LOGIN

Privacy Policy

Privacy Policy

made pursuant to Art. 13, CO. 1, EU REGULATION 679/2016 for the protection of personal data (GDPR).

I.A.C.E.R. S.r.l., in compliance with the provisions of Art. 13, co. 1, of the EU Regulation 679/2016 (hereinafter referred to as GDPR), informs the users of the portal MYGRS www.mygrs.it as “data subjects”, about the purposes of the collection and the methods of processing of personal data acquired through the portal.

A. Data Controller.

I.A.C.E.R. S.R.L.
at Via Enzo Ferrari n. 2,
30037 Scorzè (VE) – Italy
Owner’s email address: iacer@iacer.it

B. Data Protection Officer- Identity and contact information

Please note that the Data Controller has designated, pursuant to Article 37 of the Gdpr, a Data Protection Officer who can be contacted through the following email channel: m.sacheli@fiscleg.it

C. Types of Data Collected

The MYGRS Portal is a service of Iacer s.r.l., which has the dual purpose of providing information to all the people interested in learning about the Global Rehab Service (GRS), a new model of home rehabilitation, and to allow interested users to create a dedicated profile, associated with the rented device, offering the possibility to take advantage of different services.

For this reasons, the Portal, acquires, in the normal course of operation and for the performance of the above-mentioned activities, the following types of data:

  • identification and personal data;
  • contact data (e-mail address);
  • data that may have already been communicated to the Data Controller at the time of signing the rental contract and entered into the rental contract management system and managed by the Data Controller);

D. Purposes of the Data collected

User Data are therefore collected by the Data Controller for the following specific purposes:
  1. to enable navigation in the portal;
  2. eventual account registration and management – we process your Personal Data in order to allow you to register and manage your account information, including activities to retrieve your account credentials and send you information and other activities necessary for the conclusion and execution of the contract;
  3. use of features related to the account – we process personal data in order to allow you to use the features resulting from the registration of the rented device;
  4. support activities by filling out the contact form- we process personal data in order to answer questions and provide the requested support;
  5. marketing activities – allow commercial promotion and illustration of the products and services offered, with possible transmission of additional offers of services or products (subject to consent);
  6. targeted profiling: the data collected through the use of the portal reserved for the user, may also be used, subject to the granting of consent, to identify and define specific content to be proposed to the user, through an automated process;
  7. fulfillment of legal obligations – we process personal data in order to fulfill obligations arising from applicable law, regulations or EU legislation or to manage and respond to requests from the competent administrative or tax authorities as well as the judicial authority.

E. Legal basis of processing

The legal bases of the processing turn out to be those set forth in Art. 6, co. 1, GDPR
   – lett. b (“performance of a contract to which the data subject is party” or “performance of pre-contractual measures”);
   – lett. a (consent) with respect to marketing activities, processing of any special data released (pursuant to the combined provisions of Art. 9 par. 2- lett. a) GDPR) and profiling activities;
   – lett. f) the processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not prevail, in particular if the data subject is a minor.

The User may withhold consent and may revoke a consent already provided at any time.

However, denying consent may result in the inability to provide certain services and the browsing experience may be impaired.

We point out, in fact, that the consent required to perform profiling activities, is essential in order to ensure the user the full use of all features related to the portal. Only the granting of consent will, in fact, allow the transmission of personalized content.

F. Methods of processing the collected data

The personal data collected are processed in compliance with the principles of lawfulness, fairness, and transparency, as outlined in Article 5 of the GDPR. This processing may involve the use of IT and electronic tools designed to store and manage the data, and in any case, it is conducted in a manner that ensures data security and protects the utmost confidentiality of the data subject.

G. Categories of Authorized Parties for Data Processing and Data Disclosure

In addition to the Data Controller, the personal data of users may be accessed and processed, in compliance with current regulations, by other parties involved in the management of the MyGrs portal:
   – Technical office, IT, customer care, administrative, commercial, marketing, legal staff, and system administrators, or external parties appointed, in the latter case, as Data Processors by the Controller pursuant to Article 28 of the GDPR. An updated list of Data Processors is always available upon request to the Data Controller.
   – Public authorities or other public bodies for purposes of defense, state security, and crime investigation, or to the judicial authority in compliance with legal obligations, where criminal activities are suspected.

The data is processed at the operational offices of the Data Controller and any other locations where the parties involved in the processing are located.

Outside of these cases, personal data is not communicated or disclosed to third parties under any circumstances or for any reason. Additionally, personal data will not be transferred to non-EEA countries or international organizations, unless it is strictly related to specific requests made by the user, for which explicit consent will be obtained.

H. Data Retention Period

Depending on the various purposes for which data has been collected, personal data will be retained for the period required by the applicable regulations or for the time strictly necessary to achieve those purposes. Specifically:
  • Personal Data collected for purposes related to the execution of a contract between the Controller and the User will be retained until the completion of that contract, meaning as long as the account registered on the platform remains active.
  • When processing is based on the User’s consent, the Controller may retain Personal Data until such consent is withdrawn.
In such cases, the Controller may still be required to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
  • If the account is deleted, the data collected will be deleted within 15 days.
  • However, the Controller may still be required to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

I. Automated Decision-Making Processes

By consenting to the processing of personal data for the purposes outlined in point 6, the data collected may be subject to automated decision-making processes. These processes involve a specific algorithm that determines which communications are best suited to the user’s profile or might be of particular interest.

This processing may include, for example, sending highly tailored commercial communications or providing specific content based on the profile that emerges from the created account. None of the proposed content will be binding for the user.

The data subject always has the right to request human intervention in the decision-making process by the Controller, to express their opinion, to receive an explanation of the decision reached, and to contest the decision itself.

J. User Rights

As a data subject, you are informed that, regarding all personal data processed, you may exercise the rights provided by the GDPR, specifically:
  • Right to access the data collected and processed (Article 15);
  • Right to request data correction (Article 16);
  • Right to request data deletion and the right to be forgotten (Article 17);
  • Right to request restriction of processing (Article 18);
  • Right to data portability to another controller (Article 20);
  • Right to object to processing (Article 21);
  • Right to withdraw consent (where processing is based on consent), without affecting the lawfulness of processing based on consent before its withdrawal (Article 7);
  • Right to lodge a complaint with the Supervisory Authority (Article 77);
  • Right to seek judicial remedy against the Supervisory Authority (Article 78) and against the Controller or Processor (Article 79).

K. Right to Lodge a Complaint

If data subjects believe that their personal data has been processed in violation of the Regulation through this site, they have the right to file a complaint with the Supervisory Authority (the “Garante”), as provided in Article 77 of the Regulation, or to pursue appropriate legal action (Article 79 of the Regulation).

L. How to Exercise Rights

To exercise their rights, Users may send a request to the contact details of the Controller or the Data Protection Officer (DPO) indicated in this document. Requests are submitted free of charge and will be handled by the Controller as quickly as possible, and in any case within one month.

M. Changes to This Privacy Policy

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users through one of the contact methods in its possession.

If the changes affect processing for which consent is the legal basis, the Controller will obtain the User’s consent again.

Last update: 8 November 2024

  • Customer Care: info@mygrs.it
  • Via Enzo Ferrari, 2 30037 Scorzè (VE)
  • Customer Care: +39 0418877361