This Privacy Notice describes how we collect, use, and manage personal data in accordance with art. 13 of Legislative Decree no. 196/03 (Code regarding the protection of personal data) and arts. 13 and 14 of European Regulation 679/2016 (hereinafter also “GDPR”)

This notice applies to this website only and not to other websites that the user may visit via links. It is based on Recommendation no. 2/2001 adopted on 17 May 2001 by the Article 29 Working Party (established by Directive 95/46/EC) to identify minimum requirements for the online collection of personal data, in particular the methods, timing, and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection. Please read our Privacy Policy below.

1. Data Controller

The data controller is MEDVASC MALTA LTD, with registered office at 188, 21st September Avenue Naxxar, NXR 1012, Malta, email medvascmalta@gmail.com, telephone +39 3475334724.

2. Data Processor

The data processor is MEDVASC MALTA LTD. For any request regarding the processing of your personal data, you may contact MEDVASC MALTA LTD at email or by phone at +39 3475334724.

3. Types of Personal Data Collected

This site collects the following personal data:

• Identification data (first name, last name, email address, telephone number, etc.).
• Browsing data (IP address, browser type, usage data).
• Payment and billing data, if applicable.
• Other information voluntarily provided by users via forms or direct communications.

Note that the site’s software processes acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

Although this information is not intended to be associated with identified users, it could, by its nature, allow identification if crossed with data held by third parties (e.g., your Internet service provider). Such data include IP addresses or domain names of the computers used by users connecting to the site, the URLs of requested resources, request timestamps, request methods, response file sizes, numeric response codes (success, error, etc.), and other parameters related to the user’s operating system and IT environment.

These data are used solely for anonymous statistical analysis of site usage and to verify its correct functioning.

The Data Controller and, depending on the requested service, the Designated Processor retain, for a limited period in accordance with legal requirements, the logs of connections/browsing sessions in order to respond to any requests from judicial authorities or other public bodies authorized to request such logs for the investigation of potential IT crimes.

Apart from what is specified for browsing data, the user is free to provide or withhold the personal data requested in the service registration form. Some fields may be marked as mandatory; these are necessary for the provision of the requested service. If such data are not provided, the requested service cannot be delivered.

At the time of any data provision, pursuant to art. 13 of Legislative Decree no. 196/03 and arts. 13 and 14 of the GDPR, the data subject is given a concise but complete and transparent privacy notice on the purposes and methods of processing, the mandatory or optional nature of data provision, the consequences of failure to provide data, the subjects or categories of subjects to whom personal data may be disclosed and the scope of data dissemination, and the rights under art. 7 of Legislative Decree no. 196/03 and arts. 15 et seq. of the GDPR (access, update, correction, deletion, objection, etc.), including the identity and address of the Controller and any Processors.

The data subject is therefore asked to give informed, free, specific, and documented consent, as required by law. If personal data are provided in successive stages, additional notices and new consents may be requested in accordance with the Privacy Code and the GDPR.

4. Purposes of Processing

Personal data will be processed for the following purposes:

• To provide the services requested by the user.
• To improve the user experience and our website.
• To respond to user inquiries.
• To comply with legal or regulatory obligations.
• To handle any disputes or claims.

Any new data processing activities unrelated to the stated purposes will be launched only after providing a new notice to the data subject and, where required, obtaining explicit consent under Legislative Decree no. 196/03 and the GDPR. In any case, personal data will not be shared with or disclosed to third parties without the data subject’s prior consent, except as expressly provided by art. 24 of Legislative Decree no. 196/03 and the GDPR.

5. Legal Basis for Processing

The processing of your personal data is based on:

1. The user’s consent for the specified purposes.
2. The necessity to perform a contract or to take pre-contractual measures at the data subject’s request.
3. The fulfillment of legal obligations to which we are subject.
4. The legitimate interest of the data controller, such as service improvement and security.

6. Recipients of Personal Data

Your personal data may be shared with:

• Service providers acting on behalf of the controller (e.g., hosting, IT maintenance, etc.).
• Competent authorities, if required by law.

In any case, your personal data will not be sold or transferred to third parties for commercial purposes without your explicit consent.

7. Data Retention

Personal data will be retained for no longer than is strictly necessary to fulfill the purposes for which they were collected, taking into account applicable legal or regulatory obligations.

8. User Rights

You have the right to:

• Access your personal data.
• Request correction or deletion of your data.
• Oppose processing or request its limitation.
• Obtain data portability.
• Withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise your rights, you may contact the data processor.

9. Security Measures

The Data Processor implements appropriate technical and organizational measures to ensure the security of personal data and to prevent unauthorized access, loss, or damage.

These security measures comply with the minimum technical standards set by the Legislature (Technical Specifications on minimum security measures under arts. 33–36 of Legislative Decree no. 196/03). Data subjects have the right at any time to obtain confirmation of the existence of their data and to know its content and origin, verify its accuracy or request integration or updating, or request correction (art. 7 of Legislative Decree no. 196/03 and art. 16 of the GDPR). Under the same article, the data subject may request deletion, anonymization, or blocking of unlawfully processed data and may object, on legitimate grounds, to their processing in any case.

The Company assumes no responsibility for the privacy practices of other websites linked from our pages, nor for the content of any email services, web spaces, or chat forums provided to users.

Processing related to the web services offered by this site takes place at the Company’s premises and, where applicable, at the premises of the Data Processors, and is handled by authorized personnel responsible for managing the requested services, marketing activities (where requested by the user), data storage, and occasional maintenance operations.

10. Changes to the Privacy Policy

This Privacy Policy may be updated periodically. Users will be informed of any changes via notices on the website or by other appropriate means.

Last updated: 23 Aprile, 2025