POLICY ON THE PROCESSING OF PATIENTS’ PERSONAL DATA
Through the App
“eSteps Life Companion”
(art. 13 Reg. UE 679/2016 – GDPR)
Brief disclosure
Who processes my data?
The Data Controllers are:
eSteps Srl
Registered office: Via Nuova Circonvallazione 57/B, Rimini (RN)
E-mail address : info@estepshealth.com
eSteps Inc.
Registered office:: New York
E-mail address: info@estepshealth.com
eSteps Inc. has been appointed as its Representative in the EU pursuant to Article 27 of the GDPR. eSteps SRL with registered office in: Italy and E-mail address: info@estepshealth.com
eSteps Carthage Systems
Registered office: Tunis, tunisia
E-mail address: info@estepshealth.com
eSteps Carthage Systems. has appointed as its Representative in the EU pursuant to Article 27 of the GDPR eSteps SRL with registered office in: Italy and E-mail address: info@estepshealth.com
The essential content of the agreement is made available to interested parties on the website lead.estepshealth.com on page https://www.estepshealth.com/privacy.
- FOR WHAT PURPOSES ARE MY DATA PROCESSED AND WHY IS THE PROCESSING LEGITIMATE?
| PURPOSE | LEGAL BASIS | CONTRIBUTION OBLIGATION |
| Management of the contractual relationship related to the use of the App. | The processing of your personal and contact data is legitimate because it is necessary for the execution of the contract concluded between you and the co-owners. The processing of your health-related data is based on the eventual manifestation of your explicit consent (expressed in the form below), which you can always revoke by writing an email to the address privacy@estepshealth.com | You are free not to provide your data, but in that case it will not be possible for the co-owners to provide you with the opportunity to use |
| Sending promotional communications via email newsletter | The processing is based on the eventual manifestation of your explicit consent, which you can always revoke by writing an email to the address privacy@estepshealth.com | For this purpose you are free not to provide your data without any negative consequences for you. |
| Inclusion within a community of people with the same disease to share their experiences | The processing is based on the eventual manifestation of your explicit consent, which you can always revoke by writing an email to the address privacy@estepshealth.com | For this purpose you are free not to provide your data without any negative consequences for you. |
- TO WHOM ARE MY DATA DISCLOSED?
Your data are communicated to:
- Professionals and/or professional firms that provide the Contractors with assistance/advice in accounting, administrative, legal, tax, and fiscal matters;
- Marketing and communication service providers (CRM, newsletter service providers)
- Cloud service provider;
- Multi-cloud application data platform.
You may request the full list of recipients of your personal data by writing to the e-mail address privacy@estepshealth.com.
In any case, your personal data will not be disseminated.
- IS MY DATA TRANSFERRED OUT OF THE EUROPEAN UNION?
Your data is transferred outside the European Union. The transfer of your data in some cases takes place to countries for which the European Commission has issued an adequacy decision, in others it is based on the adoption of Standard Contractual Clauses (SCC). However, since the transfer of data also takes place to the U.S., we inform you that in some of these cases the transfer may involve possible risks for the protection of your data, due to the insufficiency of the SCCs to represent a suitable basis of legitimacy for the data transfer.
HOW LONG IS MY DATA KEPT FOR?
The Contractors will retain your personal data for a period of time no longer than is necessary to achieve the purposes for which it is being processed. Specifically:
- for contractual relationship management purposes, your data will be kept for 10 years after the end of the contractual relationship on the basis of the civil law criterion of keeping relevant documents for accounting, tax and anti-money laundering purposes in accordance with the relevant regulations;
- for sending promotional communications via email newsletter your data will be kept for 7 years;
- for inclusion within the community your data will be kept as long as you wish to be a part of it, that is, until you withdraw your consent.
At the end of this period, unless required by law, the Co-owners will irreversibly erase the data – by methods of destruction or secure deletion – or store them in an anonymous form that does not allow, even indirectly, your identification.
- WILL I BE SUBJECTED TO PROFILING?
Under no circumstances will your data be used to obtain information regarding your preferences or behavior, nor will you be subjected to any decision based solely on automated processing of your personal data.
- WHAT ARE MY RIGHTS?
You have the following rights:
• Right of access to data: The right to obtain from the Data Controllers confirmation as to whether or not personal data concerning you is being processed, and if so, to obtain access to your personal data – and a copy thereof – and to receive information regarding the processing;
• Right to rectification of data: Right to obtain from the Data Controllers the rectification of inaccurate personal data concerning you without undue delay and the supplementation of incomplete personal data, including by providing a supplementary statement.
• Right to data deletion: Right to obtain from the Data Controllers the deletion of personal data concerning you without undue delay if any of the following reasons exist:
- personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject objects to the processing and there is no overriding legitimate reason for processing;
- i personal data have been unlawfully processed;
- personal data must be deleted in order to fulfill a legal obligation to which the Joint Holders are subject;
- personal data were collected in relation to the provision of information society services.
• Right to limit processing: Right to obtain from the Data Controllers the restriction of processing when one of the following cases occurs:
- You challenge the accuracy of the personal data, for the period necessary for the Owners to verify the accuracy of such personal data;
- processing is unlawful and you object to the deletion of personal data and instead request that their use be restricted;
- although the Data Controllers no longer need it for processing purposes, the personal data is necessary for you to establish, exercise or defend a right in court;
- You objected to the processing pending verification as to whether the legitimate motives of the Data Controllers outweighed yours.
• Right to data portability: The right to receive in a structured, commonly used and machine-readable format personal data concerning you provided to the Data Controllers and to transmit such data to another data controller where the processing is based on consent or contract and is carried out by automated means.
• Right not to be subjected to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or significantly affects you in a similar way.
You may exercise your rights by sending a request to the e-mail address privacy@estepshealth.com. You will receive a response as soon as possible and, in any case, no later than 30 days after your request.
Withdrawal of consent
You always have the right to revoke your consent to the processing of your data in writing at any time by writing to privacy@estepshealth.com. The processing of your data carried out before revocation remains lawful.
- HOW CAN I FILE A COMPLAINT?
Should you wish to file a complaint regarding the manner in which your personal data are processed by the Data Controllers or regarding the handling of a complaint you have filed, you have the right to file a complaint directly with the Supervisory Authority in the manner set forth at www.garanteprivacy.it
CONSENT FORM
Read and understood the attached personal data processing notice in accordance with EU Regulation 679/2016,
☐ authorize ☐ not authorized
the Contractors to process your data for sending promotional communications via email newsletter
☐ authorize ☐ not authorized
the Co-owners to process your data for inclusion within a community of people with the same condition for sharing their experiences
COOKIE POLICY OF THE SITE lead.estepshealth.com
(art. 13 Reg. UE 679/2016)
Who processes my data?
The data controller is eSteps Inc,
Registered office: New York
eSteps Inc. has been appointed as its Representative in the EU pursuant to Article 27 of the GDPR. eSteps SRL with registered office in: Italy and E-mail address: info@estepshealth.com
Email address: info@estepshealth.com
| What are cookies? | |
| Cookies are small text files that are installed by a website in the temporary memory of the browser you use (and therefore in the device from which you connect to the website, such as PC, tablet, smartphone, etc.). Cookies make it possible to temporarily record some information about your preferences, but at the same time allow you a simplified navigation and easier use and effectiveness of the website you are visiting. Depending on their origin, cookies can be: First-party, that is, sent directly from our site; Second-party, from other sites and sent through our site. Depending on their purpose, cookies can be: technicians: navigation or session are used to perform navigation or to provide a service requested by the user and are not used for any further purposes; of functionality: these are useful to facilitate the user’s effective use of the site by personalizing the browsing experience. They are used, for example, to keep track of the language chosen. analytics: these are used to collect information about the behavior of users of the site, such as the number of visits, the most visited pages, and the channels from which visitors come. We use them to collect this data in an anonymous and aggregate form; profiling: these are used to track the user’s browsing on the web and create profiles on his/her preferences, habits and choices. Through the information contained in these cookies, for example, advertising messages can be transmitted to the user’s device in line with the preferences that the user has already expressed during online browsing. | |
TYPE OF COOKIES INSTALLED BY THE SITE AND RETENTION TIMES
The lead.estepshealth.com website installs technical, analytical and profiling cookies in your device.
Technical cookies
This website uses necessary Technical Cookies that help make the website usable by enabling basic functionality such as page navigation and access to protected areas of the website. The website is unable to function properly without these cookies.
Why is the installation of these cookies in my device lawful?
For the release of these cookies, current legislation does not require your prior consent.
The installation of these cookies is lawful on the basis of the legitimate interest of the Owner represented by the performance of its business activities including through the smooth enjoyment of its website by users.
The technical cookies installed by the site are as follows:
| Name | Purpose | Supplier | Data Transfer | Deadline |
| __hssc | Identifies whether cookie data should be updated in the visitor’s browser. | estepshealth.com | United States (not adequate) | 1 day |
| __hssrc | Used to recognize the user’s browser when returning to the Web site. | estepshealth.com | United States (not adequate) | Session |
| __cf_bm | This cookie is used to distinguish between humans and robots. This is useful for the website in order to make valid reports about the use of the website | hubspot.com | United States (not adequate) | 1 day |
| embed/v3/counters.gif | This cookie is used to implement forms on the site. | forms-eu1.hsforms.com | United States (not adequate | Session |
| rc::a | This cookie is used to distinguish between humans and robots. This is useful for the website in order to make valid reports on website usage. | google.com | United States (not adequate | Persistent |
| rc::c | This cookie is used to distinguish between humans and robots. | google.com | United States (not adequate | Session |
| _iub_cs-70817595 | Functional; stores cookie consent preferences. | estepshealth.com | UK | 1 year |
| CookieConsent | Stores the user’s cookie consent status for the current domain. | estepshealth.com | Ireland | 1 year |
Third-party analytical and statistical cookies (Google Analytics)
Statistical cookies help website owners understand how visitors interact with sites by collecting and transmitting information anonymously.
Why is the installation of these cookies in my device lawful?
Since these are non-anonymized cookies, the installation of these cookies is lawful based on any consent you may have given by checking the appropriate box in the site banner.
You can always revoke any consent you may have given by disabling cookies (v. sez. 6 “How can you manage cookies?”).
The analytical cookies installed by the site are as follows:
| Name | Purpose | Supplier | Data Transfer | Deadline |
| __hstc | Sets a unique session ID. This allows the Web site to obtain data on visitor behavior for statistical purposes. | estepshealth.com | United States (not adequate) | 179 days |
| _ga | Records a unique ID used to generate statistical data on how the visitor uses the website. | estepshealth.com | United States (not adequate) | 2 years |
| _ga_NQK40BD9Q8 | Used by Google Analytics to collect data on the number of times a user has visited the website as well as the dates of the first and most recent visit. | estepshealth.com | United States | 2 years |
| _ga_# | Used by Google Analytics to collect data on the number of times a user has visited the website, as well as data for the first visit and the most recent visit. | estepshealth.com | United States (not adequate) | 1 day |
| _gat | Used by Google Analytics to limit the frequency of requests. | estepshealth.com | United States (not adequate) | 1 day |
| _gid | Records a unique ID used to generate statistical data on how the visitor uses the website. | estepshealth.com | United States (not adequate) | 1 day |
| hubspotutk | Sets a unique session ID. This allows the Web site to obtain data on visitor behavior for statistical purposes. | estepshealth.com | United States (not adequate) | 179 days |
Profiling cookies
Marketing cookies are used to track visitors on websites. The purpose is to present advertisements that are relevant and engaging to the individual user and therefore of greater value to third-party publishers and advertisers.
Why is the installation of these cookies in my device lawful?
The installation of these cookies is lawful based on any consent you may have given by checking the appropriate box in the site banner.
You can always revoke any consent you may have given by disabling cookies (v. sez. 6 “How can you manage cookies?”).
| Name | Purpose | Supplier | Data Transfer | Deadline |
| __ptq.gif | Unclassified | hubspot.com | United States (not adequate) | Session |
| collect | Used to send data to Google Analytics about the visitor’s device and behavior. Keeps track of the visitor across devices and marketing channels. | google-analytics.com | United States (not adequate) | Session |
| ml_guid | It records user behavior and website navigation, and any interaction with active campaigns. It is used to optimize advertising and for efficient retargeting. | static.mailerlite.com | United States (not adequate) | Permanent |
Unclassified cookies
Unclassified cookies are the cookies that are being classified, along with individual cookie providers.
| Name | Purpose | Supplier | Data Transfer | Deadline |
| mailerlite:webform:shown:5140217 | Not classified | estepshealth.com | United States (not adequate) | Permanent |
webforms/o/5121101/c9a5a9 | Not classified | track.mailerlite.com | United States (not adequate) | Session |
| webforms/o/5121449/m6r9y5 | Not classified | track.mailerlite.com | United States (not adequate) | Session |
| webforms/o/5140217/n9h7f7 | Not classified | track.mailerlite.com | United States (not adequate) | Session |
| How to prevent the installation of cookies? | |
| You can prevent the installation of cookies, which normally occurs automatically with most browsers, by disabling in the functions of your browser, the enablement to receive cookies. The exact procedure is indicated at the link corresponding to the browser you use: IOS SAFARI: https://support.apple.com/it-it/guide/safari/sfri11471/mac MOZILLA FIREFOX: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie GOOGLE CHROME: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=it MICROSOFT INTERNET EXPLORER: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies | |
| To whom is my data collected by cookies transmitted? | |
| The lead.estepshealth.com website uses cookies from the following third parties: Hubspot Inc. Google Inc. MailerLite Hubspot disclosure: https://legal.hubspot.com/privacy-policy Google Analytics Disclosure: https://support.google.com/analytics/answer/9019185?hl=it#zippy=%2Ccontenuti-di-questo-articolo MailerLite disclosure: https://www.mailerlite.com/legal/cookie-policy Your data is also forwarded to a communication agency. | |
| Will my data collected by cookies be transferred abroad? | |
| Your data is transferred outside the European Union. The transfer of Your data by transmission to third parties (with reference to third-party cookies) is subject to safeguards based on the adoption of Standard Contractual Clauses (SCC). In any case, we inform you that the transfer of your data outside the European Union may entail possible risks for the protection of your data due to the lack of an adequacy decision and additional safeguards. | |
How can cookies be managed?v | |
| To check what cookies are being installed on your device, and possibly change your choices, you can click on the link lead.estepshealth.com/cookies-and-privacy or change the privacy settings found within the control panel of your web browser and/or visit this site https://cookiepedia.co.uk/. You can find more basic information about your browser’s privacy configuration by clicking this link http://optout.aboutads.info/?c=2#!/. If you disable services that install cookies, we inform you that you may not be able to fully use the Platform. | |
| What are my rights? | |
| With respect to Your personal data processed through the installation of cookies, You have the right to obtain access and, in certain cases, rectification, erasure, as well as restriction of processing and opposition to processing. You may exercise Your rights by clicking on the linkhttps://estepshealth.com/privacy or by sending a request to the Controller’s e-mail address info@estepshealth.com . The Holder will respond as soon as possible and, in any case, no later than 30 days after Your request. | |
| How can I submit a complaint? | |
| Should you wish to file a complaint regarding the manner in which your personal data is processed by the Controller or regarding the handling of a complaint that you have filed, you have the right to file a complaint directly with the Supervisory Authority in the manner specified at www.garanteprivacy.it. | |
