Information according to Art. 13-14 of the European Regulation 679/2016 (GDPR)

OLD PHARMA International S.r.l. respects the privacy of your personal data and guarantees its protection and correct processing following the latest European legislation. Under Articles 13 and 14 of European Regulation (EU) 2016/679 (hereinafter GDPR) and Legislative Decree 196/03, as amended by Legislative Decree 101/18, we hereby inform you of the following.

1) Data Controller and Data Processor

The Data Controller is OLD PHARMA International S.r.l., in the person of its legal representative pro tempore, with a registered office in Milan, Via MF. Quintiliano, 30, tax code and VAT number 10714760153. The Data Controller may be contacted through a PEC notice at oldpharmainternationalsrl@ticertifica.it or by email at info@oldpharma.it.

The Data Controller has not appointed a Data Protection Officer (DPO).

The data processing described below will take place in Milan Via M. F. Quintiliano, 30; The data will be processed and stored by the Data Controller within the European Economic Area and will not be transferred to or outside the European Economic Area.

2) Nature of data and processing.

The information you provide us with is general and non-specific.

These include first name and surname, date of birth, and contact details (fixed telephone number, mobile phone number, VOIP and email address, etc.).

The information may be provided to us by you, the data subject, in person or remotely.

In the course of its operation, our site may acquire certain data whose transmission is automatic in the course of navigation, such as IP address, online identifiers, contact time, etc.. This information is not processed but is used only to draw up anonymous statistics on the use of the site itself and to check for any anomalies, as well as to prevent fraud; in the latter case, the data may be used solely for the purposes of any communication to the competent authorities to establish responsibility. However, we inform you that, by their very nature, this information could allow the user to be identified through association and processing with data held by third parties.

In addition, when interacting with social networks, you may provide your data in the social network’s registration window (“Register with…”).

Generally, all types of data processing are included in those foreseen by Art. 4, par. 1, no. 2 of EU Reg. 679/16 (e.g. collection, registration, organisation, storage, etc.). However, your data will be processed legally, correctly and transparently. Only data that is necessary and essential to achieve the specific purpose will be processed (so-called minimisation of processing and accountability under Article 5(1)(c) of the GDPR), with the accuracy and integrity of the data being guaranteed.

In particular, you acknowledge that your personal data, including special data, may be collected based on information provided by you when registering or communicating, including electronically, with the Data Controller.

Persons under 16 years of age may use the Services only with the consent of their parents or, in any case, of the holder of parental responsibility under Article 8 of the GDPR.

3) Purposes, legal basis and methods of data processing.

The main purpose of processing your data is the correct and complete provision of the services you requested.

Each type of processing is based on a presumption or legal basis under Article 6 of the GDPR.

The purposes of the processing are as follows, with the relevant legal basis in brackets:

a) provision of the requested services, management of orders, delivery of products, management of payments and communications related to such orders (execution of the contract or pre-contractual measures);

b) fulfilment of fiscal and accounting obligations, also through third parties and external managers (fulfilment of legal and statutory obligations);

c) personal communications and internal security (contract enforcement);

d) direct marketing initiatives known as “soft spam” (Art. 130(4) of the Privacy Code)

e) commercial communications from other brand companies or third parties operating in the sector; (consent)

f) customer care and satisfaction (fulfilment of contract);

Any other and future purposes will be the subject of an annexe to this informative note and possible consent.

Your data will be processed manually and electronically only if there is an appropriate legal basis.

Personal data may be processed both on paper and in computerised form (including portable devices) and in the manner strictly necessary to achieve the above purposes. The data may be processed using cloud-based IT equipment and stored in archives of the latter type.

The provision of data is obligatory insofar as it is necessary to fulfil contractual or legal obligations relating to the purposes set out in points (a), (b), (c) and (f) above. Concerning points (d) and (e), the provision of the data is optional and may be subject to revocation or opposition as described below. The Data Controller hereby informs you that failure to provide your data or inaccurate communication/updating of your data may result in the impossibility of guaranteeing the adequacy of the processing concerning the regulations in force.

4) Data communication.

Our employees may process the data in customer management, marketing, technical staff, etc. All such employees have received appropriate training and instructions on the minimum security measures required to protect your data.

To process your data, the Data Controller may also use third parties such as:

1. consultants in general, accountants and auditors or lawyers, formally appointed or legally authorised to provide functional services for the above purposes;

2. banking and insurance institutions that provide functional services for the purposes indicated above, including companies that handle payment services accepted by our site as autonomous owners;

3. parties that process data to comply with specific legal obligations;

4. judicial, police or administrative authorities for the fulfilment of legal obligations;

5. websites and third-party providers of communication networks and services;

6. websites and third-party providers of communication networks and services for the processing of communications sent by email, their contents and attachments;

7. Other companies of the Group, namely Virgilio Holding S.p.A., Prodotti Gianni S.r.l., Auriga S.r.l..

Your data may, therefore, be communicated to the subjects mentioned above, who will process it as autonomous data controllers or data processors.

You will be able to check the compliance of these service providers with current legislation on the website of each of them, also by requesting their contact details from the Data Controller in the manner described below.

5) Retention of data.

Your personal data, processed for the above purposes, will be stored under Article 13.2.a of the GDPR. The data will be archived for as long as the holder is subject to retention obligations established by law or regulation for fiscal or other purposes. Following the provisions mentioned above, your data will not be kept longer than is strictly necessary for the purposes and purposes described above.

In the event of a dispute with the Data Controller, the data will be processed until the expiry of the period of limitation of each party’s rights. Concerning marketing purposes, the data will be kept for two years unless the data subject expressly objects or withdraws consent.

6) Profiling and Dissemination of data.

Your personal data is not subject to dissemination or any fully automated decision-making process, including profiling. An exception is the case in which you connect to the site or to the pages of the social networks referable to the owner (Facebook, Twitter, etc.) in this case your data could be subject to analysis according to the forecasts and purposes indicated by the web service provider or the relevant social network. In this last case it is possible that the hosting service provider or the relevant social network uses cookies. You are therefore invited to check your privacy and security settings on your social profile settings and disable the use of these tools if you do not wish such processing. Remember that the Settings option, available in the toolbar of most browsers, includes instructions to prevent the browser from accepting cookies, receive notifications for each new cookie installed or disable unwanted ones. By continuing to use and visit the owner’s website or social profiles, you automatically consent to the processing of your data and the use of cookies according to the settings predefined by you and indicated by the hosting server or the social network used.

7) Data security.

The owner undertakes to protect his data from unauthorized access or other alterations. This involves the use of various security measures (passwords, firewalls, antivirus, backup etc) in order to protect stored data as well as continuous reviews of the methods of data collection, storage and processing.

In compliance with the provisions of this information, the owner will treat all your personal data in a strictly confidential manner, in order to preserve its integrity, confidentiality and availability (art.32 GDPR) and will take all reasonable actions in order to guarantee the safety of your data. data, once in the possession of the owner. Likewise, the owner will impose similar measures on third party suppliers.

8) Rights of the interested party.

The rights recognized to you by the GDPR include those of:

•                request access to your personal data and information relating to them; the rectification of inaccurate data or the integration of incomplete data; the deletion of personal data concerning you (upon the occurrence of one of the conditions indicated in art. 17, paragraph 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article); the limitation of the processing of your personal data (in the event of one of the hypotheses indicated in art. 18, paragraph 1 of the GDPR);

•                 request and obtain – in the cases in which the legal basis of the processing is the contract or consent, and the same is carried out by automated means – your personal data in a structured and machine-readable format, also for the purpose of communicating such data to another data controller (so-called right to portability of personal data);

•                object at any time to the processing of your personal data in the event of particular situations concerning you;

•              revoke consent at any time, limited to cases in which the processing is based on your consent for one or more specific purposes and concerns common personal data (for example date and place of birth or place of residence), or particular categories of data (for example data revealing your racial origin, your political opinions, your religious beliefs, your health or sexual life). Processing based on consent and carried out prior to its revocation, however, retains its lawfulness;

• lodge a complaint with a supervisory authority (Personal Data Protection Authority – www.garanteprivacy.it).

9) Contacts

To assert your rights, you can send a PEC or email to the owner or contact him at the following address: OLD PHARMA International S.r.l. Via M.F. Quintilian, 30 – 20138 Milan