This policy is provided only for aesthetics.fidiapharma.com and does not apply to other websites that may be reached via hyperlinks.
The Data Controller is Fidia Farmaceutici S.p.A. with registered office in Via Ponte della Fabbrica 3/A – 35031 Abano Terme (PD).
If you have any questions about the processing of your personal data or to exercise your rights regarding privacy, you can contact our Data Protection Officer (hereinafter DPO) in the following ways: by email by writing to email@example.com or by normal post by writing to: Via Ponte della Fabbrica 3/A – 35031 Abano Terme (PD), FAO: Legal Department and Data Protection Officer.
When you send us a request, remember to include your contact details so we can identify you and get back to you.
Website browsing data
During their normal operation, the computer systems and software procedures used to operate this Website acquire certain personal data, the transmission of which is implicit in the use of internet communication protocols.
This category includes IP addresses or the domain names of computers and terminals used by users, addresses in URI/URL (Uniform Resource Identifier/Locator) notation of requested resources, the time the request is made, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the response status from the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.
This data, necessary for use of the web services, is also processed in order to:
Data voluntarily provided by you
The voluntary sending of messages to the contact addresses on the Website involves the acquisition of your contact data, as well as the subject and content of your messages.
Your voluntary completion and submission of any forms (information acquisition forms) on the Website, involves the acquisition of your contact details as the sender, and of other data provided in the specific form, in which those fields that are considered mandatory, without the compilation of which it is not possible to send the form, are always indicated (usually with a ‘*’).
Data provided by you as a registered user
The Website may contain restricted areas, access to which requires you to register (thereby becoming a registered user of the Website). For this purpose, the data necessary to create the registration and manage it over time will be used, i.e.e: identification data of the person who wants to register, including their email address that will be used in the registration phase, as well as to send any necessary communications (so-called service communications), log in credentials: typically UserID and Password and any other access PIN and, finally, the data which, case by case, may be necessary according to the topics covered in the restricted area.
Data provided by you in relation to a service you have requested
The Website may provide services, such as access to information conveyed through specific newsletters dedicated to particular topics of interest to you, or it may allow the purchase of products and services in compliance with the regulatory system that by law governs their purchase by both companies and consumers.
In the event of your request to receive our newsletter (where the service is available), we will use your contact details and email address. Where, on the other hand, the Website provides online purchasing functionalities (e-commerce), your data will be necessary to complete the purchase and therefore full identification data, contact details and delivery address, while the data relating to payment will be directly processed by the payment service provider (e.g. bank) on which the e-commerce functionalities are based.
Profiling and marketing data
We may use your identification data, contact data, data relating to your preferences and interests indicated by your use of the Website, for the purpose of providing you with services tailored to your needs or sending you ad hoc commercial communications, only if you provide us with your prior consent.
Data from external sources
Only in relation to services that may be available on the Website, and which have been explicitly requested by you, we may collect certain data concerning you from relevant external sources, such as your membership of a professional association, should this be necessary to allow you to access the service.
The purposes are the following:
To this end, from among all the data in our possession, we will use that requested by the Authority under applicable law.
To this end, we will use the Data voluntarily provided by you.
We must comply with a legal requirement when data is processed for the above purposes e. Authority requests and f. Exercise of Privacy Rights.
On the other hand, the legal basis is to meet your requests when we process data for the above purposes: a. Website technical management and b. Provision of requested services.
On the other hand, we have a legitimate interest in processing the data in the case of the above purpose c. Website security management, consisting of the need to put in place measures to protect data and technical infrastructures against the risk of unforeseen events or illegal or malicious acts that could compromise their confidentiality, availability and integrity.
The legal basis, on the other hand, is your voluntary and prior consent to processing, in the case of the purpose described above: d. User analysis.
Personal data is processed by personnel specifically authorised by the Data Controller, as well as by third parties, also possibly established in countries outside the European Union, only when this is necessary for the operational and maintenance needs of the Website and the services made available thereon, without prejudice to any obligations provided for by law.
As provided for by the GDPR, the Data Controller contractually identifies third party companies that perform processing on behalf of said Data Controller as Data Processors.
Should it be necessary to involve third parties established in countries outside the European Union, the appropriate applicable safeguards in terms of adequacy decisions issued by the European Commission, standard contractual clauses again defined by the Commission or by the competent National Personal Data Protection Authority or the exceptions provided for by the GDPR will be adopted on a case by case basis for the related transfer of data abroad.
Further information regarding possible transfers of data to countries outside the European Union and the related guarantees adopted, as well as information regarding the companies appointed as Data Processors, can be requested from the DPO.
The personal data processed will be retained for a period of time not exceeding that required for achievement of the purposes indicated above and in compliance with any terms provided for by law, except for the need to keep it for a longer period of time following requests from the competent authorities for the prevention and prosecution of crimes or, in any case, to assert or defend a right in court.
All data will be processed mainly in electronic format and collected and processed by applying the technical and organisational measures consistent with a level of security appropriate to the risks, taking into account the state of the art and the implementation costs and, where applicable, the security measures prescribed by specific legislation.
In using the functionalities of this Website and with reference to personal data protection aspects, in accordance with Art. 33 of the GDPR, users are invited to report to the Data Controller any circumstances or events that may result in a potential “data breach”, by sending a communication to the following email address firstname.lastname@example.org, in order to allow the Data Controller to assess the event and adopt the measures and procedures provided for by law.
It should be noted that a data breach is “any security breach that involves the accidental or unlawful destruction, loss, modification, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed“.
The measures adopted by the Data Controller do not exempt the user of the Website from paying the necessary attention, where the use passwords/PINs is required for a specific Website service, choosing passwords/PINs of adequate complexity, and which must be periodically kept update and safeguarded and make inaccessible to others, in order to avoid improper and unauthorised use.
In relation to the processing of personal data carried out through the Website, as a data subject, you may at any time exercise the rights provided for by the GDPR; in particular request to:
In addition, if you deem it appropriate, you may lodge a complaint with the Supervisory Authority (Personal Data Protection Authority).
Please note that for the processing of personal data where consent is the legal basis, you may withdraw it at any time by addressing your request via email to the DPO, or by using, where present on the Website, appropriate means to withdraw/provide consent in relation to specific processing.
For further information concerning your rights and the privacy provisions in general, please visit the website of the Personal Data Protection Authority at http://www.garanteprivacy.it/
Policy published on: 18/03/2022
To access this page, please click YES if you are a healthcare professional.
If you are not a healthcare professional, select NO to exit.