The Company F.I.R.M.A. S.p.A. (“Company”, or “we”) takes its users’ privacy very seriously and undertakes to comply in full with the applicable law (Regulation (EU) 2016/679 – hereinafter defined as the “GDPR”).
The Data Controller is F.I.R.M.A. Fabbrica Italiana Ritrovati Medicinali ed Affini S.p.A., with registered offices in Via di Scandicci 37, 50143 Firenze (“Controller”). The Data Protection Officer (“DPO”) can be contacted at the following address: firstname.lastname@example.orgThe Data we process
The following data can be processed:
With your consent, the Company may process your ordinary personal data to enable you to benefit from the available services and functionalities and optimise their performance, to perform statistics on its usage, to manage requests and reports received through the Website, to manage your registration to any restricted-access areas and initiatives (e.g. competitions) which may be present on the Website pursuant to Article 6.1.a of the GDPR. The Company may also process your personal data to fulfil obligations stemming from laws, regulations and European Union law: the legal basis for the processing for this purpose is Article 6.1. (c) of the GDPR.
The forms to be completed on this website require you to confer personal data which are strictly necessary to handle your communications and requests. Such Data are marked with an asterisk [*]. If you do not wish to confer them, we will not be able to handle your communication/request.
If you only visit the Website (i.e., without sending communications or using any of the available services/functions), the processing of your data is limited to browsing data i.e., data whose transmission to the Website is necessary for the functioning of the computers which operate the Website and of the Internet communication protocols. This category includes, for example, IP addresses or computer domain used to visit the Website and other parameters pertaining to the operating system used to connect to the Website. The Company collects these and other data (such as, for example, number of visits and time spent on the Website) merely for statistical purposes and in anonymous form in order to monitor the functioning of the Website and improve its performance. Such data is not collected to be associated with other information regarding, or for the identification of, users; however, such information, by its very nature, may enable the Company to identify users through processing and association with data held by third parties. Browsing data are normally deleted following processing in anonymous form but can be stored and used by the Company to detect and identify perpetrators of any computer offences committed to the detriment of the Website or using the Website. Without prejudice to this possibility the browsing data described above are stored only temporarily, in compliance with law. The Website does not make use of “cookies”.Links to other websites
In compliance with Article 5.1.(c) of the GDPR, the computers and programmes used by the Company are set up in such a way to reduce the use of personal and identifying data to a minimum. Such data are processed only to the extent required to achieve the purposes indicated in this Policy, and will be stored for as long as strictly necessary for achievement of the specific purposes pursued - in any event, the criterion used to determine the storage period is based on compliance with time limits permitted by law and the principles of data minimisation, storage limitation or rational management of our records.How we ensure your personal data’s security and quality
The Company undertakes to ensure security of the user’s personal data and comply with provisions on security provided by law to avoid data loss, illegitimate or unlawful uses of data or unauthorised access to data, with particular but not exclusive reference to Articles 25-32 of the GDPR. The Company uses many types of advanced security technologies and procedures intended to aid protection of the user’s personal data; for example, personal data are stored on secure servers situated on premises with protected and controlled access. The user can assist the Company to update and correct their personal data by communicating any change of address, qualifications, contact information, etc.Persons who have access to the data
Persons belonging to the following categories are authorised to process the user’s data: technical and administrative staff, IT staff, product managers etc., as well as other staff members who require processing the data for performance of their job duties.
You may at any time exercise the rights afforded by Articles 15-22 of the GDPR, including the right to obtain confirmation of the existence of personal data which relate to you, check its content, origin, correctness, location (also with reference to any Third Countries), request a copy, request correction and in cases provided by law, restriction of processing, deletion, oppose to direct contact activities, oppose to direct marketing (also limited to particular means of communication). Likewise, you may always withdraw consent and/or make observations on specific issues regarding processing operations of your personal data which you regard as incorrect or unjustified by your relationship with the Company, or lodge a complaint with the Data Protection Authority.