Privacy Policy

Privacy Policy

Data Controllers

The HippocrateOrg Association with registered office at Via dei Canova, 15 - 6900 Lugano CH, CF 95100290121 and Hippocrate ETS Foundation, with registered office at Sottopassaggio Mario Saggin, 2 - Padua (PD), CF 92324160289

Types of Data Collected

Among the personal data collected by this website are cookies and common or contact data of those who browse the sites:

No sensitive data are collected, unless anonymized and for the purposes described in theinformation given to users.

Common data may be freely provided by the user or automatically collected while browsing this website. Unless otherwise specified, all data requested by this website are mandatory and if the user refuses to communicate them, it may be impossible to provide a proper browsing service. In cases where certain data is indicated as optional, users are free to refrain from communicating such data, without this having any consequence on the availability of the service or its operation.

In any case, at the time of data collection for the purpose of subscribing to the newsletter, an event, volunteer or sponsor application, the user is subjected to relative information ex art. 13 GDPR and is asked to flag the acknowledgement of the document as well as consents for direct and third-party marketing and profiling activities.

The user assumes responsibility for the personal data of third parties obtained, published or shared through this website and guarantees that he/she has the right to communicate or disseminate them, releasing the co-owners from any liability to third parties.

Third parties to whom data may be disclosed

Any communication to third parties of the above-mentioned data takes place in accordance with the relevant notice issued to the data subjects and are optional. Third party recipients of such communication operate as autonomous data controllers or subject to the appropriate act of appointment, as external data controllers of the company pursuant to Article 28 RegUE 679/2016. It is understood that the communication of data to third parties is made in order to and within the limits of what is necessary to implement and follow up on the relationships between the joint data controllers and the data subjects.

The updated list of controllers can always be requested from the joint controllers.

Methods of data processing

The co-owners take appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data. Processing is carried out by means of computer and/or telematic tools, with organizational methods and logics strictly related to the stated purposes. In particular, standard processing methods include the collection of data through contact forms, comments, cookies, web analytics and integrations with third parties for additional functionality. Processing may also include storage of data in secure databases, use of security plugins, and constant updating of the site and its components to ensure protection against known vulnerabilities. These activities are handled by the appointed appointees of the co-owners.

Place of data processing

The data are processed at the co-owners' operating offices and at any other place where the parties involved in the processing are located. For further information, please contact the co-owners at the addresses in item #1 of thedisclosure.

The user's personal data may be transferred to a country other than the country where the user is also located outside the European Union. To obtain more information about the location of the processing, the user can refer to the section on personal data processing details.

You have the right to obtain information about the legal basis for the transfer of data outside the European Union or to an international organization under public international law or consisting of two or more countries, such as the UN, as well as about the security measures taken by the joint owners to protect the data.

If any of the transfers just described take place, you may refer to the respective sections of this document or request information from the joint owners by contacting them at the contact details given at the beginning.

Risk analysis

The main risks inherent in the data processed on the site include:

  • Accidental data destruction.
  • Improper access or dissemination of information.
  • System and database malfunction.

Site protection procedures

To ensure the availability, integrity and confidentiality of information, specific security measures have been taken, including:

  • Regular updates to the content management system, themes, and add-ons.
  • Use of security tools to monitor and prevent vulnerabilities.
  • Protection against unauthorized access attempts.
  • Encryption of sensitive data.
  • Access to the management panel limited to authorized users.
  • Strict controls on access to the site management panel.
  • Secure credential management with complex passwords and multi-factor authentication.
  • Incremental backups to safeguard data.
  • Implementation of anti-intrusion systems, such as firewall and malware protection.
  • Constant monitoring of site security.

Data processors

All appointees are provided with written instructions to operate, within the scope of their assigned processing, with the utmost diligence and care and in compliance with the security measures prepared by the co-owners of the data.

External data processors

External data controllers manage the data on behalf of the co-processors on the basis of a special contract of appointment in which the entrusted tasks and responsibilities are specifically identified as stipulated in Article 28 of RegUE.

Managers shall comply with the instructions given by the co-owners who, including through periodic audits, shall supervise the timely compliance with the processing provisions of the RegUE, including the security profile.

Back to top