Privacy Statement

Privacy Policy Statement for Users of the Website Articles 13 and 14 of the 2016/679/UE Regulation (hereafter referred to as “GDPR”)

The reason for this communication

Medical Note (hereafter referred to as “Company” or “Data Controller”) is committed to respecting and to protecting your privacy and wants you to feel safe both during your simple web surfing and if you decide to register giving us your personal data in order to make use of the services made available for its Users and/or Customers. In this page, the Company wants to provide information on the processing of personal data concerning the users who visit or refer to the website accessible online from the address (the “Site”). This Privacy Policy Statement is provided for the Company website only and not for other websites the user possibly refers to through links (for that we refer to the respective statements/policies as far as privacy is concerned). It is not allowed to duplicate or to use pages, materials and information included in the Site, with any means and on any support, without the prior written consent of the Company. It is allowed to copy and/or to print for personal use only and not for commercial purposes (for any demand and any explanation contact the Company at the address mentioned below). Other uses of the contents, the services and the information included in this site are not allowed.

As far as the offered contents and the provided information are concerned, the Company will arrange to reasonably update and review the contents of the Site, without providing any guarantee about the adequacy, the accuracy or the completeness of the provided information disclaiming explicitly any responsibility for possible mistakes or omissions in the information the Site presents.

Source – Web surfing Data

The Company communicates that the personal data you provide and which are obtained when you ask for information and/or when you contact, register to the site and use the services through your smartphone or any other device used to have access to Internet, as well as the data necessary to supply these services, web surfing data and data used for the possible purchase of the products and the services the Company provides included, but also the so called data for the Users to surf the web, they will be processed in compliance with the applicable regulation. During the ordinary use, the computer systems and the applied software procedures for the functioning of this web site obtain some personal data whose transmission is implied in the use of Internet. This information is not collected to be connected with identified interested people, but by its very nature, it could allow to identify the surfing users by means of processing and connections with data hold by third parties. This category of data includes the “IP addresses” or the domain names of the computers the users use to connect to the site, the URI (Uniform Resource Identifier) notation addresses of the requires resources, the time of the request, the applied method to submit the request to the web server, the dimension of the file received as a reply, the number code showing the state of the reply the web server provides (successful end, failure etc.) and other parameters concerning the operational system and the user’s computer environment. These data are used just to obtain statistic anonymous information on the use of the site and to control the correct functioning of the Company’s web site. We underline that the abovesaid data could be used to ascertain who might be responsible in case of computer crimes to the detriment of the Company’s site or to other sites related to or connected with it: except for this event, as it is, data on web contacts remain for few days.

Source – Data provided by the User

The Company collects, stores and processes your personal data in order to provide the products and the services offered on the Site, or by the law. Regarding some specific Services, Products, Promotions, etc the Company will be entitled to process your data for commercial purposes, too. In these cases, a specific, separated, optional consent will be required, to be revoked at any time, through the procedures and to the addresses mentioned below.

The optional, explicit and voluntary transmission of e-mails to the addressed mentioned in the specific section of the Web Site, as well as the filling up of questionnaires (e.g. forms), the communication by means of chat, push notification by APP, social network, call centre, etc., implies the consecutive acquisition of some of your personal data, those collected by using Apps and related services included, necessary to meet the demands. We also inform you that during the use of the mobile connection to have access to the digital contents and the services directly offered by the Company or by our Partners, it will be necessary, maybe, to transfer your personal data to these third parties. We point out that you could have access to the Site or to connect to areas where you could be enabled to publish information by using blog or displays, to communicate to other people, for example by coming from the Company’s page on Facebook®, LinkedIn®, Youtube®, and other sites of social network, to review products and offers and to publish comments or contents. Before interacting with these areas, we invite you to read carefully the General Use Conditions considering that, under some circumstances, the published information can be viewed by anyone who has access to Internet and third parties can read, collect and employ all the information you include in your publications.

Purposes of the Processing and Legal Basis

Data are processed for the purposes:


  • Tightly connected to and necessary for the registration to the site, to the services and/or to the Apps the Company develops or makes be available, for the supply of the related computer services, for the management of demands for contact or information, for the purchase of products and services offered by means of the Company’s site;
  • For the ancillary activities connected with the management of the User’s/Customer’s demands and the transmission of the confirmation which can imply the transmission of promotional material; for the completion of the purchase order of the offered products and services, including the aspects concerning payment with credit cards, shipping management, the possible exercise of the right to reconsider provided for remote purchases, the updating on the availability of products and services which are not available temporarily;
  • Connected with the performance of the obligations provided by EU and national regulations, with the safeguarding of law and order, with the checks and contrast to crimes;
  • Direct marketing, or transmission of advertising material, direct sales, carrying out of market surveys or commercial communication of products and/or services the Company provides; this activity shall concern products and services of Companies of the Company Group, too, and shall be carried out by sending advertising/information/promotional material and/or invitations to join initiatives, events and to follow offers aiming to reward users/customers; this forwarding will be executed by “traditional” procedures (for example paper mail and/or calls by an operator), or by “automated” systems of contact (for example texts and/or MMS, telephone calls without the intervention of an operator, e-mail, fax, interactive applications), pursuant to art. 130 p. 1 and 2 of the Legislative Decree 196/03 and subsequent amendments;


The conferring of data for purposes pursuant to points 1), 2) and 3), related to a pre-contract and/or contract phase or suitable to a user’s demand or provided by a specific regulation, is mandatory and, failing which, it will not be possible to receive information and to have access to possibly required services; as far as point 4) of this statement is concerned, the consent to the data processing by the user/customer is, on the contrary, free and voluntary and can be revoked at any time with no consequences for the possibility to use the products and the services, except for the impossibility for the Company to keep abreast users/customers on new initiatives or special promotions or advantages possibly available.

The Company will be entitled to send commercial communications concerning products and/or services similar to those already provided, pursuant to the 2002/58/UE Directive, using the coordinates of e-mail, or the paper ones, you indicated on these occasions; you will be entitled to object by the procedures and at the addresses mentioned below.

Procedures, logics of the processing, storage times and safety measures.

Processing is carried out by means of electrical devices or however by computer devices, too, and is executed by the Company and/or by third parties the Company may make use of, in order to save, to manage and to send the data themselves. Data processing will be executed according to logics to organize and to process your personal data, also related to the logs resulting from the access and the use of the services available via web, of the supplied products and services connected with the above-mentioned purposes and, in any case, to ensure data safety and confidentiality. The processed personal data will be stored for the times provided by the law during the applicable time.

Still, as far as data safety is concerned, in the web site sections for special services, where the surfing user’s personal data are required, data are cryptographed by means of a safety technology named Secure Sockets Layer, which is abbreviated in SSL. SSL technology codes the information before it is exchanged by Internet between the user’s computer and the Company’s central systems, making it be incomprehensible for those who are not authorized and thus ensuring the confidentiality of the sent information; moreover, the transactions executed by using e-payment systems are carried out using directly the Supplier’s platform of the services of payment (PSP) and the Company stores just the minimum set of information necessary to manage possible objections. Actually, referring to the aspects of the personal data protection, the user/customer is invited, pursuant to art. 33 of GDPR, to notify to the Company possible circumstances or events a potential data breach may result from in order to allow a prompt evaluation and the adoption of possible actions aiming to hamper this event sending a communication to or contacting the Customer Satisfaction Service. The measures the Company takes do not let the Customer off paying the required attention to the use, as applicable, of a not too complex password/PIN and he/she will have to update it on a regular basis, in particular if he/she fears they are breached/known by third parties, as well as to store carefully and make them be not accessible to third parties in order to avoid their improper and non-authorized uses.



A cookie is a short text string which is sent to your browser and, possibly, saved on your computer (alternatively on your smartphone/tablet or any other device employed to have access to Internet); this transmission generally takes place any time you visit a web site. The Company makes use of cookies for different purposes, in order to offer you a quick and safe digital experience, for example, allowing you to keep active a connection to the protected area during the web surfing by means of the site pages.

It is not possible to use the cookies saved on your terminal to recall any datum whatsoever from your hard disk, to transmit computer virus or to identify and make use of your e-mail address. Each cookie is unique in relation to the browser and the device you use to have access to the Web Site or to use the Company’s App. Generally, the cookies aim to improve the functioning of the web site and the user’s experience in using it, even if it is possible to use the cookies to send advertising messages (as it is specified below). For further information on what cookies are and on the way they work, you can refer to the Web Site “All about cookies” .

For detailed information on Cookies, read the specific page

Communication domain and Data transmission.

In order to achieve the above-mentioned purposes, the Company will be entitled to communicate to and to have, in Italy as well as abroad, users/customers personal data be processed by third parties we are in touch with, whenever these third parties supply services upon our request. We will provide these third parties just the information necessary to execute the required services taking all the measures we need to safeguard your personal data. It will be possible to transfer these data outside the European Economic Space if it is necessary to manage your contract relationship. In this case, the individuals, being the addressees of the data, will be obliged to comply with the protection and safety obligations equivalent to those ensured by the Data Controller. Should you use services directly offered by Partners, we will provide the data strictly required for this use, only. In any case, the data necessary to achieve the expected aims will be provided, only, and, as required, the guarantees applicable to data transfer to third countries will be applied, only. We could also let our suppliers of commercial services know the personal data for marketing reasons; to this end, they will be appointed as external people in charge of the processing. In addition to that, it will be possible to communicate the personal data to the competent public entities and authorities in order to fulfil the regulatory obligations or to ascertain who is responsible in case of computer crimes to the detriment of the site; it may also be possible to communicate them to or to distribute them among third parties (as people in charge or, in case they are suppliers of e-communication services, of independent data controllers), who provide computer or online services (e.g. hosting services, web site management and development services) and the Company makes use of them in order to carry out technical and organizational tasks and activities aiming to the functioning of the web site. The individuals included into the above-mentioned categories work as separate Data Controllers or as People in Charge appointed, if necessary, by the Company.

It will be also possible for the employees/consultants of the Company to know personal data; they will be trained on the purpose and appointed as Persons in charge of the Processing.

The categories of the addresses it is possible to communicate data to is available contacting the Company at the addresses mentioned below.

Rights of the People Concerned

You will be entitled to exercise, at any time, the rights acknowledged by the law, such as:

  1. To have access to your personal data, obtaining evidences of the Data Controller’s purposes, of the categories of the involved data, of the addressees they can be communicated to, of the applicable storage period, of the existence of automated decision-making processes;
  2. To obtain, with no delay, the correction of incorrect personal data concerning you;
  3. To obtain, as applicable, the cancellation of your data;
  4. To obtain the processing to be limited or to oppose it, if possible;
  5. To require the porting of the data you gave the Company, that is to say to receive them in a structured, commonly used format readable by an automatic device, to transmit these data to another Data Controller, too, within the limits and the terms provided by art. 20 of GDPR;

Moreover, you will be entitled to claim at the Italian Personal Data Protection Authority pursuant to art. 77 of GDPR.

For the processing mentioned at point 4) of the purposes, the Customer will be entitled, at any time, to revoke his/her consent and to exercise the right to contrast the direct marketing (in the traditional and automated forms). Unless expressly stated otherwise, your opposition will refer to traditional communications as well as to the automated ones.

Data Controller

The Data Controller, pursuant to article 4 of the Code and of the GDPR, is MEDICAL NOTE Via Guerrazzi 7, 56025 Pontedera (PI) ITALY P.IVA – CF: 02277440505

The above-mentioned rights can be exercised, upon the demand of the Person concerned, following the procedures the Customer Service communicates or available on the WEB site of the Company or using the following references:

The Customer and/or the User using of the Web Site, for tablet and/or smartphone included, implies the full knowledge and approval of the content and of the possible indications this version of the statement includes, the Company publishes when you have access to the site. The company notifies that it is possible to change this statement with no notice whatsoever and therefore it suggests reading it on a regular basis.


The Data Controller