Cristalfarma is the Data Controller of data related to the use of the site, based in Milan, Via San Giuseppe Cottolengo n. 15, cap 20143, Italy, email: email@example.com.
PERSONAL DATA OFFICER
The Company has appointed a Data Protection Officer (DPO) who can be contacted at DPO@mediolanum-farma.com.
TYPE OF DATA PROCESSED
The types of data and information collected and processed by Cristalfarma are:
- navigation data (collected automatically);
- data provided by the user voluntarily;
The computer systems and software procedures used to operate the site acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected in order to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the website, and other parameters relating to the user's operating system and computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, and are kept for the period strictly necessary for statistical analysis.
The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site.
DATA VOLUNTARILY PROVIDED BY THE USER
Cristalfarma collects personal data voluntarily provided by users through the www.cristalfarma.it websites and other sites linked to it, in the following cases:
- sending, by users, to the address, fax number, e-mail address, indicated on the "Contacts" page, of messages requesting information;
- spontaneous sending, by users, of their personal data in order to receive information on Cristalfarma's products;
- spontaneous sending of information, through the compilation of the appropriate form by users, in order to proceed to the purchase of Cristalfarma products, for the sole purposes of order management, delivery of goods to the address to be indicated, and bookkeeping;
- spontaneous sending of information by users by filling in the appropriate form in order to receive newsletters;
- spontaneous release by users of their data, by filling in the appropriate form, for registration in the area reserved for doctors.
For each form or module for collecting Personal Data, the site provides a specific information notice.
PURPOSES OF THE PROCESSING
Personal data will be processed for the following purposes:
- purposes of enabling navigation and consultation within the site and to fulfil legal obligations;
- purposes inherent to the provision of the requested services (e.g. answering questions, including those about products; possible subscription to informative newsletters; online sale of products as well as order management and delivery of goods; use of online web services; access to information areas) as well as to fulfil any related legal and tax obligations;
- defensive purposes in the event of misuse of the site or attempted fraud;
- statistical and market research purposes with anonymised data,
- direct marketing purposes.
LEGAL BASIS OF THE PROCESSING
The Controller processes your data: 1) to implement pre-contractual measures taken at the request of the User/Interested Party; 2) on the basis of the consent given by the Interested Party to the processing of his/her personal data for one or more specific purposes; 3) to comply with legal obligations.
NATURE OF DATA PROVISION
Without prejudice to what is stated in relation to navigation data, users are free to provide their personal data. Failure to provide them may make it impossible for Cristalfarma to receive requests for information that may be sent by users through the Contact Us page or to perform the requested services (e.g. sending product information, purchasing products, sending newsletters).
Users are free to provide information and give their consent for promotional communications to be sent. Failure to provide consent will not allow Cristalfarma to transmit its promotional offers.
METHODS OF PROCESSING
Personal data are processed by automated tools and on paper, for the time strictly necessary to achieve the purposes for which they were collected.
Specific security measures are observed to prevent the loss of personal data, unlawful or incorrect use and unauthorised access. In particular, the secure https protocol for certain confidential parts of the site and applications and protections against unauthorised access to servers and other computers in use.
EVENTUAL TRANSFERS OUTSIDE THE EU
The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For further information, please contact the owner.
Data are not transferred to a third country or international organisation.
SUBJECTS AUTHORISED TO PROCESS
RIGHTS OF INTERESTED PARTIES
You have the right to exercise at any time the rights set out in Articles 12 et seq. of EU Regulation 2016/679, namely:
- access to personal data;
- to obtain the rectification or deletion of the data or the restriction of the processing of personal data concerning him/her;
- to object to the processing;
- to data portability;
- to revoke consent without prejudice to the lawfulness of the processing based on the consent given before revocation.
We remind you that you also have the right to lodge a complaint with the supervisory authority (Garante Privacy).
FURTHER INFORMATION ON PROCESSING
Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.
The Controller periodically reviews its privacy and security policy and, where appropriate, revises it in relation to regulatory, organisational or technological changes. If the policies change, the new version will be published on this page of the site.
If the changes affect processing whose legal basis is consent, the Controller will collect the User's consent again, if necessary.