Privacy and Cookie Policy

Privacy Policy for website users
www.medicalacademyjournal.com

Articles 13-14 of EU Reg. 2016/679

The privacy policy is a general obligation that must be fulfilled prior to or, at the latest, upon starting to collect personal data directly. For personal data not collected directly from the data subject, the privacy policy must be provided within a reasonable period of time, namely at the time of disclosure (not recording) of the data (to third parties or to the data subject). In accordance with the General Data Protection Regulation for natural persons (GDPR - EU Reg. 2016/679), the writer organisation - data controller - hereby informs you of the following:

SOURCES AND CATEGORIES OF PERSONAL DATA
The personal data held by the writer organisation are collected directly from the data subjects.

Navigation data
The computer systems and software procedures used to run the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These data are not gathered for association with identified subjects, but by their very nature, when processed or associated with data held by third parties, they might allow users to be identified. This category of data includes IP addresses or domain names of the PC's used by users who connect to the site, as well as Uniform Resource Identifiers of the requested resources, the time of the request, the method utilized in presenting a request to the server, the size of the file obtained in response, the numerical code specifying the state of the response provided by the server (positive outcome, error, etc..) and other parameters concerning the operating system and the IT environment of the user. These data are used for the sole purpose of obtaining anonymous statistical information concerning use of the site and to check that it is operating correctly, and they are deleted immediately after processing. The data could be utilized in order to verify liability in the case of potential IT crimes which are detrimental to the website.

Profiling data
No profiling data are collected directly in relation to the consumption habits or choices of the data subject. However, such information may be acquired by independent or separate parties through links or by incorporating third-party elements. See the section on third-party cookies.

Cookies
Like others, this website saves cookies on the browser used by you in order to transmit information of personal nature and to enhance the user experience. In fact, cookies are small text strings which websites visited by you send to your terminal (usually the browser), where they are stored, sometimes for long periods of time, only then to be sent back to the same websites at your next visit.
As explained below, you can choose whether or not to accept cookies and which ones to accept, bearing in mind that refusing to accept them may affect your ability to carry out certain transactions on the website or may affect the accuracy and appropriateness of certain customisable content offered or the ability to recognise you from one visit to the next. If you do not make a choice in this respect, the default settings will apply and all cookies will be activated: however, you can communicate or change your decisions in this respect at any time.

Technical cookies
In particular, we use so-called session cookies, which are not permanently stored on your computer and which disappear when the browser is closed. Their use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) which enable safe and efficient browsing on the website and avoid the use of other techniques that may be potentially prejudicial to the privacy of users. They do not allow for the acquisition of personal identification data. We also use analytics cookies to help us understand how visitors interact with the contents of the website, gathering information (geographic and web origin, technology used, language, pages accessed, visited and exited, time spent on the website, etc.) and generating statistics on use of the website without personally identifying individual visitors. All these are to be considered technical cookies for which, since consent is not required, the opt-out mechanism applies. Technical cookies are not communicated to third parties as they are necessary or useful for the operation of the website; as such, they are processed only by persons qualified as officers, data processors or system administrators.

Third-party cookies
Finally, the website incorporates cookies and other elements (tags, pixels, etc.) of third parties (autonomous and over which the Controller has no responsibility) which also carry out profiling activities, in relation to which we refer you to their respective websites:

• https://policies.google.com/technologies/cookies?hl=en
• https://www.facebook.com/policies/cookies/
• https://www.oracle.com/legal/privacy/addthis-privacy-policy.html

Data provided voluntarily by users
The optional, explicit and voluntary sending of e-mails to the addresses indicated on the website entails the subsequent acquisition of your address, which is necessary to reply to requests, as well as any other personal data included in the e-mail. The explicit and voluntary submission of forms that can be filled in on the website containing the data of the data subject also entails processing in order to fulfil pre-contractual obligations or to perform the services provided upon the submission of the forms. Such information in the forms may concern personal details, contact details, telephone numbers, email addresses of the data subjects and of identified and identifiable third party successors of the website user. However, specific summary information will be progressively reported or displayed on the pages of the website aimed at particular services on demand.

Newsletter and mailing list
The e-mail contacts used to send communications from the website originate from voluntary registrations by the recipient, to whom a confirmation request is always sent, as well as from information acquired in the context of the sale of products or services of the Controller or similar. This includes the sending of information, promotional communications and material. It is emphasised that contact details are not acquired from public subscriber lists. If the communications are not of interest to you, you can avoid any further contact by clicking on the specific link in each message, or by writing to the contact details below and exercising your right to unsubscribe from the newsletter.

PURPOSE AND LEGAL BASIS OF PROCESSING
Personal data are used (ref. art.6(b) of the GDPR):

• to enable browsing on the website and,
• if necessary, to provide the service or performance requested as part of the writer organisation's normal activities (ATECO code and description...).

In addition, all personal data may be processed:

• for purposes connected with obligations envisaged by law, as well as by provisions issued by authorities legitimated to do so by law (ref. Articles 6(c) and 9(b,g,h) of the GDPR);
• for the establishment, exercise or defence of a legal claim in or out of court (legitimate interest) of the writer organisation (ref. Articles 6(f) and 9(f) of the GDPR);
• for direct marketing purposes according to the legitimate interest of the Controller, in particular; for cookies, advertising IDs used to show advertisements; for e-mail addresses to send the newsletter; for navigation and usage logs to protect the website and the service from cyber-attacks. In these cases, the data subject can always deny consent and the Controller will refrain from such processing (ref. art. 6(f) of the GDPR);
• for purposes functional to the activity for which the data subject may or may not give consent, such as, for example, subscribing to the newsletter to receive information and promotional and sales messages on products and services, satisfaction surveys, disclosure of data to third parties for the purpose of receiving information and promotional and marketing communications (ref. art.6(a) of the GDPR)
• with the consent of the data subject, for profiling of the data subject (ref. art.6(a) of the GDPR).

CONSEQUENCES OF REFUSAL TO PROVIDE DATA
The provision of data collected from the data subject is optional but essential in order to process the same for the purposes indicated in letters a) and b). If the data subjects do not communicate their essential data and do not consent to their processing, it will not be possible to perform and implement the services offered and to fulfil the contractual obligations undertaken, thus prejudicing the correct fulfilment of regulatory obligations, such as accounting, tax and administrative obligations, etc.
Aside from what is specified for browsing data, you are free to provide personal data for cookies and specific requests through forms, e.g. on products and/or services. Failure to provide this information may result in the impossibility of obtaining what was requested. For all non-essential data, their provision is optional. In the absence of consent or in the case of incomplete or incorrect provision of certain data, the fulfilments requested may be so incomplete as to cause prejudice or in terms of sanctions or loss of benefits, either because it is impossible to guarantee the congruity of the processing itself with the obligations for which it is carried out, or because the results of the processing itself may not correspond to the obligations imposed by the laws to which it is addressed; the writer organisation is understood to be exempt from any and all liability for any sanctions or disciplinary measures.

DATA PROCESSING METHODS
The processing operations connected to the website's services are carried out with automated tools for the time strictly necessary to achieve the purposes for which they were collected; they take place on the server in Italy or in the EU and are handled only by technical personnel in charge of processing, or by any officers in charge of maintenance and administration operations. Specific security measures are observed to prevent any loss of data, unlawful or incorrect use and unauthorised access as well as any loss of confidentiality. The facility is equipped with anti-intrusion, firewall, log and disaster recovery devices. Specific mechanisms are used to encrypt and segregate data and to authenticate and authorise users.
Processing of data means the collection, recording, organisation, storage, processing, alteration, erasure and destruction of data, or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data is carried out using manual, computerised and electronic tools, with logics strictly related to the purposes of the processing and, in any case, in such a way as to ensure the security and confidentiality of the personal data. The data will therefore be processed in accordance with the methods indicated in Article 5 of EU Reg. 2016/679, which provides, among other things, that the data must be processed lawfully and fairly, collected and recorded for specific, explicit and legitimate purposes, accurate, and if necessary updated, relevant, complete and not excessive in relation to the purposes of processing, respecting the rights and fundamental freedoms and dignity of the data subject with particular reference to confidentiality and personal identity, through protection and security measures. The writer organisation has established and will further refine the security system for data access and storage.
No automated decision-making (e.g. profiling) takes place.

NON-EU TRANSFERS
Processing takes place in non-EU and non-EEA countries when connections to the website originate from those countries (at the request of the data subject located there).

DATA STORAGE PERIOD
In general, personal data will be stored for as long as the purpose of the processing continues according to the category of data processed.

CATEGORIES OF RECIPIENTS
The data (only essential data) are communicated to

• officers and data processors, both internal to the writer organisation and external, who carry out specific tasks and operations (website administration, analysis of browsing, traffic and profiling data, management of emails and forms sent voluntarily by you, processing of requests, etc.)
• in the cases and to the entities envisaged by law

The data will not be disseminated unless otherwise envisaged by law or subject to anonymisation. Without prejudice to what has been specified for cookies and third-party elements, without the prior general consent of the data subject for disclosures to third parties, it will only be possible to implement services that do not involve such disclosures. If necessary, specific and precise consents will be requested and the entities who receive the data will use them in the capacity of autonomous controllers.
In some cases (not covered by the ordinary management of this website) the Authority may request news and information for the purpose of monitoring the processing of personal data. In these cases, the response is mandatory upon penalty of an administrative sanction.

RIGHTS OF THE DATA SUBJECT
You may at any time: exercise your rights (access, rectification, erasure, restriction, portability, objection, absence of automated decision-making processes) when envisaged in relation to the data controller, pursuant to Articles 15 to 22 of the GDPR (set out below); lodge a complaint with the Data Protection Authority (www.garanteprivacy.it); where the processing is based on consent, withdraw the consent given, taking into account that the withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.

Disabling cookies
Almost all browsers offer the possibility of managing and not enabling cookies, in order to respect your preferences. In some browsers, rules can be set which manage cookies on a website-by-website basis, giving you more control over your privacy; another feature available on some browsers is the incognito mode, so that all cookies created in this mode are deleted after closing.
Please refer to the following instructions for cookie management in your browser:

• Chrome: https://support.google.com/chrome/answer/95647?hl=it
• Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
• Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
• Safari: https://support.apple.com/it-it/HT201265

CONTACT DETAILS
The data controller is Ma.CRO Lifescience Srl, in the person of its acting legal representative.
The data protection officer is Dr Giuseppe Pietro Ianni (dpo@ma-cro.it)
The head office of Ma.CRO Lifescience Srl is located in Rome, postcode 00187, Via Boncompagni 16.
Contact details: telephone +39 06 45507461; fax +39 06 45507462; e-mail info@ma-cro.it
The full list of data processors is available on request.