PRIVACY POLICY FOR WEBSITE VISITORS

PRIVACY POLICY FOR WEBSITE VISITORS

Information on the processing of personal data of visitors accessing the GMS MED S.R.L. website

pursuant to Article 13 of Regulation (EU) 2016/679

WHY THIS INFORMATION IS PROVIDED

Pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR”), this page describes how personal data of visitors/users who browse the websites of GMS MED S.R.L. are processed.
The website is accessible electronically at the following address: www.medicalgms.com.

This information does not apply to other websites, pages or online services that may be accessed via hyperlinks published on the website www.medicalgms.com, but refers exclusively to resources within the domain of the Company.

As a result of browsing the above-mentioned website, data relating to identified or identifiable natural persons may be processed.

DATA CONTROLLER

The Data Controller is GMS MED S.R.L., with registered office in Boffalora d’Adda (LO), Via delle Fontane no. 3, Italy.

DATA PROTECTION OFFICER (DPO)

The Data Protection Officer (DPO) can be contacted at the following address:
Avv. Antonio Roberto Lo Buglio
E-mail: dpo@medicalgms.com

LEGAL BASIS FOR PROCESSING

Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, numerical codes indicating the status of the response provided by the server (such as “successful” or “error”), as well as other parameters related to the user’s operating system and IT environment.

Such data, necessary for the use of web services, are also processed for the purpose of:

  • obtaining statistical information on the use of services (e.g. most visited pages, number of visitors by time slot or day, geographical areas of origin);

  • monitoring the correct functioning of the services offered.

Browsing data are not retained for more than seven days, except where required for the investigation of criminal offences by judicial authorities.

Data provided by the user

The optional, explicit and voluntary sending of messages to the Company’s contact addresses, private messages sent by users to institutional social media profiles/pages (where this option is available), as well as the completion and submission of forms on the Company’s websites, result in the acquisition of the sender’s contact details, necessary to respond, as well as any personal data included in the communications.

Cookies and other tracking systems

No profiling cookies are used, nor are other user tracking methods employed.

Session cookies (non-persistent) are used strictly to the extent necessary to ensure safe and efficient website navigation.
The storage of session cookies on users’ devices or browsers is under the control of the user. On servers, information relating to cookies may be recorded in service logs at the end of HTTP sessions, with retention periods not exceeding seven days, in line with other browsing data.

RECIPIENTS OF THE DATA

The recipients of data collected following consultation of the above-mentioned websites include the following entities designated by the Company, pursuant to Article 28 of the GDPR, as Data Processors:

  • Aruba S.p.A., as provider of web platform development and maintenance services;

  • Aruba S.p.A., with reference to the website www.medicalgms.eu, as provider of development, delivery and operational management services for the technological platforms used.

Personal data are also processed by authorized Company personnel, acting on the basis of specific instructions regarding the purposes and methods of processing.

TRANSFER OF DATA TO THIRD COUNTRIES

The Data Controller uses servers located in Italy for the services offered through the website.
Personal data are not transferred to countries outside the European Economic Area.

PLACE OF DATA PROCESSING

Data processing takes place on servers located in Italy.
No data are transferred outside the European Economic Area.

DATA RETENTION PERIOD

Data are retained for a period not exceeding what is necessary to achieve the purposes for which they were collected, in accordance with the principle of storage limitation set out in Article 5 of the GDPR, or in compliance with specific legal obligations.

OPTIONAL NATURE OF DATA PROVISION

Except for browsing data, which are collected automatically, visitors are free to provide or not provide their personal data.
Failure to provide such data may result in the inability to be contacted or to receive the requested information.

RIGHTS OF DATA SUBJECTS

Data subjects have the right to obtain from GMS MED S.R.L., in the cases provided for by law, access to their personal data, rectification or erasure thereof, restriction of processing, or to object to processing (Articles 15 et seq. of the GDPR), by sending a specific request to:
📧 dpo@medicalgms.com

RIGHT TO LODGE A COMPLAINT

Data subjects who believe that the processing of their personal data through this website violates the provisions of the GDPR have the right to lodge a complaint with the competent Supervisory Authority, pursuant to Article 77 of the Regulation, or to take legal action before the competent courts, pursuant to Article 79.

PROFILING

No automated decision-making or profiling processes are carried out on aggregated data, except those aimed solely at improving website management.

Boffalora d'Aadda (LO) 26811- Via delle Fontane N°3

info@medicalgms.com

+39 0371-59111

© 2026 GMS MED SRL. Privacy Policy.