Processing of Personal Data Pursuant to the EU Regulation 2016/679 (GDPR) and D.Lgs. 101/2018:
- The GDPR and D.Lgs. 101/2018 provide and strengthen the protection and processing of personal data in light of the principles of correctness, lawfulness, transparency, protection of confidentiality and the rights of the interested party regarding their data.
- Dr. Antonio Bella is the owner of the processing of the following data collected for the performance of the assignment:
- personal data, contact, and payment data – information relating to the name, telephone number, address PEO and PEC, as well as information relating to the payment of the fee for the assignment (e.g., credit card number) and any other data or information regarding an identified or identifiable natural person;
- data relating to the state of health: the specific data relating to physical or mental health (or any other data or information referred to by art. 9 and 10 GDPR and by art. 2-septies of D.Lgs. 101/2018) are collected directly, in relation to the request for execution of assessments, exams, diagnostic investigations, rehabilitation interventions and any other kind of professional service connected with the activity conferred to the psychologist. The data referred to in letters a. and b. above constitute the personal data.
The reflections/assessments/professional interpretations translated into data by the psychologist constitute the set of professional data, processed according to all the principles of the GDPR and managed/due according to the provisions of the Code of Ethics.
- The processing of all the above data is carried out on the basis of the free, specific, and informed consent of the patient/client and in order to carry out the assignment conferred by the patient/client to the psychologist.
- Personal data will be subjected to both paper and/or automated processing methods, therefore with both manual and IT methods.
- Adequate security measures will be used in order to guarantee protection, security, integrity, accessibility of personal data, within the constraints of current regulations and professional secret.
- The personal data that are no longer necessary, or for which there is no longer a legal assumption for the relative conservation, will be irreversibly anonymised or safely destroyed.
- Personal data will be kept only for the time necessary to achieve the purposes for which they were collected, i.e.:
- personal data, contact, and payment data: they will be retained for the time necessary to manage the contractual/accounting obligations, therefore for a time of 10 years;
- data relating to the state of health: they will be retained for the time necessary to carry out the assignment and to the pursuit of its purposes, and in any case for a minimum period of 5 years (see Code of Ethics) and not beyond the retention period provided for the personal and payment data.
- Personal data may have to be made accessible to the health and/or judicial authorities on the basis of specific legal duties. In all other cases, each communication can only take place after explicit consent, and in particular:
- personal data, contact, and payment data: they can also be accessible to any collaborators, as well as to external suppliers that support the provision of services;
- data relating to the state of health: they will be revealed, as a rule, only to the interested party and only in the presence of a written consent to third parties (see Code of Ethics). Every means suitable for preventing unauthorised knowledge by third parties (including those present upon agreement of the assignment) will be adopted. In case of legal obligations, they can be shared with national healthcare structures/services/operators or other public authorities; in the event of collaboration with other subjects, equally required to keep professional secrecy (supervisions, intervisions, and/or team meetings), with this consent only the information strictly necessary in relation to the kind of collaboration will be shared (see Code of Ethics).
- Unless otherwise indicated, the accounting information relating to healthcare costs will be transmitted electronically to the Italian revenue agency for the purposes of the processing of the pre-filled tax return, and will also be accessible by the subjects to whom you should be tax-dependent (spouse, parents, etc.). The opposition to the sending of the data does not affect the deduction of the expenditure, but it only entails that the invoice is not automatically inserted in the pre-filled tax return.
- Any list of the data processors, and of the other subjects to whom the data are communicated, can be viewed upon request.
- To the persistence of certain conditions, in relation to the specificities connected with the execution of the assignment, it will be possible to the interested party to exercise the rights referred to in articles 15 to 22 of the GDPR and D.Lgs. 101/2018 (right of access to personal data, right of correction, right to cancellation, right to the limitation of processing, right to portability or right to obtain a copy of personal data in a structured format of common use and legible from an electronic device – most often data entered on a computer – and the right that they are transmitted to another data controller). In the present case, it will be the burden of the professional to verify the legitimacy of the requests by providing a response, as a rule, within 30 days.
- For any complaints or reports on the methods of data processing, it is good practice to contact dr. Antonio Bella, owner of the data processing. However, it is possible to submit your complaints or reports to the Authority responsible for data protection, using the relevant contact details: Garante per la Protezione dei Dati Personali – piazza di Montecitorio n.121 – 00186 ROMA – fax: (+39) 06 696773785 – telephone: (+39) 06 696771. PEO: garante@gpdp.it – PEC: protocollo@pec.gpdp.it
