1.     What does this policy apply to?

This privacy policy, drafted pursuant to the applicable European General Data Protection Regulation 2016/679 (hereinafter GDPR), applies to personal data processing carried out in relation to the website aesthetics.fidiapharma.com. The pages of the Website may contain additional specific privacy policies in order to provide detailed information on a particular type of data collection, and its processing related to a particular service.

This policy is provided only for aesthetics.fidiapharma.com and does not apply to other websites that may be reached via hyperlinks.

2.     Who is the Data Controller and what are the DPO’s contact details?

The Data Controller is Fidia Farmaceutici S.p.A. with registered office in Via Ponte della Fabbrica 3/A – 35031 Abano Terme (PD).

If you have any questions about the processing of your personal data or to exercise your rights regarding privacy, you can contact our Data Protection Officer (hereinafter DPO) in the following ways: by email by writing to dpo@fidiapharma.it or by normal post by writing to: Via Ponte della Fabbrica 3/A – 35031 Abano Terme (PD), FAO: Legal Department and Data Protection Officer.
When you send us a request, remember to include your contact details so we can identify you and get back to you.

3.     What types of personal data do we collect and where do we get it from?

Website browsing data

During their normal operation, the computer systems and software procedures used to operate this Website acquire certain personal data, the transmission of which is implicit in the use of internet communication protocols.

This category includes IP addresses or the domain names of computers and terminals used by users, addresses in URI/URL (Uniform Resource Identifier/Locator) notation of requested resources, the time the request is made, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the response status from the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.

This data, necessary for use of the web services, is also processed in order to:

• obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
• monitor the proper functioning of the services provided.

Data voluntarily provided by you

The voluntary sending of messages to the contact addresses on the Website involves the acquisition of your contact data, as well as the subject and content of your messages.

Your voluntary completion and submission of any forms (information acquisition forms) on the Website, involves the acquisition of your contact details as the sender, and of other data provided in the specific form, in which those fields that are considered mandatory, without the compilation of which it is not possible to send the form, are always indicated (usually with a ‘*’).

Data provided by you as a registered user

The Website may contain restricted areas, access to which requires you to register (thereby becoming a registered user of the Website). For this purpose, the data necessary to create the registration and manage it over time will be used, i.e.e: identification data of the person who wants to register, including their email address that will be used in the registration phase, as well as to send any necessary communications (so-called service communications), log in credentials: typically UserID and Password and any other access PIN and, finally, the data which, case by case, may be necessary according to the topics covered in the restricted area.

Data provided by you in relation to a service you have requested

The Website may provide services, such as access to information conveyed through specific newsletters dedicated to particular topics of interest to you, or it may allow the purchase of products and services in compliance with the regulatory system that by law governs their purchase by both companies and consumers.

In the event of your request to receive our newsletter (where the service is available), we will use your contact details and email address. Where, on the other hand, the Website provides online purchasing functionalities (e-commerce), your data will be necessary to complete the purchase and therefore full identification data, contact details and delivery address, while the data relating to payment will be directly processed by the payment service provider (e.g. bank) on which the e-commerce functionalities are based.

Profiling and marketing data

We may use your identification data, contact data, data relating to your preferences and interests indicated by your use of the Website, for the purpose of providing you with services tailored to your needs or sending you ad hoc commercial communications, only if you provide us with your prior consent.

Data from external sources

Only in relation to services that may be available on the Website, and which have been explicitly requested by you, we may collect certain data concerning you from relevant external sources, such as your membership of a professional association, should this be necessary to allow you to access the service.

Cookies

Cookies are used to make it technically possible to browse the Website, to carry out statistical analyses of its use, and, only with users’ consent, to carry out profiling and provide services tailored to their needs or send ad hoc commercial communications. Please refer to the specific Cookie Policy

4.     For what purposes do we process personal data?

The purposes are the following:

1. Website technical management: Technically enable efficient browsing of the Website

To this end, we will use Website browsing data and Technical Cookies (see Cookie Policy).

1. Provision of requested services: Provide the services you have requested, including the management of your registration to specific restricted areas of the Website where present, sending information material expressly requested by you, allow you to purchase our products online where this functionality is available on the Website, and respond to your requests for information and details concerning our products or thematic sections.

To this end, we will use the Website browsing data, the Data voluntarily provided by you, Data provided by you as a registered user, Data provided by you in relation to a service you have requested, Data from external sources where necessary in relation to the service, and Technical Cookies (see Cookie Policy).

1. Website security management: Manage the security of data and of our information facilities against malicious attacks and attempted fraud.

To this end, we will use the Website browsing data and, applying the minimisation principle, i.e. process only the data strictly necessary case by case, the Data voluntarily provided by you, Data provided by you as a registered user, Data provided by you in relation to a service you have requested, Data from external sources where necessary in relation to the service, and Cookies (see Cookie Policy).

1. User analysis: Analyse your behaviour based on the use of the Website in order to adapt our services accordingly and present you with commercial proposals, subject to obtaining your voluntary consent.

To this end, we will use the Website browsing data and, applying the minimisation principal, i.e. process only the data strictly necessary case by case, the Data voluntarily provided by you, Data provided by you as a registered user, Data provided by you in relation to a service you have requested, Data from external sources and Cookies (see Cookie Policy)

1. Authority requests: Respond to any requests for information from the competent Authorities.

To this end, from among all the data in our possession, we will use that requested by the Authority under applicable law.

1. Exercise of Privacy Rights: Respond to your requests to exercise your privacy rights, as provided for by current data protection legislation.

To this end, we will use the Data voluntarily provided by you.

5.     With which legal bases do we process personal data?

We must comply with a legal requirement when data is processed for the above purposes e. Authority requests and f. Exercise of Privacy Rights.

On the other hand, the legal basis is to meet your requests when we process data for the above purposes: a. Website technical management  and b. Provision of requested services.

On the other hand, we have a legitimate interest in processing the data in the case of the above purpose c. Website security management, consisting of the need to put in place measures to protect data and technical infrastructures against the risk of unforeseen events or illegal or malicious acts that could compromise their confidentiality, availability and integrity.

The legal basis, on the other hand, is your voluntary and prior consent to processing, in the case of the purpose described above: d. User analysis.

6.      To which recipients can personal data be communicated and possibly exported outside the EU?

Personal data is processed by personnel specifically authorised by the Data Controller, as well as by third parties, also possibly established in countries outside the European Union, only when this is necessary for the operational and maintenance needs of the Website and the services made available thereon, without prejudice to any obligations provided for by law.

As provided for by the GDPR, the Data Controller contractually identifies third party companies that perform processing on behalf of said Data Controller as Data Processors.
Should it be necessary to involve third parties established in countries outside the European Union, the appropriate applicable safeguards in terms of adequacy decisions issued by the European Commission, standard contractual clauses again defined by the Commission or by the competent National Personal Data Protection Authority or the exceptions provided for by the GDPR will be adopted on a case by case basis for the related transfer of data abroad.

Further information regarding possible transfers of data to countries outside the European Union and the related guarantees adopted, as well as information regarding the companies appointed as Data Processors, can be requested from the DPO.

7.     For how long do we retain personal data?

The personal data processed will be retained for a period of time not exceeding that required for achievement of the purposes indicated above and in compliance with any terms provided for by law, except for the need to keep it for a longer period of time following requests from the competent authorities for the prevention and prosecution of crimes or, in any case, to assert or defend a right in court.

8.     What are the processing methods and security measures applied to personal data?

All data will be processed mainly in electronic format and collected and processed by applying the technical and organisational measures consistent with a level of security appropriate to the risks, taking into account the state of the art and the implementation costs and, where applicable, the security measures prescribed by specific legislation.

In using the functionalities of this Website and with reference to personal data protection aspects, in accordance with Art. 33 of the GDPR, users are invited to report to the Data Controller any circumstances or events that may result in a potential “data breach”, by sending a communication to the following email address databreach@fidiapharma.it, in order to allow the Data Controller to assess the event and adopt the measures and procedures provided for by law.
It should be noted that a data breach is “any security breach that involves the accidental or unlawful destruction, loss, modification, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed“.

The measures adopted by the Data Controller do not exempt the user of the Website from paying the necessary attention, where the use passwords/PINs is required for a specific Website service, choosing passwords/PINs of adequate complexity, and which must be periodically kept update and safeguarded and make inaccessible to others, in order to avoid improper and unauthorised use.

9.     What are your privacy rights and how can you exercise them?

In relation to the processing of personal data carried out through the Website, as a data subject, you may at any time exercise the rights provided for by the GDPR; in particular request to:

• access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom it may be communicated, the applicable retention period, the existence of automated decision-making processes, including profiling, and, at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject if not already indicated in the text of this Policy;
• obtain, without undue delay, rectification of any inaccurate personal data concerning you;
• in the cases provided for by law, obtain the erasure of your data;
• obtain restriction of processing or object to the same, when admitted on the basis of the legal provisions applicable to the specific case. Be aware that it is always possible to object to any direct marketing actions;
• in the cases provided for by law, obtain portability of the data you have provided to the Data Controller, i.e. receive it in a structured, commonly used and machine-readable format and also request to transmit such data to another data controller, if technically feasible;

In addition, if you deem it appropriate, you may lodge a complaint with the Supervisory Authority (Personal Data Protection Authority).

Please note that for the processing of personal data where consent is the legal basis, you may withdraw it at any time by addressing your request via email to the DPO, or by using, where present on the Website, appropriate means to withdraw/provide consent in relation to specific processing.

Regarding the use of cookies, to change the status of consents, please refer to that indicated in the Cookie Policy

For further information concerning your rights and the privacy provisions in general, please visit the website of the Personal Data Protection Authority at http://www.garanteprivacy.it/

10.  Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time, publishing them on this page. So please take a look at this page often and check the bottom for the date of the most recent change made.

Policy published on: 18/03/2022