POLICY pursuant to Article 13 and 14 of Regulation (EU) 2016/679 on the processing of personal data acquired from the website “www.cdpharma.it”

  1. DATA CONTROLLER

The Data Controller is CD PHARMA Group S.r.l., which, as Data Controller, pursuant to and for the purposes of Regulation (EU) 2016/679, on the “protection of natural persons with regard to the processing of personal data and on the free movement of such data”, hereby informs you that the processing of your data will be based on principles of correctness, lawfulness, transparency and protection of confidentiality and rights.

  1. REPRESENTATIVE OF THE DATA CONTROLLER AND DATA PROTECTION OFFICER

Pursuant to Article 37 et seq. of Regulation (EU) 2016/679, CD Pharma Group has identified and appointed the Data Protection Officer (DPO). The DPO can be contacted by e-mail at:
dpo@cdpharma.it.

  1. TYPE OF PERSONAL DATA PROCESSED AND PURPOSES OF THE PROCESSING

The personal data provided by users who access this site are used only to undertake the any service requested and will not be disclosed to third parties. The Data Controller has determined the purposes of the processing identified in the performance of the Data Controller’s own activities.

  1. LEGAL BASIS FOR DATA PROCESSING

The legal basis for data processing is the legitimate interest of the Data Controller referred to in Art. 6 para. 1(f) of European Regulation no 679/2016, consisting of the Data Controller’s interest in managing reports/complaints/requests from actual and/or potential users.

  1. HOW PROCESSING TAKES PLACE

All processing takes place through the adoption of security, technical and organisational measures, appropriate to the processing itself as set out in Article 32 of the Regulation. All data are processed electronically and measures to minimise processing are implemented, as regards the type of data, access authorisations and storage times.

  1. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Data will be disclosed solely and exclusively to employees and direct collaborators of the Data Controller for the sole purpose of carrying out the service requested by the user, unless disclosure is required by law.

The company in charge of assistance and hosting on the site has been appointed as Data Processor.

By its very nature, the optional, explicit and voluntary sending of e-mails to the addresses indicated on the site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

We invite our users, in requests for services or when sending queries, not to send send names or other personal data of third parties that are not strictly necessary or data defined as “sensitive and/or special” referred to in Articles 9 and 10 of Regulation (EU) 679/2016 within the limits and for the purposes specified in this policy.

  1. TRANSFER OF DATA TO NON-EU COUNTRIES

No data transfer to a non-EU country or international organisation is envisaged.

  1. DATA SUBJECT RIGHTS

The subjects to whom the personal data refer, pursuant to Article 13 of Regulation (EU) 679/2016, have the right at any time to obtain confirmation as to whether or not data concerning him or her exist and find out their content and origin, verify their accuracy or request to integrate, update or rectify them. The subjects to whom the personal data refer also have the right to request erasure, transmission of data to other controllers, anonymisation or blocking of data processed in violation of the law, as well as to oppose processing in any case, for legitimate reasons. Data subjects also have the right to appeal to the supervisory authority (Italian Data Protection Authority).

Requests relating to Article 13 of Regulation (EU) 679/2016 must be addressed to the Data Controller at the Company’s certified e-mail address.

  1. DATA STORAGE PERIOD

The personal data acquired will be stored for the duration necessary for the activities requested by the user to be carried out and in any case not for longer than 5 years.

The storage time may be extended and lead to the acquisition of further data at a later date, in the event that the user requests further services. In this case, the duration of the processing, for administrative, accounting, tax and contractual purposes, may be extended up to 10 years from the termination of the relationship, as required by current regulations.

  1. SUPERVISORY AUTHORITY

You have the right to lodge a complaint with the competent supervisory authority, the “Italian Data Protection Authority” in the event that you believe that your rights in the field of personal data protection are at risk [garanteprivacy.it].

  1. AUTOMATED DECISION-MAKING PROCESS

Your data will not be included in any automated decision-making processes.

 

Updated February 22, 2022