PRIVACY

INFORMATION ON THE PROCESSING OF PERSONAL DATA in accordance with European Regulation 679/2016 (GDPR)

 

Since 25^th May 2018, European Regulation 679/2016 (GDPR), which defines general rules for the protection of personal data, has been fully enforceable.

This is an important step that imposes the same rules on the processing of personal data for all countries in the European Union.

Pizeta Pharma S.p.A. considers the protection of the personal data of natural persons to be a fundamental value, and its observance is a primary objective which management must be geared toward.

 

CONTACT DETAILS OF THE DATA CONTROLLER

Pizeta Pharma S.p.A., with registered office in Visso (MC), Via Roma snc, 62039 (administrative office in Ponte San Giovanni, via Bruno Simonucci 3, 06135) VAT no 01956430431 – 

Tel. 075 9474542

Email: amministrazione@pizetapharma.com

Pec (certified e-mail) : greempharmsrl@legalmail.it

 

1) RIGHTS OF DATA SUBJECTS AND HOW TO EXERCISE THEM.

 

The Regulation grants data subjects the following rights, which they may exercise against and in relation to the data controller and each joint data controller.

–          Right of access: Article 15 of the European Regulation allows you to obtain confirmation from the data controller as to whether or not data processing is being carried out in relation to you and, if so, to obtain access to that data.

–          Right to rectification: Article 16 of the European Regulation allows you to obtain from the data controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

–          Right to erasure: Article 17 of the European Regulation allows you to obtain from the data controller the erasure of personal data concerning you without undue delay where one of the grounds set forth in the regulation exists.

–          Right to restriction: Art. 18 of the European Regulation allows you to obtain from the data controller the restriction of processing where one of the hypotheses set forth in the regulation applies.

–          Right to object: Article 21 of the European Regulation allows you to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling on the basis of those provisions.

–          Right to data portability: Article 20 of the European Regulation allows you to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from the controller to which you provided the personal data, in accordance with the conditions set out in the regulation

–          Right to withdraw consent: Article 7 of the European Regulation allows you to withdraw the consent you have given at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

–          Right to lodge a complaint: Under Article 77 of the European Regulation, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this Regulation.

 

A complete excerpt of the above-mentioned articles of law is available at the Company’s Administrative Office. This office will be able to provide any explanations that the data subject may need regarding the exercise of his/her rights; requests may be submitted in writing, accompanied by a valid identification document, to the Administrative Office of Pizeta Pharma S.p.A, Via Bruno Simonucci, 3, 06135 Ponte San Giovanni (PG)

 

2) PRIVACY POLICY 

 

1. DATA CONTROLLER

The party who determines the purposes and means of the processing of personal data is Pizeta Pharma S.p.A., with address in (62039) Visso (MC), Via Roma, snc, VAT no. 01956430431.

 

 

2. JOINT CONTROLLERSHIP – OUTSOURCING TO THIRD PARTIES.

In the case of joint controllership, the controller ensures that compliance with the following principles is guaranteed through the joint controllership agreement.

In the event that personal data processing activities are outsourced to third parties, the controller shall ensure that compliance with the following principles is guaranteed through the service agreement.

 

3. ORGANIZATION

The Data Controller organizes the resources and processing of personal data so that they meet the requirements of the GDPR and national industry regulations. In particular:

1. Internally
   1. privacy organization reflects operational organization, assignments are coherent with the operational tasks, powers and authority related to them.
   2. Natural persons who are assigned significant duties and responsibilities ( considering the number and categories of personal data, risks to the rights and freedoms of natural persons) are selected, identified and appointed based on objective criteria that define the needs of the entity in terms of knowledge, skills and experience. In the absence of titles of qualification, requirements and evaluation weights are predefined.
   3. Those who process data operate under the direct authority of the data controller or a manager appointed by the data controller. Personnel shall be duly trained and informed as part of a continuous training program that takes into account the different needs in relation to the different roles held.
   4. The data controller directs and supervises all those who process personal data on its behalf.
2. Externally
   1. parties who are entrusted with personal data processing activities are selected and identified and appointed on the basis of a prior, transparent process that ensures the objectivity of the choice; the provider’s possession of the skills and professionalism needed by the organization; and the provider’s possession of sufficient guarantees to put in place appropriate technical and organizational measures so that the data processing meets the requirements of the GDPR and ensures the protection of the rights of the data subject.
   2. Relationships with third parties that process data on behalf of the data controller are always formalized in writing. The relative contract complies with the minimum requirements of Article 28 GDPR.
   3. The data controller shall direct and supervise all those to whom it delegates processing activities.

 

4. STAKEHOLDERS

1.       The data controller processes personal data of the following categories of natural persons:
   • employees
   • freelancers
   • users
   • suppliers
2.       Categories of persons indirectly affected:
   • family members of employees or users
   • creditors of employees
   • successors in title of employees
3.        Institutions/entities affected
   • unions
4.       Other

 

5. PRIVACY CULTURE

For Pizeta Pharma S.p.A., the ability to protect personal data represents not so much and not only a legal obligation but, rather, a preferred requirement, a competitive asset. In keeping with the perspective of accountability required by the GDPR, the Company adopts a risk-oriented approach to the processing of personal data in compliance with the GDPR. Respect for the rights, freedoms and personal information of natural persons is a binding ethical imperative for the Company that guides all the activities it implements.

 

6. LAWFULNESS

Pizeta Pharma S.p.A. only carries out the processing of personal data when one of the legal bases set out in Article 6 GDPR applies (consent, fulfilment of contractual obligations, vital interests of the data subject or third parties, legal obligations to which the data controller is subject, public interest or exercise of public authority, prevalent legitimate interest of the data controller or third parties to whom the data are disclosed).

 

The Company processes special personal data, (i.e., data capable of revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation), only if one of the cases provided for in Article 9.2 GDPR exists.

 

The Company processes personal data relating to criminal convictions and offenses or related security measures, only when one of the legal bases referred to in Article 6.1 GDPR applies, and only under the control of official authority or when the processing is authorised by Union or Member State law providing for appropriate safeguards for the rights and freedoms of data subjects.

 

7. FAIRNESS

The Company processes personal data exclusively for specified, explicit and legitimate purposes, without any unfairness or deception toward the data subjects by strictly adhering to the limits of the legal bases that legitimize their processing.

 

8. TRANSPARENCY

The Company shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language. In particular, the Company, for each processing it carries out, shall disclose to the data subject the manner in which personal data are collected, used, consulted or otherwise processed and to what extent the personal data are or will be processed. Information and communications relating to the processing of such personal data shall be easily accessible and easy to understand.

 

9. PURPOSE LIMITATION

Pizeta Pharma S.p.A. processes personal data for specified, explicit, and legitimate purposes, and ensures that processing is not incompatible with those purposes.

 

10. DATA MINIMISATION

Pizeta Pharma S.p.A. processes personal data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

 

11. ACCURACY

Pizeta Pharma S.p.A. processes personal data that are accurate and, where necessary, kept up to date; taking every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

 

12. STORAGE LIMITATION

Pizeta Pharma S.p.A. keeps personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

 

13. INTEGRITY AND CONFIDENTIALITY

Pizeta Pharma S.p.A. processes personal data in a manner that ensures appropriate security of those data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

 

14. DATA PROTECTION BY DESIGN AND BY DEFAULT

Pizeta Pharma S.p.A. takes a methodological approach to any project, whereby personal data protection must be considered by design. Thus, for any project, whether structural or conceptual, personal data protection must be considered from the time of its design and solutions for personal data protection must be considered.

 

The Company shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed; in particular, the technical and organisational measures put in place are intended to ensure that – by default – personal data are processed according to the specific purposes of processing.

 

15. COMPULSORINESS

Failure to comply with the principles contained in this document, as well as directives, instructions, requests, orders that may be issued by the Company for the protection of personal data and compliance with current regulations constitutes a serious breach.

 

16. REVISIONS

This document is approved by the Board of Directors and is prepared by the Data Controller who is responsible for updating and disseminating it.

 

3) PRIVACY NOTICE TEXTS

PIZETA PHARMA_Information Notice candidates

PIZETA PHARMA_Information Notice Clients

PIZETA PHARMA_Information Notice Empolyees

PIZETA PHARMA_Information Notice Promotiona Events

PIZETA PHARMA_Information Notice Suppliers

PIZETA PHARMA_Information Notice Scientific Representative

PIZETA PHARMA_Information Notice Health and Medical Professionals

PIZETA PHARMA_Information Notice Partecipants at Scientific and Corporate Events

PIZETA PHARMA_Information Notice Newsletter

PIZETA PHARMA_Information Notice Visitors

 

4) PRIVACY POLICY – COOKIES 

This is the document that states the entity’s policy regarding sending cookies to users.

 

General information, deactivation and management of cookies

 

Cookies are data that are sent from the website and stored by the Internet browser in the user’s computer or other device (e.g., tablet or mobile phone). Technical cookies and third-party cookies may be installed by our website or relative subdomains.
In any case, users will be able to manage, i.e. request general deactivation or deletion of cookies, by changing the settings of their internet browser. Such deactivation, however, may slow down or prevent access to certain parts of the site.

The settings for managing or disabling cookies may vary depending on the internet browser used, we therefore suggest that users consult their device’s manual or the “Help” function of their internet browser for more information on how to do so. 

Below we provide users with links explaining how to manage or disable cookies for the most widely used internet browsers:

•  Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies 
•  Google Chrome: https://support.google.com/chrome/answer/95647 
•  Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie 
•  Opera: http://help.opera.com/Windows/10.00/it/cookies.html 
•   Safari: https://support.apple.com/kb/PH19255 

 

Technical cookies

The use of technical cookies, i.e. cookies necessary for the transmission of communications over electronic communication networks or cookies strictly necessary for the provider to deliver the service requested by the customer, enables our site to be used safely and efficiently.

Session cookies may be installed in order to allow users to access and remain in the restricted area of the portal as an authenticated user.

Technical cookies are essential for the proper functioning of our website and are used to allow users normal navigation and the ability to take advantage of the advanced services available on our website. The technical cookies used are divided into session cookies, which are stored exclusively for the duration of browsing until the browser is closed, and persistent cookies, which are saved in the memory of the user’s device until they expire or are deleted by the user. Our site uses the following technical cookies:

• Navigation or session technical cookies, used to manage normal navigation and user authentication; 
• Functional technical cookies, used to store customizations chosen by the user, such as, for example, language; 
• Technical analytics cookies, used to gain insight into how users use our website so we can evaluate and improve how it works.

Third-party cookies

Third-party cookies may be installed: these are the analytical and profiling cookies of Google Analytics, Google DoubleClick, Criteo, Rocket Fuel, YouTube, Yahoo, Bing and Facebook. These cookies are sent from the websites of the aforementioned third parties that are external to our site.

Third-party analytical cookies are used to detect information about user behaviour on the site. The detection is done anonymously in order to monitor performance and improve the usability of the site. Third-party profiling cookies are used to create profiles related to users, in order to propose advertising messages in line with the choices manifested by those users.
The use of these cookies is governed by the rules established by the third parties themselves; therefore, users are encouraged to read the privacy notices and directions for managing or disabling cookies posted on the following web pages:

 

For Google Analytics cookies:
– privacy policy: https://www.google.com/intl/it/policies/privacy/
– directions for managing or disabling cookies: https://support.google.com/accounts/answer/61416?hl=it 

For Google DoubleClick cookies:
– privacy policy: https://www.google.com/intl/it/policies/privacy/
– directions for managing or disabling cookies: https://www.google.com/settings/ads/plugin 

For Criteo cookies:
– privacy policy: http://www.criteo.com/it/privacy/
– directions for managing or disabling cookies: http://www.criteo.com/it/privacy/ 

For Facebook cookies:
– privacy policy: https://www.facebook.com/privacy/explanation
– directions for managing or disabling cookies: https://www.facebook.com/help/cookies/ 

For Crazy Egg cookies:
– privacy policy: https://www.crazyegg.com/privacy/
– directions for managing or disabling cookies : https://www.crazyegg.com/cookies/ 

For Rocket Fuel cookies:
-privacy policy: http://rocketfuel.com/it/privacy/
– directions for managing or disabling cookies : http://rocketfuel.com/it/cookie-policy/ 

For YouTube cookies:
-privacy policy: https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines
– directions for managing or disabling cookies : https://support.google.com/accounts/answer/61416?hl=it 

For Yahoo cookies:
-privacy policy and directions for managing or disabling cookies : https://policies.yahoo.com/ie/it/yahoo/privacy/euoathnoticefaq/ 

For Bing cookies:
– privacy policy and directions for managing or disabling cookies https://privacy.microsoft.com/it-it/privacystatement 

Profiling cookies

Data controller(s) may install, by means of so-called web analytics software, profiling cookies, which are used to prepare detailed and real-time analysis reports related to information on: visitors to a website, search engines of origin, keywords used, language of use, most visited pages.

The same may collect information and data such as IP address, nationality, city, date/time, device, browser, operating system, screen resolution, navigation origin, pages visited and number of pages, duration of visit, number of visits made. 

Such data may be used by the Data Controller in accordance with and subject to the limitations imposed by current regulations and the provisions of the privacy policy.