This policy describes and sets out the essential details relating to your personal data relationship with Veduta Clinic. This policy highlights the types of personal data collected when you use our site and how your personal data is used, shared and protected. It also explains the choices you have relating to your personally identifiable information and how you can contact us regarding your personal data.
From time to time we may offer new services, which we will update in this policy accordingly and we will notify you prior to these changes.
Who Is Responsible For The Processing Of Your Personal Data?
This website is operated by Veduta Clinic (the Clinic), a clinic that provides healthcare services.
Veduta Clinic is the controller responsible for the data processing in terms of the General Data Protection Regulation (GDPR).
You can contact us by email on email@example.com or by telephone on 27556655.
Our correspondence address is Veduta Clinic, Reggie Miller Street, Gzira, GZR1541, Malta.
What Personal Data Do We Collect And When?
We ask you for certain personal data to provide you with the services you request. For example, when you request to receive communications, book an appointment, or interact with our sites. We will never share your information with a 3rd party without your explicit permission to provide you with access to that service.
We may receive or ask you for multiple categories of data for which, in some cases, we require your consent.
Should you be under the age of 16 years, a parent or a guardian must give consent on your behalf.
Contact details: including name and surname, and email;
- Personal preferences: including your cookie preferences, IP addresses, referrer headers, data identifying your web browser and version, and web beacons and tags.
Description of why Veduta Clinic processes your personal data – processing purpose
Legal basis for processing?
Categories of personal data used by Veduta Clinic for the processing purpose
To be able to contact you regarding your current affairs at Veduta Clinic
Legitimate interest (Article 6(1)(f) GDPR): to enable the Clinic to contact the enquirer and answer any request, such as for information or to give you an appointment.
Contact details – including name and surname, and email
To improve the web browsing experience for the user
Legitimate interest (Article 6(1)(f) GDPR): in order that the Clinic’s website operates to its optimal performance to ensure an effective user experience.
Personal preferences – including your cookie preferences, IP addresses, referrer headers, data identifying your web browser and version, and web beacons and tags.
The legal basis for processing found in Article 6(1)(f) GDPR calls for a balancing test: the legimate interests of the controller must be balanced against the interests or fundamental rights and freedoms of the data subject. Information on the required balancing tests may be obtained by data subjects from the controller upon request. In brief: the Clinic has a legitimate interest in having a presence on the Web, enabling visitors of its website to make initial contact with the Clinic, and the Clinic to contact back those who so request. There is no significant intrusion into users’ privacy and data protection rights, or any other undue impact on their interests and rights. The Clinic has established safeguards: only limited information is used (contact details and personal preferences, as detailed above). In addition, an easy-to-use cookie consent mechanism is adopted. On balance, and considering also the safeguards and measures in place, the interests and rights of the data subject do not appear to override the legitimate interests of the Clinic to carry out this minimal amount of data processing.
We will retain personal data related to general communications or enquiries received for up to one year after the communication’s scope is exhausted to safeguard our legitimate interests for tracking enquiries.
When interacting with our site, data is automatically collected and shared with us by the technology platforms providing the experience. For example, your web browser or mobile device may share certain data with Veduta Clinic as those devices interact with our sites. More information about these practices is included in the Cookies section below.
Identification and Contact Information
When you request services or make enquiries from us through this website’s online messaging function or other forms of communication, we ask you for identification and contact details such as your name, contact telephone number, email address, depending on the nature of your enquiry and the type of response required.
Sensitive (e.g. Medical) Information
When we provide our services to you at one of our premises, or in preparation for providing you with a medical service, we would require from you other information, such as personal medical information and next-of-kin personal medical information. We do not collect such information through our website, therefore at the supply occasion of such data, further detailed privacy information depending on the instance will be supplied.
Medical information provided to the Clinic will be processed for the reason it would have been collected, as well as to comply with all relevant laws and regulations that the Clinic would be subject to. More information is available at the point of collection due to specific needs and obligations related to medical services.
Why And How We Use Your Personally Identifiable Information?
We process the personal data we collect from you in the following ways:
1. To provide the features of the sites and services you request
When you use our sites, we will use your data to provide the service you have selected. For example, if you request more information, we will use the contact details you give us to communicate with you.
2. To protect our or others’ rights, property or safety
3. For general research and analysis purposes
We use data about how our visitors use our sites and services to understand customer behaviour or preferences.
4. Other purposes
We may also use your personal data in other ways and will provide specific notice prior to the time of collection and obtain your consent where necessary.
Tools To Manage The Data We Collect
In many cases, your web browser or mobile device platform will provide additional tools to allow you to control when your device collects or shares different categories of information. For example, your mobile device or web browser may offer tools to allow you to manage cookie usage or location sharing. We encourage you to familiarise yourself with and use the tools available on your devices.
We will take reasonable steps to destroy personal information we hold if it is no longer needed for the purposes set out above or required for us to maintain a high level of care, in accordance with EU General Data Protection Regulation (GDPR).
Sharing Of Personally Identifiable Information
We may transfer personal data we have about you if we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, spin-off, dissolution or liquidation).
Protection And Management Of Personally Identifiable Information
The confidentiality of your personal information is of paramount concern to us and we comply with EU data protection law and all the applicable medical confidentiality guidelines issued by professional bodies such as the Malta Medical Council.
Your confidential medical information will be disclosed to the healthcare professionals, as justified by providing you the treatment or care. Additionally, such information might be disclosed to other entities, such as courts or medical professional bodies, only in the circumstance and following the communication modalities required under the Maltese law.
If you receive services from us and that service transfers to a new provider, we may share your personal and confidential medical information with the new provider, however you will be informed accordingly.
We invest appropriate resources to protect your personal information from loss, misuse, unauthorised access, modification or disclosure.
Encryption and security
We use a variety of security measures, including authentication tools to maintain the safety of your personal data. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems. Veduta Clinic has continuous IT support.
Where is the data stored?
The personal data we collect or generate (process) is stored within the European Union and/or the European Economic Area (EEA). Your data is stored on the web server with a daily back up within the hosting centre.
Some of the data recipients with whom Veduta Clinic shares your personal data may be located in countries other than the country in which your personal data originally was collected.
Nevertheless, when we transfer your personal data to recipients in other countries, we will ensure your data is protected as described in this Policy and in compliance with the EU General Data Protection Regulation (GDPR).
Retention of your data
We retain your personal data for as long as we hold legitimate interests to fulfil the purposes for which we collect it, unless otherwise required by law.
Your rights related to your personal data
The General Data Protection Regulation (GDPR) gives certain rights to data subjects regarding their personal data. Data subjects of Veduta Clinic can take advantage their rights via:
Right of access – the right to be informed of, and to request access to the data we process about you. Veduta Clinic will at latest provide all documentation within 1 month and will not charge a fee unless deemed manifestly unfounded or excessive.
Right to rectification – the right to request that we update / rectify your personal data if inaccurate.
Right to restriction – the right to request that we temporarily / permanently stop processing your personal data.
Right erasure – the right to request that we delete your personal data.
Right to object:
The right, at any time, to object to us processing your personal data given your situation.
Right to data portability – the right to request a copy of all personal data, in electronic format, we hold about you and the right to transmit this data to another party’s service.
Right to not be subjected to automated processing – the right to not be profiled where the decision would have a legal effect upon you.
- The right to withdraw consent – Veduta Clinic will endeavour to continue to provide the services however, by withdrawing your consent, the efficiency of these services may be affected.
If you are a European resident and you have a concern about our use of your information, you can contact your local data protection regulator. A list of European data protection regulators can be found here. This is a third-party website, over which we have no control.
You can contact us to exercise your rights by sending an email to firstname.lastname@example.org.
Veduta Clinic receives and records information, which may include personal data, from your browser when you use our sites. We use a variety of methods such as cookies to collect this information, which may include your:
Unique cookie identifier, cookie information and information on whether your device has software to access certain features
Unique device identifier and device type
Domain, browser type and language
Operating system and system settings
Country and time zone
Information about your interaction with our sites such as click behavior and indicated preferences
Access times and referring URLs
There are generally three categories of cookies used on our sites:
Strictly Necessary: These cookies are required for basic site functionality and are therefore always enabled. These include cookies that allow you to be remembered as you explore our sites within a single session or, if enabled, from session to session.
Functionality: These cookies allow us to improve our sites’ functionality by tracking usage. In some cases, these cookies improve the speed with which we can process your request, allowing us to remember site preferences you have selected. De-selecting these cookies may result in poorly tailored recommendations and slow site performance.
Performance: These cookies are used to measure how our website users navigate throughout our site, how long the users are on our site and what exactly are our website users looking at.
We use these cookies to gather information about users such as browser type, server, language preferences, and country setting in order to make the user experience more consistent and convenient.
Compliance With Regulators
We will obey a valid court order or subpoena if these require us to provide the information that we store to law enforcement authorities or a court of law. We will only do so upon legal scrutiny and confirmation of the validity of such requirements in Malta.
Applicable law and our practices change over time. If we decide to update our Policy, we will post the changes on our site. We strongly encourage you to read our Policy and regularly check for any changes.
This policy is effective from 16th July 2021.