This document describes how the website is managed related to the processing of the personal data of users consulting it.
This Policy is being provided pursuant to art. 13 of the European General Data Protection Regulation 2016/679 (GDPR)- to all those interacting with the web services of Aczon S.r.l. accessible online from the address: www.aczonpharma.com
This statement refers solely to the website www.aczonpharma.com and not to other websites possibly consulted by the user through links.
1. Data Controller
The Data Controller is Aczon S.r.l.,, srl, having registered office in Via Lavino, 265/D - 40050 Monte San Pietro, Bologna
2. Personal data undergoing processing
As a result of website browsing, the Data Controller will collect and process Personal Data that may consist of information like name and surname, identification number, online identifier, mail address, e-mail address, landline and/or mobile telephone number or information on one or more physical, physiological, psychological, financial, cultural or social features relating to an identified or identifiable person (hereafter “Personal Data”).
The following Personal Data is processed through our Website:
a. Browsing data
The computer systems and software procedures used for operation of the Register.it web site acquire, during routine operation, some personal data, the transmission of which is considered implicit in the use of the Internet communication protocols. This information is not collected to be associated with identified persons, but which in their nature may, through processing and associations with data retained by third parties, enable the identification of users. This category of data includes IP addresses or domain names of the computer used by the users to connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the dimensions of the file obtained in the response, the numerical code indicating the status of the response sent by the server (successful, error, etc.) and other parameters regarding the operating system and IT environment of the user. These data are used exclusively to retrieve anonymous statistical information on use of the present site and the sites of our clients, and to ensure correct operation of the latter, identify faults and/or abuse, and are deleted immediately after processing. The same data may be used to ascertain responsibility in the hypothetical case of computer crime harmful to the site or third parties: with the exception of this case, the data on web contacts are not stored for more than fourteen days, unless specific requests are made by the user (e.g. access to the user's personal pages within Register.it summarising services used, information published etc.). During normal operation, the computer systems and software used to operate our Website acquire some Personal Data the transmission of which is implicit in the Internet communication protocols. The collection of this information is intended to be associated with identified parties; however, the data collected might by its nature allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by users who connect to the Website, URI (Uniform Resource Identifier) of requested resources, the time of request and method used to submit it to the server, the size of the file obtained in reply, the numerical code indicating the server response status (successful, error, etc.) and other parameters relating to the user's operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to ensure its correct functioning by identifying any anomalies and/or abuses, and are therefore deleted immediately after processing. The data could be used to ascertain responsibility in the event of possible computer crimes against the Website or third parties; except for this possibility, the data collected from the Website is removed within a short period of time.
- Ø Special categories of Personal Data
By sending us specific indications/requests or your application by e-mail (or by filling in the forms on our Website), you might provide us with Personal Data that falls within special categories as set forth in art. 9 of the Regulation, namely: “[…] personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and [...] genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation”. Please do not disclose this type of data unless it is strictly necessary. Please be informed that if you do choose to provide this type of data without giving your specific consent to the processing (e.g. by sending a CV), the processing on our part will relate to data made manifestly public by the Data Subject, as provided for by art. 9, subsection 1, lett. e) of the Regulation. Therefore, the Data Controller will be released from any liability or dispute whatsoever in connection with the processing of such data. As previously mentioned, explicit consent to the processing of special categories of Personal Data is fundamental if you do choose to disclose such information.
Please be also informed that the Data Controller may view any social media profiles made openly available on professional networking sites or platforms (e.g. LinkedIn).
- Ø Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails, or messages to the addresses indicated on the Website or the completion of the contact forms on the Website entail the acquisition of the user’s address (necessary to answer to requests), as well as any other Personal Data contained in the communication / message.
We may process Personal Data of third parties that you send to the Data Controller when using certain services on our Website (e.g. the request/contact/partnership forms). In these cases, you act as independent Data Controller, thereby assuming all the obligations and liabilities set by law. In this sense, you release the Data Controller from any and all responsibilities and obligations with respect to any dispute, claim, compensation for damages etc. that may be received from third parties whose Personal Data has been processed through the Website functions in violation of applicable data protection laws. In any case, if you provide or process Personal Data of third parties while using our Website, you warrant – assuming full liability – that processing has a lawful basis in compliance with art. 6 of the Regulation.
Please see the Cookies Policy.
3. Purposes of data processing
If necessary, we will process your Personal Data for the following purposes:
i. Provide the services you require;
ii. Respond to requests for assistance, information or partnerhip;
iii. View CVs and contact applicants;
iv. Comply with legal and tax obligations;
v. Marketing purposes: the data provided may be used, subject to explicit and specific consent, for the sending of promotional and marketing communications, including newsletters and market surveys, using e-mails and paper mail. The lawful basis for the processing of your data for these purposes is art. 6,§ 1, lett. a) of the Regulation. The processing of data for direct marketing is optional and based exclusively on your free choice, and denying your consent for this purpose will not affect the use of services on your part.
4. Lawful basis and mandatory or optional nature of data processing
The lawful basis for the processing of Personal Data for the purposes referred above point 3 (i, ii, iii) is art. 6, § 1, let. b) of the Regulation (performance of a contract) as the data is necessary to provide the services required and/or to respond to requests from the interested party. Giving your Personal Data for these purposes is optional, but indispensable to activate the services provided by the Website, to answer requests or evaluate CVs. The lawful basis for the viewing of profiles on professional networking platforms made freely available on the Internet is art. 6, § 1, let. f), of the Regulation, i.e. the legitimate interest of the holder in verifying the candidate’s suitability for the open position and any potential risks.
With specific reference to the purpose at point 3.iv, the lawful basis is art. 6, § 1, let. c) of the Regulation (compliance with legal obligations). Once provided, Personal Data must be processed for the Data Controller to comply with legal obligations.
The lawful basis for the processing of data for the purposes referred to point 3.v is art. 6, § 1, let. a) of the Regulation (your consent). In this respect, activities that involve the direct sending of advertising material, direct sales or market surveys and commercial communications in relation to products or services similar to those you purchased, the Data Controller may use your e-mail and mail addresses without your consent, in accordance with and within the limits allowed by art. 130, § 4 of the Italian Data Protection Code and the by the Decision of the Italian Data Protection Authority of 19 June 2008. The lawful basis for the processing of your data for this purpose is Art. 6, § 1, let. f) of the Regulation (legitimate interest).
5. Disclosure of Personal Data
For the purposes listed above at point 3, your Personal Data may be shared with:
a) Parties who typically act as Data Processors, namely: 1) persons and/or organisations providing us assistance and counselling services on accounting, administrative, legal, tax, financial, employment contracts, payroll processing, etc.; 2) persons and/or organisations who assist us in providing certain services (e.g. hosting providers); 3) persons and/or organisations who perform technical maintenance activities (including maintenance of PC– hardware e software, network equipment and electronic communication networks); (collectively, “Recipients”);
b) Persons, entities or authorities to whom Personal Data must be disclosed by virtue of legal provisions or orders given by a competent authority;
c) Parties authorised by the Data Controller to perform activities that are strictly related to the provision of services or for the purposes listed at point 3, who have committed themselves to confidentiality or have legal obligation to confidentiality (e.g. employees).
6. Transfer of Personal Data
We do not transfer your Personal Data outside the European Union. For the purposes of providing the Service, however, the Data Controller reserves the right to transfer some Data also outside the European Economic Area, according to artt. 15, 45 and 46 of the Regulation. The Data Controller ensures that these Recipients process your Personal Data in compliance with the Regulation. Transfer of Personal Data may be based on an adequacy decision, on Standard Contractual Clauses approved by the European Commission or on another appropriate legal basis.
7. Data treatment and storage
The processing of your personal data is carried out by means of the operations indicated in art. 4, § 2, of the Regulation, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal Data processed for the purposes referred to at point 3 (i and ii) will be kept only for as long as strictly necessary to achieve those purposes. In any case, since data is used in order to provide services, the Data Controller will process the Personal Data up to the time allowed by Italian law (art. 2946 of the Italian Civil Code and subsequent amendments).
With regard to any CVs submitted through the Website or by e-mail (see pint 3.iii), the Personal Data will be kept for as long as necessary for the purpose.
Personal Data processed for the purposes referred to at point 3.iv will be stored for as long as provided for by applicable laws and regulations.
Personal Data processed for the purposes referred to at point 3.v will be kept until we have consent; if you do not withdraw your consent, your data will be stored for a time deemed appropriate.
8. Your rights
Pursuant to Artt. 13, § 2, lett. b) and d), 15, 18, 19 and 21, you have the right to:
a) obtain confirmation of the existence or not of personal data concerning you and their communication in a structured, commonly used and machine-readable format in compliance with Art. 20 of the Regulation;
b) obtain information on the origin of personal data, on the purposes and methods of processing, on the logic applied in case of processing by the mean of electronic instruments;
c) obtain access to your Personal Data at any time and to request from the Data Controller rectification or erasure of your data, as well as to object to and restrict processing of your data in the cases provided for by Art. 18 of the Regulation or the integration of data concerning you;
d) obtain cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is necessary for the purposes for which the data were collected or subsequently processed;
e) obtain data portability;
f) oppose, in whole or in part:
- for legitimate reasons, to the processing of data concerning you, even if pertinent to the purpose of the collection;
- to the processing of personal data concerning you, provided for the purposes of commercial information or sending advertising or direct sales material or for carrying out market research or commercial communication.
In any case, you also have the right to lodge a complaint with the competent Supervisory Authority (Italian Data Protection Authority) if you consider that the processing of your Personal Data infringes the applicable law, pursuant to Art. 77 of the Regulation, by following the instructions published on the official web site of the Italian Authority, www.garanteprivacy.it.
9. Procedure for the exercise of any right
You can exercise your rights at any time by sending an e-mail to the address firstname.lastname@example.org