Information Notice for business contacts on the processing of their personal data in Menarini Silicon Biosystems s.p.a. Client Relationship Management database – pursuant to arts. 13 and 14 of Regulation (EU) 2016/679 (“GDPR”)
We take the privacy of our business contacts very seriously and we commit to respect it to the highest standards of our sector. For this reason, we wish to provide up-to-date information as to how Menarini Silicon Biosystems S.p.a. (hereinafter the “Company”, or “we”) processes your personal data on its Client Relation Management (“CRM”) systems and ensures compliance with the applicable laws on personal data protection, including Regulation 2016/679/EU (the “Regulation”).
1. Who is concerned by this policy
The products and services commercialised by Menarini Silicon Biosystem s.p.a. are not aimed for purchase by individuals, but by organisations (such as research centres, laboratories, universities, hospitals, forensic service providers, authorities engaged in forensic activities, etc. –“Organisations”); therefore, our business contacts are individuals working for such organisations who have either shown a professional interest in our products and services, their functioning, and the latest developments regarding them, or who we reasonably believe may have any such interest in light of their professional position.
This policy applies to you if:
- you are based in the European Economic Area;
- you work for an Organisation and either (i) have shown a professional interest in our products/services, or (ii) are reasonably likely to have a professional interest in our products and services in light of your professional position;
- you have conferred your personal data to us or have been contacted by us in your professional capacity in relation to our products/services.
2.Data Controller and Data Protection Officer
The Data Controller is Menarini Silicon Biosystems S.p.a., with registered offices in Via G. Di Vittorio 21 b/3, 40013 Castel Maggiore (Bologna), Italy (hereinafter the “Controller”, the “Company”, or “we”), email email@example.com
The company Menarini Silicon Biosystems Inc. with registred office in 3401 Masons Mill Rd., Huntingdon Valley, PA 19006, USA acts as Joint Controller. Its role and responbility are described below.
The Data Protection Officer may be reached at the email address firstname.lastname@example.org
3. What personal data about you we collect
We collect information such as: name, surname, professional title, position and affiliation, contact details, , and broad professional area of interest (e.g. forensics, oncology). In addition, we keep records of business correspondence with you, the promotional activities performed towards you, and the purchase history of your institution.
With your consent we may also collect your email address.
4. How we retrieve and collect your data
We retrieve your personal data directly from you, on occasion of contacts we had;
1. during conferences, workshops, seminars, where you volunteered your data to us (e.g.by giving us your visiting card) or through the organisers (e.g., by agreeing to the provider disclosing your contact information to other participants), as well as in our correspondence, face-to-face, telephone, teleconferencing or videoconferencing meetings we had with you;
2. via our website (i.e. when you get in touch via the contact forms, using the email addresses displayed thereon or subscribing to our newsletters).
If you lodge an order, or ask information about our products/services, or participate in any initiative (e.g. meetings, webinars, conferences), the legal basis for the processing is the performance of a contract or pre-contractual measures (art. 6.1.(b) of the GDPR).
We promote our products and services, and keep records of our contacts with our clients based on our legitimate interest to verify the effectiveness of our promotional activities pursuant to art. 6.1.(f) and Recital 47 of the GDPR.
If such promotional activities are performed by means of an electronic newsletter or via email communications the legal basis of the processing is your consent, pursuant to art. 6.1.a of the GDPR.
Please be informed that our emails may contain “pixel tags”, which provide information about whether and when you open, delete and trash our messages, and also the IP address or email client used to view them; if the emails we have sent contain links to any online content, we may also receive information about which links you have clicked –to prevent this from happening, please check your browser, email client or email account settings and block automatic image loading. We use the information collected through Pixel Tags to assess the effectiveness of our promotional activities, pursuant to art. 6.1.f of the GDPR.
You can also unsubscribe from newsletter by using the appropriate function available directly from the email.
Furthermore, your data may also be processed – without your consent - in order to fulfil obligations stemming from laws, regulations and EU law, as well as to enforce or defend a legal right judicially, to pursue legitimate interests (e.g. to share data among Menarini Group Companies) and in all other cases prescribed by arts. 6 and 9 of the Regulation, where these are applicable.
5. What we do with your Data
We process your personal data to carry out promotional activities pertaining to our products and services and keep you up to date with new developments in this field, with the view of establishing, continuing or improving the business relations we have with the organisation you work for or you represent. This includes the provision of information on how to make the most of our products and services and use them in the most appropriate and effective way.
We do so by means of face-to-face contacts, remote contacts with “traditional” methods (e.g. phone) remote contacts with automated methods (including via email), as well as by means of webinars/conferences/training sessions in which you may participate.
Granting your consent for the purpose indicated above is optional - your refusal will not prevent us from addressing promotional services to you, although we will be unable to send you such communications via email, tailor our services to your needs and/or to provide updates on the news regarding the Companies of our Group.
6. How we process your Data
Data are processed both in paper and electronically and entered into the company system in line with the applicable laws – including the aspects pertaining to data security and confidentiality - and according to the principles of fair and lawful processing. Your Data shall be stored only as long as strictly necessary to fulfil the goals for which they were collected; in any case, the criterion used to determine the length of the storage period takes into due account the need to comply with any relevant legal requirement, the principle of data minimisation and the need to rationally manage the Company’s records. We may store your data even after the end of our activities towards you, but only for as long as necessary to fulfil contractual and legal obligations as well as to fulfil the purposes listed above. We update and maintain our databases so as to ensure your Data are always correct and accurate.
7. How we can share your Data and who may access it
Data may be processed by staff belonging to the following categories: administrative staff, our field forces, our product managers, our technicians, IT staff, internal audit and compliance staff. Data may also be processed by all those other members of staff who may need to do so by reason of their job duties. In addition, pursuant to arts. 6 and 9, Recitals 48 and 52 of the Regulation, Data may be communicated also to other companies of the Menarini Group, including those located in non-EU Countries (“Third Countries”) for organisational, administrative, financial and accounting necessities (Recital 48 and art 6.1.f of the GDPR). Based on the legal and regulatory provisions to which we are bound, we may communicate your Data to national and local Health Authorities, other health centres and universities, other public authorities, association bodies as well as other recipients to whom your Data shall be disclosed pursuant to laws or regulations. In addition, in relation to the above obligations and purposes, data may be communicated to other companies, such as suppliers, sub-suppliers, IT, database and “Cloud Computing” service providers, agencies and event organisation entities, professional service providers and companies that perform tax/administrative tasks on our behalf, even in Third Countries. Such entities/individuals will act, as the case may be, as data controllers or data processors, for the same purposes listed above and in line with the applicable law. As far as Data transfers to Third Countries are concerned –including transfers to countries which may not guarantee the same protection standards as the applicable privacy laws, we inform you that Data processing will take place only in accordance with the provisions set forth by the laws in force, such as, for example, your consent, the adoption of Model Contract Clauses approved by the EU Commission, the selection of commercial partners enrolled in programs for the international free movement of data (e.g. the EU-USA Privacy Shield) or operating in Countries considered safe by the EU Commission.
The database where your information is processed might be used also by Menarini Silicon Biosystem Inc. for the same purposes as those set out in this document.
8. Your Rights to Access and Control your Data
You may at any time contact us at our postal address or send an email to the Menarini Group’s DPO (email@example.com) in order to exercise the rights afforded by arts. 15-22 of the Regulation, including: knowing whether or not any Data referring to you is being processed by us; access your Data; verify the Data’s content, origin, exactness, location (including, where applicable, the Third Countries where the data might be); obtain a copy of the Data; ask that the Data are supplemented, updated, amended; in the circumstances set forth by the law, ask that the processing of Data is restricted, that Data are deleted, anonymised, frozen; oppose to profiling operations and direct contact activities (including restricting contact methods to specific communication media), oppose to the processing of Data for legitimate reasons. Likewise, you may at any time withdraw consent (although this will not impair the lawfulness of the processing operations performed before your consent’s withdrawal) and/or notify any observations you may have on our use of your Data which you consider inappropriate and/or lodge a complaint with your country’s Data Protection Authority or with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
The Joint Controller in charge of ensuring the rights of data subjects, the security measures and the relations with the Authorites is Menarini Silicon Biosystem s.p.a