Privacy Policy

Purposes and procedures of data processing

Your personal data will be processed exclusively for the following purposes:

• Data collection and processing to browse newel.health through the dedicated section for Digital Therapeutics solutions, to guarantee website security.
• Personal data processing, including name, surname, and email address, within the "Partner with Us / Contact Us" section.
• Enforcing the Controller's rights (e.g. Right of defence, Art. 24 Const.).

Personal data are processed in compliance with current legislation and, in particular, in constant and absolute respect of the safety measures as per GDPR Art. 32, in order to reduce as far as possible the risks of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

The legal basis for processing purposes A1 and A2 is the legitimate interest of the Data Controller pursuant to Art. 6(1)(b) of the Regulation and does not require your consent. The legal basis for purpose A3 does not require your consent.

Type of personal data processed

The Data Controller collects personal data (A2) for the above-mentioned purposes. Personal data being collected concerns the Data Controller's customers and website visitors. Some of the data is collected directly from you when you use the Newel Health website.

Protection of personal data

The Data Controller restricts access to your personal data to those employees who need to know that information to perform their work. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of personal data.

Retention of personal data

The information shall be retained for the time needed for the purposes for which it was gathered and possibly for a longer time if data retention is deemed necessary to protect the rights of the Data Controller in accordance with Art. 5 of EU Regulation 679/2016 (GDPR). The storage of personal data relates to a maximum period of 10 years.

Data transfer

The Data Controller will not circulate your data. However, for the purposes of the data processing set out above, your data may come to the attention of the following: subjects that can access data under Italian and/or European Union law, rules, and legislation, within the limits set in this legislation; and employees and collaborators who operate under the direct authority of the Data Controller, as long as they have previously been instructed in the processing of the data and authorised to do so under Art. 29 of the GDPR, including as System Administrators.

Any transmission or communication of these data will also take place in respect of what is set out in law concerning the protection of personal data, including aspects relating to safety measures.

Rights of data subjects (GDPR, Art. 15 et seq.)

The data subject can at any time exercise their data protection rights pursuant to Articles 15–22 of the GDPR 2016/679. These rights include:

• Access: the data subject can obtain information relating to the treatment of their data and a copy of such data.
• Rectification: the data subject can request rectification of their data when such data is inaccurate or incomplete.
• Erasure: the data subject can request the erasure of their data by withdrawing consent and if there is no other legal ground for the processing.
• Restriction of processing: the data subject can obtain the restriction of processing in the cases provided by law (e.g. if they contest the accuracy or treatment of the personal data).
• Objection: the data subject could object to the processing of data if the processing is based on the Data Controller's legitimate interest for purposes relating to their specific situation, unless mandatory reasons exist that override the interest of the data subject.
• Withdrawal of consent: the data subject can withdraw the consent previously given for the purposes of data processing.

The objection and withdrawal shall not affect the lawfulness of the usage that has been made of data in the intervening time. These rights may be exercised via written communication to the Data Controller.

Pursuant to existing law the data subject may also submit a complaint to the Data Protection Authority (Garante per la Protezione dei dati personali), Piazza di Monte Citorio n. 121 – 00186, Rome, www.garanteprivacy.it.