The Company F.I.R.M.A. S.p.A. (“Company”) takes your privacy very seriously, and commits to respect it in accordance with the applicable law (Italian D. lgs. 196/2003 – Privacy Code, and Regulation 2016/679/EU).
The Data Controller is F.I.R.M.A. S.p.A. – Fabbrica Italiana Ritrovati Medicinali ed Affini, headquartered in Via di Scandicci 37 – 50143 Firenze, ITALY, Tel. +39 055-7399511 (“Data Controller”).
Purposes and methods of the personal data processing
The Data Controller may process your personal data including the sensitive personal data for the following purposes: management of the requests submitted through the Website (including pharmacovigilance notifications), fulfilment of the legal obligations stemming from laws, regulations, EU law.
Furthermore, with your additional, optional consent, your data may also be used for institutional communications and/or promotional activities (marketing purposes), i.e. send at the address you have submitted promotional material and/or commercial information relating to the Company’s services, both by traditional (for example: hard copy mail, operator calls, etc.) and automated methods (for example: e-mail, fax, text messages, mobile and smartphone apps, social network accounts, i.e. via Facebook or Twitter, etc.).
Provision of Personal Data
Some of your personal data are necessary to manage the communications and the requests you submit. Such type of data are marked by an asterisk [*], which means that providing them is necessary to enable the Company to handle the query –otherwise, we would not be allowed to process it. Conversely, submitting data not marked by an asterisk is optional: if you do not wish to submit them there will be no consequence
Categories of processed personal data
The data that may be processed are:
1) the personal and sensitive data which you may provide when you interact with our Website and/or request some services (including registration to restricted access areas, participation to prize contests or other initiatives, use of Apps, information requests and other communications, including those submitted by means of our contact forms, etc.)
2) Navigation data, as specified under the following section
When you simply visit our Website (i.e. without sending any communication or using any of the services/functions available) we will only process your navigation data, i.e. the data transmitted to the Website and required to operate the computerised systems set up for the Website’s management, as well as Internet communication protocols. By way of example, the IP addresses or the domain names of the computers used to visit the Website and the other parameters relating to the operating system used to connect to the Website all fall in this category. The Company collects such and other data (for example, the number of visits and the time spent on the Website) for truly statistical purposes and in an anonymous manner in order to monitor the functioning of the Website and to improve it. In principle, the data in question are neither collected to be associated with other information of yours nor do they make your identification; however, due to their nature, such data may potentially lead to your identification if processed and associated with other data held by third parties. For this reason, navigation data are immediately de-identified after processing and may only be retrieved by the Company to ascertain, as well as identify the authors of, potential IT-related offenses committed to the detriment of the Website or through the Website. Notwithstanding the latter exception, navigation data as described above are only kept for a limited time, in compliance with the applicable legal provisions.
Links to other Websites
Retention and Storage of Personal Data
The Company ensures that the settings of its IT systems and programs are designed to minimise the use both of personal data and of any other information which may lead to your identification; all these sets of data are processed exclusively to achieve the goals for which they were obtained at the time of collection; in any event, the criteria used to determine the data’s storage period are based on the deadlines prescribed by the law, as well as on the principles of data minimisation and efficient management of our data bases.
Security and quality of personal data
The Company undertakes to protect the security of your personal data and to implement the safety measures established by the Privacy Code (with particular, but not exclusive, reference to Annex B to the Privacy Code -“Technical Disciplinary Guidelines on minimum security measures”-) and by all other applicable legal provisions in order to prevent data loss, illegal or illicit use and/or unauthorised access to your data. The Company implements appropriate technical measures, such as multiple, advanced safety technologies and procedures, to protect your personal data: for example, storing the data on servers located in rooms with restricted access and subject to controls. You may help the Company to keep the data up to date by informing it of any change to your own address, professional qualifications, contact information, etc.
Access to personal data
Your personal data are accessible within the company to those members of the staff who have been appointed as “persons in charge of the processing” and who may need to process such data in order to answer your queries or to deliver the services/functions available on the Website; in any case personal data processing is carried out only as far as necessary for the above purposes.
Data may be communicated -even in Third Countries- to other companies of the Menarini Group for the same purposes as stated above and/or for administrative purposes, pursuant to art. 34.1-ter of the Privacy Code, art. 6.1.f and the Preamble’s 48th Recital of Regulation 2016/48//EU.
As far as the potential transfer towards Third Countries is concerned --including transfers to Third Countries which may not ensure the same level of protection afforded by the Privacy Laws- the Data Controller informs that processing will take place in accordance with one of the methods set forth under Chapter V, Regulation 2016/679/EU.
You may at any time exercise the rights afforded by art. 7 of the Privacy Code and by arts. 15 (and following) of Regulation 2016/679/EU, such as, by way of example, receive the updated list of those who may access your Data; receive confirmation any of your personal Data is being processed by the Data Controller; verify their content, origin, exactness, location (including, where applicable, the Third Countries where the data might be), ask that the data are supplemented, updated, deleted, anonymised, frozen (if processed against the law), or to oppose to their processing for legitimate reasons, as well as to lodge a complaint with the competent Supervisory Authority. At any time, you may withdraw the consent you have previously conferred.
For any requests concerning the processing of personal data by the Company, the rights afforded by the applicable law or the updated list of individuals/entities which have access to the data, you may contact the Data Controller at the addresses indicated above