Fondazione Internazionale Menarini (“Fondazione” or “we”) takes its users’ privacy very seriously and undertakes to comply in full with the applicable law (Regulation (EU) 2016/679 – hereinafter defined as the “GDPR”).
1. Data Controller and DPO
The Data Controller is Fondazione Internazionale Menarini, with registered offices in Strada 6 – Edificio L, Centro Direzionale Milanofiori, 20089 Rozzano, Milano (“Controller”).
The Data Protection Officer (“DPO”) can be contacted at the following address: firstname.lastname@example.org
2. The Data we process
The following data can be processed:
2) If, during registration to the Reserved Area of the site www.fondazione-menarini.it. you consent (optional) for profiling purposes, the following data will also be processed: user; session; date and time; page visited; time spent on the page; video execution, downloaded journals and viewed articles (if any). If you didn’t provide the consent, or if you to revoke it, only anonymous information about your browsing activities will be collected.
3. Why and how we process your personal data
With your consent, the Company may process your ordinary personal data to enable you to benefit from the available services and functionalities and optimise their performance, to perform statistics on its usage.The Company may also process your personal data to fulfil obligations stemming from laws, regulations and European Union law: the legal basis for the processing for this purpose is Article 6.1. (c) of the GDPR.
Finally, the Company may process your ordinary and sensitive personal data to protect its rights in legal proceedings or to apply the Menarini Group Code of Conduct (Articles 6.1.(f) and 9.2.(f) of the GDPR).
All your data are processed using automatic and electronic instruments suitable to ensure full security and confidentiality.
All your data will be processed on paper or by means of automated instruments, which in any case ensure an appropriate level of security and confidentiality.
4. Browsing data
5. Links to other websites
6. How we store data and for how long
In compliance with Article 5.1.(c) of the GDPR, the computers and programmes used by the Company are set up in such a way to reduce the use of personal and identifying data to a minimum. Such data are processed only to the extent required to achieve the purposes indicated in this Policy.
Data shall be stored for as long as strictly necessary for the attainment of the purposes for which they were collected (e.g. until you unsubscribe from the reserved area) and in compliance with the time limits set by law and with the principles of data minimisation, storage limitation and rational management of archives.
We inform you that the data regarding the details of your activities in the restricted area will be deleted after 12 months from their collection.
You can terminating your restricted access area account by sending an account termination request via email to email@example.com, or by using the link to our contact form.
7. Persons who have access to the data
The Data are processed electronically and manually according to procedures and logics relating to the abovementioned purposes and are accessible by the Controller’s staff authorised to process personal Data and their supervisors, and in particular to staff belonging to the following categories: technical, IT and administrative staff, product managers, as well as other individuals who need to process the data to perform their job duties, including members of the Supervisory Board in the pursuit of its supervisory activities and for the enforcement of the Menarini Group Code of Conduct, pursuant to Article 6.1.f and Recital 48 of the GDPR. The Data may be communicated, also in countries outside the European Union (“Third Countries”) to: (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, independent consultants –individually or in partnerships- and other third parties and providers which supply to the Controller commercial, professional or technical services required to operate the Website (e.g., provision of IT and Cloud Computing services), in order to pursue the purposes specified above and to support the Company with the provision of the services you requested (e.g. co-organisers of the events or service providers); (iii) third parties in the event of mergers, acquisitions, transfers of business -or branches thereof-, audits or other extraordinary operations.
The mentioned recipients shall only receive the Data necessary for their respective functions and shall duly undertake to process them only for the purposes indicated above and in compliance with data protection laws. The Data can furthermore be communicated to the other legitimate recipients identified from time to time by the applicable laws. With the exception of the foregoing, the Data shall not be shared with third parties, whether legal or natural persons, who do not perform any function of a commercial, professional or technical nature for the Controller and shall not be disseminated. The individuals who receive the data shall process them, as the case may be, in the capacity as Controller, Processor or person authorised to process personal data, for the purposes indicated above and in compliance with data protection law.
Regarding any transfer of Data outside the EU, including in countries whose laws do not guarantee the same level of protection to personal data privacy as that afforded by EU Law, the Controller informs that the transfer shall in any event take place in accordance with the methods permitted by the GDPR, such as, for example, on the basis of the user’s consent, on the basis of the Standard Contractual Clauses approved by the European Commission, by selecting parties enrolled in international programmes for free movement of data or operating in countries considered safe by the European Commission.
8. Your Rights
By contacting the Controller at the addresses indicated above you can, at any time, exercise the rights pursuant to Articles 15-22 of the GDPR such as, for example, obtaining an updated list of the individuals who can access your data, obtain confirmation of the existence or otherwise of personal data which relates to you, verify their content, origin, correctness, location (also with reference to any Third Countries ), request a copy, request their rectification and, in the cases provided by the GDPR, request the restriction of their processing, their erasure, oppose. You may also revoke your consent at any time as set out at paragraph 3. Likewise, you can always report observations on specific uses of the data regarding particular personal situations deemed incorrect or unjustified by the existing relationship to the DPO or submit complaints to the Data Protection Authority. You may withdraw your consent at any time – however that shall not impair the lawfulness of the processing carried out before consent withdrawal.