IBSA Farmaceutici Italia Srl has always paid the utmost attention to the confidentiality, protection and security of the information in its possession, all the more so if it relates to the personal data of its customers and the parties they come into contact with.
The purpose of this Policy is to describe the procedures used for the processing of the personal data of the users and visitors of this website, which can be reached at the following address www.ibsa.it.
Regulatory framework – This communication is provided in accordance with the European Union legislation on the processing of personal data (Regulation EU 2016/679 and Directive 2002/58/EC).
Data Controller – is IBSA Farmaceutici Italia Srl – Via Martiri di Cefalonia 2 – 26900 Lodi – Italia (below also the “Controller”).
Data Processors – The updated list of the data processors and the group’s affiliates is available by sending a request to firstname.lastname@example.org
Data Protection Officer – The Controller uses a Data Protection Officer (also know as DPO). The DPO can be contacted via the following communication channel: email@example.com
Redirect to external websites – This website can be accessed from other third-party websites using links provided for this purpose. The Controller does not accept any responsibility or liability in relation to the handling of personal data by third-party websites and regarding the management of authentication credentials provided by third parties.
Policy and information notices – This website performs the function of providing information about the activities carried out by the Controller. Therefore, in most cases, it does collect personal data from you.
In certain circumstances, such as for the sections below, you are required to complete a data collection form. In these cases, we provide the privacy notice that specifies the use of the data and the other information required by law. We recommend that you read this notice before providing the data. In addition, in the few cases where personal information is collected for other purposes, this will be clearly highlighted in the legally-required notices, for the purposes of transparency and to make sure you are fully informed.
Consent to the processing of the data – The notices are aimed at defining the limits and methods of the data processing for each service, based on which visitors can freely express their consent (if necessary) and authorise the collection of the data and their subsequent use.
Browsing data or metadata – The information technology systems and software procedures used for this website acquire some traces or metadata (considered personal data), during their normal operation, whose transmission is implicit in the use of Internet communication protocols. The acquisition of this information (which is also called “passive” for this reason) can take place even if you are not registered for the services and without you playing an active role.
This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and addresses of websites from which access or exit has been made, information on the pages visited by users within the site, the time of access, the length of stay on the individual page, the analysis of the internal path and other parameters relating to the user’s operating system and computer environment.
These technical and electronic data are collected and used exclusively in an aggregate and not immediately identifiable form. They may be used to determine responsibility in the event of alleged computer crimes against the website or on request from the public authorities.
Sections of the data collection website – The following are the sections of the site where you can provide your personal data, together with a brief description of the purposes for which they are collected. The relevant privacy notice is included in the respective pages.
- Write to us: The data received through the contact form of the website is used exclusively to respond to requests from you. These data are retained for statistical purposes only and to verify the existence of any precedents;
- Quality complaints: the data received through the Complaints page, to give response to them.
- Pharmacovigilance: data received via the page Reporting adverse events, for the purpose of evaluating them;
- Suppliers: the data received via the Information page for suppliers, to give response to them;
- CV: CV received through the “Careers” page, by filling in the relevant form, to enable the assessment of applications based on the present and future business needs.
Processing methods – The processing of personal data is carried out using electronic procedures and media.
Storage of personal data – The personal data are only kept for as long as they are necessary for the purposes they were collected for. In any event, you have the specific rights described further below.
Optional provision of data – The provision of personal data requested from the data subject is optional, unless otherwise specified. However, failure to provide the data may result in the inability to obtain what is requested or to perform the activity indicated.
Place where the data is processed – The processing associated with the web services of this website takes place at Tinext SA, Viale Serfontana 7, 6834 – Morbio Inferiore – Switzerland, which performs the management of its server. The personal data are handled only by technical personnel of this company, specifically in charge of the processing, or by persons in charge of occasional maintenance operations.
Scope of circulation of the personal data – Unless otherwise stated in the specific notices, the personal data acquired through this website are only accessed by persons acting on behalf of the Controller, specifically designated as data processors or persons in charge and responsible for managing the requested service.
Dissemination of the personal data acquired by the site – The personal data acquired by the site are not disclosed to unspecified recipients.
Data flows abroad – The data acquired by the site are not transmitted outside the territory of the European Union.
Personal data protection rights – In relation to the processing of personal data, the data subject can at any time obtain confirmation of the existence or otherwise of that data held by the Controller and information about its content and origin. The data subject can also request the supplementation or correction of the data or, in the cases provided for by law, the portability, restriction of processing, and erasure of the data processed, in addition to objecting to the processing of the personal data, on legitimate grounds. The data subject can also obtain the updated list of the Data Processors on request. The data subject also has the right to lodge a complaint with the Personal Data Protection Authority if they consider that their rights have not been respected or that they have not received a response to their requests in accordance with the law.
How to exercise your rights – You can exercise your rights by contacting firstname.lastname@example.org.
Amendments to the policy – The entry into force of new sector regulations, as well as the ongoing review and updating of user services, may result in the need for changes in how your personal data is processed. This policy may therefore change over time, so we recommend you check this page periodically. To this end, the policy document states the date it was last updated.
Drafting date: 18/05/2018
Last update: 01/01/2019