Privacy Policy & GDPR Compliance
How we protect your health data
Data Controller
Name: Dott. Daniele Priano
Profession: Pediatric Orthopaedic Specialist
Medical Board: Ordine dei Medici di Milano - N° 47175
Email: daniele.priano@ortopediaevolutiva.com
Privacy-First Booking System
Your personal data is NOT stored in our database.
How it works:
When you book, your full details (name, email, phone, reason for visit) are sent ONLY via email directly to the doctor.
In our database, we store ONLY: date, time, location, and an anonymized version of your surname (first 2 and last 2 letters).
Email, phone number, and reason for visit are NEVER stored in our systems.
Example: If your surname is "Rossi", we store only "Ro**si".
Automatic Data Deletion
30-day retention policy
Booking records are automatically and permanently deleted 30 days after creation, in compliance with data minimization principles under GDPR Article 5(1)(c).
Data We Do NOT Store
Analytics & Conversion Measurement
With your explicit consent (via the cookie banner), we use:
- Google Analytics 4 (GA4): aggregated traffic statistics with anonymized IP, no cross-site tracking, no Google Signals.
- Google Ads — conversion measurement only: we measure how many users open the booking widget after arriving from a Google ad. No remarketing, no profiling, no personalized advertising.
Implemented through Google Consent Mode v2:
- By default, all advertising and analytics cookies are denied.
- "ad_personalization" is ALWAYS denied — we never enable personalized advertising or remarketing audiences.
- On Accept: analytics_storage, ad_storage and ad_user_data are granted only for aggregated measurement.
- On Reject: only conversion modeling is performed by Google with anonymous, aggregated signals (no cookies).
Legal basis: Art. 6(1)(a) GDPR (consent). You can withdraw consent at any time by clearing site cookies and reloading the page.
Data is processed by Google Ireland Ltd. (joint controller for measurement). For details see Google Privacy Policy.
Data We Store (Minimal)
These minimal data are necessary to manage the appointment calendar and prevent double bookings.
Email Communication
All patient data is transmitted exclusively via email:
- Booking confirmation request → sent to the doctor
- Booking receipt → sent to the patient
Emails are sent via Resend, a secure email service with servers in the EU. The doctor responds directly to the patient's email to confirm or cancel appointments.
Your Rights (GDPR Art. 15-22)
You have the right to:
- Access your personal data
- Request rectification of inaccurate data
- Request deletion of your data
- Withdraw consent at any time
- Lodge a complaint with the supervisory authority (Garante Privacy)
To exercise your rights, contact: daniele.priano@ortopediaevolutiva.com
Legal Basis
The legal basis for processing your data is:
- Art. 6(1)(b) GDPR: Processing necessary for the performance of a contract (medical appointment)
- Art. 9(2)(h) GDPR: Processing necessary for medical diagnosis and healthcare provision
Last updated: July 7, 2026
This privacy policy may be updated. Any changes will be published on this page.