1. EU Regulation 2016/679 . (hereinafter GDPR) and Legislative Decree 101/2018 provides and strengthens the protection and processing of personal data in light of the principles of correctness, lawfulness, transparency, protection of privacy and the rights of the interested party regarding their own data.

2.  Dr. Gamba Camilla is data controller of the following personal data collected to allow the service in question to be carried out: 

a. Personal, contract and payment data – information regarding the name, telephone number, ordinary and certified e.mail addresses, as well as information relating to the payment of the fee for the service (eg. debit or credit card details), etc. 

Condition for processing: execution of contractual / pre-contractual obligations. Conferment is mandatory.

b. information related to the state of health: the specific data pertaining to physical or mental health (or any other data or information referred to in art. 9 and 10 GDPR and by art. 2-septies of Legislative Decree 101/2018) are collected directly, in relation to requests for the administration of assessments, examinations, diagnostic tests, rehabilitative interventions and any other type of professional service connected to the execution of the task assigned to the psychologist. 

The reflections / evaluations / professional interpretations translated into data by the psychologist constitute the set of professional data, treated according to all the principles of the GDPR and managed / due in priority according to what is foreseen by D.C.; 

3. The processing of all the aforementioned data is carried out on the basis of the free, specific and informed consent of the patient / client and in order to allow the psychologist to perform the service conferred by the patient / client. 

4. Personal data will be subjected to paper, electronic and/or automated processing, which may be conducted manually and/or electronically. 

5. Appropriate security measures will be used to ensure the protection, security, integrity and accessibility of personal data, within the constraints of current regulations regarding professional confidentiality. 

6. Personal data that is no longer necessary, or for which there is no longer a legal prerequisite for storage, will be irreversibly anonymized or destroyed in a secure manner . 

7. Personal data will be kept only for the time necessary to achieve the purposes for which they were collected, that is: 

a. personal, contact and payment details: will be kept for the time necessary to manage the contractual / accounting obligations, therefore for a period of 10 years ; 

b. health status data : will be kept for the time necessary to carry out the assignment and fulfill its obligations, and in any case for a minimum period of 5 years (art. 17 of the D.C.) and no longer than the required storage period for personal and payment details. 

8. Personal data may need to be made accessible to Health and / or Judicial Authorities based on specific legal duties. In all other cases, any communication may take place only with explicit consent, and in particular: 

a. personal, contact and payment details: these may be made accessible to any collaborators, as well as external suppliers that support the provision of the services; 

b. health data : as a rule, the data will be disclosed only to the subject, and only in the presence of  written consent to third parties (art. 12 D.C.). All suitable means will be adopted to prevent unauthorized knowledge by third parties, including those present at the time of the conferment. They may be shared, in the event of legal obligations, with organizations / services / workers of the Italian National Health Service or other public authorities; in the case of collaborations with other subjects equally bound by professional confidentiality (supervision, peer-supervision and / or team meetings), only  information that strictly necessary in relation to the type of collaboration (art.15 D.C.) will be shared with this assent. 

9. The list of potential data processors, and of the other subjects to whom the data is communicated, can be viewed upon request. 

10. Upon the persistence of certain conditions, in relation to the specificities connected with the execution of the task, the data subject may exercise the rights referred to in articles 15 to 22 of the GDPR and Legislative Decree 101/2018 (right to access to personal data, right to rectification, right to removal, right to limitation of processing, right to portability or the right to obtain a copy of personal data in a structured format for common use and readable by an automatic device - in principle, only data entered in the computer - and the right that they be transmitted to another data controller). In the present case it will be the responsibility of the professional to verify the legitimacy of the requests, providing feedback, as a rule, within 30 days. 

11. For any complaints or reports on the methods of data processing, it is good practice to contact Dr. Gamba, the Data Controller, directly. However it is possible to forward your complaints or reports to the authority responsible for data protection, using the relevant contact details: Guarantor for the protection of personal data - piazza di Montecitorio n.121 - 00186 ROMA - fax : (+39) 06.696773785 - telephone: (+39) 06.696771 - PEO: garante@gpdp.it - PEC: protocollo@pec.gpdp.it