Skip to content
Dr. Gerardo Naddeo
languageIT

Privacy Policy

Last updated: 29 June 2026

This notice describes how the personal data of users who browse this website or interact with the links and services on its pages are processed, pursuant to Regulation (EU) 2016/679 (GDPR) and Italian data protection law. The website is mainly informational and presents the professional activity: there are no newsletters, private areas, online payments, product sales, or marketing and profiling tools.

Data Controller

The Data Controller is Dr. Gerardo Naddeo (General Practitioner and Aesthetic Physician), P.zza Nassirya 1, 01023 Bolsena (VT), VAT / Tax code 01425690565. For any request regarding personal data you can write to naddeog@gmail.com or call +39 339 472 9720. No Data Protection Officer (DPO) has been appointed and no dedicated certified email (PEC) is available.

Types of data processed

The website may process: (a) technical browsing data possibly generated by the hosting infrastructure (e.g. IP address, access and security logs); (b) data voluntarily provided by the user through the "Write to us" form or by email (name, email address and message content); (c) any information the user freely chooses to include in the message, which may include health-related data. The contact form does not send data to a website server: filling it in opens the user's email client, which sends the message to the Controller's email address. The website does not allow users to upload images, documents or files.

Purposes and legal bases

Data are processed to: enable browsing and ensure the technical security of the site (Controller's legitimate interest and technical necessity of the service); respond to requests sent via the form or email (performance of pre-contractual measures requested by the data subject); load third-party content or widgets, such as the MioDottore reviews widget, only after the user's consent (consent); comply with legal obligations and establish, exercise or defend a legal claim where necessary. If the user voluntarily includes health-related or particularly sensitive information in the message, such data will be processed only to the extent strictly necessary to handle the request. Please do not include unnecessary health or sensitive data in the form or emails.

Processing methods

Processing is carried out with IT tools and organisational measures suitable to ensure security, confidentiality and data minimisation. Access is limited to the Controller and to any strictly necessary technical providers. The website performs no automated decision-making or profiling.

Data retention

Messages sent via the form or email are kept in the Controller's mailbox for the time needed to handle and follow up the request, and in any case no longer than required by any legal obligations. Any technical logs generated by the hosting provider are kept for the period defined by the provider for security and operational purposes. The preference expressed via the cookie banner is stored locally on the user's device. Data relating to bookings or appointments are managed directly by MioDottore according to its own policies.

Recipients and providers

Data may be processed, in addition to the Controller, by: the website's hosting/technical infrastructure provider; the email service provider used to receive communications (the Controller's address is managed via Google/Gmail); MioDottore (Docplanner) for bookings, professional profile and reviews widget. These parties act as independent controllers or processors according to their respective contractual relationships and notices. Data are neither disclosed nor sold to third parties.

Transfers outside the EU

The website's main providers are located within the European Union and the Controller does not carry out transfers of data outside the EU. Some third-party services (e.g. Google and MioDottore/Docplanner) may, however, rely on their own infrastructure and transfers to third countries, applying the safeguards provided for by Articles 44 et seq. of the GDPR (such as the Standard Contractual Clauses approved by the European Commission). Please refer to the privacy notices of those services for details.

Your rights

Data subjects may exercise at any time the rights set out in Articles 15-22 of the GDPR: access to their data, rectification, erasure, restriction of processing, objection, portability and withdrawal of consent (without affecting the lawfulness of processing based on consent before its withdrawal). Requests can be sent to naddeog@gmail.com. Data subjects also have the right to lodge a complaint with the Italian data protection authority (Garante, www.garanteprivacy.it).

Changes to this notice

The Controller may update this notice to reflect legal changes or how the website works. The updated version is published on this page with the relevant last-updated date.