Privacy Policy
Template Version: 1.0 - Last updated: 07/07/2025
Information notice pursuant to Art. 13 of Regulation (EU) 2016/679
This page constitutes the "Privacy Policy" of this website/application and is intended to provide information on how the personal data of users who interact with this website/application, and who make use of the services it provides to users, are processed, as well as to provide the information notice required by Art. 13 of Regulation (EU) 2016/679.
This notice is given solely for this website/application and not for any other websites that the user may consult via links contained in the web pages of this site.
Regulation (EU) 2016/679 on the protection of personal data (hereinafter, the "Regulation") lays down rules relating to the protection of natural persons with regard to the processing of personal data, as well as rules relating to the free movement of such data, and protects the fundamental rights and freedoms of natural persons, with particular reference to the right to the protection of personal data.
Art. 4(1) of the Regulation provides that "Personal Data" means any information relating to an identified or identifiable natural person (hereinafter, the "Data Subject").
"Processing", on the other hand, means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4(2) of the Regulation).
Pursuant to Art. 12 et seq. of the Regulation, it is further provided that the Data Subject must be made aware of the relevant information concerning the processing activities carried out by the data controller and of the rights of Data Subjects.
1. Data Controller
Pausetiv Srl
Registered office: Corso Genova, 27, 20123, Milan (MI), Italy
Email: hello@pausetiv.com
Website: www.pausetiv.com
VAT no. 13504440960
2. Purposes of the processing and legal bases
The user's personal data will be processed for the following purposes and on the legal bases indicated below:
for the conclusion and proper performance of the contract to which the Data Subject is party, or for the performance of pre-contractual measures adopted at the Data Subject's request, for the user's registration and the creation/management of the personal profile, and to provide the requested information and/or services/products, including subscription to informational newsletters; also for the purpose of responding to requests sent by the Data Subject (information/products/services/informational newsletter subscription). The legal basis for the processing listed is Art. 6(1)(b) of Regulation (EU) 2016/679;
to send periodically, via distance communication technologies (email, telephone, SMS, WhatsApp), marketing communications regarding the services, products and activities offered by the Data Controller; the legal basis is consent, as provided for by Art. 6(1)(a) of Regulation (EU) 2016/679;
to send periodically, via distance communication technologies (email, telephone, SMS, WhatsApp), newsletters and communications regarding the services, products and activities offered by the Data Controller's partners and sponsors, in the health and wellness sectors, that may be of greater interest to the Data Subject; the legal basis is consent, as provided for by Art. 6(1)(a) of Regulation (EU) 2016/679;
to send emails for marketing and promotional purposes for the sale of our products/services of the same type as those previously purchased by the Data Subject, save for the Data Subject's objection to the processing, which may be exercised at any time; the legal basis for this type of processing is the legitimate interests pursued by the Data Controller, as provided for by Art. 6(1)(f);
to respond to requests sent by the user via email and/or the form on the site; the legal basis for the processing listed is Art. 6(1)(b) of Regulation (EU) 2016/679;
to make navigation of the site possible and functional, and to ensure an appropriate level of security, integrity and availability; the legal basis for this type of processing is the legitimate interests pursued by the Data Controller, as provided for by Art. 6(1)(f);
analysis of statistical data on aggregated or anonymous data, for the purpose of monitoring the proper functioning of the Site, its traffic, usability and interest; the legal basis for this type of processing is the legitimate interests pursued by the Data Controller, as provided for by Art. 6(1)(f);
to establish, exercise or defend a legal claim; the legal basis for this type of processing is the legitimate interests pursued by the Data Controller, as provided for by Art. 6(1)(f);
to comply with obligations laid down by law, by a regulation, by EU legislation or by an order of the Authorities; the legal basis for this type of processing is Art. 6(1)(c);
to ensure that marketing communications relating to the products and services offered by the Data Controller, as well as those of its commercial partners and sponsors, including online advertising, are relevant to the Data Subject's interests; to this end, the Data Subject's personal data may be used to better understand the Data Subject's interests and preferences, so as to anticipate which other products, services and information may be of greater interest, enabling us to tailor the Data Controller's communications to make them more relevant and engaging; the legal basis is consent, as provided for by Art. 6(1)(a) of Regulation (EU) 2016/679;
to carry out market research in order to develop and improve our range of products, services and activities proposed by the Data Controller and its partners; the legal basis is consent, as provided for by Art. 6(1)(a) of Regulation (EU) 2016/679;
Data may be processed, through the platform, by healthcare professionals for the provision of their services, including internal messaging for communication with the user within the care pathway. In such cases the professionals act as autonomous data controllers and the platform operator acts as data processor. Messages are stored by Pausetiv, in its capacity as data processor, on behalf of the healthcare professional acting as data controller. Pausetiv accesses solely the operational metadata of the conversations (the patient and doctor involved, the conversation status, the date of the last message, the waiting time, the number of messages) in order to ensure the quality and continuity of the service, without access to the content of the messages. The healthcare professionals will provide their own specific information notice pursuant to Arts. 13 and 14 of Regulation (EU) 2016/679.
PauseTest data may be processed, solely in anonymous form, for the analysis and improvement of the services provided by Pausetiv in its capacity as Data Controller, on the basis of legitimate interest (Art. 6(1)(f) of Regulation (EU) 2016/679). The same data are processed by Pausetiv, in its capacity as Data Controller, in order to present the list of healthcare professionals most suited to managing the findings arising from the test outcome, and to manage the payment operations relating to the requested service. Such processing falls within the contractual purposes relating to the performance of the test freely carried out by the user (Art. 6(1)(b) of Regulation (EU) 2016/679).
3. Types of data
The Data necessary for the pursuit of the purposes set out above will be collected and processed:
- identification data
- contact data
- data relating to the contractual relationship
- data relating to the Data Subject's preferences and interests
- any health-related data
4. Navigation data
The IT systems and software procedures used to operate this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected in order to be associated with identified Data Subjects, but which, by its very nature, could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment.
This data is used solely to obtain anonymous statistical information on the use of the site and to check its proper functioning, and is deleted immediately after processing.
The data could be used to establish liability in the event of hypothetical computer crimes against the site.
5. Refusal to provide data
Apart from what is specified for navigation data, users/visitors are free to provide their personal data. The provision of Data is in some cases necessary because a refusal to provide it could result in the failure to conclude, or the improper performance of, the contract to which the Data Subject is party and/or the failure to comply with the legal obligations to which the Data Controller is subject.
The provision of Data for processing that requires consent is optional; failure to provide it will not make it impossible to make use of the products/services offered by the Data Controller. Even where consent has been given, the Data Subject will in any case have the right subsequently to object, in whole or in part, to the processing of their personal Data for the purposes set out above, by making a simple request to the Data Controller at the contact details indicated above.
6. Source of the data
The Data will be provided by the Data Subject.
7. Methods of Processing
In accordance with the provisions of Art. 5 of the Regulation, the Personal Data subject to Processing will be:
- processed lawfully, fairly and in a transparent manner in relation to the Data Subject;
- collected and recorded for specified, explicit and legitimate purposes, and subsequently processed in a manner compatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date;
- processed in a manner that ensures an appropriate level of security;
- kept in a form which permits identification of the Data Subject for no longer than is necessary to achieve the purposes for which they are processed.
Processing will be carried out using both manual and/or IT and telematic tools, with organisational and processing logic strictly related to the purposes themselves and, in any case, in such a way as to ensure the security, integrity and confidentiality of the data, in compliance with the organisational, physical and logical measures provided for by the applicable provisions.
8. Communication of data
Personal data may be communicated to persons authorised to process it, as well as to the external data processors appointed by the Data Controller (the complete list of external processors is available from the Data Controller), tasked with managing the purposes set out above. Subject to the Data Subject's consent, the Data may also be communicated to third-party sponsor companies and/or commercial partners of the Data Controller, who may use it for the purposes set out under no. 3) of the "Purposes of the Processing" article above. In pursuit of the purposes indicated above, the data may be communicated to other persons acting as autonomous data controllers.
9. Dissemination of data
Personal data will not be disseminated.
10. International transfers of personal data
For the purposes indicated above, Personal Data will be processed within the European Economic Area (EEA). Should it be transferred to Third Countries, in the absence of an adequacy decision by the European Commission, the requirements laid down by the applicable legislation on the transfer of Personal Data to third countries - such as the Standard Contractual Clauses provided by the European Commission - will in any case be complied with.
11. Data retention
In general, Personal Data will be retained for the time strictly necessary to pursue the purposes for which it was collected and processed, including the retention period required by applicable legislation and, in any case, for a maximum period of 10 years from the termination of the relationship with the Data Controller, and for a maximum period of 2 years for the purposes requiring the Data Subject's consent, save for any need of the Data Controller to defend a right in legal proceedings.
Rights of the Data Subject
Pursuant to Arts. 15 et seq. of Regulation (EU) 2016/679 and the applicable national legislation, the Data Subject may, in accordance with the methods and within the limits provided for by the applicable legislation, exercise the following rights:
| Right | Description | Conditions | How to exercise it |
|---|---|---|---|
| Art. 15 - Right of access by the Data Subject | The Data Subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information:
Where personal data are transferred to a third country or to an international organisation, the Data Subject has the right to be informed of the existence of appropriate safeguards pursuant to Art. 46 relating to the transfer. The data controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the data controller may charge a reasonable fee based on administrative costs. Where the Data Subject makes the request by electronic means, and unless otherwise requested by the Data Subject, the information shall be provided in a commonly used electronic form. | The right to obtain a copy of one's personal data shall not adversely affect the rights and freedoms of others. | The Data Subject may exercise the right by sending a request to the Data Controller's contact details. In order to provide a positive response to the request, it is necessary to provide the information required to identify the Data Subject. Before providing a response, the data controller may need to identify the Data Subject, as the right may be exercised only by the Data Subject or by their delegate. |
| Art. 16 - Right to rectification | The Data Subject has the right to obtain from the data controller, without undue delay, the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the Data Subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement. | Processing of inaccurate and/or incomplete data. | The Data Subject may exercise the right by sending a request to the Data Controller's contact details. In order to provide a positive response to the request, it is necessary to provide the information required to identify the Data Subject. Before providing a response, the data controller may need to identify the Data Subject, as the right may be exercised only by the Data Subject or by their delegate. |
| Art. 17 - Right to erasure ("right to be forgotten") | The Data Subject has the right to obtain from the data controller the erasure of personal data concerning them without undue delay, and the data controller has the obligation to erase personal data without undue delay. Where the data controller has made the personal data public and is obliged, pursuant to the preceding paragraph, to erase them, taking account of available technology and the cost of implementation, the controller shall take reasonable steps, including technical measures, to inform controllers processing the personal data that the Data Subject has requested the erasure of any links to, or copy or replication of, those personal data. | The right may be exercised where one of the following grounds applies:
The right to erasure shall not apply to the extent that processing is necessary:
| The Data Subject may exercise the right by sending a request to the Data Controller's contact details. In order to provide a positive response to the request, it is necessary to provide the information required to identify the Data Subject. Before providing a response, the data controller may need to identify the Data Subject, as the right may be exercised only by the Data Subject or by their delegate. |
| Art. 18 - Right to restriction of processing | The Data Subject has the right to obtain from the data controller restriction of processing. Where processing has been restricted under the preceding paragraph, such personal data shall, with the exception of storage, only be processed with the Data Subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A Data Subject who has obtained restriction of processing pursuant to the initial paragraph shall be informed by the data controller before the restriction is lifted. | The right may be exercised where one of the following grounds applies:
| The Data Subject may exercise the right by sending a request to the Data Controller's contact details. In order to provide a positive response to the request, it is necessary to provide the information required to identify the Data Subject. Before providing a response, the data controller may need to identify the Data Subject, as the right may be exercised only by the Data Subject or by their delegate. |
| Art. 19 - Notification obligation regarding rectification or erasure of personal data or restriction of processing | The data controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Art. 16, Art. 17(1) and Art. 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The data controller shall inform the Data Subject about those recipients if the Data Subject requests it. | - | The Data Subject may exercise the right by sending a request to the Data Controller's contact details. In order to provide a positive response to the request, it is necessary to provide the information required to identify the Data Subject. Before providing a response, the data controller may need to identify the Data Subject, as the right may be exercised only by the Data Subject or by their delegate. |
| Art. 20 - Right to data portability | The Data Subject has the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided. In exercising their right to data portability pursuant to the preceding paragraph, the Data Subject has the right to have the personal data transmitted directly from one data controller to another, where technically feasible. The exercise of the right referred to in the initial paragraph shall be without prejudice to Art. 17 - Right to erasure ("right to be forgotten"). | The right may be exercised where one of the following grounds applies:
This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. The exercise of the right shall not adversely affect the rights and freedoms of others. | The Data Subject may exercise the right by sending a request to the Data Controller's contact details. In order to provide a positive response to the request, it is necessary to provide the information required to identify the Data Subject. Before providing a response, the data controller may need to identify the Data Subject, as the right may be exercised only by the Data Subject or by their delegate. |
| Art. 21 - Right to object | The Data Subject has the right to object at any time. The data controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the Data Subject has the right to object at any time to the processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the Data Subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1), the Data Subject, on grounds relating to their particular situation, has the right to object to the processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest. | The right may be exercised where one of the following grounds applies:
| The Data Subject may exercise the right by sending a request to the Data Controller's contact details. In order to provide a positive response to the request, it is necessary to provide the information required to identify the Data Subject. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the Data Subject may exercise their right to object by automated means using technical specifications. Before providing a response, the data controller may need to identify the Data Subject, as the right may be exercised only by the Data Subject or by their delegate. |
In general, to exercise these rights, the Data Subject may contact the Data Controller by writing to the contact details indicated above.
Before providing a response, the data controller may need to identify the Data Subject.
A written response will be provided without undue delay and, in any case, no later than one month from receipt of the request.