Privacy policy pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
«General Data Protection Regulation»

We provide the following information with regard to your personal data being processed.
This policy is provided pursuant to article 13 of Regulation (EU) 2016/679, as your personal data have been gathered directly from you.

I – General Provisions

1. Controller: Identification and Contact Details

The Controller is: IDS S.p.A., represented by the pro tempore legal representative, (Italian tax code (C.F.): 00316290105 and VAT no.: IT00786780098), with registered office at Via Valletta San Cristoforo n. 28, 17100, Savona, Italy; email address:, P.E.C. (certified email):, telephone: +39 019 862080.

2. Methods of Processing

a) We collect only and exclusively the personal data required for the purposes specified below.
b) Processing of the collected data is performed pursuant to the principles of fairness, lawfulness and transparency.
c) We periodically check the correctness of the data in our possession; to this end, we ask you to notify us of any modifications to the data collected in a timely manner.
d) We process the data in such a way as to guarantee their integrity and security.
e) The data are processed with computerised means.
f) Our personnel are bound by confidentiality, and are required to guarantee the secrecy of all information acquired when performing their duties.

3. Disclosure of Data

Your personal data:
*) Will not be distributed or disseminated in any case
*) Will not be transferred
*) May be processed by employees/contractors of the company specifically committed to privacy, subject to written assignment and appropriate training, in order to protect your data and guarantee the exercise of your rights and, at the same time, allow for correct fulfilment of IDS S.p.A.’s contractual obligations and the regular and efficient performance of day-to-day company activities.
Your data may be transmitted to third parties operating within the country – professionals and/or consultants, credit institutes, ICT companies – if this is necessary to comply with legal obligations, judicial orders, or to protect a legitimate right or interest of the Controller.
Third parties performing processing on behalf of the Controller are nominated in writing as Processors in accordance with article 28 of Regulation (EU) 2016/679.

4. Retention Period for Personal Data

Your personal data will be stored:
*) For a maximum period of ten (10) years from the last access to our platform, for the purposes outlined in point 8)
*) Unless consent is revoked, for a period of five years from moment consent is provided, for the purposes laid out in point 11)
In the event of disputes, your personal data will be retained until their conclusion.
Upon expiry of these terms, your data will be rendered anonymous or erased, unless retention is necessary for further and different purposes provided for by law.

5. Rights Which You, as Data Subject, May Exercise:

*) Access (article 15 of Regulation (EU) 2016/679)

You have the right to access your personal data, and to the following information: a) Purposes of the processing b) Categories of personal data processed c) Recipients to whom they have been or will be transferred d) Retention period for the personal data, or criteria to determine them e) Policy and clarifications regarding the rights of the Data Subject It is the responsibility of the Controller to provide a copy of the personal data subject to processing and/or the policy outlining your rights.

*) Rectification and Erasure (articles 16 and 17 of Regulation (EU) 2016/679)

You have the right to obtain, without undue delay: rectification (correction) of inaccurate personal data, supplementation of incomplete personal data, deletion of personal data which are no longer required for the purposes for which they were gathered.

*) Restriction of Processing (article 18 of Regulation (EU) 2016/679)

You have the right to obtain restriction of the processing of your personal data, whenever one of the situations provided for by article 18 of Regulation (UE) 2016/679 occurs. If requested, we will provide you with specific and detailed information in relation to the exercise of that right.

*) Data Portability (article 20 of Regulation (EU) 2016/679)

You have the right to receive the personal data provided to the Controller in a commonly used and legible format, or to request its transfer to another Controller.

*) Objection to Processing (article 21 of Regulation (EU) 2016/679)

You have the right to object, at any time, for reasons relating to your specific situation, to the processing of personal data regarding you. In this case, your data may not be further processed, unless the Controller demonstrates the existence of prevailing legitimate reasons, or the need to determine, exercise or defend a right in legal proceedings. 

6. Exercising your Rights

The rights laid out in point 5 must be exercised by making a specific request to the following address:

7. Right to Lodge a Complaint with a Supervisory Authority

If you consider that the processing of your personal data violates your rights, you may make a complaint to the competent supervisory authority for the member state in which you habitually work or reside, or in the place where the alleged violation occurred. For further information, visit:

II – Processing of Data to Provide the Requested Services

8. Purposes of the Processing

The processing of the data gathered is designed to guarantee:
a) Login to the «restricted» section of the BlancOne platform and use of the connected services: collect points via QR Code, consult your data and store information on all the BlancOne treatments taken by your patients
b) Access to the BlancOne Academy platform and free use of the relative e-learning courses
c) Access to the shop section and purchasing of the products offered
d) Compliance with the legal obligations which the Controller is subject to
e) Performance of organisational and administrative activities related to the services offered by IDS S.r.l.

9. Personal Data Subject to Processing

Your personal and contact information, your professional qualifications, and any other data whose processing is necessary for pursuit of the purposes listed in point 8 are subject to processing.

10. Nature of Providing Data and Legal Basis for the Processing

Providing your data is necessary: refusal to provide them would make it impossible to supply you with the requested services.
The aforementioned processing is founded on the following legal bases:

  • Implementation of a contract and/or precontractual obligations, in relation to the purposes specified in points 8 a), b) and c)
  • Compliance with a legal obligation, in relation to the purposes specified in point 8 d)
  • Pursuit of a legitimate interest of the Controller, in the absence of an overriding interest, right or fundamental freedom of the Data Subject to be protected, in relation to the purposes specified in point 8 e).

III – Processing of Data for Information/Promotional Purposes

11. Purposes of the Processing

Processing of the collected data is for the purpose of sending information and/or promotional material in relation to the products and services offered by our company.

12. Personal Data Subject to Processing

The personal and contact data you provide to IDS S.p.A. are subject to processing.

The personal data you have authorised us to process for the above purposes will not be transferred to third parties.

13. Nature of Providing Data and Legal Basis for the Processing

Providing your data is optional: refusal to do so would make it impossible to send information and/or promotional material relating to our company’s activities and initiatives.
The aforementioned processing is founded on the following legal basis: free and informed consent, to be expressed by checking the corresponding box.
You can revoke this consent at any time, by sending a request to the following email address:
Revocation of consent does not affect the legitimacy of the processing performed up to that time.