Privacy Policy of the website www.studiogronda.it
Last updated: February 26, 2026
This notice is provided in accordance with Regulation (EU) 2016/679 (“GDPR”) to all users who visit and use the website www.studiogronda.it.
1. Data Controller
The Data Controller is:
Elena Gronda
Piazza del Popolo 4
44028 Poggio Renatico (FE), Italy
VAT No.: 01721580387
Email: info@studiogronda.it
Phone: +39 0532 829933
2. Scope of this Notice
This privacy notice applies exclusively to the processing of personal data carried out through the website www.studiogronda.it, including data collected via browsing, contact forms, information requests, and appointment bookings.
This notice does not replace any separate privacy notice provided to patients in connection with the healthcare, clinical, diagnostic, therapeutic, administrative, and accounting activities carried out by the practice.
3. Types of Data Processed
The Data Controller may process the following categories of personal data:
a) Navigation Data
During navigation of the website, the computer systems and software procedures used to operate the site acquire certain personal data whose transmission is implicit in the use of Internet protocols. This includes, for example:
IP address or domain name of the device used;
information relating to the browser and device;
date and time of the request;
pages visited;
any technical and security logs.
b) Data Voluntarily Provided by the User
When the user fills out forms on the website, sends an email, or contacts the practice using the published contact details, the Data Controller may process:
first and last name;
telephone number;
email address;
content of the request or message;
any other data voluntarily entered by the user.
c) Special Categories of Data (Sensitive Data)
Users are kindly requested not to include health-related data or other special categories of personal data in the website forms, unless strictly necessary to submit a callback or booking request.
If such data are voluntarily provided by the data subject, they will be processed only to the extent strictly necessary to handle the received request and, where applicable, in accordance with the separate privacy notice provided within the patient/practice relationship.
d) Cookies and Technical Tools
The website may use technical cookies and, where applicable, additional tracking tools. For further details, please refer to the dedicated Cookie Policy and the preference management panel, if active.
4. Purposes of Processing and Legal Bases
Personal data are processed for the following purposes:
a) To Enable Browsing and Proper Functioning of the Website
Navigation data are processed to allow technical use of the website, ensure its security, prevent malfunctions, and counteract any abuse.
Legal basis: legitimate interest of the Data Controller in ensuring the functioning and security of the website.
b) To Respond to Contact, Information, or Booking Requests
Data provided via forms, emails, or phone contacts are processed to respond to user requests, re-contact the user, provide information, and manage any appointment requests.
Legal basis: performance of pre-contractual measures taken at the request of the data subject.
c) To Comply with Legal Obligations
Data may be processed to comply with obligations imposed by laws, regulations, or requests from competent authorities.
Legal basis: compliance with legal obligations to which the Data Controller is subject.
d) To Protect the Rights of the Data Controller
Data may be processed to establish, exercise, or defend the Data Controller’s rights in judicial or extrajudicial proceedings.
Legal basis: legitimate interest of the Data Controller.
e) To Manage Cookie and Tracking Tool Preferences
Where applicable, data may be processed to record the choices made by the user regarding cookies.
Legal basis: compliance with regulatory obligations and, where required, the data subject’s consent.
5. Nature of Data Provision
The provision of navigation data is necessary for the technical use of the website.
The provision of data requested in contact or booking forms is optional; however, failure to provide data marked as mandatory may prevent the Data Controller from responding to the request or re-contacting the user.
6. Methods of Processing
Processing is carried out using paper-based and/or electronic tools, following logic strictly related to the aforementioned purposes, and adopting appropriate technical and organizational measures to ensure the security, confidentiality, and integrity of the data.
7. Recipients of Data
Personal data may be processed by:
expressly authorized internal staff;
collaborators and professionals supporting the Data Controller in organizing activities;
providers of technical and IT services, hosting, website maintenance, security management, consent management, and services closely related to the functioning of the website;
entities to whom disclosure is required by law or by order of the Authority.
Depending on the case, these entities process data either as independent data controllers or as data processors appointed pursuant to Article 28 of the GDPR.
8. Transfer of Data to Countries Outside the EEA
Where possible, the Data Controller prefers suppliers located within the European Economic Area (EEA).
If, for technical reasons or due to the use of specific digital service providers, it becomes necessary to transfer data to countries outside the EEA, such transfers will be carried out in compliance with the safeguards provided by current legislation, for example based on European Commission adequacy decisions or through standard contractual clauses.
9. Data Retention Period
Personal data are retained for the period strictly necessary to fulfill the purposes for which they were collected, specifically:
navigation data and technical logs: for the period strictly necessary for the functioning, security, and maintenance of the website, except where required for investigating unlawful activities;
data submitted via forms, emails, or contact/booking requests: for the time needed to manage the request and, normally, no longer than 12 months after its completion, unless a subsequent professional relationship is established or legal obligations apply;
data processed within the patient/practice relationship: according to the terms specified in the separate privacy notice provided to the patient and in line with applicable regulatory requirements;
data relating to cookie consents, where applicable: according to the technical timelines and criteria indicated in the Cookie Policy and preference management tools.
10. Rights of the Data Subject
In the cases provided for by Articles 15 et seq. of the GDPR, the data subject may exercise the following rights:
obtain confirmation as to whether or not personal data concerning them are being processed;
obtain access to their personal data;
request rectification of inaccurate data or completion of incomplete data;
request erasure of data, where provided by law;
request restriction of processing;
object to processing, where applicable;
receive their data in a structured, commonly used, and machine-readable format, where applicable;
withdraw consent previously given, without affecting the lawfulness of processing carried out prior to withdrawal;
lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).
To exercise these rights, the data subject may contact the Data Controller using the contact details provided in this notice.
11. Right to Lodge a Complaint with the Supervisory Authority
Any data subject who believes that the processing of their personal data violates applicable legislation has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), as well as to seek judicial remedies before competent courts.
12. Links to Third-Party Websites
The website may contain links to third-party websites, platforms, or services. The Data Controller is not responsible for their content nor for how such third parties process personal data. Users are therefore encouraged to review the respective privacy policies.
13. Automated Decision-Making
Personal data provided through the website are not subject to fully automated decision-making processes intended to produce legal effects or similarly significant consequences for the data subject.
14. Changes to this Privacy Notice
The Data Controller reserves the right to update or modify this privacy notice at any time, also in consideration of regulatory, organizational, or technical changes. Users are invited to consult this page periodically.
