Information Notice for business contacts on the processing of their personal data in Menarini Silicon Biosystems s.p.a. Client Relationship Management database – pursuant to arts. 13 and 14 of Regulation (EU) 2016/679 (“GDPR”)
We take the privacy of our business contacts very seriously and we commit to respect it to the highest standards of our sector. For this reason, we wish to provide up-to-date information as to how Menarini Silicon Biosystems S.p.a. (hereinafter the “Company”, or “we”) processes your personal data on its Client Relation Management (“CRM”) systems and ensures compliance with the applicable laws on personal data protection, including Regulation 2016/679/EU (the “Regulation”).
The products and services commercialised by Menarini Silicon Biosystem s.p.a. are not aimed for purchase by individuals, but by organisations (such as research centres, laboratories, universities, hospitals, forensic service providers, authorities engaged in forensic activities, etc. –“Organisations”); therefore, our business contacts are individuals working for such organisations who have either shown a professional interest in our products and services, their functioning, and the latest developments regarding them, or who we reasonably believe may have any such interest in light of their professional position.
This policy applies to you if
- you work for an Organisation and either (i) have shown a professional interest in our products/services, or (ii) are reasonably likely to have a professional interest in our products and services in light of your professional position;
- you have conferred your personal data to us or have been contacted by us in your professional capacity in relation to our products/services.
The Data Controller is Menarini Silicon Biosystems S.p.a., with registered offices in Via G. Di Vittorio 21 b/3, 40013 Castel Maggiore (Bologna), Italy (hereinafter the “Controller”, the “Company”, or “we”), email email@example.com
The Data Protection Officer may be reached at the email address firstname.lastname@example.org
We collect information such as: name, surname, professional title, position and affiliation, contact details, including an email address used for professional purposes, and broad professional area of interest (e.g. forensics, oncology). In addition, we keep records of business correspondence with you, the promotional activities performed towards you, and the purchase history of your institution.
We retrieve your personal data:
A. directly from you, on occasion of contacts we had;
B. from buy-in lists which we may purchase from specialised service providers.
If you lodge an order, or ask information about our products/services, or participate in any initiative (e.g. meetings, webinars, conferences), the legal basis for the processing is the performance of a contract or pre-contractual measures (art. 6.1.(b) of the GDPR).
In all other cases, the legal basis of the processing is our legitimate interest to promote our products and services, to verify the effectiveness of our promotional activities and to keep records of our contacts with our clients, pursuant to art. 6.1.(f) and Recital 47 of the GDPR. Your consent is not needed, but you may object to the processing by sending us an email at email@example.com
Please be informed that our emails may contain “pixel tags”, which provide information about whether and when you open, delete and trash our messages, and also the IP address or email client used to view them; if the emails we have sent contain links to any online content, we may also receive information about which links you have clicked –to prevent this from happening, please check your browser, email client or email account settings and block automatic image loading. We use the information collected through Pixel Tags to assess the effectiveness of our promotional activities, pursuant to art. 6.1.f of the GDPR. You can also unsubscribe from newsletter by using the appropriate function available directly from the email.
Furthermore, your data may also be processed –again, without your consent- in order to fulfil obligations stemming from laws, regulations and EU law, as well as to enforce or defend a legal right judicially, to pursue legitimate interests (e.g. to share data among Menarini Group Companies) and in all other cases prescribed by arts. 6 and 9 of the Regulation, where these are applicable.
We process your personal data to carry out promotional activities pertaining to our products and services and keep you up to date with new developments in this field, with the view of establishing, continuing or improving the business relations we have with the organisation you work for or you represent. This includes the provision of information on how to make the most of our products and services and use them in the most appropriate and effective way.
We do so by means of face-to-face contacts, remote contacts with “traditional” methods (e.g. phone) remote contacts with automated methods (including via email), as well as by means of webinars/conferences/training sessions in which you may participate.
Data are processed both in paper and electronically and entered into the company system in line with the applicable laws –including the aspects pertaining to data security and confidentiality- and according to the principles of fair and lawful processing. Your Data shall be stored only as long as strictly necessary to fulfil the goals for which they were collected; in any case, the criterion used to determine the length of the storage period takes into due account the need to comply with any relevant legal requirement, the principle of data minimisation and the need to rationally manage the Company’s records. We may store your data even after the end of our activities towards you, but only for as long as necessary to fulfil contractual and legal obligations as well as to fulfil the purposes listed above. We update and maintain our databases so as to ensure your Data are always correct and accurate.
Data may be processed by staff belonging to the following categories: administrative staff, our field forces, our product managers, our technicians, IT staff, internal audit and compliance staff. Data may also be processed by all those other members of staff who may need to do so by reason of their job duties. In addition, pursuant to arts. 6 and 9, Recitals 48 and 52 of the Regulation, Data may be communicated also to other companies of the Menarini Group, including those located in non-EU Countries (“Third Countries”) for organisational, administrative, financial and accounting necessities (Recital 48 and art 6.1.f of the GDPR). Based on the legal and regulatory provisions to which we are bound, we may communicate your Data to to national and local Health Authorities, other health centres and universities, other public authorities, association bodies as well as other recipients to whom your Data shall be disclosed pursuant to laws or regulations. In addition, in relation to the above obligations and purposes, data may be communicated to other companies, such as suppliers, sub-suppliers, IT, database and “Cloud Computing” service providers, agencies and event organisation entities, professional service providers and companies that perform tax/administrative tasks on our behalf, even in Third Countries. Such entities/individuals will act, as the case may be, as data controllers or data processors, for the same purposes listed above and in line with the applicable law. As far as Data transfers to Third Countries are concerned –including transfers to countries which may not guarantee the same protection standards as the applicable privacy laws, we inform you that Data processing will take place only in accordance with the provisions set forth by the laws in force, such as, for example, your consent, the adoption of Model Contract Clauses approved by the EU Commission, the selection of commercial partners enrolled in programs for the international free movement of data (e.g. the EU-USA Privacy Shield) or operating in Countries considered safe by the EU Commission.