Privacy Policy

Information on the processing of personal data

(ex artt. 13 e 14, Reg. UE 2016/679)


  1. Premise

The EU Regulation 2016/679 on the "protection of individuals with regard to the processing of personal data, as well as the free movement of such data" (hereinafter referred to as "EU Regulation 2016/679" or "GDPR") contains a set of rules to ensure that the processing of personal data is carried out in compliance with the fundamental rights and freedoms of individuals.

This policy regulates the procedures followed by Linari Medical S.r.l. in relation to the processing of personal data carried out as Data Controller of personal data (for the sake of brevity, hereinafter also only "Data Controller") collected through the navigation of the website (hereinafter also only "Site") and belonging to all those (the "Interested”) who interact with the Site itself.

Following navigation and consultation of this Site, we may process data relating to identified or identifiable persons.

This information is provided exclusively for this Website and not for other websites that may be consulted by the User through the links on the home page and in other Sections of the Site (for which please refer to the respective privacy policies/policies).

  1. Subjective definitions: Data controller, external managers and authorized subjects.

Linari Medical S.r.l. is an innovative start-up operating in the medical sector of tele-visual neurorehabilitation of hemianoptic patients that was born as a spin-off from the company Linari Engineering S.r.l.

The company Linari Medical S.r.l. has patented an innovative technology for the remote visual rehabilitation of patients with impaired vision called AvDesk.

Pursuant to Articles 13 and 14 of the GDPR, the following information on the processing of personal data of data subjects is, therefore, provided.


The Data Controller is Linari Medical S.r.l. (P.IVA 02316700505), with registered office in Via Gaetano Malasoma n. 26, 56121 - Pisa (PI), in the person of the pro tempore legal representative (hereinafter "Linari Medical" or just the "Data Controller").

Our contact details:

Phone: +39 050.7219193



The Data Processors are all those who on the basis of a service contract or in relation to the role played are instructed by the Data Controller to process the personal data of the Data Subjects, according to specific competence and professionalism, made in a specific agreement between the Data Controller and external data processors.

The subjects authorized to the processing of personal data are the employees or internal employees of the company who, for their role and function, process personal data in the exercise of the enterprise according to precautions and rules provided by the law, and on instructions as well as under the control and direction of the employer/Data controller.

The updated list of any data processors is available at the headquarters of the Data Controller.

  1. Categories of personal data and data source

Through the Site may be collected and processed:

- navigation data, automatically collected while browsing the Linari Medical Srl Website;

- personal data provided voluntarily form on the website.

Navigation data

During connection to the Site, the computer systems and software procedures responsible for their operation automatically and indirectly administer and/or acquire some information (such as, as a mere example, the c.d. "cookies" as specified in the "Cookie Policy"). The processing of this data is necessary to the Data Controller to ensure the best possible browsing experience and to provide all the functions and services through the Site. However, it is possible to limit the processing of such personal data by using certain functionalities made available by the Site (with reference to the transmission of cookies or similar tools - on this point, please refer to the "Cookie Policy" of the Site) or from your browsing device or browser/application. In this case, browsing on the Site may be limited and some of its functions/services may be inaccessible.

Data provided voluntarily by the visitor

Requests for contact and/or information forwarded by the interested parties through the electronic and/or telephone channels on the Site, as well as through the "Contacts" section, made available by the Data Controller, may involve the collection and subsequent processing of personal data of applicants (by way of example, name, surname, e-mail address, telephone number and other personal data contained in the e-mail or freely provided by telephone).

The personal data held by Linari Medical are normally collected directly from the interested party. In particular, the Data Subject may provide their personal data by filling in and sending the forms present in the various sections of the Site, to access and request information on the services offered by the Company.

The information that visitors to the Site will consider making public through the services and tools made available to them, are provided by the User knowingly and voluntarily, exempting this Site from any liability for any violation of laws. It is up to the User to verify that they have the consent to enter personal data of third parties or content protected by national and international rules.

The Site requires the Data Subject to create their own account to conclude and manage online purchases, the processing of therapies, protocols, and reporting packages. At the time of registration, data such as name, surname, registration number, e-mail address and password are requested. Additional information may be required in relation to specific services. The personal data of the Data Subject are used for the management of the account, to provide and optimize the products and services of the Data Controller.

The processing of personal data will take place according to the purposes indicated below and will be based on the principles of correctness, lawfulness, transparency and protection of privacy and the rights of the Data Subject.

Visual Analytics

“We use Hotjar to better understand the needs of our users and to optimize the service and experience. Hotjar is a technology service that helps us better understand the experience of our users (for example, how much time they spend on which pages, which links they choose to click, what they do and what users don’t like, etc.) and this allows us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data about the behavior of our users and their devices. This includes a device’s IP address (processed during the session and stored in unidentified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only) and the preferred language used to view our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling any data collected on our behalf.


For further details, please refer to the section 'About Hotjar' of the Hotjar support site".

Interaction with social networks and external platforms

Twitter Tweet button and social widgets (Twitter, Inc.)

The Tweet button and Twitter social widgets are interaction services with the Twitter social network, provided by Twitter, Inc.

Personal Data processed: Cookies and Usage Data.

Place of processing: United States - Privacy Policy.

Like button and social widgets of Facebook (Facebook, Inc.)

The "Like" button and Facebook social widgets are social networking services provided by Facebook, Inc.

Personal Data processed: Cookies and Usage Data.

Place of processing: United States - Privacy Policy.

Linkedin Social Button and Widgets (LinkedIn Corporation)

The LinkedIn button and social widgets are interaction services with the LinkedIn social network, provided by LinkedIn Corporation.

Personal Data processed: Usage data; Tracking Tool.

Place of processing: United States - Privacy Policy.

YouTube Social Button and Widgets (Google Ireland Limited)

The YouTube button and social widgets are interaction services with the YouTube social network, provided by Google Ireland Limited.

Personal Data processed: Usage data.

Place of processing: Ireland - Privacy Policy.

Widget Video YouTube (Google Ireland Limited)

YouTube is a video content display service managed by Google Ireland Limited that allows this Application to integrate such content within its pages.

Personal Data processed: Usage data; Tracking Tool.

Place of processing: Ireland - Privacy Policy.



The services contained in this section allow the Data Controller to monitor and analyse traffic data and serve to keep track of the User’s behaviour.

Facebook Ads Conversion Tracking (Facebook pixels) (Facebook Ireland Ltd)

Facebook Ads Conversion Tracking (Facebook pixel) is a statistics service provided by Facebook Ireland Ltd that connects data from the Facebook ad network with actions taken within The Facebook pixel monitors conversion can be attributed to Facebook, Instagram, and Audience Network ads.

Personal Data processed: Usage Data and Tracking Tool.

Place of processing: Ireland - Privacy Policy.

Linkedin Ads Conversion Tracking (Linkedin pixels) (Facebook Ireland Ltd)

Linkedin Ads conversion tracking (Linkedin pixel) is a statistics service provided by Linkedin Ireland Ltd that connects data from the Facebook ad network with actions performed within
Il pixel di Linkedin monitora le conversioni che possono essere attribuite alle inserzioni di Linkedin.

Personal Data processed: Usage Data and Tracking Tool.

Place of processing: Ireland - Privacy Policy.

  1. Purpose and legal basis of the processing

Personal data collected through the Site will be processed for the purposes:

  1. To check the requests for information from the interested party by sending an e-mail to the e-mail address and more generally to the contact channels indicated on the Site and through the dedicated section "Contacts”;
  2. To allow the registration of the Data Subject to the reserved area of the Site through the creation and subsequent technical and administrative management of the Data Subject’s account;
  3. c)for the execution of sales contracts to which the Data Subject is party or for pre-contractual activities adopted at the request of the Data Subject, including the management of orders, payments made, the processing of therapies, protocols and reporting packages;
  4. d) for the fulfilment of legal obligations, including any administrative and accounting activities, related to the sale and management of the contract;
  5. e) to establish, exercise or defend legal claims;
  6. f) for legitimate interest, if any, constituted by the need to preserve and protect the corporate assets and the security of the physical and digital places owned by the Data Controller.

The legal basis for processing shall be::

- for the purposes referred to in letters a) and f) from the legitimate interest of the Data Controller to find contact requests or information (art. 6, par. 1, lett. (f), Reg. EU 2016/679);

- for the purposes referred to in letter b) and c) from the execution of a contract to which the interested party is party or pre-contractual measures (art. 6, par. 1, lett. b), Reg. EU 2016/679);

- for the purposes referred to in letter d) and e) from the fulfilment of a legal obligation (art. 6, par. 1, lett. c), Reg. UE 2016/679).

The processing of data carried out under one of the above-mentioned legal bases is carried out in an essential and minimal form.

The providing of data, as well as their communication to the categories of subjects indicated in par. 6, is not mandatory, but any refusal by the Data Subject to provide their data will make it impossible for Linari Medical to carry out the services requested, to verify the contact or information requests and/or to comply with legal obligations.

  1. Method of treatment

The processing of personal data takes place through manual, computer and telematic tools with logics strictly related to the purposes stated in this document and, in any case, in order to ensure the security and confidentiality of the data in accordance with the rules in force.

In the case of processing carried out with electronic and non-electronic processing modes and management and storage systems, as for hardware and software, Linari Medical may use third party service companies that will be made aware of their responsibilities with notice of appointment to Data Processor pursuant to art. 28 of the GDPR. The updated list of Data Processors is kept at the registered office of the Data Controller.

  1. Recipients or categories of recipients

Personal data may be made accessible, disclosed to, or communicated to the following subjects, who will be appointed by the Data Controller, depending on the cases, and as defined above, as responsible persons or persons authorised to process:

- employees and/or collaborators in any capacity of the Data Controller;

- public or private subjects, natural or legal persons, which the Data Controller uses for the performance of instrumental activities to achieve the purpose illustrated above, or to which the Data Controller is required to communicate personal data, by virtue of legal or contractual obligations.

The personal data provided by users are used for the sole purpose of performing the service or the services requested and are disclosed to third parties only if this is necessary for this purpose. Apart from these cases, personal data will not be disclosed unless provided for by contract or by law or unless specific consent is requested from the Data Subject. In this sense, personal data may be transmitted to third parties but only and exclusively if a) there is explicit consent of the interested party to share the data with third parties; a) there is a need to share information with third parties in order to provide the requested service; b) this is necessary to comply with requests from the judicial or public security authorities.

The subjects belonging to the categories to which the data can be communicated will carry out the treatment of the same data and will use them according to the cases in quality of Responsible/Sub-Data Processors expressly appointed by the Data Controller/Data Controller pursuant to law or, rather, as independent Data Controllers.

The Data Controller designates authorized persons for the processing of all employees, even pro tempore, and occasional collaborators, who carry out tasks that involve the processing of personal data.


In any case, personal data will not be disclosed beyond the limit of subjective processing necessary for the exercise of the business activity and in agreement with what is required by law or permitted by the interested party.

  1. Retention period

The collected data will be stored for a period of time not exceeding the achievement of the purposes for which they are processed ("principle of limitation of storage", art. 5, GDPR), without prejudice to compliance with a legal obligation or order of an authority.

The check on the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically. At the end of the retention period, personal data will be deleted, destroyed, or made anonymous, without prejudice to any statutory retention periods. Therefore, upon expiry of this period, the right of access, cancellation, rectification, and the right to data portability can no longer be exercised.

  1. Place of processing

The data will be processed by the Data Controller at its registered office and operational headquarters.

  1. Transfer of personal data outside the EU

For technical and/or operational issues, the personal data of the Data Subjects may be transferred by Linari Medical to extra-EU countries, such as in the case of Cloud storage with servers located outside the territory of the European Union.

In this case, the Data Controller ensures from now on that the transfer of data outside the EU will be regulated in accordance with the provisions of Chapter V of the Regulation and authorized according to specific decisions of the European Union. All the necessary precautions will therefore be taken to ensure the total protection of personal data by basing this transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on adequate guarantees provided by the third-party recipient pursuant to art. 46 of the Regulation; c) the adoption of binding business rules.

  1. Rights of interested parties

The data subject has the right to ask the Data Controller:

- access to data;

- data portability;

- opposition to processing;

- the correction of data, the limitation of data processing, the deletion of data;

and of:

- withdrawal of consent to the processing of your personal data;

- lodge a complaint with the Supervisory Authority (Data Protection Authority).


  1. How to exercise the rights

To exercise the above rights, the interested party may contact the Data Controller with a registered letter to Linari Medical S.r.l., Via Gaetano Malasoma, n. 26, 56121 - Pisa (PI) or an e-mail to:

  1. Minors

Children under the age of 18 must not provide information or Personal Data to Linari Medical without the consent of the parental responsibility merchants on them. In the absence of such consent, it will not be possible to meet the requests of the child.

The Data Controller invites all those who exercise parental responsibility on minors to inform them about the safe and responsible use of the Internet and the Web.

  1. Amendments

The Data Controller reserves the right to make changes to this information at any time by informing the Data Subjects on the Site. We ask, therefore, to periodically consult this "Section", taking as reference the date of last modification indicated.

Date of last modification

December 2021