Privacy Statement

General information
Your privacy is respected by dr. Lorenzo Bergami. I strive to guarantee your privacy as well as possible and will treat the information you provide me with high confidentiality. When processing personal data, I take into account the applicable laws and regulations in the area of privacy. By means of this privacy statement i inform you about the way I handle your personal data. I have made the privacy policy visible on my website and i refer in all our documents containing personal data to our privacy statement on the website www.lorenzobergami.it.
1. Organization data
Dr. Lorenzo Bergami
P.zza Azzarita n.6 / b
40122 Bologna
Tel: 338 58 95 243

2. Personal data
When you provide me certain personal data in the context of the execution of the treatment or for the particular service that you purchase I may collect the following information:
    • Personal data (name etc.)
    • Sex
    • Telephone number (fixed or mobile number)
    • Date of birth
    • Profession / daily work / Hobby / Sport
    • Insurance
    • Social Security Number
    • Name of other healthcare providers
    • Health condition
    • Name of your health insurer
    • Time of appointment
    • Payment details

3. Basis for data processing
I may only lawfully process your personal data if I do so on the basis of a legal basis and only for the purposes for which I obtained the data. I process your personal data only with your permission.

The personal data collected by me is used for the following purposes:
    • Creating and maintaining your medical file
    • Schedule an appointment
    • Carrying out a treatment
    • Conducting a customer satisfaction survey after the end of treatment or periodically
    • Improving our services
    • Sharing your data with third parties for cost declaration

4. Provision of your personal data to third parties
In principle, I will only provide your personal data to third parties if you have given your permission. Information is only provided to third parties if this is necessary for the execution of our agreement or if a legal obligation dictates to us. I never transfer personal data to third parties that are located outside the EU.

5. Processor agreements
I conclude written agreements with third parties that process your data to ensure the same level of security and confidentiality of your data. I do not sell your information to third parties.

6. Security measures
All data is stored in a secure environment. Your data is processed with an ICT system protected with a username and password. The security of the system is managed by a specialized ICT company. Only authorized persons within our center have access to the password-protected data. The software has been developed in such a way that updates are automatically retrieved and installed. Antivirus software is implemented in such a way that the highest level of security is offered. I also have a secure mail system that makes it possible, if necessary and with your permission, to send medical data to you or another healthcare provider. If you have the impression that your data is not secure or there are indications of abuse, please contact me directly by email.

7. Cookies or similar techniques
My website (www.lorenzobergami.it) does not use cookies.

8. Data backup
To protect personal data against loss and theft, I have secured it with a back-up. This is made regularly (with a minimum of 1 x per month) on an external hard disk, which is protected by a password and is stored in a secure lockable room.

9. Authorized employees
In my organization Strategic Nutriton Center, only authorized persons have the right to view and manage the shared agenda. The authorized employees are all employees working at Strategic Nutrition Center. Every employee working with us uses and manages his own patient administration program which is not transparent to the other employees.

10. Retention period for personal data
I will not retain your personal data for longer than for the purposes for which it is being processed, unless this is necessary on the basis of legal obligations.
    • For the storage of your medical data, the statutory minimum storage period of 15 years applies according to the law on the medical treatment agreement.
    • A statutory retention period of 7 years applies to the storage of the financial records.

11. Permission for Direct Marketing and minority
    • I do not use (digital) direct marketing.
    • I declare that i only process personal data of minors (younger than 16 years) if written permission has been given by one of the parents, caretakers or legal representatives. At the first consultation we ask one of the parents a signature for agreement of the treatment based on the treatment plan.

12. Paper documents and security
Any privacy-sensitive information is stored in practice in a lockable cupboard that only authorized persons have access to.

13. Data leaks
I and all the employees of Strategic Nutrition Center do their utmost to prevent data from leakage. Every employee in our center is individually responsible for the occurrence of data leaks. If you, or one of the practitioners in our center, establish a data leak, it will inform the other involved about this immediately.

In that case, the therapist will provide you with all relevant information relating to the data leak, including information about possible developments surrounding the data leak and the measures that the practitioner will take to limit the consequences of the data leak and prevent repetition. In addition, the parties involved shall immediately inform each other if it appears that the leak of security will probably have adverse consequences.

When a data leak occurs the therapist allow you to take appropriate follow-up steps with regard to the data leak. The parties involved will take all reasonably necessary measures as soon as possible to prevent or limit further violations or leaking concerning the processing of the personal data and in particular further violation of the WBP or other regulations concerning the processing of the personal data. In good faith, both parties will make agreements in good faith about the reasonable distribution of any costs associated with meeting the reporting obligations.

14. View, modify or delete your data
When you have provided personal data to me, you have the right to access, modify and delete your data. You can also request your practitioner to transfer your data to you or another party or to limit the data processing. You also have the right to object to the processing of your data. You can also withdraw your consent to data processing. You can make your request known by mail.

I will respond to your request as soon as possible, at the latest within 3 weeks.

15. Complaints and contact
If you are not satisfied with the way in which I handle your data, you can submit a complaint to the national supervisory authority.

If you have any questions or comments after reading this privacy statement, please contact me by mail.