Information provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR), Italian Legislative Decree 30 June 2003, no. 196 (“Personal Data Protection Code”), as amended by Legislative Decree 101/2018.
Dear User,
pursuant to Article 13 of the Personal Data Protection Code and Regulation (EU) 2016/679 (GDPR), NUOVA MAVIT Srl, with its registered office at Scali D’Azeglio, 52 – 57123 Livorno (LI), Italy, in its capacity as Data Controller, provides you with this notice regarding the processing of personal data of users who visit the website www.mavit.it (hereinafter, the “Website”) and use the online services offered by the Centre.
1. Data Controller
Nuova MAVIT S.r.l.
VAT / Tax code: 02073520492 – EU VAT: IT02073520492 – REA: LI-233340
Registered office: Scali D’Azeglio 52 – 57123 Livorno (LI), Italy
Single contact e-mail: info@mavit.it
Centres and operational contacts
- Livorno Centre – Scali D’Azeglio, 52 – 57123 Livorno (LI)
Tel. +39 0586 839720
Email: info@mavit.it
Medical Director: Dr.ssa Margherita Vitolo – Ord. Med. Prov. Livorno n. 03510
- Ponsacco Centre – Via di Gello, 192/i – 56038 Ponsacco (PI)
Tel. +39 0587 731724
Email: info@mavit.it
Medical Director: Dr. Dani Hanna – Ord. Med. Prov. Pisa n. 04829
2. DPO / Privacy contact person
For any request relating to the processing of personal data (information, exercise of rights, clarifications), you may contact us at: info@mavit.it.
If a Data Protection Officer (DPO) is appointed, the relevant contact details will be published and updated on this page.
3. Categories of data processed
Depending on how the Website and services are used, NUOVA MAVIT Srl may process the following categories of data:
Data voluntarily provided by the User via contact forms, booking forms or e-mail addresses published on the Website, for example:
- first name, surname;
- contact details (e-mail, telephone number);
- any information entered in the “message” field;
- data necessary to handle the request or booking (e.g. chosen centre, preferred date, etc.).
The IT systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols, such as:
- IP address;
- type of browser and parameters of the device used to connect to the Website;
- addresses in URI (Uniform Resource Identifier) notation of the requested resources;
- date and time of the visit;
- pages visited;
- any technical logs and server response codes.
These data are used solely to obtain anonymous statistical information on the use of the Website and to check that it is functioning correctly, as well as for security and abuse-prevention purposes.
The IT systems and applications used to provide the services (e.g. booking forms, contact forms) may acquire data relating to connections, technical logs and the IP address used by the user who connects to the Website and uses the booking or contact services.
Data and logs used to manage Website security, prevent unauthorised access, abuse or IT fraud (e.g. firewalls, monitoring systems).
Data collected through cookies or third-party tools (e.g. Google Analytics, Tag Manager, any advertising pixels), in aggregated or pseudonymised form, for the analysis of Website use, campaigns and conversions, in line with the consent preferences expressed via the cookie banner.
You are kindly requested not to enter detailed health data or sensitive clinical information in the Website’s free-text fields.
Any health-related data are mainly collected and processed via dedicated channels (e.g. on-site, by phone, through specific systems) and on the basis of specific notices and consent forms, in compliance with applicable legislation.
4. Purposes of processing, legal basis and storage periods
- Purpose: to ensure the proper operation of the Website, IT security, prevention and management of fraud/abuse, technical maintenance and troubleshooting.
- Legal basis: the Controller’s legitimate interest (Article 6(1)(f) GDPR) in keeping the Website secure and operational.
- Storage period: generally up to 6 months, unless a longer period is required (e.g. for legal defence purposes or to establish IT offences).
- Purpose: to manage and respond to information requests, re-contact the user, organise any meetings or appointments with the facility, send operational communications.
- Legal basis: performance of pre-contractual measures taken at the request of the data subject (Article 6(1)(b) GDPR).
- Storage period: up to 24 months from closure of the request, subject to any additional legal obligations or the need for legal defence.
- Purpose: management of online bookings, scheduling, confirmations, reminders and service communications related to the appointment.
- Legal basis: performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR).
- Storage period: up to 24 months from the date of the service/booking, unless a different period is required by law or by the need to defend rights in court.
- Purpose: statistical analysis of Website use, performance measurement, possible management of online advertising campaigns (e.g. Google Analytics, Tag Manager, any Meta pixels or other tools).
- Legal basis: consent of the data subject (Article 6(1)(a) GDPR), given via the cookie banner and withdrawable at any time.
- Storage period: in line with the duration set by the tools used (cookies and similar) and their configurations (see Cookie Policy).
Within the scope of healthcare activities, and in compliance with laws, guidelines and specific consents, personal data – including special categories of data (e.g. health data) – may be processed for:
- prevention, diagnosis, treatment and rehabilitation activities, including specialist consultations, diagnostic tests, therapies, outpatient and surgical services;
- administrative and operational management activities linked to booking, admission, reporting, certification, invoicing, payment handling and reporting;
- certification, reporting, prescription activities and maintenance of medical records;
- activities aimed at protecting the health of users, also in coordination with other healthcare professionals, in accordance with the law and the rights of the data subject;
- verification and assessment of the appropriateness of services provided, and, where necessary, debt recovery;
- improvement of the quality of services offered, including through satisfaction surveys (while respecting anonymity where possible);
- training and updating of healthcare and administrative staff, using aggregated or pseudonymised data where possible.
In such cases, the legal basis for processing is, depending on the context:
- performance of a contract to which the data subject is party or pre-contractual measures (Article 6(1)(b));
- compliance with legal obligations in the healthcare and administrative fields (Article 6(1)(c));
- reasons of substantial public interest in the field of healthcare, preventive medicine, diagnosis and care (Articles 9 and 10 GDPR and related national provisions).
5. Nature of data provision
- Technical browsing and security data: necessary for the operation of the Website and IT security. Failure to provide such data (e.g. a browser configuration that blocks all traffic) may render browsing impossible.
- Data entered in forms (contacts, bookings): necessary to properly handle the request. Mandatory fields are indicated as such; if they are not filled in, it will not be possible to process the request or provide the service.
- Data collected for statistical/marketing purposes via cookies: optional and based on consent. Refusing consent does not affect browsing on the Website but may limit certain advanced or personalised features.
6. Recipients and processors
Data may be processed by staff members of NUOVA MAVIT Srl specifically authorised (administrative, medical, technical, IT personnel) and by third parties providing services to the Controller, appointed as Data Processors pursuant to Article 28 GDPR.
By way of example, recipients may include:
- providers of IT, hosting, housing and system maintenance services;
- operators of online booking platforms and communication systems;
- consultants and professionals supporting NUOVA MAVIT Srl in legal, administrative, tax or IT matters;
- any analytics and advertising service providers (if activated), acting as independent controllers or joint controllers, in accordance with their own privacy notices.
The updated list of Data Processors is available at the registered office of NUOVA MAVIT Srl and can be requested by writing to info@mavit.it.
Personal data are not made publicly available, unless required by law or by orders from competent Authorities.
7. Data transfers to third countries
As a rule, personal data are processed and stored within the European Economic Area (EEA).
Any transfer of data to third countries (outside the EEA), where necessary (e.g. use of cloud services or analytics platforms located outside the EU), is carried out in compliance with Articles 44 et seq. GDPR, on the basis of:
- adequacy decisions by the European Commission, or
- standard contractual clauses and/or other appropriate safeguards provided for by law.
8. Rights of the data subject
As a data subject, you may exercise at any time the rights provided for in Articles 15–22 GDPR, including:
- Right of access: to obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to such data and related information on processing;
- Right to rectification: to obtain the rectification of inaccurate personal data or the completion of incomplete data;
- Right to erasure (“right to be forgotten”): to obtain the erasure of personal data in the cases provided for by law;
- Right to restriction of processing: to obtain restriction of processing to specific purposes;
- Right to data portability: to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another controller, where technically feasible;
- Right to object: to object at any time, on grounds relating to your particular situation, to processing based on the Controller’s legitimate interest;
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- Right to lodge a complaint: to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or any other supervisory authority competent under the GDPR.
To exercise your rights, you may send a written request to:
NUOVA MAVIT Srl
Scali D’Azeglio, 52 – 57123 Livorno (LI) – Italy
E-mail: info@mavit.it
9. Updates
This notice may be amended in the event of legislative changes, organisational changes or technological adjustments.
You are advised to consult this page periodically to check the most recent version of the notice.
Last update: 07/02/2026
1. Use of cookies
Like most modern websites, the website www.mavit.it uses certain cookies.
Cookies are small text files that websites visited by the user send to and store on the user’s device (computer, smartphone, tablet), to be sent back to the same websites on subsequent visits, allowing information about browsing to be stored and the user experience to be improved.
Cookies can be used, for example, to:
- ensure the proper operation of the Website and improve its performance;
- store certain user preferences (language, geographic area, selected services);
- perform anonymous/aggregated statistical analysis of Website use;
- where applicable, deliver content and/or advertising messages aligned with the user’s interests (profiling cookies, if present and if the user consents).
2. Types of cookies
Cookies can generally be distinguished as follows:
- Session cookies: automatically deleted when the browser is closed;
- Persistent cookies: remain stored on the user’s device for a set period of time;
- First-party cookies: installed directly by the website visited by the user;
- Third-party cookies: installed by other websites or web servers different from the one visited (e.g. traffic analysis services, social networks, advertising services);
- Technical cookies: necessary for the operation of the website or to provide a service expressly requested by the user;
- Profiling cookies: used to create user profiles in order to send advertising messages in line with the preferences expressed during browsing.
The Italian Data Protection Authority considers session cookies, functionality cookies and – under certain conditions – analytics cookies used by the website owner to collect aggregated information on the number of users and how they visit the site to be technical cookies.
For more information on cookies, you may consult, for example:
- www.allaboutcookies.org
- www.youronlinechoices.com
3. Cookies used on this Website
On the Website www.mavit.it, the following categories of cookies may be used:
These cookies are necessary to ensure the functioning of the Website and the provision of services requested by the user (e.g. page navigation, session management, form completion, language settings).
Disabling these cookies may compromise proper use of the Website.
Analytics cookies, including those of third parties (e.g. Google Analytics), may be used to collect information in anonymous and aggregated form on the number of users and how they use the Website (pages visited, time spent on the site, any errors).
These data are used solely to improve the performance of the Website and the quality of the services offered.
Where possible, these cookies are configured so as to reduce the ability to identify the user (e.g. IP address anonymisation).
These cookies allow the Website to remember certain user choices (e.g. language, geographic area, display preferences) and to offer more advanced and personalised features.
The Website may incorporate links and/or plugins to social networks (e.g. Facebook, Instagram) or other third-party services. In such cases, these third parties may install cookies on the user’s device and process data as independent controllers.
For more information on the processing carried out by such third parties, please refer to their respective privacy/cookie policies, available on their official websites:
Facebook – cookie policy available on Facebook’s official website;
Instagram – cookie policy available on Instagram’s official website;
Google (for services such as Google Analytics) – www.google.com/policies/privacy
4. Cookie management
When accessing the Website for the first time, a banner informs the user of the presence of non-technical cookies (e.g. analytics, third-party cookies) and allows the user to:
- accept all cookies;
- refuse non-necessary cookies;
- customise preferences by category of cookies;
- obtain more information via this policy.
At any time, the user can change their cookie preferences via:
- the settings of the browser used;
- any consent-management tools made available on the Website.
It is also possible to delete or block some (or all) cookies by configuring the browser. The procedures vary depending on the browser used. Below are some links to the instructions provided by the main browser providers:
Please note that by completely disabling cookies in the browser, the user may no longer be able to use certain functionalities of the Website (e.g. forms, language settings, access to restricted areas where present).
