Privacy Policy

Privacy Policy and Personal Data Protection

As per Art. 13, EU Regulation 2016/679

In compliance with the provisions of art.13 of EU Regulation 2016/679, Bormioli Pharma Spa, in quality of Data Controller for Personal Data, in person of the pro-tempore legal representant, informs about the purposes and methods of processing collected personal data, their field of communication and diffusion, as well as the nature of their conferment.

1.Purpose and type of data processed

IP addresses or domain names from the computers used by users connecting to the website, the URI (Uniform Resource Identifier) notation addresses from requested resources, the time of requests, the method used to submit requests to the server, the size of the file obtained as answer, the numerical code indicating the status of the answer given by the server (operation completed, error, etc.), other parameters related to operating systems or the user’s informatics environment, the information related to the user’s behavior on the website, the pages searched and visited, to the purpose of offering specific ads to the user and the related data on his browsing behavior on the website using e.g. cookies. Treating personal data that can, directly or indirectly, identify the user’s identity, we take every possible step to respect the principle of strict necessity. For this reason, we have configured the website in a way which the use of personal data is reduced to the minimum, to decrease the treatment of personal data that will only make possible to identify you in case of necessity or if demanded by the Police or other Government authority (in that case, for example, the data related to your stay on the website or the volume of data exchanged with the server, or your IP address), or to assess your responsibility toward hypothetical cases of crimes or felonies towards the website.

b. Personal data submitted on a voluntary base, such as navigational data, could be treated for the following purposes:
1) To fulfill legal obligations to which Bormioli Pharma Spa is subjected to.
2) To verify, exercise and defend rights in Court (e.g. In case of abuses in the usage of the website) or any time jurisdictional authorities exercise their functions;
3) to ensure the correct functioning of the website, measure traffic, and evaluate usability and interest, all while keeping in mind what is in the “COOKIE POLICY”.

c. In some website sections, some personal data will be requested. The gathered data, matter of the treatment, is going to be used to answer to your requests and questions. In particular, to respond to any information request about the products and services of Bormioli Pharma Spa, including the request for quotations. 

2.Data safety and Procedures

Your personal data will be treated with autonomous tools in full respect of the principle of necessity and proportionality, avoiding any personal data treatment whenever the operations might be performed with anonymous data or other procedures. We have adopted special safety measures to prevent the loss of personal data, unlawful or wrong usage and unauthorized access, but please keep in mind that is essential for the safety of your data that your device is equipped with tools such as up-to-date antivirus software, and that your Internet provider guarantees a safe data transmission through firewalls, anti-spam filters and other similar precautions.

3.Communication and Diffusion

Personal data could be shared with a third party to perform functional activities for the structure, such as maintenance and website management, or more generally to all third party personnel (service and digital infrastructure providers, or similar) who are involved in the management and supervision of said website, and duly nominated as Data controllers and responsible for said data treatment. That should be the case, the use by Third Parties is going to happen in full respect of the principle of fairness and lawfulness.

Said data could be communicated:
– To competent Authorities in the exercise of obligations of which the Data Controller is held to;
– To companies belonging to the group which the Data Controller works for, to comply and fulfill internal administration duties;
– To control Authorities, Law Enforcement or Judicial Authorities, and in general, to all those individuals authorized to access them by the law.

It is not contemplated the transfer of data to non-EU Countries. Should that happen, the interested user will be notified as per art.13, paragraph 1, letter f) of EU Regulation 3026/679, accordingly with what requested in said Regulation.

Data is not going to be subject to diffusion.

4.Rights of the interested party

As per artt. 15, 16, 17, 18, 20, 21 e 22 of EU Regulation 2016/679

We inform you that as an interested party, in addition to the right of filing a complaint with a Surveillance Authority, your rights are those listed below too, that you will be able to enforce through filing a request to the Data Controller as indicated in part 1.

Art. 15 – Access right

Art. 16 – Rectification Right

Art. 17 – Right to Deletion (Right to be Forgotten)

Art. 18 – Right to Limit the Data Treatment

Art. 19 – Obligation to Notify in case of Rectification or Deletion of Personal Data
or in case of limitation of the Data Treatment

Art. 20 – Right to Data Portability

Art. 21 – Opposition Right

Art. 22 – Right not to be subjected to an automated decision-making process, including profilation

To exercise your rights as per artt.15 and following EU Regulation 2016/679, you are requested to write to Bormioli Pharma Spa, Corso Magenta, 84 – 20123 Milano (MI), to the attention of the Data Controller for Personal Data.

5.Data Controller and External Designated Data Controllers

Main Data Controller is Bormioli Pharma Spa, Corso Magenta, 84 – 20123 Milano (MI).

The updated list of the External Designated Data Controllers will be accessible through written request to the Main Data Controller.

6.Storage Terms

Data will be stored for the whole duration of the website browsing session and for all the needed time to perform the above-mentioned activities in full respect of the law. After the expiration of the terms, every personal data will be destroyed, deleted, or made anonymous (where not collected already in anonymous form).

Data will be stored for all the needed time to perform the activities mentioned at 1.b, and for eventual present or future collaborations, yet no longer than 1 year since the first interview.

7.Nature of the provision and consequences of the refusal to respond

The provision of your data, object of the treatment, is optional.

The provision of Data to the ends of this Information note is however necessary to basically enhance the specific functions and to benefit from the services offered by the Data Controller, for example to receive an answer to an information request.

Missed provision of personal data, could mean the impossibility to take advantage of the service or the answer to a forwarded question.

8.Legal Basis

– a legal obligation to which the Data Controller is subjected to [art.6, par. 1, lett. C) GDPR] in relation to the ends as per lett.c.1);
– the Data Controller’s or Third Party pursue of legitimate interest, under the condition that rights, interests, and fundamental liberties of the interested subject that requires data protection do not prevail on said legitimate interest [art. 6, par. 1, lett. f) GDPR] in relation to the ends as per lett. a) e lett. c 2) e 3);
– the execution of the contract that sees you as party or in case it is deemed necessary to the execution of precontractual measures adopted under your request [art. 6, par. 1, lett. b) GDPR] in relation to the ends as per lett. d);

the treatment of your personal data eventually falls under the hypothesis included in art. 7 EU Regulation 2016/679, you will be asked every time, as per current legislation, explicit consent to each type of treatment your data will be subject to.