Recordati AG, Rare Diseases Branch is constantly committed in respecting the privacy of individuals with whom it comes into contact, in accordance with the provisions of Regulation (EU) no. 679/2016 (“GDPR”). Pursuant to Article 13 of the GDPR, below are provided you some information necessary to illustrate how Recordati AG, Rare Diseases Branch will process the personal data through MF-TALKS (the “Website”).
- Data Controller
Recordati AG, Rare Diseases Branch (“Recordati”), a company making part of the Recordati Group, with registered office in at Uferstrasse 90, 4057 Basel, Switzerland is the Data controller. The Data Protection Officer of the Recordati Group can be contacted using the following contact details: Data Protection Officer - DPO, Recordati S.p.A., Via Matteo Civitali 1, Milan - Italy; e-mail: : GroupDPO@recordati.com.
- Data Processed
The data which will be processed include:
- Navigation data: language set in the user's browser, name of the page the user viewed, screen resolution of the device the user is using, the Google Analytics ID that associates the hit with the right Analytics account, user's IP address, location of the user, characteristics of the browser, operating system and internet provider used by the user, user's age and gender, source/media that directed the user to the Website;
- name, surname, e-mail address, specialty, country and town of residence and workplace of HCPs’ registering to the Platform;
- name, surname, e-mail address, telephone number and workplace of centers’ HCPs
- Purposes and legal basis of the processing
The Data will be recorded, processed, managed and filed for the following purposes.
- The data referred to in paragraph 2.A above are used to allow the navigation of the Website and use its features, as well as to obtain anonymous statistical information on the use of the Website, to check its correct functioning and to identify anomalies and/or abuses.
The legal basis of the processing is our legitimate interest to allow the proper functioning of the Website and to constantly improve its quality and attractiveness for users (Article 6.1. lett. f) GDPR). Based on our assessments, we believe that no interest, right or fundamental freedom of yours prevails over this legitimate interest.
- The data referred to in paragraph 2.B above are used to enable and manage your registration to the MF-Talks restricted area (the “Restricted Area”) and attendance to webinars, virtual events and congresses managed by the Data Controller through the Restrcted Area (including all directly associated activities like, for example, the sending of the certificate of attendance);
The legal basis for the processing of the data for this purpose is represented by the need to give execution to a request from the data subjects pursuant to Article 6.1 letter b) of the GDPR. The provision of the data for this purpose is optional and, failing that, you shall not be able to register to the Restricted Area and to webinars, virtual events and congresses managed by the Data Controller.
- The data referred to in paragraph 2.B above are used also to verify your identity and that you are a healthcare professional.
The legal basis for the processing of the data for this purpose is represented by our legitimate interest in verifying that people enabled to access to the Restricted Area are healthcare professionals, pursuant to Article 6.1 letter f) of the GDPR, which we believe is not overridden by any of your rights, interests or fundamental freedoms.
- The data referred to in paragraph 2.B above are used to send newsletter and communications related to products, medical and research related information.
The legal basis for the processing of the Data for the purpose above is represented by you consent, pursuant to Article 6.1 letter a) of the GDPR. The provision of the Data for this purpose is optional and, failing that, we will not be able to send you newsletter and communications about products and medical information.
- The data referred to in paragraph 2.C above are used to create a targeted reference list for patients and HCPs.
The legal basis for the processing of the Data for the purpose above is represented by you consent, pursuant to Article 6.1 letter a) of the GDPR. The provision of the Data for this purpose is optional and, failing that, you will not be part of this targeted reference list.
- Data Recipients - Data Transfer to Third Countries/International Organizations
As part of the Data processing for the purpose referred to in paragraph 3 above, the Data may be disclosed or otherwise made accessible to third parties belonging to the following categories:
• providers of consulting services in the field of web-design and software.
• provider of contents and services for live or virtual events.
Where necessary, the Data Controller will appoint third parties as its Data Processors pursuant to Article 28 of the GDPR.
Data may be transferred outside the Economic European Area. Any Data transfer outside the Economic European Area will be carried out in compliance with the applicable provisions of GDPR.
- Data retention period
The data referred to in paragraph 2.A will be deleted after 15 years from the relative registration. Only in the event of a request by the Public Authorities, the data may be stored for a longer period, in accordance with what will be ordered to the Data Controller.
The data referred to in paragraph 2.B will be stored for 15 years from the registration in our systems.
The data referred to in paragraph 2.C will be stored for 15 years from the registration in our systems.
- Data subject rights
Pursuant to Article 13, paragraph 2, letters b), c) and d), 15, 16, 17, 18, 19, 20 and 21 of the GDPR, we inform you that:
- you have the right to request access to Data together with information on the processing purpose, category of data processed, subjects or categories of subjects to whom they have been or will be communicated;
- you also have the right to obtain:
i. the correction of your data, if they are incorrect or incomplete;
ii. the erasure of the Data, given one of the conditions set out in Article 17 of the GDPR;
iii. the restriction of the processing of Data;
iv. the Data is in a structured, commonly used and readable by an automatic device, also in order to send the Data to another data controller if the processing is based on consent or on a contract and is carried out by automated means (so-called data portability right). If you are interested, you can ask Data Controller to send the Data directly to the other data controller if this will be technically feasible.
- You have the right to object to the processing of the Data, if such processing is carried out pursuant to Article 6.1 letter e) (i.e. to fulfil a legal obligation to which the Data Controller is subject) or letter f) (i.e. to pursue a legitimate interest of the Data Controller) of the GDPR, unless there are legitimate reasons for the Data Controller to proceed with the processing, pursuant to Article 21 of the GDPR.
- You have the right to revoke the consent given at any time for the purpose described in point 3 (c) above, without prejudice to the lawfulness of the Data processing based on consent and carried out before the revocation.
- If you are not satisfied with the processing of the Data, you may lodge a complaint with the Data Protection Authority.
- Any correction or erasure of the Data or processing restrictions made upon request - unless this proves impossible or involves a disproportionate effort - will be communicated to each of the recipients to whom the Data may have been transmitted in accordance with this policy.
The exercise of the previous rights is not subject to any form of constraint and is free of charge. We may only ask you to verify your identity before taking further action upon your request. You may exercise your rights by sending a written communication to the Data Protection Officer of Recordati S.p.A. at groupDPO@recordati.com
Edition 17th January 2022