Disclosure on the processing of personal data in conformity to Articles 13 and 14 of the EU Regulation 2016/679

We inform you that pursuant to Articles 13 and 14 of the EU Regulation 2016/679 “relative to the protection of natural persons with regard to data processing as well as to free circulation of such data (the “Regulation” follows), processing of data provided by you, or acquired within the scope of our activity, will be based upon principles of correctness, lawfulness and transparency and the safeguarding of your privacy and your rights.

  1. Controllers of data processing

GISE (Società Italiana di Cardiologia Interventistica) headquartered in Milan, Via del Conservatorio, 22, herein after “GISE”, and OIC S.r.l, headquartered in Florence, Viale Giacomo Matteotti 7, and in the person of the pro-tempore legal representatives, domiciled at the company headquarters, are joint Controllers, pursuant to art. 26 of the GDPR, for processing of your personal data, inform you, herebelow, regarding the method, purpose and scope of communication and dissemination of your personal data and your rights, in conformity to EU Regulation 2016/679 and to the applicable norms regarding protection of personal data.

The Controllers have appointed VITS Virtual Training Support Srl, headquarter in Florence, Via A. Cesalpino 5/B as Processor of the Personal Data, pursuant to art. 28 of the GDPR.

The Controllers and the Processor can be contacted at the above addresses or by sending an e-mail to privacy@oic.it

  1. Type of data, Purposes and methods of processing

Your data will be processed by the joint Controllers only for the following purposes:

  1. a) fulfillment of all contractual commitments as they pertain to registration or whatever else concerns your participation, achieved through the processing, operating and management activities required to implement the contract
  2. b) to meet the requirements specified by norms of laws, regulations, national and community laws, civil law and tax legislation pertaining to the activity of the Controller and to existing agreements
  3. c) following specific consent the data may be processed by the Controllers for mailing of information material relating to the activities or requested services and/or other technical and commercial information of a promotional nature regarding activities or services that may be of interest

We wish to specify that:

  • The legal basis of data processing as specified under letters a) and b) regarding the purposes of processing is reflected in the specific and voluntary activity of applying the contractual relationship established between the parties and by the fulfillment of the legal obligations connected to it.

Processing of data supplied by you is necessary to present the application or to implement the stated contractual relationship of which you are a part.

Lack of consent for data processing will make it impossible to proceed to the correct establishment and/or continuation and fulfillment of contractual commitments and relative legal obligations. The data will be deleted if it is no longer necessary to fulfil contractual or legal obligations.

  • The legal basis of data processing as specified under letter c) is represented by your express consent to such processing. Lack of consent for processing entails non usability of your data for the purposes specified under letter C) but does not impede provision of the service and therefore is an optional conferment.

The data will be kept in the headquarters of the joint Controllers for 24 months as specified in the provisions issued on 02/24/2005 by the Authority for the protection of privacy.

All data will be treated correctly and transparently, both manually and with electronic and informatic tools; they will be inserted in specific paper and/or electronic archives or in any other form of adequate support, and will be constantly monitored through adequate operating procedures and safeguard measures, as established under Art. 32 of the Regulation, for the purpose of guaranteeing the security and confidentiality of personal data in order to prevent loss of such data, unlawful or improper use or unauthorized access.

Data will not be disseminated but can, besides being processed by individuals authorized by the joint Controllers, be communicated only for the above indicated purposes, to:

  • subjects appointed by the joint Controllers who will process the data as external Processors in charge of processing as assigned by GISE and by OIC S.r.l., and who require access to the data in order to perform those specific tasks of collaboration on behalf of them and which are necessary or functional in carrying out our activity (companies providing computer services, outsourcer administrators, fiscal, legal and financial consultants, other professionals);
  • subjects who will process the data as autonomous Controllers for the purposes described in this Disclosure and limited to what is required in order to meet contractual commitments and relative legal obligations.
  • subjects who need to access data in order to perform necessary or complementary services as required by the relationship
  • public and private subjects who can access data by virtue of the provisions of the laws, regulations and community regulations within the specified limits of such norms.

An updated list of the Processors and persons authorized to process data can be consulted at the headquarters of the joint Controllers of processing.

  1. Rights

You can access the information that concerns you at any time and request updates, changes and integration as well as deletion, transformation into anonymous form or block data.

You can also oppose all or partial processing; if opposed it will not be possible to provide the service.

In order to exercise these and other rights as specified under articles 15-22 of the GDPR you can write to the Controllers at the above addresses or send an email to privacy@oic.it


You have the right to oppose processing of your data and to present a complaint to the Authority for the protection of personal data according to Art. 77 of the EU Regulation 2016/679.

  1. Changes and updates

In the course of time this disclosure could undergo changes – also resulting for the entry in force of new norms for this sector, updates and the provision of new services as a result of technological innovations – and therefore we ask you to periodically consult this page.