In compliance with the legal obligations to protect privacy (1, 2), our Company wishes to inform you in advance regarding the conditions of use of your personal data and rights in relation to their treatment.
In this Policy the term “personal data” means any piece of information that can identify a person, either as a single data subject or together with other data, such as name, surname, telephone number, e-mail address, Organization / Company to which it belongs, personal data in the case of partnerships and / or individual companies.
1. SCOPE OF THE INFORMATION ON THE PROTECTION OF PERSONAL DATA
2. DATA CONTROLLER
The owner of the treatment of your data is Diatech Pharmacogenetics S.r.l. a Socio Unico, with registered office in Via Ignazio Silone, 1/b – 60035 Jesi (AN), which determines the purposes and methods of treatment of the same in full compliance with current legislation on the protection of personal data. Diatech Pharmacogenetics S.r.l. a Socio Unico shall from now on also be referred to as the “Company”, “Diatech” or “Owner”.
3. PROCESSED DATA AND PURPOSES
> Data provided voluntarily by the data subject “off-line” (outside the company website)
This refers to personal data provided by the customer, potential customer or other partner in the context of specific contractual and/or pre-contractual activities for the following purposes:
a. implementation of pre-contractual (e.g. offer) and/or contractual agreements (such as: purchase order management; installation; user training; after-sales customer service);
b. administrative purposes and compliance with legal obligations, such as those of an accounting or fiscal nature, or to comply with requests from a judicial authority;
c. limited to the customer/potential customer, sending by e-mail commercial communications relating to products and services of interest to you or to your presumed interest by similarity of scope and/or purpose of use; specifically, this is the case:
- newsletters and advertising materials
- updates about our activities
- promotional communications and invitations to events, training courses, webinars and/or special promotions
> Data collected from publicly available sources
This is the following data publicly available on the Internet, for example on the website of the Company and / or the Entity where the person works or otherwise provides its services:
- first name and surname
- telephone number
- E-Mail address
- Organisation/company to which it belongs
- Department/ Operational area (if available)
This data is used for direct communications with the interested party or entered in the company database used for the periodic sending of promotional e-mails, already described in letter c) of the paragraph relating to “Data provided voluntarily by the data subject off-line”.
>Data acquired “on-line” through the Company’s website ( www.diatechpharmacogenetics.com )
Data actively submitted by the user
If the user is interested in one of the following options, it is required to enter personal data (name, surname, company / body, telephone number and e-mail address), which is acquired by the system only if the user confirms the reading of the linked information and expressly agrees to the use of their data according to the same information:
a. product information request
b. downloading brochures and other information material
c. download “Diatech Group Press Kit”.
The data entered by users for these purposes, will be used subsequently for sending by e-mail marketing and commercial communications (eg: invitation to events, meetings, conferences and seminars, distribution of information of various kinds, sending newsletters, publications and promotional offers via email), related to products and services of interest or likely interest by similarity of scope and / or purposes of application.
Navigation on the site ( www.diatechpharmacogenetics.com ) is unrestricted, with the exception of the page “Reserved Area”, for which a Login (Username and Password) is required as it is an area reserved for professionals of the sector, destined for the download of user manuals and safety data sheets of the products subject to commercial negotiation/supply. In addition to the general data indicated above, the personal data you provide for registration includes an indication of the nationality and the city in which the respective healthcare facility operates for complete authentication.
Data generated automatically by accessing the site
The computer systems and software procedures used to operate the website automatically acquire certain personal data during the user’s navigation, the conveyance of which is implied in the Internet communication protocols.
This information, such as domain names, IP addresses, operating system used and type of browser used to connect, is not accompanied by any additional personal information and is used for:
- improve the functionality of the site and the services offered, based on a statistical analysis derived from the use of the site;
- ensuring data security;
- ascertain liability in the event of hypothetical cybercrimes.
Whatever method the data was collected, its handling always takes place in compliance with the principles of lawfulness, fairness and relevance, moreover, it will not be exceeded meaning that for each activity in which the management of personal data is planned, only strictly necessary data will be processed.
4. LEGAL BASIS FOR PROCESSING
The legal bases on which the possible treatments are based are:
- implementation of pre-contractual measures at the request of the person concerned (e.g. product demonstration, offers)
- execution of a contract, even in the form of a simple order, to which the person concerned is a part of (directly in the case of partnerships/sole traders or indirectly in the case of persons who are employed or cooperate with entities having legal personality)
- optional consent given by the person regarding promotional activities
The use of personal data by Diatech collected for pre-contractual and/or contractual purposes, including sending promotional e-mails, referring to products/services similar to those subject to commercial negotiations, is to be considered legitimate even without the consent of the data subject, provided that he/she has been adequately informed and has not refused such use of his/her data (see in this regard the “Guideline of the Guarantor for the Protection of Personal Data” of 04 July 2013 (3), paragraph 2.7, and the “Recital C50” of the (EU) Regulation 2016/679 (1) ).
The interested party may choose to decline receiving such messages without compromising his/her relationship with Diatech. To stop sending marketing and non-transactional communications, simply click on the “unsubscribe” link at the bottom of the Company’s promotional e-mails; alternatively, you can send a request to unsubscribe to ( firstname.lastname@example.org ).
5. NATURE OF THE PROVISION
The provision of data with respect to contractual purposes is optional, but necessary for Ditech Pharmacogenetics to carry out its commitments.
The provision of data in relation to promotional purposes is optional and must be accompanied by a stated consent, excluding the exception described above for promotional material sent by e-mail. Any refusal on the part of the person concerned will make it impossible for Diatech Pharmacogenetics to send newsletters and advertising material or invitations to events and other promotional initiatives.
The provision of data to receive information on products / download documents through the dedicated options on the corporate website is optional, but essential in order to take advantage of the respective functionality of the site. The registration of your data by the user makes the Company presume said user has a commercial interest in its products / services and for this reason, this data will be used later for sending promotional material via e-mail. The consent of the data subject to use said data is collected at the same time as the specific registration on the site, prior to viewing the Policy.
For any questions about the legal basis on which the Company collects and uses your personal data, please contact our Data Protection Officer
( email@example.com ).
6. METHODS OF DATA HANDLING AND TIME LIMITS FOR DATA RETENTION
Your data may be handled by paper, electronic or IT means, to store and manage them according to logic strictly related to the purposes for which they were collected, such systems are able to ensure, in any case, the security and confidentiality of personal data.
In some cases, the data are stored on servers or databases located at hosting service providers (e.g. Salesforces) with which Diatech has entered into a regular contract, which includes the appointment of the provider as the external manager of the data processing.
We shall be entitled to use your data for as long as your “Data Sheet” is active in our information/computerized system, because it has not been revoked by you, or because it is necessary for us to provide you with our products and services in compliance with the contractual agreements.
Duty of disclosure
If you revoke your permission to use your data, the corresponding “Data Sheet” will be filed, i.e. removed from use in our information system, giving us the possibility of recovering such information, fulfill our legal obligations and meet regulatory requirements; should it prove reasonably necessary, the data may be used or even disclosed, to protect the rights of the Company in the event of legal disputes (e.g. judicial proceedings; court order; legal process).
7. PEOPLE AUTHORISED TO HANDLE, RESPONSIBLE FOR AND COMMUNICATE THE DATA
The handeling of the collected data is carried out by Company staff identified and authorized for this purpose according to specific instructions given in compliance with current regulations.
The data collected, if it is necessary or key for the performance of the purposes indicated above, may also be processed by third parties appointed as external data processors, or, depending on the case, communicated to the third parties as independent data controllers, and precisely:companies that are part of our corporate group;
- persons, companies, associations or professional firms that provide assistance and consultancy to our Company;
- companies or other entities that carry out on behalf of Diatech Pharmacogenetics services necessary for the implementation of the purposes considered above (for example: messengers for the delivery service; technicians for the management and maintenance of computer systems; operator of the “MailUp” service);
- Managing body of the Salesforce cloud platform for recording and managing customer contacts
In any case, personal data will never be disclosed.
8. DATA SECURITY
Diatech Pharmacogenetics has adopted specific physical, electronic and organizational measures in order to guarantee the security of personal data in its archives, in particular to prevent unauthorized access to its information systems, as well as to prevent the loss, alteration or unauthorized forwarding of data to third parties.
Password – Navigation on the company website is unrestricted, apart from access to the reserved area ( www.diatechpharmacogenetics.com/area-riservata ) for which user login is required (Username and Password). The confidentiality of the password for this access is under the direct responsibility of the user and it is recommended not to communicate it to anyone.
Despite the security measures in place, sending data over the Internet can never be considered completely secure and therefore we cannot guarantee the security of the data sent to our website; any circulation is at your own risk.
9. RIGHTS OF THE DATA SUBJECT
The person concerned may at any time access his/her data, oppose its processing or request the cancellation, correction or updating of all personal information concerning him/her collected by Diatech Pharmacogenetics, furthermore, exercising the right to limit the processing and the right to data portability.
In particular, it is in your right:
b. require to amend without undue delay, inaccurate personal data concerning him/her;
c. taking into account the purposes of the processing, obtain the completion of incomplete personal data provided through an additional statement;
d. obtain the deletion without undue delay of your personal data if they are no longer necessary with respect to the purposes of the processing or if your consent to the processing for marketing purposes is revoked;
e. issue a complaint with the competent supervisory authority (Data Protection Supervisor);
f. obtain the deletion of personal data if their unlawful use is detected;
g. obtain a limitation of the handling of the data during the period of verification of the allegedly inaccurate data;
h. object to the deletion of your personal data if such data is necessary to establish, exercise or defend legal rights.
The Data Controller that you will have to contact to exercise these rights or for any other information relating to the management of the privacy of data concerning you is Diatech Pharmacogenetics S.r.l. a Socio Unico, which you can contact by one of the following means:
- Communication to the e-mail address ( firstname.lastname@example.org )
- a letter addressed to the respective address: Via Ignazio Silone, 1/b – 60035 Jesi (AN)
10. FURTHER INFORMATION
>Links to websites owned by third party’s
Links to websites owned by third parties are provided for your convenience only.
Access to any website owned by third parties linked to the Diatech website is exclusively at the user’s own risk.
A cookie is a text file that contains small amounts of information, which is stored on your computer’s hard drive when you visit a web page. You can find more information on cookies and how to manage them at ( http://www.allaboutcookies.org/ ).
The main purpose of a cookie is to allow a user to be identified by a web server and then display custom pages and/or login information when a user returns to visit a web page. Cookies help you avoid having to enter identification information each time you visit our website or re-enter the same search information (search terms, keywords, product names, etc.).
Cookies also help us to provide you immediately with the information you need and other information we think you may be interested in.
Session cookies (which are deleted after each session) and stored cookies (which remain on your hard drive at the end of your session and remain active until they expire, unless you first remove them from your computer) may be used. Cookies may be set by third parties acting on our behalf (e.g. Google Analytics to help us analyze web traffic or improve your browsing experience; Google-Adwords for aggregate statistics of navigation data).
On our site we use the following types of cookies to analyze web traffic and improve the web experience of each user:
- Strictly necessary cookies, essential in order to allow you to browse the website and use its functions;
- Performance cookies, which collect information about your use of the website;
- Functionality cookies, which allow the website to remember your browsing preferences (for example, your username, language or region) and provide enhanced and more personal features to enhance your browsing experience.
- Microsoft Windows Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
- Mozilla Firefox: http://support.mozilla.com/en-US/home
- Google Chrome: http://www.google.com/support/chrome/?hl=en
- Apple Safari: http://www.apple.com/support/safari/
If you choose to decline cookies, certain sections of the website may not be available.
> Using Facebook components
Our website uses certain components of Facebook (Facebook service Inc., California – USA) so when you access the Diatech website while you are logged in to Facebook, one of these components identifies the page you are viewing and transfers its information to your personal Facebook account.
This occurs regardless of whether or not the user clicks on any section of the Diatech website. To avoid this type of tracking, simply log out of Facebook before visiting Diatech’s website.
> Using YouTube components
Our website uses YouTube components (videos) (YouTube, California – USA, a company owned by Google Inc., California – USA).
When viewing a page that has a built-in video, a connection will be made to the YouTube server and the content will be displayed on the website via a communication to the user’s browser. In case the user is connected to YouTube while accessing the Diatech site, the data is transferred to the YouTube server and this information will be matched to the relevant YouTube member account. To avoid this type of tracking, simply disconnect from YouTube before visiting the Diatech website.
Further information on data protection by YouTube is provided by Google under the following link: ( https://policies.google.com/privacy?hl=en&gl=en ).
> Using Twitter components
Our website uses components provided by Twitter (Twitter Inc., California – USA service).
Every time the Diatech website receives a request for access with a Twitter component associated, the browser downloads an image of this component from Twitter. Through this process, Twitter is informed precisely on which page of our website it is viewing.
Diatech has no control over the process of data collection by Twitter, nor over the type of data collected. To the best of our knowledge, Twitter collects the URL of each website you access as well as your IP address, for the sole purpose of viewing Twitter components.
You can change your privacy settings in the specific section of your account at ( http://twitter.com/account/settings ).
> Using LinkedIn Components
Our website uses components provided by the LinkedIn network (service of LinkedIn Corporation, California – USA).
Every time the Diatech website receives a request for access with a LinkedIn component associated, the browser downloads an image of this component from LinkedIn. Through this process, LinkedIn is informed precisely on which page of our website you are viewing. By clicking the “RECOMMEND” LinkedIn button while logged into your LinkedIn account, you can link the content of the Diatech website to your LinkedIn profile, as well as associating your visit to the site with your LinkedIn account.
Diatech has no control over LinkedIn’s data collection process nor the type of data collected.
Last updated: 10 April 2018
Reason for audit: document aligned with the requirements of Regulation (EU) 2016/679.
- (1) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- (2) Legislative Decree no. 196 of 30 June 2003 – CODE IN PROTECTION OF PERSONAL DATA
- (3) Guidelines on Promotional Activities and Against Spam – 4 July 2013 (Published in Official Gazette No. 174 of 26 July 2013)