In compliance with the provisions of EU Reg. 2016/679 (European Regulation for the protection of personal data), we hereby indicate the necessary information regarding the processing of the personal data provided.
The information is not to be considered valid for other websites that may be consulted through links on the websites in the domain of the owner, who is not to be considered in any way responsible for third party websites.
This is an information notice pursuant to art. 13 of EU Reg. 2016/679 (European Regulation for the protection of personal data) and is also inspired by the provisions of Directive 2002/58 / EC, as updated by Directive 2009/136 / EC on the subject of Cookies, as well as provided for by the Provision of the Guarantor Authority for the protection of personal data of 05.08.2014 regarding cookies.
Use by minors
The Service is not aimed at individuals under the age of 16; SOFAR asks that such subjects do not provide Personal Information through the Service. If your child has sent personal information and you wish to request the removal of such information, you can contact the Data Controller as indicated below. In any case, the Data Controller will immediately delete the data once it becomes aware of it.
Processable personal data
“Personal data”: any information relating to an identified or identifiable natural person (“data subject”); the natural person that can be identified is considered identifiable, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social.
Specific information may be presented on the pages of the Site in relation to particular services or processing of the Data provided.
For more information on the cookies used by this website, see the cookies policy at the following link.
HOLDER OF THE TREATMENT
Pursuant to art. 4 and 24 of EU Reg. 2016/679 the Data Controller is SOFAR SpA via Firenze, 40 – 20060 Trezzano Rosa (MI) – Italy, in the person of the legal representative, e-mail contact email@example.com
DATA PROTECTION OFFICER (RPD / DPO – Data Protection Officer)
Pursuant to art. 37 – 39 of EU Reg. 2016/679 the Data Protection Officer is RES EXCELSA Srl., Via Aventina, 7 – 00153 ROME – Italy, e-mail contact firstname.lastname@example.org
Type of data processed
The following categories of data may be processed:
- Data provided voluntarily by the user
These are data (for example: personal data, address, email) freely released by the user to access certain services provided by the site (for example: registration to restricted areas, contact requests) or in any case released for requests for information sent to Holder.
The provision of services involves the Owner’s acquisition of the sender’s email address and/or any other personal data – in some cases even of a particular nature – which will be processed exclusively to respond to the request or follow up on your reporting. Failure to provide them may make it impossible to obtain the requested service.
Where required and necessary, specific information and consent requests may be reported on the pages of the Site dedicated to specific services.
For reports relating to adverse events on drugs (“so-called Pharmacovigilance) or on other types of products, SOFAR does not collect or request personal and/or particular data through this site by referring the report to the toll-free number indicated in the specific dedicated pages. However, if the user provides, through the Site’s pages or functions, unsolicited information relating to his or her state of health, the data will be processed in accordance with the specific information in the relevant section.
- Automatic acquisition data (“Navigation data” and “Cookies”)
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data (such as the IP addresses or domain names of the computers used by users, the pages visited and the date/time of the visit) whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties but, due to their very nature could, through processing and association with data held by third parties, allow users to be identified.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Site.
To make navigation on this Site more efficient and immediate, when users access this Website, cookies are used: small text strings that allow users to maintain connection to the Site.
Purposes and methods of processing
The purposes and legal basis of the processing are detailed in the table below.
|PURPOSE OF PERSONAL DATA PROCESSING||LEGAL BASIS|
|Management, correct functioning, use and consultation of the site [Common data]||Legitimate interest of the Data Controller [Article 6.1f]
Retention: up to 2 years from the browsing session.
|Contact request management [Common data]||Execution of pre-contractual measures also adopted at the request of the interested party [art. 6.1 b].
Retention: 1 year
|Restricted areas registration||Execution of pre-contractual measures also adopted at the request of the interested party [art. 6.1 b].
Retention: 2 years
|Marketing activities and sending promotional communications / newsletters||Release of consent by the interested party [Article 6.1a]
Retention: until the purpose of MKTG is achieved or consent is revoked
|Compliance with specific obligations established by law or other binding regulations||Fulfillment of legal obligations [Article 6.1c]|
The processing of personal information concerning you will be based on principles of correctness, lawfulness and transparency and on the protection of your privacy and your rights.
The treatment will be carried out on computer and paper support. Furthermore, your data are collected and archived both in computer databases and in paper archives.
The processing will be carried out respecting and applying the appropriate security measures to safeguard the confidentiality, integrity, and completeness of the data processed, in accordance with the provisions of Article 32 of the GDPR and in accordance with the instructions given by the Data Controller.
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA
Company personnel belonging to the categories of administrators, IT technicians, product managers, etc. are authorized to process user data and other subjects who need to treat them in the performance of their duties and duly instructed by the Data Controller pursuant to art. 29 of EU Reg. 2016/679
Furthermore, the data may be disclosed to:
- subjects that provide services for the management of the information system and communication networks (including e-mail), web agencies and suppliers for the management of the website;
- studies or companies in the context of assistance and consultancy relationships;
- competent authorities for the fulfillment of legal obligations and/or provisions of public bodies, upon request;
- the company SB, domiciled at the Owner, for the pursuit of its supervisory activities and application of the Code of Conduct.
The subjects who receive the data treat them as owners, managers, or are authorized to process them, as the case may be, for the purposes indicated above and in compliance with the applicable privacy law.
The list of data processors is constantly updated and available by writing to email@example.com or at the registered office in via Firenze, 40 – 20060 Trezzano Rosa (MI) – Italy
DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION AND GUARANTEES
Personal data are processed in the EU territory.
However, the possible transfer of data to third countries, including countries that may not guarantee the same level of protection provided for by the Privacy Law, the Data Controller informs that the processing will in any case take place according to one of the methods allowed by the Regulation, such as consent, the user, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data or operating in countries considered safe by the European Commission.
DATA RETENTION PERIOD OR CRITERIA FOR DETERMINING THE PERIOD
The data processing will be carried out in an automated and manual form, with methods and tools aimed at guaranteeing maximum security and confidentiality, by specifically authorized subjects. In compliance with the provisions of art. 5 paragraph 1 letter. e) of EU Reg. 2016/679, the personal data collected will be stored in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed. The retention of the personal data provided depends on the purpose of the processing (see table).
The timing is determined on the basis of criteria of which the interested party can have specific information by writing to firstname.lastname@example.org
RIGHTS OF THE INTERESTED PARTIES
You can assert your rights as expressed by EU Regulation 2016/679, by contacting the Data Controller, by sending an e-mail to email@example.com or by writing to the Data Controller’s office indicated above. You have the right, at any time, to ask the Data Controller for access to your personal data (Article 15), the rectification (Article 16) or cancellation (Article 17) of the same, or the limitation of processing (Article 18) or to oppose their treatment based on legitimate interest (Article 21).
If the processing is based on consent, you have the right to withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.
To oppose the processing and to exercise the other rights, you can write to firstname.lastname@example.org
You have the right to lodge a complaint with a supervisory authority. Communication of personal data is not an obligation. You are free to provide personal data in the dedicated areas on the site. Failure to provide personal data will make it impossible to use the services offered by the data controller.
There is no existence of an automated decision-making process.
Date of update: 22/06/2021