Diatech Pharmacogenetics S.r.l Complete Privacy Policy

In compliance with the legal obligations to protect privacy (1, 2), our Company wishes to inform you in advance regarding the conditions of use of your personal data and rights in relation to their treatment.

In this Policy the term “personal data” means any piece of information that can identify a person, either as a single data subject or together with other data, such as name, surname, telephone number, e-mail address, Organization / Company to which it belongs, personal data in the case of partnerships and / or individual companies.

1. SCOPE OF THE INFORMATION ON THE PROTECTION OF PERSONAL DATA

This Privacy Policy covers the collection, processing and use of any personal data that Diatech Pharmacogenetics collects from its customers/potential customers, suppliers, resellers and other entities with whom it maintains non-commercial relationships (such as consultants and other professionals). Each of these people represent a “data subject” within the meaning of current legislation.

This Privacy Policy does not apply to the practices of third parties over which Diatech Pharmacogenetics has no control, such as, but not limited to, third-party websites, services and applications that you may choose to access through the Diatech Pharmacogenetics web site.

2. DATA CONTROLLER

The Data controller of your data is Diatech Pharmacogenetics S.r.l. a Socio Unico, with registered office in Via Ignazio Silone, 1/b – 60035 Jesi (AN), which determines the purposes and methods of processing in full compliance with current legislation on the protection of personal data. The Data Controller can be contacted by e-mail at legale@diatechcompany.com or by sending the communication to the address of the company headquarters. In the following Diatech Pharmacogenetics S.r.l. a Socio Unico will also be indicated as the “Company”, “Diatech” or the “Data controller”.

The Data Protection Officer (DPO) is the person appointed by the Data Controller to monitor compliance with the GDPR Regulations, and is available to respond to your requests for any information on the processing of your personal data, as well as your rights, and can be contacted by e-mail at: dpo_diatechpgx@protectiontrade.it

3. PROCESSED DATA AND PURPOSES

Data provided voluntarily by the data subject “off-line” (outside the company website)

This refers to personal data provided by the customer, potential customer or other partner in the context of specific contractual and/or pre-contractual activities for the following purposes:

a. implementation of pre-contractual (e.g. offer) and/or contractual agreements (such as: purchase order management; installation; user training; after-sales customer service);
b. administrative purposes and compliance with legal obligations, such as those of an accounting or fiscal nature, or to comply with requests from a judicial authority;
c. limited to the customer/potential customer, sending by e-mail commercial communications relating to products and services of interest to you or to your presumed interest by similarity of scope and/or purpose of use; specifically, this is the case:

  •  newsletters and advertising materials
  • updates about our activities
  • promotional communications and invitations to events, training courses, webinars and/or special promotions

Data collected from publicly available sources

This is the following data publicly available on the Internet, for example on the website of the Company and / or the Entity where the person works or otherwise provides its services:

  • first name and surname
  • telephone number
  • E-Mail address
  • Organisation/company to which it belongs
  • Department/ Operational area (if available)

This data is used for direct communications with the interested party or entered in the company database used for the periodic sending of promotional e-mails, already described in letter c) of the paragraph relating to “Data provided voluntarily by the data subject off-line”.

>Data acquired “on-line” through the Company’s website ( www.diatechpharmacogenetics.com )

Data actively submitted by the user
If the user is interested in one of the following options, it is required to enter personal data (name, surname, company / body, telephone number and e-mail address), which is acquired by the system only if the user confirms the reading of the linked information and expressly agrees to the use of their data according to the same information:

a. product information request
b. downloading brochures and other information material
c. download “Diatech Group Press Kit”.

The data entered by users for these purposes, will be used subsequently for sending by e-mail marketing and commercial communications (eg: invitation to events, meetings, conferences and seminars, distribution of information of various kinds, sending newsletters, publications and promotional offers via email), related to products and services of interest or likely interest by similarity of scope and / or purposes of application.

Navigation on the site ( www.diatechpharmacogenetics.com ) is unrestricted, with the exception of the page “Reserved Area”, for which a Login (Username and Password) is required as it is an area reserved for professionals of the sector, destined for the download of user manuals and safety data sheets of the products subject to commercial negotiation/supply. In addition to the general data indicated above, the personal data you provide for registration includes an indication of the nationality and the city in which the respective healthcare facility operates for complete authentication.

Data generated automatically by accessing the site

The computer systems and software procedures used to operate the website automatically acquire certain personal data during the user’s navigation, the conveyance of which is implied in the Internet communication protocols.
This information, such as domain names, IP addresses, operating system used and type of browser used to connect, is not accompanied by any additional personal information and is used for:

  •  improve the functionality of the site and the services offered, based on a statistical analysis derived from the use of the site;
  • ensuring data security;
  • ascertain liability in the event of hypothetical cybercrimes.

The site also provides for the use of cookies to facilitate navigation by the user through a customization that results from the alteration of selections made in the past by the user. For more details see the section dedicated to Cookies (Section 10 – FURTHER INFORMATION).

Whatever method the data was collected, its handling always takes place in compliance with the principles of lawfulness, fairness and relevance, moreover, it will not be exceeded meaning that for each activity in which the management of personal data is planned, only strictly necessary data will be processed.

4. LEGAL BASIS FOR PROCESSING

The legal bases on which the possible treatments are based are:

  • implementation of pre-contractual measures at the request of the person concerned (e.g. product demonstration, offers)
  • execution of a contract, even in the form of a simple order, to which the person concerned is a part of (directly in the case of partnerships/sole traders or indirectly in the case of persons who are employed or cooperate with entities having legal personality)
  • optional consent given by the person regarding promotional activities

The use of personal data by Diatech collected for pre-contractual and/or contractual purposes, including sending promotional e-mails, referring to products/services similar to those subject to commercial negotiations, is to be considered legitimate even without the consent of the data subject, provided that he/she has been adequately informed and has not refused such use of his/her data (see in this regard the “Guideline of the Guarantor for the Protection of Personal Data” of 04 July 2013 (3), paragraph 2.7, and the “Recital C50” of the (EU) Regulation 2016/679 (1) ).

The interested party may choose to decline receiving such messages without compromising his/her relationship with Diatech. To stop sending marketing and non-transactional communications, simply click on the “unsubscribe” link at the bottom of the Company’s promotional e-mails; alternatively, you can send a request to unsubscribe to ( info@labline.it ).

5. NATURE OF THE PROVISION

The provision of data with respect to contractual purposes is optional, but necessary for Ditech Pharmacogenetics to carry out its commitments.

The provision of data in relation to promotional purposes is optional and must be accompanied by a stated consent, excluding the exception described above for promotional material sent by e-mail. Any refusal on the part of the person concerned will make it impossible for Diatech Pharmacogenetics to send newsletters and advertising material or invitations to events and other promotional initiatives.

The provision of data to receive information on products / download documents through the dedicated options on the corporate website is optional, but essential in order to take advantage of the respective functionality of the site.  The registration of your data by the user makes the Company presume said user has a commercial interest in its products / services and for this reason, this data will be used later for sending promotional material via e-mail. The consent of the data subject to use said data is collected at the same time as the specific registration on the site, prior to viewing the Policy.

For any questions about the legal basis on which the Company collects and uses your personal data, please contact our Data Protection Officer
( legale@diatechcompany.com ).

6. METHODS OF DATA HANDLING AND TIME LIMITS FOR DATA RETENTION

Your data may be handled by paper, electronic or IT means, to store and manage them according to logic strictly related to the purposes for which they were collected, such systems are able to ensure, in any case, the security and confidentiality of personal data.

In some cases, the data are stored on servers or databases located at hosting service providers (e.g. Salesforces) with which Diatech has entered into a regular contract, which includes the appointment of the provider as the external manager of the data processing.

We shall be entitled to use your data for as long as your “Data Sheet” is active in our information/computerized system, because it has not been revoked by you, or because it is necessary for us to provide you with our products and services in compliance with the contractual agreements.

Duty of disclosure

If you revoke your permission to use your data, the corresponding “Data Sheet” will be filed, i.e. removed from use in our information system, giving us the possibility of recovering such information, fulfill our legal obligations and meet regulatory requirements; should it prove reasonably necessary, the data may be used or even disclosed, to protect the rights of the Company in the event of legal disputes (e.g. judicial proceedings; court order; legal process).

7. PEOPLE AUTHORISED TO HANDLE, RESPONSIBLE FOR AND COMMUNICATE THE DATA

The handeling of the collected data is carried out by Company staff identified and authorized for this purpose according to specific instructions given in compliance with current regulations.

The data collected, if it is necessary or key for the performance of the purposes indicated above, may also be processed by third parties appointed as external data processors, or, depending on the case, communicated to the third parties as independent data controllers, and precisely:companies that are part of our corporate group;

  • persons, companies, associations or professional firms that provide assistance and consultancy to our Company;
  • companies or other entities that carry out on behalf of Diatech Pharmacogenetics services necessary for the implementation of the purposes considered above (for example: messengers for the delivery service; technicians for the management and maintenance of computer systems; operator of the “MailUp” service);
  • Managing body of the Salesforce cloud platform for recording and managing customer contacts

In any case, personal data will never be disclosed.

Apart from what is expressly stated in this Privacy Policy, Diatech does not share, sell, nor grant use or market any personal information to third parties for advertising purposes.

8. DATA SECURITY

Diatech Pharmacogenetics has adopted specific physical, electronic and organizational measures in order to guarantee the security of personal data in its archives, in particular to prevent unauthorized access to its information systems, as well as to prevent the loss, alteration or unauthorized forwarding of data to third parties.

Password – Navigation on the company website is unrestricted, apart from access to the reserved area ( www.diatechpharmacogenetics.com/area-riservata ) for which user login is required (Username and Password).  The confidentiality of the password for this access is under the direct responsibility of the user and it is recommended not to communicate it to anyone.

Despite the security measures in place, sending data over the Internet can never be considered completely secure and therefore we cannot guarantee the security of the data sent to our website; any circulation is at your own risk.

9. RIGHTS OF THE DATA SUBJECT

The person concerned may at any time access his/her data, oppose its processing or request the cancellation, correction or updating of all personal information concerning him/her collected by Diatech Pharmacogenetics, furthermore, exercising the right to limit the processing and the right to data portability.

In particular, it is in your right:
a. obtain confirmation of the processing of personal data which concerns you, whether ongoing or not, together with the complete Privacy Policy according to which they are managed and, in the event of interest, their communication in a comprehensive way (structured format, commonly used and readable by an automatic device);
b. require to amend without undue delay, inaccurate personal data concerning him/her;
c. taking into account the purposes of the processing, obtain the completion of incomplete personal data provided through an additional statement;
d. obtain the deletion without undue delay of your personal data if they are no longer necessary with respect to the purposes of the processing or if your consent to the processing for marketing purposes is revoked;
e. issue a complaint with the competent supervisory authority (Data Protection Supervisor);
f. obtain the deletion of personal data if their unlawful use is detected;
g. obtain a limitation of the handling of the data during the period of verification of the allegedly inaccurate data;
h. object to the deletion of your personal data if such data is necessary to establish, exercise or defend legal rights.

The Data Controller that you will have to contact to exercise these rights or for any other information relating to the management of the privacy of data concerning you is Diatech Pharmacogenetics S.r.l. a Socio Unico, which you can contact by one of the following means:

  • Communication to the e-mail address ( legale@diatechcompany.com )
  • a letter addressed to the respective address: Via Ignazio Silone, 1/b – 60035 Jesi (AN)

For any information regarding the processing of your personal data and the exercise of your rights, you may contact the Data Protection Officer (DPO) by e-mail at: dpo_diatechpgx@protectiontrade.it

10. FURTHER INFORMATION

>Links to websites owned by third party’s

Links to websites owned by third parties are provided for your convenience only.

By using these links, you are leaving the Diatech Pharmacogenetics web site and switching to other web sites for which Diatech has not verified the correct functionality/security, as these web sites are beyond the control of the Company and therefore is responsible for their content or for the privacy policy.

Access to any website owned by third parties linked to the Diatech website is exclusively at the user’s own risk.

>Types of data collected through cookies and purposes of use of cookies

A cookie is a text file that contains small amounts of information, which is stored on your computer’s hard drive when you visit a web page. You can find more information on cookies and how to manage them at ( http://www.allaboutcookies.org/ ).

The main purpose of a cookie is to allow a user to be identified by a web server and then display custom pages and/or login information when a user returns to visit a web page. Cookies help you avoid having to enter identification information each time you visit our website or re-enter the same search information (search terms, keywords, product names, etc.).

Cookies also help us to provide you immediately with the information you need and other information we think you may be interested in.

Session cookies (which are deleted after each session) and stored cookies (which remain on your hard drive at the end of your session and remain active until they expire, unless you first remove them from your computer) may be used. Cookies may be set by third parties acting on our behalf (e.g. Google Analytics to help us analyze web traffic or improve your browsing experience; Google-Adwords for aggregate statistics of navigation data).

On our site we use the following types of cookies to analyze web traffic and improve the web experience of each user:

  • Strictly necessary cookies, essential in order to allow you to browse the website and use its functions;
  • Performance cookies, which collect information about your use of the website;
  • Functionality cookies, which allow the website to remember your browsing preferences (for example, your username, language or region) and provide enhanced and more personal features to enhance your browsing experience.

As a user, you have the option of accepting or rejecting the use of cookies. Where required by law, Diatech indicates the use of cookies through a prominent banner on its website. Cookies can be specificly removed by using a feature built into most web browsers and you can refuse approval by activating this setting on your browser. You can also configure your web browser to receive a notification of a request to install cookies, with a request to accept them or the possibility of rejecting them entirely. For information about your browser’s cookie configuration, please look at:

If you choose to decline cookies, certain sections of the website may not be available.

Using Facebook components

Our website uses certain components of Facebook (Facebook service Inc., California – USA) so when you access the Diatech website while you are logged in to Facebook, one of these components identifies the page you are viewing and transfers its information to your personal Facebook account.

This occurs regardless of whether or not the user clicks on any section of the Diatech website.  To avoid this type of tracking, simply log out of Facebook before visiting Diatech’s website.

Please refer to Facebook’s Privacy Policy for further details, in particular on the collection and processing of data and the options available for privacy protection ( https://it-it.facebook.com/privacy/explanation ).

Using YouTube components

Our website uses YouTube components (videos) (YouTube, California – USA, a company owned by Google Inc., California – USA).

When viewing a page that has a built-in video, a connection will be made to the YouTube server and the content will be displayed on the website via a communication to the user’s browser. In case the user is connected to YouTube while accessing the Diatech site, the data is transferred to the YouTube server and this information will be matched to the relevant YouTube member account. To avoid this type of tracking, simply disconnect from YouTube before visiting the Diatech website.

Further information on data protection by YouTube is provided by Google under the following link:  ( https://policies.google.com/privacy?hl=en&gl=en ).

> Using Twitter components

Our website uses components provided by Twitter (Twitter Inc., California – USA service).

Every time the Diatech website receives a request for access with a Twitter component associated, the browser downloads an image of this component from Twitter. Through this process, Twitter is informed precisely on which page of our website it is viewing.

Diatech has no control over the process of data collection by Twitter, nor over the type of data collected. To the best of our knowledge, Twitter collects the URL of each website you access as well as your IP address, for the sole purpose of viewing Twitter components.

Please refer to Twitter’s Privacy Policy for more details ( http://twitter.com/privacy ).

You can change your privacy settings in the specific section of your account at  ( http://twitter.com/account/settings ).

> Using LinkedIn Components

Our website uses components provided by the LinkedIn network (service of LinkedIn Corporation, California – USA).

Every time the Diatech website receives a request for access with a LinkedIn component associated, the browser downloads an image of this component from LinkedIn. Through this process, LinkedIn is informed precisely on which page of our website you are viewing. By clicking the “RECOMMEND” LinkedIn button while logged into your LinkedIn account, you can link the content of the Diatech website to your LinkedIn profile, as well as associating your visit to the site with your LinkedIn account.

Diatech has no control over LinkedIn’s data collection process nor the type of data collected.

Refer to LinkedIn’s Privacy Policy for further details, particularly on data collection and processing and the options available for privacy protection ( http://www.linkedin.com/legal/privacy-policy ).

11. AMENDMENT TO THIS PRIVACY POLICY

Diatech Pharmacogenetics reserves the right to change this Privacy Policy by notifying you of changes in the document no less than 30 (thirty) working days before the effective date of the updated. The notice may also be published on the Company’s website ( https://www.diatechpharmacogenetics.com ).

Last updated: 15 October 2018

Reason for revision: Publication of the contact details of the Data Protection Officer (DPO) pursuant to Art. 37 (p.to 7) of Regulation (EU) 2016/679

Notes:

  1. (1) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  2. (2) Legislative Decree no. 196 of 30 June 2003 – CODE IN PROTECTION OF PERSONAL DATA
  3. (3) Guidelines on Promotional Activities and Against Spam – 4 July 2013 (Published in Official Gazette No. 174 of 26 July 2013)