Pursuant to the legislation applicable to the protection of personal data (“Privacy Legislation”) including EU Regulation 2016/679 (“GDPR”), Recordati Industria Chimica e Farmaceutica S.p.A provides some information necessary to illustrate how personal data will be processed through the following domain recordati.com.
Recordati Industria Chimica e Farmaceutica S.p.A. parent company of the Recordati Group, with registered office in Milano, Via M. Civitali n. 1, enrolled in the Register of Companies of Milan under number 00748210150 is the Data controller (hereinafter, the “Data Controller” or “Recordati“).
The Data Protection Officer of the Recordati Group can be contacted using the following contact details: Data Protection Officer – DPO, Recordati S.p.A., Via Matteo Civitali 1, Milan – Italy; e-mail: GroupDPO@recordati.com.
The data which will be processed include:
Navigation data: language set in the user’s browser, name of the page the user viewed, screen resolution of the device the user is using, the Matomo ID that associates the hit with the right Analytics account, location of the user, characteristics of the browser, operating system and internet provider used by the user, source/media that directed the user to the Website;
Other data freely provided by users to access certain freely chosen services. Specific information notices and requests for consent, where required, can be found on the relevant sections of the Website.
Navigation data are used to allow the navigation of the Website and use its features, as well as to obtain anonymous statistical information on the use of the Website, to check its correct functioning and to identify anomalies and/or abuses.
The legal basis of the processing is our legitimate interest to allow the proper functioning of the Website and to constantly improve its quality and attractiveness for users (Article 6.1. lett. f) GDPR). Based on our assessments, we believe that no interest, right or fundamental freedom of users prevail over this legitimate interest.
As part of the data processing for the purpose referred to in paragraph above, the data may be disclosed or otherwise made accessible to the companies belonging to the Recordati Group and to third parties such as.
Where necessary, the Data Controller will appoint third parties as its Data Processors pursuant to Article 28 of the GDPR.
Data will not be transferred outside the Economic European Area. This said, any Data transfer outside the Economic European Area will be carried out in compliance with the applicable provisions of GDPR.
Navigation data will be stored for 2 years from the relative registration. Only in the event of a request by the Public Authorities, the data may be stored for a longer period, in accordance with what will be ordered to the Data Controller.
Users will always have, in accordance with the law, the right to withdraw at any time their consent, where given, as well as to exercise, at any time, the following rights:
In the above cases, where necessary, the Data Controller will inform the third parties to whom the users personal data has been disclosed of their exercise of rights, unless it is not possible or is too onerous and, in any case, in accordance with the provisions of the Privacy Legislation.
Where processing is based on consent, the user is also entitled to withdraw, at any time, any consent given, whereby it is understood that the withdrawal of consent shall not affect the lawfulness of the processing based on consent given prior to the withdrawal.
Users are entitled to exercise their rights at any time by using the contact details indicated in section 1 above or by writing to the DPO by e-mail at the following address: groupDPO@recordati.com.
The Data Controller hereby informs users that, pursuant to the Privacy Legislation, they have the right to lodge a complaint with the competent supervisory authority (in particular in the Member State of User’s habitual residence, place of work or place of the alleged breach), if they are of the opinion that their personal data are being processed in a way that would lead to breaches of the GDPR.
In order to facilitate the exercise of the right to lodge a complaint, the name and contact details of the European Union Supervisory Authority are available at the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
The Data Controller reserves the right to modify or simply update the content of this privacy policy, in part or in full, also due to changes in applicable legislation. We, therefore, invite you to regularly visit this section for the most recent and updated version of this privacy policy.
Edition [__]