Information ex Art. 13 of Italian Legislative Decree 196/2003 on the processing of personal and sensitive data

Pursuant to and by effect of Art. 13 of Legislative Decree no. 196 of 30/06/2003 "Personal Data Protection Code" and in compliance with the "Guidelines governing on-line medical reports" adopted by the Italian Personal Data Protection Authority for the Protection of Personal Data with the provision of 19 November 2009, we would like to inform you that your health-related common and sensitive personal data (in particular, data contained in the photos and medical reports that you have submitted) will be processed based on principles of correctness, lawfulness and transparency and protection of your privacy and rights.

You are hereby informed as follows:

1. Nature and purpose of the data processing
Your common personal and sensitive data necessary to initiate the consultation process comprise your personal data (first name, surname, date of birth, etc.), your telephone contact details, your email address, photos of the affected parts of your body submitted by you and/or medical records containing additional health-related sensitive personal data.

2. Optional supply of data and consequences of refusal
The provision of your personal data is not compulsory but it is necessary in order to perform the service. Any refusal to provide these data precludes the undertaking of the aforementioned service.

3. Method of data processing With regards to online data storage, data is processed both on paper and electronically, with the aid of electronic instruments that ensure safety and privacy, pursuant to the provisions of Italian Legislative Decree 196/2003 and the aforementioned provision of the Italian Personal Data Protection Authority, carried out exclusively by persons who have been appointed for this task.

4. Communication and dissemination of data
Your personal data, as provided for the online consultation service, will not be disseminated in any way, in accordance with current legislation. Personal data will be processed in accordance with procedures that ensure safety and privacy. In particular, data submitted shall be stored on the Veincareteam and AppwoRx, LLC secure servers, archived through Secure Socket Layer (256-bit SSL) encryption and transmitted with SSH Key Authentication. Processed data shall not be disseminated to third parties and may only be communicated to our employees and collaborators, who are bound by the same privacy guarantee.

5. Data controller
The data controller and data processor is Dr. Jean Daniel Rostan, Via Ravadera, Torre Pellice, Italy - email jerostan (at)

6. Rights of interested parties
The subjects to whom the data refer may exercise the rights provided for in Art.7 of the Privacy Code at any time, by contacting the data processor. In particular:

6.1 - The interested party has the right to obtain confirmation of the existence or non-existence of personal data of which that individual is the subject, even if not yet recorded, and communication of such data in an intelligible form.

6.2 - The interested party has the right to know:
a) the origin of the personal data;
b) the processing purposes and methods;
c) the logic applied in the case of processing carried out with the aid of electronic instruments;
d) data identifying the controller, processors and designated representative pursuant to Article 5;
e) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of them in their capacity as designated representatives in the territory of the State, or as processors or appointed persons.

6.3 - The interested party has the right to obtain:
a) updates, corrections or, if in his/her interest, supplements to the data;
b) deletion, transformation into an anonymous form or blocking of the data processed in violation of the law, including data which do not need to be stored in relation to the purposes for which the data were collected or subsequently processed;
c) a statement that those to whom the data have been communicated or disseminated have been made aware of the operations as per parts a) and b), including as regards their content, except when this obligation is found to be impossible or entails the use of means manifestly disproportionate to the right protected.

6.4 - The interested party has the right to oppose, wholly or in part:
a) for legitimate reasons, the processing of personal data of which the individual is the data subject, even if pertinent to the purpose for which they were collected;
b) the processing of personal data of which the individual is the data subject for the purposes of posting of advertising material or direct marketing or for the purposes of market research or commercial communication.