Privacy Policy

Privacy policy

Data controller

The subjects or categories of subjects who may become aware of the data or to whom they may be communicated are as follows:

  • The data controller is the Analytical Laboratory to which the data subject has adressed to obtain diagnostic services, resulting in a report, from an accredited and designated laboratory:

GEM FORLab S.r.l. with registered and administrative office in Via Maestri del Lavoro, 25 in Busca (CN) and Business office in Via Ing. Comotto, 36 in Caluso(TO) – Tel: +39 0110891050, e-mail:

  • The Data Protection Officer (DPO) can be reached at the following email address: or at GEM FORLab S.r.l. Via Ing. Comotto, 36 in Caluso(TO) – Tel: +39 0110891050.


Information on the processing of personal and special data pursuant to Art. 13 of RGPD no. 679/2016 attachment.

Pursuant to Article 13 of the RGPD no. 679/2016 “General Data Protection Regulation”, bering provisions on the processing of personal data, we inform you that the company GEM FORLab. S.r.l. – ABLE Biosciences as Data Controllers, will process the information concerning you and provided by you, qualified as “personal data” by the RGPD n. 679/2016.


Why this information and what data do we process?

The law requires that anyone processing personal data must inform the person concerned of what data is being processed and of certain elements qualifying the processing, which must in any case be carried out in a lawful, correct and transparent manner, protecting your confidentiality and guaranteeing your rights.

In addition to your identification data (e.g. personal details, telephone numbers, etc.), defined by law as “personal data”, data relating to your state of health (provided by you) and considered by law as “special” will also be collected and used.


What purposes will be pursued by the information acquired?

The personal and special data you provide will be used for the following purposes:

  1. prevention & diagnosis;
  2. administrative activities related to the provision of diagnostic services (reservation, acceptance, planning activities);
  3. accounting activities related to the service provided (invoicing, accounting records).


Why is the treatment we carry out legitimate?

Il trattamento dei dati personali e particolari da noi svolto è legittimo perché si fonda sulle seguenti basi giuridiche:

– for the purposes referred to in point a) the data subject has agreed to the processing of his or her personal data;

– for the purposes referred to in point b) is necessary for the execution a contract;

– for the purposes referred to in point c) is necessary to fulfil a legal obligation to which the data controller is subject and/or the execution of a contract


Obligation or option to provide data and consequences of refusal.

Obligation or option to provide data and consequences of refusal

For the purposes of prevention and diagnosis, the provision of data, as well as consent to their use, is obligatory, therefore, failure to provide such data will make it impossible for the Data Controller to provide you with the requested diagnostic service. The consent given by you may be revoked at any time, without prejudice to the lawfulness of the processing based on the consent given before revocation, which can be done by contacting the dedicated personnel.


How long will your data be stored??

Personal data and special data relating to health will be kept for no longer than is strictly necessary to pursue the purposes for which they were collected, and in any case within the terms indicated by the relevant laws.

Laboratory report data will be kept for 5 years and at the end of this period will be automatically deleted from our electronic archives.


How your information will be processed and by whom

The processing of your data will be carried out using both paper and computer tools, with the adoption of appropriate measures to prevent loss, illicit and incorrect use, and unauthorised access, in compliance with the provisions in force on the protection of personal data. Your data will be processed by the Owner Company’s staff adequately trained and authorised to process the data, which imposes on them the duty of confidentiality and security.


To whom may your data be communicated or transferred?

The processed data will not be transferred to third countries or international organisations, but may be communicated, only if required by law or contract, to

  • local health authority (ASL)
  • subject to your express authorisation, issued separately from this letter, to the persons indicated by you, such as your attending physician.

The communication of data is in any case limited to that which is strictly necessary to carry out the relevant tasks and the processing is carried out in accordance with the principle of necessity and indispensability.


Who can you adress to in order to assert your rights?

The data subject may contact the Data Protection Officer (DPO), whom the Data Controller has appointed, to assert his or her rights, as set out in Articles 15 et seq. of RGPD No. 679/2016.

In particular, data subjects are granted the rights relating to the personal data covered by this notice, as provided for and guaranteed by the Regulation:

  • Right of access and rectification (Art. 15 and 16 of the Regulation): the right to access personal data and to request that they be corrected, amended or supplemented;
  • Right to data deletion (Art. 17 of the Regulation): in the cases provided for by the law in force, you may request the deletion of your personal data;
  • Right to restriction of processing (Art. 18 of the Regulation): the right to request the restriction of the processing of your personal data in the event of unlawful processing or contestation of the accuracy of personal data by the data subject;
  • Right to data portability (Art. 20 of the Regulation): the right to request to obtain, from the data controller, personal data in order to transmit them to another data controller, in the cases provided for in the aforementioned article;
  • Right to object (Art. 21 of the Regulation): the right to object at any time to the processing of personal data carried out on the basis of a legitimate interest justifying the request;
  • Right to lodge a complaint (Art. 77 of the Regulation): the right to lodge a complaint with the competent Data Protection Authority if you consider that a violation of your rights in relation to the processing of your personal data has occurred or is occurring.

In order to exercise the rights listed above, requests should be addressed to the Data Processor (DPO ), who will answer your requests on behalf of the Controller.

Any data subject who considers that processing concerning him or her infringes current privacy legislation has the right to lodge a complaint with the supervisory authority (