Privacy Policy



(Art. 13 Reg. (EU) 2016/679)

 


1. WHO PROCESSES MY DATA?

The Data Controller of your personal data is Onecheck S.r.l. with registered office in Milan, viale Monte Nero 82, 20135. You may contact the Controller by email at support@onecheck.org.

 

2. WHAT DATA ARE PROCESSED?

For the services provided by the Platform, we process:

  • Your personal, administrative and contact details (full name, address, date and place of birth, tax code, telephone number, e-mail address, valid identity document details, credit card details)
  • Data relevant to your flight itinerary, where applicable
  • Data contained in the self-declarations required by the Authorities of the places of destination, where applicable
  • Data contained in Reports issued after performance of the Tests required by the Authorities of the places of destination, where applicable
  • Browsing data.

 

3. FOR WHAT PURPOSES ARE MY DATA PROCESSED AND WHY IS THE PROCESSING LAWFUL?

PURPOSE LEGAL BASIS MANDATORY DATA PROVISION
a) Registration to the Platform

The processing of your data is lawful because it is necessary for the performance of the contract concluded between you and the Controller relating to your request for registration to the Platform

For this purpose, you are free not to provide your data, but if you fail to do so, you will not be able to register to the Platform
c) Booking of the relevant Test The processing is based on your explicit consent given at the time of registration to the Platform

For this purpose, you are free not to provide your data, but if you fail to do so, the Controller will not be able to provide the requested service

d) To allow transfer of your personal data to the health facility selected to perform the Test The processing is based on your explicit consent given at the time of registration to the Platform

For this purpose, you are free not to provide your data, but if you fail to do so, the Controller will not be able to provide the requested service

e) To allow payment and issuance of invoices The processing is based on your explicit consent given at the time of registration to the Platform

For this purpose, you are free not to provide your data, but if you fail to do so, the Controller will not be able to provide the requested service

f) To allow access to the report issued directly online in a secure manner by the health facility performing the Test The processing is based on your explicit consent given at the time of registration to the Platform

For this purpose, you are free not to provide your data, but if you fail to do so, the Controller will not be able to provide the requested service

g) To allow transmission of the Report to the transport operator, if required The processing is based on your explicit consent given at the time of registration to the Platform

For this purpose, you are free not to provide your data, but if you fail to do so, the Controller will not be able to provide the requested service

h) To allow user navigation

The processing of your data is lawful because it is necessary for the performance of the contract concluded between you and the Controller relating to your request for registration to the Platform

For this purpose, you automatically provide data to the Controller by browsing the Platform. You are free not to provide your data, by not accessing the Platform, without any negative consequence for you.
i) To send you communications about new services

The processing of your data is lawful because it is necessary for the performance of the contract concluded between you and the Controller relating to your request for information regarding new services

For this purpose, you are free not to provide your data, without any negative consequence for you.


4. TO WHOM ARE MY DETAILS DISCLOSED?

Your data are disclosed to:

  • Health facility for the performance of the booked test, the release of the Report and the issuance of the invoice for the service performed
  • Transport operator, if required.

You can request a complete list of the recipients of your personal data by writing to the e-mail address support@onecheck.org. In any case, your personal data will not be disseminated.


5. IS MY DATA TRANSFERRED OUTSIDE THE EUROPEAN UNION?

Your data is not transferred outside the European Union.



6. HOW LONG IS MY DATA STORED?

The Data Controller will keep your personal data for no longer than is necessary to achieve the purposes for which it is being processed. Specifically, your data will be kept for the time necessary to carry out the service you have requested.

At the end of this period, the Data Controller will erase the data irreversibly – by secure destruction or erasure methods – or store it in an anonymous form that does not allow, even indirectly, your identification.



7. WILL I BE SUBJECTED TO PROFILING?

We will never use your data to obtain information about your preferences or behavior, nor will we subject you to any decision based solely on automated processing of your personal data.

 


8. WHAT ARE MY RIGHTS?

You have the following rights:

–  Right of access to data: the right to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to your personal data – and a copy thereof – and to receive information relating to the processing;

–  Right to rectification of data: right to obtain from the Data Controller the rectification of inaccurate personal data concerning you without undue delay and the integration of incomplete personal data, including by providing an additional statement.

–  Right to erasure of data: right to obtain that your data be deleted by the Data Controller without undue delay for any of the following reasons:

  • your data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • you revoke the consent on which the processing is based and there is no other legal basis for the processing;
  • you object to the processing and there is no overriding legitimate reason to proceed with the processing;
  • personal data has been unlawfully processed;
  • personal data must be deleted to comply with a legal obligation to which the Data Controller is subject;
  • personal data has been collected in connection with the offer of information society services;

–  Right to restrict processing: right to obtain from the Data Controller the restriction of processing in any of the following cases:

  • You dispute the accuracy of the personal data, for the period necessary for the Data Controller to verify the accuracy of such personal data;
  • the processing is unlawful and you object to the deletion of your personal data and request instead that their use be restricted;
  • although the Data Controller no longer needs it for processing purposes, the personal data is necessary for the establishment, exercise or defense of legal claims;
  • You have opposed the processing pending verification of whether the legitimate reasons of the data controller prevail over those of the data subject.

–  Right to data portability: right to receive your personal data, which you have provided to the Controller, in a structured, commonly used and machine-readable format and to transmit the data to another controller, if the processing is based on your consent or on the contract and is carried out by automated means.

–  Right to object to processing: the right to object to processing carried out for the performance of a task in the public interest or in connection with the exercise of official authority or on the basis of the legitimate interest of the controller or a third party, as well as the right to object to the processing of personal data concerning you carried out for direct marketing purposes, including profiling insofar as it is related to such direct marketing.

–  Right not to be subjected to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or otherwise significantly affects you.

You may exercise your rights by sending a request to the Controller’s e-mail address support@onecheck.org. The Controller will answer you as soon as possible and, in any case, no later than 30 days after your request.



9. AM I REQUIRED TO PROVIDE MY DATA?

You are free not to provide your data to the Controller. However, if you do not provide your data, the contract between you and the Controller cannot be established or the services made available by the Platform cannot be performed

 


10. HOW CAN I LODGE A COMPLAINT?

If you wish to make a complaint about the way in which your personal data is processed by the Data Controller or about the handling of a complaint you have made, you have the right to lodge a complaint directly with the Supervisory Authority in accordance with the procedures indicated on the website www.garanteprivacy.it.