testata generica 1920


Cristalfarma, in its capacity as Data Controller, wishes to provide the following specific information relating to the manner in which the sites (www.cristalfarma.it and other sites linked to it) are managed with regard to the processing of the personal data of the users who consult them. This is also a disclosure made pursuant to Article 13 of the EU Regulation 2016/679 "GDPR" (hereinafter the "Privacy Policy"), in view of the "Guidelines 5/2020 on consent under Regulation (EU) 2016/679".

Cristalfarma is the Data Controller of data related to the use of the site, based in Milan, Via San Giuseppe Cottolengo n. 15, cap 20143, Italy, email: info@cristalfarma.it.

The Company has appointed a Data Protection Officer (DPO) who can be contacted at DPO@mediolanum-farma.com.

The types of data and information collected and processed by Cristalfarma are:

  • navigation data (collected automatically);
  • data provided by the user voluntarily;
  • data collected through the use of cookies.

The computer systems and software procedures used to operate the site acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected in order to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the website, and other parameters relating to the user's operating system and computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, and are kept for the period strictly necessary for statistical analysis.
The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site.

Cristalfarma collects personal data voluntarily provided by users through the www.cristalfarma.it websites and other sites linked to it, in the following cases:

  1. sending, by users, to the address, fax number, e-mail address, indicated on the "Contacts" page, of messages requesting information;
  2. spontaneous sending, by users, of their personal data in order to receive information on Cristalfarma's products;
  3. spontaneous sending of information, through the compilation of the appropriate form by users, in order to proceed to the purchase of Cristalfarma products, for the sole purposes of order management, delivery of goods to the address to be indicated, and bookkeeping;
  4. spontaneous sending of information by users by filling in the appropriate form in order to receive newsletters;
  5. spontaneous release by users of their data, by filling in the appropriate form, for registration in the area reserved for doctors.

For each form or module for collecting Personal Data, the site provides a specific information notice.

The Site uses cookies in accordance with the Cookie Policy adopted.

Personal data will be processed for the following purposes:

  1. purposes of enabling navigation and consultation within the site and to fulfil legal obligations;
  2. purposes inherent to the provision of the requested services (e.g. answering questions, including those about products; possible subscription to informative newsletters; online sale of products as well as order management and delivery of goods; use of online web services; access to information areas) as well as to fulfil any related legal and tax obligations;
  3. defensive purposes in the event of misuse of the site or attempted fraud;
  4. statistical and market research purposes with anonymised data,
  5. direct marketing purposes.

The Controller processes your data: 1) to implement pre-contractual measures taken at the request of the User/Interested Party; 2) on the basis of the consent given by the Interested Party to the processing of his/her personal data for one or more specific purposes; 3) to comply with legal obligations.

Without prejudice to what is stated in relation to navigation data, users are free to provide their personal data. Failure to provide them may make it impossible for Cristalfarma to receive requests for information that may be sent by users through the Contact Us page or to perform the requested services (e.g. sending product information, purchasing products, sending newsletters).
Users are free to provide information and give their consent for promotional communications to be sent. Failure to provide consent will not allow Cristalfarma to transmit its promotional offers.

Personal data are processed by automated tools and on paper, for the time strictly necessary to achieve the purposes for which they were collected.
Specific security measures are observed to prevent the loss of personal data, unlawful or incorrect use and unauthorised access. In particular, the secure https protocol for certain confidential parts of the site and applications and protections against unauthorised access to servers and other computers in use.

The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For further information, please contact the owner.
Data are not transferred to a third country or international organisation.

Your data have been acquired through your input on the websites www.cristalfarma.it and other sites linked to it and may be communicated by Cristalfarma to subjects specifically appointed as Data Processors for the purposes indicated in this Privacy Policy: these subjects include Engitel Spa with registered office in Milan, via Zarotto n. 6, cap 20124 that manages the site and e-commerce services of Cristalfarma. The data will be processed by the Controller by means of its employees. A list of the persons appointed as Data Processors can be found at Cristalfarma's head office. No further communication of data to third parties is envisaged.

You have the right to exercise at any time the rights set out in Articles 12 et seq. of EU Regulation 2016/679, namely:

  1. access to personal data;
  2. to obtain the rectification or deletion of the data or the restriction of the processing of personal data concerning him/her;
  3. to object to the processing;
  4. to data portability;
  5. to revoke consent without prejudice to the lawfulness of the processing based on the consent given before revocation.

To exercise the aforementioned rights, make a report or receive information on how your personal data is processed, requests may be made by writing to the Data Controller or the DPO at the addresses indicated in this Privacy Policy.
We remind you that you also have the right to lodge a complaint with the supervisory authority (Garante Privacy).

Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

Changes to this Privacy Policy
The Controller periodically reviews its privacy and security policy and, where appropriate, revises it in relation to regulatory, organisational or technological changes. If the policies change, the new version will be published on this page of the site.
If the changes affect processing whose legal basis is consent, the Controller will collect the User's consent again, if necessary.