Privacy Policy

This is a privacy notice provided by Chiesi Farmaceutici S.p.A. (“Chiesi”), in accordance with the provisions of European Regulation No. 679/2016 (hereinafter “GDPR“), to inform you that your Personal Data or otherwise Personal Data provided by you will be processed by Chiesi as data controller, in full compliance with applicable law.

“Personal Data” is information of any kind, including electronic information, that allows a person to be identified individually or in combination with other information.

With “Processing of Personal Data” we mean, pursuant to Article 4(2) of the GDPR, any operation or set of operations, carried out with or without the help of automated processes and applied to personal data, such as collecting, recording, organizing, storing, adapting or modifying, extracting, consulting, using and disseminating them.

“User” means is the company, the authorized person or individual using the services provided by the website (hereinafter the “Website”).

This notice describes the following aspects:

(1)     HOW WE COLLECT AND USE YOUR PERSONAL DATA

(2)     HOW WE SHARE YOUR PERSONAL DATA

(3)     RETENTION PERIOD OF YOUR PERSONAL DATA

(4)     USER RIGHTS

(5)     UPDATES TO THIS NOTICE

 

(1) HOW WE COLLECT AND USE YOUR PERSONAL DATA

PURPOSES:

So that you can access to the Website and use its services. The Website is a platform where the User will be able to find information and, upon release of consent, receive updates on the project named “Chiesi Gardens”.  

We may process technical or usage data that may indirectly reveal your identity to guarantee a reliable user experience on the Website. Such data is automatically collected during the normal functioning of every website and are processed for technical purposes (including troubleshooting, testing, system maintenance, support, and reporting) or for statistical and analytical ones to improve the user experience on the Website.

For the latter, such data are usually processed in an aggregated and non-identifiable form to pursue statistical purposes. For example, usage data may be used to measure the engagement rate, or the time spent on a certain section or feature of the Website.

PROCESSED PERSONAL DATA:

Contact information (e.g. email) to subscribe for newsletter.  

Particularly, by registering on the mailing list or for the newsletter, your email address will be added to the contact list of those who may receive email messages containing information concerning this Website. 

Usage data: including information on how you use the Website. For example, the time spent on certain sections.

The processing of so-called special data as defined by art. 9 of the GDPR (such as data relating to health) and / or data relating to minors is expressly excluded. These categories of data, if shared by the User, will be immediately deleted.

LEGAL BASIS OF THE PROCESSING:

Consent: provided by the User by registering on the mailing list or for the newsletter.

Legitimate interest: to ensure the security of the Website and prevent online frauds, as well as in case we need to share your information with our affiliates as described in Section 2 of this notice.

Your Personal Data will also be retained if this is necessary to comply with applicable laws and regulations, as well as in the event of a request by a competent Authority. 

 

(2) HOW WE SHARE YOUR PERSONAL DATA

Chiesi may share your Personal Data with other companies, organizations and individuals, if any of the following circumstances occur:

• We may share your Personal Data to companies forming part of Chiesi Group, in Italy and abroad (including non-EEA countries).
• Sharing with your express consent: after obtaining your consent, we may share your Personal Data with certain third parties or categories of third parties.
• Sharing in accordance with laws and regulations: we may share information required under applicable laws and regulations to handle legal disputes or requests by administrative or judicial authorities.
• Sharing with service providers: we may also disclose your Personal Data to companies that provide services to us or on our behalf.

In the latter case, Chiesi will ensure the legitimacy of such sharing and will sign data processing agreements and / or clauses with the companies, organizations and individuals with whom your Personal Data will be shared, requiring them to comply with this notice and take appropriate security measures.

How We Protect Your Personal Data

Chiesi places extreme importance on the security of your Personal Data and have taken appropriate security measures to safeguard your Personal Data against unauthorized access, disclosure or loss. 

For this purpose, Chiesi takes the following steps:

• We take reasonable steps to ensure that the Personal Data collected is as minimal and relevant as necessary in relation to the purposes for which it is processed. We retain your Personal Data for no longer than is necessary for the purposes set out in this notice, unless an extension of the retention period is required or permitted by law.
• We use a range of technologies to ensure the confidentiality of data during transmission. We use trusted protection mechanisms to protect data and data storage servers from attack.
• We rigorously select business partners and service providers and require them to comply with our Personal Data protection requirements through specific provisions in business agreements with such business partners and service providers. In addition, we perform audits and other assessment activities to verify compliance with the requirements.

We conduct privacy and security protection training, testing, and informational activities to increase awareness of Personal Data protection among employees and contractors.

 

(3) RETENTION PERIOD OF YOUR PERSONAL DATA

Your Personal Data referred to in section 1) of this notice is stored on the servers of Chiesi or on the servers of the suppliers (specifically appointed as data processors) located in Italy or within the European Union.

We keep your Personal Data for the time necessary for the purposes indicated in this Privacy Notice, in any case no longer than twenty-four (24) months. 

Your Personal Data will be kept for the time set out above, or for a shorter period if you decide to exercise one of the rights listed in the “USER RIGHTS” section below.  

 

(4) USERS RIGHTS

Access, rectification, cancellation, data portability, restriction of processing, objection to processing and revocation of consent.

Chiesi provides specific channels so that you can access, modify, oppose and / or limit the processing of your data, as well as request their cancellation or portability to other parties and revoke your consent.

We invite you to contact the Data Protection Officer (DPO) to obtain the list of data processors, obtain the list of parties with whom your data has been shared and request the exercise of your rights listed above: dpoit@chiesi.com   

If you believe that Chiesi is not processing your Personal Data in accordance with this notice or applicable law, you may exercise your rights by lodging a complaint with the Italian Data Protection Authority.

The Data Controllers is:

Chiesi Farmaceutici S.p.A., with registered office in Via Palermo 26/A, 43122 Parma.

 

(5) UPDATES TO THIS NOTICE

This notice may be updated from time to time. Any update to this notice will become effective at the time of its publication on the Website.