skip-to-content-text
skip-navigation-text

Opening of Third-Party Accounts

INFORMATION NOTE PURSUANT TO ART. 13 OF EU REGULATION 2016/679 (“REGULATION”)

Dear Sir,
Dear Madam,

UPMC Italy S.r.l., with registered office in Discesa dei Giudici 4, 90133, Palermo, Italy (“UPMCI”), is the Italian division of the University of Pittsburgh Medical Center, with offices in Rome, Palermo, and Mirabella Eclano (Avellino).

UPMCI provides state-of-the-art health care services in Italy thanks to the experience and expertise developed by UPMC and by the hospitals of its network (“UPMC Group”). In its day-to-day operations, UPMCI utilizes data networks and information technology systems shared with the UPMC Group. Due to this integrated structure, the data collected for the account opening are transferred to the UPMC Group in the United States. To ensure an adequate level of protection, in compliance with European Union regulations, the UPMC Group has committed to implementing data protection measures signing the Contractual clauses approved by the European Commission (available at the following link https://eur-lex.europa.eu/legal-content/IT/TXT/HTML/?uri=CELEX:32021D0914&from=EN A copy of these contractual clauses can be obtained contacting the Data Protection Officer (DPO) at the addresses indicated below.

Pursuant to Article 13 of the Regulation, UPMCI, as the Data Controller, provides you with the following information.

To access UPMCI’s information systems and carry out your activities, you will be provided with a mailbox and an account to be used exclusively for the specific purposes outlined below: as a Sponsor (a third party requesting access to UPMCI's IT system due to a sponsorship agreement for a research study), Vendor (a third party requesting access to UPMCI's IT system to offer a service to UPMCI), Training Entity (a third party requesting access to UPMCI's IT system to support the training of its students during clinical activities at UPMCI facilities), Partner (a third party that has entered into a partnership with UPMCI), Verifier (a third party authorized to access UPMCI's IT system to monitor a research project), UPMCI Health Plan (a third party requesting access to the UPMCI electronic medical record system to schedule an appointment between an insured individual and UPMCI staff), or Government Entity (a government agency or third party acting on behalf of such an entity, authorized to access UPMCI information based on national, regional regulations, statutes, or ordinances). To this end, you are required to provide your identification data (first and last name, tax code, and date of birth) and contact information (personal email address); providing this data is essential for the activation of the account and the assignment of a mailbox. Data will be processed using electronic tools and hard copy forms with appropriate modalities that guarantee their safety and confidentiality, thus complying with the provisions of the Regulation. The legal basis for processing your data is identified in Article 6.1.b) of the Regulation (“performance of a contract to which the data subject is a party”).

Your personal data will be processed by employees and collaborators of the Data Controller assigned to the relevant areas, who act based on specific instructions regarding the purposes and methods of processing. Third parties, designated as Data Processors, who provide ancillary or instrumental services to the Data Controller, may also process such data. The data will not be disseminated in any way.

The contents of the mailbox will be stored on Microsoft Office 365 servers dedicated to UPMC in the United States until the completion of the activities related to your role, unless longer retention periods are required for any legal disputes or dispute resolution needs. In such cases, the contents of the mailbox will be stored until the dispute is resolved or closed.

You may contact UPMCI’s DPO at the following addresses: UPMC Italy S.r.l. - Responsabile della Protezione dei dati, Via Discesa dei Giudici n. 4, 90133 Palermo; e-mail: DPO@upmc.it.

As a data subject, you have the right to obtain from the controller authorization to access, rectify, or delete, and to limit or deny the processing of your personal data (art. 15 et seq., Regulation). The dedicated form is available in the “Forms” section on the website of the Italian Data Protection Authority (www.garanteprivacy.it).

For further information, please refer to the Italian Data Protection Authority website https://www.garanteprivacy.it/web/guest/home_en.

Requests should be submitted contacting UPMCI’s Data Protection Officer (UPMC Italy S.r.l. – Responsabile della Protezione dei dati, Discesa dei Giudici 4, 90133 Palermo, Italy; e-mail: dpo@upmc.it. DPO@upmc.it.

Data subjects deeming the processing of their personal data violates the provisions of the Regulation have the right to file a complaint with the Italian Data Protection Authority (“Garante”) using the form available in the “Forms” section of the website (www.garanteprivacy.it), as provided under art. 77 of the Regulation. Alternatively, legal action may be pursued before the competent court, as provided under art. 79 of the Regulation.

Last update: July 2024