PRIVACY POLICY

Privacy Policy

1. Data controller
Aesculapius Farmaceutici S.r.l. with registered office at via Cefalonia, 70 – 25124 Brescia – Italy – VAT no. 02845800172 – tax code 00826170334 referred to hereinafter as “Data Controller”, guarantees compliance with personal data protection legislation by providing the following information concerning the processing of personal data contributed or otherwise collected during browsing of this site pursuant to art. 13, Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) as amended.

2. Data processed, purposes and legal bases of processing
2.1. Data generated by access to the site
During their normal operation, the IT systems and software procedures that operate this site automatically acquire some information, the transmission of which is implicit in the use of Internet communications protocols.
The following information may be collected:

  • domain names;
  • internet protocol (IP) address;
  • operating system used;
  • type of browser and parameters of the device used to connect to the site;
  • name of Internet Service Provider (ISP);
  • date and time of visit;
  • visitor’s web page of referral and exit;
  • number of clicks.

The aforesaid data are processed in automated form and collected only in aggregate form, in order to verify correct operation of the site and for security reasons.
The legal basis which justifies the processing is the legitimate interest of the Data Controller.

2.2. Data recorded for security purposes
For security purposes (antispam filters, firewall, virus detection), the automatically recorded data may also include personal data such as the IP address, which might be used, in accordance with the relevant law, to block attempts to damage the site or to harm other users, or any other harmful or criminal activities. These data are never used to identify or profile the user; they are only used to protect the site and its users.
The legal basis which justifies the processing is the legitimate interest of the Data Controller.

2.3. Data supplied voluntarily by the user
Users are not required to contribute any personal data in order to consult the site. However, the optional, explicit, voluntary dispatch of email to the addresses provided on this site, and the typing of the user’s data in the “Contacts” section, will imply the acquisition of the sender’s address and the user’s data entered, necessary in order to reply to the requests sent. When requesting services or submitting enquiries, users are advised not to specify their own personal data or the names or other personal data of third parties unless strictly necessary.
The personal data contributed by the user by means of the form are collected and processed for the following purposes:

  1. for activities relating to the customer in accordance with contractual agreements and/or pre-contractual negotiations;
  2. for administrative purposes;
  3. to fulfil any requests from the judicial authority;
  4. in case of the submission of CVs, only for recruitment purposes.

The legal basis which justifies the processing is the fulfilment of a contract to which the data subject is a party, the performance of pre-contractual measures adopted on their request, or a legal obligation. In the cases where specifically stated, the legal basis is the consent provided voluntarily by the data subject.

3. Nature of contribution of data
Apart from as specified for browsing data, the contribution of data for the purposes referred to in point 2.3 subsections a), b), c) and d) is optional, but any refusal will make it impossible for the Data Controller to fulfil any pre-contractual or contractual obligations undertaken.

4. Data processing locations and procedures and storage period
The data collected are processed at the registered office of the Data Controller.
The data collected will be processed using electronic or other automated, IT and telematic tools, or by manual processing, with logics strictly correlated to the purposes for which the personal data were collected, and in all cases in a manner which ensures their security.
Data are stored for the time strictly necessary for dealing with the purposes for which they are processed (“principle of storage limitation”, art.5, Regulation (EU) 2016/679), or in accordance with the expiry dates set by the relevant legislation and legal obligations.
In all cases, the Data Controller enforces rules which prevent the permanent storage of data, and thus restricts the storage time in accordance with the principle of the minimisation of data processing.

5. Authorised processing entities, data processors and data disclosure
The data collected are processed by the Data Controller’s internal staff designated and authorised to process them in accordance with specific instructions provided in compliance with current law.
Within the limits relating to the stated processing purposes, and if necessary or useful for the pursuance of the said purposes, the data collected may be processed by third parties designated as external Data Processes or, depending on circumstances, disclosed to them as independent data processors, as follows:

  • people, companies, associations or professional firms providing assistance and advice to our Company, for the purposes referred to in point 2.3, subsection b);
  • companies, organisations, and associations which perform services related to and useful for the pursuance of the aforesaid purposes (such as IT system maintenance).

The data collected may be provided in response to a legitimate request from the Judicial Authority, only in the cases envisaged by the law.
Your data will not be disseminated in any circumstances and for any reason.
The Data Processors and Persons in Charge of Processing are specified in the Privacy Policy, which is regularly updated.

6. Transfer of data to non-EU states
The data collected may also be transferred abroad, including to states outside the European Union, in the forms and by the procedures envisaged by the relevant legislation, ensuring a suitable level of protection in all cases.
This site may share some of the data collected with services located outside the European Union. More specifically with the Google Analytics service. The transfer is authorised by specific decisions of the European Union and the Italian personal data protection authority, in particular decision 1250/2016 (Privacy Shield – see as Italian data protection authority information page), so no further consent is required. The aforesaid company (Google) guarantees that it is a member of the Privacy Shield scheme.

7. Rights of the data subject
The data subject is entitled, at all times, to ask the Data Controller which data are held, to request their rectification or erasure or the restriction of the processing, to object to the processing, to request the portability of the data, and to withdraw consent to the processing, and to exercise these and the other rights envisaged by Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) by sending an email to info@aesculapius.it.
The data subject may also lodge a complaint with a supervisory authority.

Last update: 15/04/2019