This page is intended to inform users of the website www.lionhealth.tech about the way it is managed with regard to the processing of their personal data as prescribed by Articles 13 and 14 of the European Regulation No. 679/2016 - General Data Protection Regulation. This information also fully respects and complies with Recommendation No. 2/2001 that the European authorities for the protection of personal data, meeting in the Group established by art. 29 of Directive No. 95/46/EC, adopted on May 17, 2001 to identify certain minimum requirements for the collection of personal data online and, in particular, the manner, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purposes of the connection. Data relating to identified or identifiable persons may be processed through consultation of this site.

It is specified that the consent mechanisms will be obvious, brief, and easily understood; if the original conditions for which consent was sought change, for example, if the purpose of data processing changes, additional consent will be required in accordance with European Regulation No. 679/2016.

1. The Data Controller.
The Data Controller is the company Lionhealth S.r.l., with registered office and operations in Milan, at Via Aurelio Saffi, 10, Tax Code and VAT No. 12258620967 (hereinafter, for short, only the "Company"), in the person of its legal representative.

2. Purpose of data processing and legal basis
The purpose and legal basis of the processing of your data is:

1. For automatically collected data, the legal basis is the legitimate interest of the owner and the purpose is to ensure and improve the web browsing experience.
2. For data provided voluntarily by the user, the legal basis varies depending on the purpose pursued, indicated in the specific disclosures, to which we refer.
3. For cookies: see the specific cookies policy.

3. Categories of data Navigation data
The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the site involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. On the contrary, specific summary information will be reported or displayed on the pages of the site prepared for particular services on request (form).

Therefore, the user must explicitly consent to the use of the data in these forms in order to submit the request.

Cookies
The site uses cookies. The data collected through cookies may be used to access parts of the site or for statistical purposes or to make the browsing experience more pleasant and efficient in the future. A separate cookie policy is available for more information

4. On the substantially obligatory nature of the provision of data
It should be noted, again, in relation to the nature, optional or otherwise, of the provision of data, that there is likely to be no processing of the same data in the event of failure to provide them with the necessary consent. So that, on the one hand, of course, each data subject is entirely free to confer or not to confer his or her data and/or to give consent to their processing, but, on the other hand, failure to confer them with the associated consent will result - as mentioned above - in the impossibility of their processing.

Similarly, any refusal to respond may result in failure or incomplete processing.

5. Modalities of data processing and retention time
In accordance with the personal provisions of the EU Regulation 2016/679, the Company intends to keep and control the personal data subject to processing also in relation to the knowledge acquired on the basis of technical progress, the nature of the data and the specific characteristics of the processing, so as to minimize, through the adoption of appropriate and preventive security measures, the risks of destruction or loss, even accidental, of the data themselves, unauthorized access or processing that is not permitted or does not conform to the purposes of collection.

Data are retained for as long as is strictly necessary to fulfill the purposes stated in this policy and will be deleted at the end of this period, unless the data must be retained for legal obligations or to enforce a right in court.

6. The rights of data subjects
Within the limits and under the conditions provided by law, the data controller is obliged to respond to requests from the data subject regarding personal data concerning him or her. In particular, according to current legislation:

a. The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; when possible, the expected period of retention of personal data or, if this is not possible, the criteria used to determine that period the existence of the data subject's right to request from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing; the right to lodge a complaint with a supervisory authority; if the data are not collected from the data subject, all available information about their origin; the existence of automated decision making, including profiling.

b. The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning him/her without undue delay.

c. The data subject shall have the right to obtain from the data controller the erasure of personal data concerning him/her without undue delay, and the data controller shall be obliged to erase without undue delay the personal data within the limits and in the cases provided for by the current legislation. The data controller shall notify each of the recipients to whom the personal data have been transmitted of any rectification or erasure or restriction of the processing within the limits and in the forms provided for by current legislation.

d. The data subject has the right to obtain from the data controller the restriction of processing.

e. The data subject shall have the right to receive in a structured, commonly used and machine-readable format personal data concerning him or her that have been provided to a data controller and shall have the right to transmit such data to another data controller without hindrance from the data controller to whom he or she has provided them.

To exercise these rights, Data Subjects may contact the Data Controller, via e-mail to the account: privacy@lionhealth.tech

7. Security Measures.
In order to minimize the dangers of destruction or loss--even accidental--of data, or of unauthorized access to them, the Company has put in place certain security measures.

With particular reference to data processed with the aid of information technology tools, the Company has-for example-established a computer authentication system and adopted procedures for the safekeeping of back-up copies and restoration of the availability of such data.

With reference, then, to the processing carried out without electronic instruments, the Company has, among other things, provided procedures for the appropriate safekeeping of acts and documents, as well as for the storage of certain acts in archives with selected access.

8. Information
This Privacy Policy is governed by European Regulation No. 679/2016 - General Data Protection Regulation.
The Company may amend or make updates, in whole or in part, to this Privacy Policy in accordance with applicable law.

For more information contact Lionhealth S.r.l., in Milan, Via Aurelio Saffi, 10, 20123 at privacy@lionhealth.tech

It is also suggested that people visit the website of the Data Protection Authority at http://www.garanteprivacy.it/.

9. Data Protection Officer
The European Data Protection Regulation establishes the figure of the Data Protection Officer, also known as "Data Protection Officer" or "DPO," who must be designated in the cases provided for in Articles 37 to 39 of the said Regulation. This figure must be identified on the basis of professional qualities and specialized knowledge of data protection legislation and practice. The Data Protection Officer has not been designated since Lionhealth S.r.l. does not fall under the cases provided for in the Regulations.

10. Complaint to the competent authority
Complaints may be made in relation to the processing to the competent authority: Garante sulla Protezione dei Dati personali, Piazza di Monte Citorio n. 121 00186 ROMA, Fax: (+39) 06.69677.3785, Switchboard: (+39)
06.696771, E-mail: garante@gpdp.it

This version of the privacy policy was updated on October 27, 2022