
In this context, we will process the following personal data in accordance with Article 6(1.) (a) GDPR:
First and last name, picture of the profile, date of birth, address, city, ZIP code, country, email address, mobile phone number, spoken languages, height, weight, social ID, GPS location data while logged in to the comestai App, information about your terminal equipment (device ID, access time for the comestai App, browser type and operating system), information about ratings (1-5 star(s), as well as the average rating), user ID, password, Privacy Policy acceptance, News and personalised offers acceptance. Each service can request additional data that will be explicitly requested.
If you do not wish to receive the news and personalised offers already discussed, you can – just as easily as when you agreed to it – withdraw your consent by operating the toggle discussed above accordingly.
Please note that the withdrawal and ensuing changes are valid only for the future and will be effective or implemented by no later than 48 hours from withdrawal. This is for reasons of a technical nature, which do not permit faster implementation.
2.4 (b)-Newsletter
Once we receive from you for performance of our service your email address or your mobile phone number and you have accomplished a tour using our service, we may use it for electronical direct marketing by email, SMS and MMS as long as you have not revoked to our direct marketing. In this context we process pursuant to Art. 6 (1) f) GDPR the following personal data: e-mail and mobile phone number. You may revoke to direct marketing by clicking on a link at the end of an email (e.g., Opt out from newsletter) or by SMS contact with effect for the future. Please note that the withdrawal and ensuing changes are valid only for the future and will be effective or implemented by no later than 48 hours from withdrawal. This is for reasons of a technical nature, which do not permit faster implementation.
2.5-Studies and surveys
If you have agreed to receive studies and surveys during the registration process or subsequently in the profile of the comestai App under News and personalised offers and have operated the toggle positioned there accordingly, then we will contact you in the context of non-personalised or personalised (sent only to you and based on an analysis of the comestai App usage frequency) studies and surveys sent electronically (email, SMS, MMS, in-App messages, push messages) and request your participation. To this end, we will process the following personal data pursuant to Article 6(1.) (a) GDPR:
First and last name, picture of the profile, date of birth, address, city, ZIP code, country, email address, mobile phone number, spoken languages, height, weight, social ID, GPS location data while logged in to the comestai App, information about your terminal equipment (device ID, access time for the comestai App, browser type and operating system), information about ratings (1-5 star(s), as well as the average rating), user ID, password, Privacy Policy acceptance, News and personalised offers acceptance. Each service can request additional data that will be explicitly requested.
If you do not wish to receive the news and personalised offers already discussed, you can – just as easily as when you agreed to it – withdraw your consent by operating the toggle discussed above accordingly.
Please note that the withdrawal and ensuing changes are valid only for the future and will be effective or implemented by no later than 48 hours from withdrawal. This is for reasons of a technical nature, which do not permit faster implementation.
2.6-Google Maps
The comestai App makes use of the Google Maps API. This enables us to display maps in your comestai App and you to use those maps, e.g., for navigation. Our comestai App cannot function without the Google Maps API. You can view Google’s terms of use at https://policies.google.com/terms?hl=en. Additional terms of use for Google Maps are available at https://www.google.com/help/terms_maps.html. Google’s privacy policy is available at https://policies.google.com/privacy?hl=en. This involves us processing your GPS location data in accordance with Article 6(1.) (b) GDPR. We render your GPS location data anonymous before forwarding it to Google. Identification of you personally is ruled out.
2.7-User’s rating
The patient can rate a service via the comestai App with 1-5 star(s). Each rating is included in the average rating
determined by us. The rating is visible to all service users.
In some cases, we arrange for external service providers to process your data (e.g. troubleshooting, creation of mailings). This makes it necessary for us to transmit your personal data to our external service providers for a specified purpose (confined to the purpose in question). We have selected our service providers carefully and commissioned them in writing. They are bound by our instructions, and we have obtained information about their technical and organisational measures for the secure processing of personal data. We also require that our service providers comply with the Applicable data protection regulations.
We work with service providers from the EU and other EEA countries. We have concluded processing contracts with our external service providers in accordance with Article 28(3.) GDPR, EU standard contractual clauses in accordance with Article 28(7.) GDPR or the transmission is based on a decision of the EU Commission in accordance with Article 45 GDPR (e.g. Privacy Shield).
We store all our data with a cloud service provider within the EU or in IT infrastructures and systems (employee
computers) at our sites within the EU.
We work with IT service providers that facilitate the ride-hailing services, as well as the fault elimination, customer services and improvement of functionality in accordance with points 2.1 and 2.3 respectively. We also work with payment service providers that facilitate payment processing in accordance with point 2.2. Moreover, we work with a fraud prevention service provider to protect us against non-payment in accordance with point 2.3. If you have agreed to receive news and personalised offers (point 2.5) and to be contacted by us for studies and surveys (point 2.6), then we work with marketing agencies and service providers.
However, we do reserve the right to disclose information about you if we are legally obliged to or if we are required to surrender it by administrative or law enforcement bodies (e.g. police or public prosecutors).
You have the right to request information from us at any time about your personal data we have stored and the origin, recipients or categories of recipients to whom these data are forwarded or otherwise disclosed, the purpose of the storage and processing, the planned storage period, our automated decision-making procedure, the right to data portability, the existence of a right to rectification, erasure, restriction of or objection to processing, and any existing right to lodge a complaint with a supervisory authority.
You also have the right to rectification of incorrect data and, in cases where the legal requirements are met, to blocking and erasure, as well as to restrict the processing of data.
You may also send requests for information, withdrawals of consent, objections, and other concerns regarding data processing by email to: dpo.italy@comestai.io or to the address stated in the introduction.
We have taken Appropriate technical and organisational measures to guarantee data security, in particular to protect your personal data against access by third parties, as well as accidental or intentional modification, loss or destruction.
Such measures are reviewed periodically and adapted in line with the state of the art. The transfer of your personal data from your terminal equipment (e.g. smartphone) to us is always encrypted.
In principle, we process and store your data for the duration of our contractual relationship. In addition, we are subject to various retention and documentation requirements. The required periods, e.g. from tax law, can be up to 10 years. Moreover, special statutory provisions can make a longer retention period necessary, e.g. evidence in the context of statutory periods of limitation.
If data are no longer required for compliance with contractual or statutory requirements, they are regularly deleted, unless their limited further processing is necessary for the purposes listed above.
Iscriviti alla nostra newsletter per ricevere i nostri ultimi aggiornamenti
© 2024 Come Stai S.p.a. P.IVA 13043690968. All Rights Reserved.
Realizzato da comestai.io