Information on the processing of personal data

In compliance with the provisions of art. 13 of EU Regulation 679/2016 – General Data Protection Regulation (hereinafter “GDPR”) and of italian Legislative Decree 101/2018 which integrates and amends italian Legislative Decree 196/2003, cd. Privacy Code, we inform you that the personal data provided will be processed in compliance with the aforementioned laws and regulations.

Data Controller

The Data Controller of your personal data is Esserre Pharma S.r.l, with headquarters in Rome at Via Flaminia Nuova n. 260, in the person of its sole director Amedeo Squillace.

Esserre Pharma, in its capacity as Data Controller, recognizes the importance of personal data protection and proactively undertakes to treat them responsibly and in compliance with EU Regulation 2016/679 (GDPR), as well as with italian Legislative Decree Lgs. 101/2018 which integrates and amends the italian Legislative Decree 196/2003 cd. Privacy Code.

Esserre Pharma S.r.l is responsible for data processing and may be contacted by email at privacy@Esserrepharma.it.

Categories of data, purpose and legal basis of the treatment

Esserre Pharma offers informational content. While browsing the website, information about the user can therefore be acquired in the following ways:

  • Navigation data: the operation of the site involves the use of computer systems and software procedures which acquire, during their normal operation, some personal data relating to web browsing, the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified (for example, we refer to IP addresses, addresses in URI notation – Uniform Resource Identifier – of the requested resources, at the time of the request, etc.), and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of checking the correct functioning of the Site, to facilitate navigation and to provide any services requested through the forms specially prepared on the Site, as well as obtaining anonymous statistical information on the use of the Site itself (in this case the data are deleted immediately after processing). The processing of user data (within the limits just highlighted) is therefore necessary for the pursuit by ABI Servizi of legitimate interests related to the performance of the organizational and technical activities carried out for these purposes.
  • Data provided voluntarily by the User: This refers to all personal data (name, surname, email address, etc.) freely released by the visitor on the Website and which are used for the purposes of: a) registering and/or accessing a reserved area for which the approval of acknowledgment of the Privacy information b) satisfy any right of the Data Controller to process data, your right of defense and protection in the various legal venues and/or to satisfy a legal obligation to which the Data Controller is subject treatment c) follow up and satisfy the interested party’s request to receive the newsletter relating to the Site for which explicit consent will be requested for the sending by post, fax or e-mail and telephone of information relating to further initiatives, informative material and any events and/or manifestations of the Data Controller.

The optional, explicit and voluntary sending of e-mails to the addresses indicated on the Site involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the communication. Specific approval of the privacy information will be reported or displayed in the sections of the Site set up for particular services with, where appropriate, the relative consent of the interested party. Finally, the data provided by the user may be used by the Company in order to satisfy your right of defense and protection in the various legal venues of your right and/or to satisfy a legal obligation to which the data controller is subject.

Nature of the provision of data and consequences in the event of refusal

Apart from that specified for navigation data and cookies, within the sections of the Site set up for particular services on request, the user is free to provide his personal data for the purposes indicated in the respective information, but their failure to provide it may make it impossible to obtain the requested service.

Data retention period

The personal data collected through the use of the Site are processed for the time strictly necessary to provide the services requested and to carry out the related technical and security operations, as well as, once the latter is finished, for the times eventually established by the regulations in force for administrative purposes and possibly defensive.

Scope of data communication and recipient categories

Exclusively for the purposes specified above, all the data collected and processed may be communicated to persons authorized internally to process the data according to their respective duties, as well as to external subjects to whom it is necessary to communicate the data (e.g. IT service companies, competent public and authorities for compliance with regulatory obligations or to ascertain responsibility in the event of computer crimes against the Site). The recipient companies of the data, where they process the data on behalf of Esserre Pharma srl, are designated as data processors with a specific contract.

Processing methods

The data will be processed on IT, paper and electronically in compliance with the provisions of the law aimed at guaranteeing security and confidentiality, as well as accuracy, updating and relevance with respect to the stated purposes. The data will be entered in the pertinent databases which can be accessed by the employees expressly designated by the writer as managers and persons in charge of the processing of personal data, according to the respective authorization profiles. The spontaneous compilation by the user of the note fields present in the appropriate registration forms, and any other data voluntarily provided by the interested party, will result in the acquisition of the same by Esserre Pharma S.r.l as Owner, and the consequent treatment in compliance with what is reported in this information.

 

Scope of communication and dissemination

The data may be communicated to subsidiaries and/or affiliates of Esserre Pharma S.r.l, and to third-party companies linked to Esserre Pharma S.r.l by partnership relationships, for the sending of commercial communications regarding their products/services and this only after acquisition of specific consent from the interested party.

Rights recognized to the interested party

The interested party has the right at any time to exercise the rights provided for in Chapter III of the EU Regulation. In particular, the interested party has the right to obtain access and, in the cases provided for, the rectification, cancellation and portability to another holder of the personal data processed, as well as the right to request the limitation or to oppose the treatment .

Furthermore, the interested party can revoke the consent given at any time, as well as lodge a complaint with the Guarantor for the protection of personal data, following the instructions provided by the aforementioned authority by connecting to the link https://www.garanteprivacy.it/web/guest /home/docweb/-/docweb-display/docweb/4535524.

To exercise their rights, the interested party can contact the owner directly, as well as the person responsible for the protection of personal data.

The user has the right (pursuant to and by effect of articles 15 -22 of the GDPR):

  1. to obtain confirmation from the data controller as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients from third countries or international organizations; d) when possible, the envisaged retention period for personal data or, if this is not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to rectify or cancel personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the interested party, all the information available on their origin; h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and envisaged consequences of such processing for the interested party.
  2. to ask the data controller for access to personal data and the correction or cancellation of the same or the limitation of the treatment that concerns him or to oppose their treatment, in addition to the right to data portability, including all available information on their origin; to also obtain the cancellation of personal data concerning him without unjustified delay pursuant to art. 17 (“right to be forgotten”).
  3. if the treatment is based on article 6, paragraph 1, letter a), or on article 9, paragraph 2, letter a), the existence of the right to withdraw consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
  4. to lodge a complaint with a supervisory authority;
  5. To have a copy of the personal data being processed from the data controller, provided that it does not harm the rights and freedoms of others; in the event of further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the request is received by electronic means, unless otherwise indicated, the information is provided in a commonly used electronic format;

The above information will be provided:

  • within a reasonable time after obtaining the personal data, but at the latest within one month, taking into account the specific circumstances in which the personal data are processed;
  • in the event that the personal data are intended for communication with the interested party, at the latest at the time of the first communication to the interested party; or if communication to another recipient is envisaged, no later than the first communication of personal data.

All the rights of the interested party provided for by the GDPR are exercised with a request addressed without formalities to the Data Controller, also through a person in charge, to which a suitable reply is provided without delay.