European General Data Protection Regulation (“GDPR”)
As of 25 May 2018, the EU Regulation 2016/679, known as the GDPR (General Data Protection Regulation) - on the protection of natural persons with regard to the processing of personal data and on the free movement of such data - is directly applicable in all Member States.
As claimed by the EU Commission, the GDPR is the result of the clear need for legal certainty, harmonization and simpler rules on the transfer of personal data from the EU to other parts of the world.
Through the General Data Protection Regulation (GDPR - EU Regulation 2016/679), the European Commission aims to strengthen and harmonize the protection of personal data of EU citizens and EU-based residents, both inside and outside the borders of the European Union (EU). The text, which was adopted on 27 April 2016 and published in the European Official Journal on 4 May 2016, entered into force on 25 May of the same year, and is going to be effective as of 25 May 2018.
Through the GDPR, the EU Commission aims primarily to give control back to citizens over their personal data and to simplify the regulatory environment for international business by unifying the privacy regulation within the EU.
In performing its activity, the Angelini Group processes the personal data of various categories of stakeholders (healthcare professionals, researchers, employees, etc.). This data is managed in compliance with the laws and rules that protect this data, and with the right to privacy of each individual.
In order to fulfil its obligations under the GDPR, the Angelini Group has adopted policies that vary according to the type of data subject whose personal data are being processed by the group, to be submitted to all relevant stakeholders.
Data subjects may exercise their rights at any time as specified in the information received.
In this section you can find the documents on personal data protection.
Data Protection Officer
The Data Protection Officer (or “DPO”) is designated by the Data Controller Angelini Holding S.p.A. to fulfill the tasks referred to in the European General Data Protection Regulation.
You can contact the DPO for all matters relating to processing of personal data and exercising of the data subject’s rights via the e-mail address firstname.lastname@example.org or by sending a letter to Viale Amelia 70, 00181 Rome.
Data Controller identity and contact information
The Data Controller is Angelini Holding S.p.A., with registered office at Viale Amelia 70- 00181 in Rome.
DPO contact details
You can contact the DPO designated by the Company at:
– e-mail: email@example.com;
- regular mail: Angelini Holding S.p.A. – Viale Amelia 70 - 00181 Rome.
Which data we process
Why we process your personal data and how
With you consent the Company may process your ordinary personal data to allow the use of Website services and functions and optimize its functioning, to run statistical analyses on the visits, to manage requests and reports received through the Website, to register to any reserved areas or initiatives such as contests and the like, as set out in Article 6.1.(a) of the Regulation. The Company may also process your personal data to comply with the legal obligations required by laws, regulations, EU legislation: the lawful basis for processing data for these purposes is set out by Article 6.1.(c) of the Regulation.
With your optional consent, ordinary personal data may also be used to send institutional communications (newsletters included) or perform promotional activities (marketing), meaning sending promotional materials and/or commercial communications regarding the services provided by the Company to the addresses specified, both via traditional methods and/or means of contact (such as paper mail, phone calls with operators, etc.) and automatic ones (such as communications over the Internet, fax, e-mails, sms, applications for mobile devices such as smartphones and tablets - so-called APPS - social media accounts, such as via Facebook - etc.). The lawful basis for processing for this purpose is Article 6.1.(a) of the Regulation.
Finally, your general and/or sensitive data may be processed by the Company to defend its rights in trials or to implement the Angelini Group’s Code of Conduct (Articles 6.1) (f) and 9.2.(f) of the Regulation).
Personal data is processed using both automatic and non-automatic tools according to the very purpose of the processing and, in any case, with methods and procedures that guarantee the safety and confidentiality of the data.
Compulsory and optional processing
The forms to be filled in on this Website may contain data that is essential to handle your communications and requests - marked with a [*] - which, if not entered, will prevent your requests from being processed, as well as optional data, which is not essential to process the request by the person concerned. Failing to enter this data will have no consequences.
Links to other websites
How we store data and for how long
In compliance with the provisions set out by Article 5.1.(c) of the Regulation, the way the IT systems and programs used by the Company are set up allows to minimize the use of personal and identification data; this data is processed only to the extent necessary to achieve the purposes specified in this Policy; the data will be stored for as long as necessary to fulfill the purposes that are actually pursued and, in any case, the criteria used to determine the storage duration comply with the terms allowed for by the applicable laws and the principles of data minimization, storage limitation and rational records management. In order to determine the right retention period for the personal data stored by the Website upon your consent, the controller also considers the following criteria: the specific purposes described in the policy for which the website stores the personal data; the type of current relationship with you (how frequently you log in to your account; if you submit requests using the contact form; how regularly you browse the website, etc.); any specific request to erase your data or consent withdrawal by you; the data controller’s legitimate business interest.
How we guarantee safety and the quality of personal data
The Company commits to protect the safety of your personal data and complies with the applicable safety provisions to prevent data loss, unlawful or illegal use of and any unauthorized access to the data, with special but not exclusive reference to Articles 25-32 of the Regulation. The Company uses multiple advanced safety technologies and procedures to protect the personal data of users; for example, personal data is stored in safe servers located in places with access control and protection measures in place. You can help the Company update and keep your personal data correct by communicating any change to your address, qualification, contact information, etc.
Who can access the data
Personal data will only be made available to those who may need it because of their tasks or positions held in the Company and any parent, subsidiary and affiliated companies of the Angelini Group. These subjects, whose number will be as low as possible, will be trained appropriately in order to prevent losses, destruction, unauthorized access to or unauthorized use of the data.
Additionally, the data may be communicated to: (i) institutions, authorities, public entities for their institutional purposes; (ii) professionals, self-employed workers, even if associated; third parties and vendors hired by the Company to receive commercial, professional and technical services aimed at managing the Website and its functions (for example IT service and Cloud Computing providers), pursuing the purposes specified above and providing the services to you; (iii) third parties in case of mergers, acquisitions, company or branch transfers, audits or other extraordinary operations; (iv) the company’s Supervising Board, which is located at the Controller’s premises, to supervise on and implement the Angelini Group’s Code of Conduct. These subjects will only receive the data necessary for their functions and will commit to use it for the purposes above only, and to process it in compliance with the applicable privacy regulations. The data may also be communicated to legitimate recipients pursuant to the applicable laws. Exception made for the above, data is not shared with third parties, either physical or legal persons, who do not perform any commercial, professional or technical functions for the Controller and will not be disclosed. The subjects who receive the data will process it as Controllers, Processors or people authorized to process personal data, as the case may be, for the purposes specified above and in compliance with the applicable privacy laws.
Transferring data to non-EU Countries
About the transfer of data to a third Country, including Countries that may not guarantee the same level of protection set out by the applicable regulations, the Controller informs that the processing will still occur in compliance with one of the methods allowed for by the Regulation, such as the user’s consent, the adoption of Standard Clauses approved by the European Commission, the selection of subjects which have joined international frameworks for the free movement of data (e.g. EU-USA Privacy Shield) or operate in Countries the European Commission considers safe.
Rights of users
The users to whom the data refers have the right to obtain the confirmation as to whether or not their personal data exist or not and to know its content and the source, check that it is correct or ask for it to be integrated or updated, or rectified, erased or restricted, or to oppose against its processing, to lodge a complaint with a supervisory authority pursuant to Article 15 of the Regulation. Additionally, pursuant to articles 7, 15, 16, 17,18, 19, 20, 21, 22 and 77 of the same Regulation, each user has the right to ask for information about the collection and use of their personal data, to access it, have it rectified, erase it (right to be forgotten), restricted processing, the notification obligation regarding rectification or erasure of personal data or restriction of processing, data portability, the anonymous transformation or the block of data processed against the law, as well as the right, in the cases set out by the law, to oppose to its processing, to lodge complaints regarding the collection and processing of personal data with the competent Supervisory Authority, to withdraw the consent to the processing of personal data at any times, without prejudice to the legitimate processing performed until then based on the consent withdrawn.
If you have any requests about personal data processing by the Company, to exercise the rights recognized by the applicable regulations, as well as to know about the updated list of subjects who can access the data, you can contact the Controller and/or the DPO using the contact details above.
This policy addresses the processing of personal data of users of social networks such as Facebook, YouTube, Twitter, Instagram, LinkedIn and other similar networks or portals (hereinafter “Social Networks”) who, through their social account, interact with the accounts and social media pages of Angelini Holding S.p.A., with registered office at Viale Amelia 70-00181 Rome (hereinafter “Angelini”), or browse Angelini websites after logging in to Social Networks.
The policy refers exclusively to processing operations carried out by Angelini: the data is collected and processed primarily by the Social Network where users are registered (which acts as the Data Controller of its own users). However, when you interact with Angelini social media profile, pages or websites, Angelini may receive from the Social Network a small fraction of such data, of which Angelini is the “Independent controller”. This means that the Social Network and Angelini decide autonomously the purposes and methods through which they process the data of the users to whom they have access respectively.
As you interact with Angelini's Social Network page/account (“Page”), Angelini may process your data as specified below, which refer to your Social Network profile:
Name, surname, username and other personal and professional data, age, sex, information made public by you or shared on the Social Network through posts, or other existing tools on the Social Network, as well as your activities on the Page and Social Network, such as "like", comments, public posts, tags and hashtags; the content of private messages sent to Angelini.
Also, the Social Network may also provide Angelini with information about your activity or preferences expressed during navigation, to the extent that you have consented to it in your profile or browser settings. Data may also be disclosed using tools such as cookies, web beacons and pixel tags: therefore, please check the settings of your browser, Social Network profile or the privacy/cookie policies of the websites you visit for more information. Please note that when such tools are present on Angelini sites, the relevant information is contained in their respective privacy and cookie policies.
Angelini Holding only processes navigation data, so the Company collects this and other data (such as the number of visits and time spent on the Website) for statistical purposes only and anonymously, in order to check the Website operation.
Please note that in the event you log in to your Social Network account and visit one of the Company’s websites using the same device, Angelini cannot detect some of the information available on your profile (e.g. Age group, “likes”, etc.) and will not be able to identify you.
The data will be processed in order to:
- Reply to posts, requests and questions from users, and allow users to participate in the activities carried out through the Page and interact with it; manage and optimize the contents of the Page, perform statistical and market analysis about users who interact with the Page or our Websites. The lawful basis for processing is the legitimate interest of Angelini to promote its activities and its corporate image (art. 6.1.F of GDPR);
- Comply with regulatory obligations, pursuant to art. 6.1.c of the Regulation, and fulfill public health obligations, which require Angelini to monitor, manage and report to relevant authorities and other parties (licensors, licensees) any information relating to adverse events (potential or actual) related to the use of its products. The lawful basis for processing is the fulfillment of legal obligations and the protection of the public interest in the field of public health, which is making sure that Angelini products offer a high degree of quality and safety.
- Ensure compliance with the Code of Ethics and Conduct of the Angelini Group and safeguard Angelini’s rights. The lawful basis for processing is the legitimate interest of the Company to prevent users from committing abuse through the page, including actions breaching the regulations above, violations of applicable laws and to safeguard its own rights (articles 6.1.f and 9.2.f of GDPR).
- Send customized messages (“profiling”) on the activity performed and products and services above. The lawful basis for processing is your consent to the Social Network, including in combination with cookies, web beacons/web trackers, pixel tags, etc. (art. 6.1.A of GDPR);
- With regard to the data collected through job advertisements published on Social Networks, evaluate and possibly establish a collaboration or employment relationship: the lawful basis for processing is the performance of a contract or pre-contractual measures aimed at signing a contract with the user (art. 6.1.b of GDPR).
With regard to the publication of any third-party data, it is your responsibility to obtain the necessary authorizations and fulfill any information obligations required by applicable privacy laws.
With regard to consent for processing user data collected from Social Network accounts, please note that: (i) Consent is given when signing up on the Social Network. You can modify/customize it at any time (Angelini does not control those operations in any way, as these are managed by the Social Network); (ii) The data processed by Angelini is the data made available by the Social Network, which is therefore the sole responsible for any sharing of information not authorized by you or any unwanted messages received, which do not match your settings.
Your data will mostly be processed using electronic instruments and may be entered into Angelini’s information system in compliance with the applicable legislation, including security profiles and confidentiality according to the principles of correctness and lawfulness. The data will be stored for as long as necessary to fulfill the purposes of data collection. The criteria used to determine the storage duration comply with the terms allowed for by the applicable laws and the principles of data minimization and rational records management.
The data may be processed by Angelini staff serving as IT, HR, administration and other duly authorized subjects who need to process it due to the tasks they carry out
For organizational, administration, financial and accounting purposes, in accordance with article 6.1.f and article 48 of GDPR, the data may be transferred to companies of the Angelini Group, including in non-EU countries (hereinafter “Third Countries”).
In addition, in relation to the obligations and purposes above, also in third countries: the data may be communicated to the Supervising Body, as well as to third party companies, such as suppliers, subcontractors, IT and "Cloud Computing” service providers, social networking service providers which manage the Pages, professional firms, and companies which carry out tax and/or administrative activity on behalf of Angelini, public authorities and legitimate recipients according to national or EU regulations, third parties in the event of audits, mergers or acquisitions. Depending on the case, such persons will act as data controllers, data processors or persons authorized to processing for the same purposes as above and in accordance with applicable law.
You may exercise the rights recognized in articles 15-22 of the GDPR such as: obtain confirmation as to whether or not your personal data exist, access such data, check its content, source, make sure it is correct, know its location (including in any Third Country where the data is stored), obtain copy, completion, update, rectification and, where applicable by law, the restriction, erasure, anonymization, object to direct marketing (including for some media only), object to processing on legitimate grounds.
To exercise your rights, you may contact the data controller Angelini Holding through its DPO [firstname.lastname@example.org – Viale Amelia, 70 - 00181-Roma].
You may also lodge complaint with the Data Protection Authority by following the procedures and instructions published on the Authority's official website www.garanteprivacy.it.
The exercise of the rights is not subject to any formal constraint and is free of charge.
To withdraw your consent given to Social Networks, you need to contact Social Networks directly.
Cookies allow to make navigation more efficient and the improve your online experience.