Privacy notice “Angelini iD International” Reserved Area

Last Update 02 July 2021

The company Angelini Pharma S.p.A. (hereinafter "Angelini" or "Controller"), pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation, hereinafter referred to as the “GDPR”) and Legislative Decree 196/2003 (Privacy Code), provides You with the following information on the processing of your personal data, in your capacity as registered user of the “Angelini iD International” reserved area (hereinafter the “Reserved Area”).

  1. Identity and contact details of the Controller and Data Protection Officer (DPO)
    The Controller is Angelini Pharma S.p.A., with registered office at Viale Amelia n. 70, 00181 – Rome, Italy, email: privacy.italia@angelinipharma.com.
    The Controller has appointed a Data Protection Officer (DPO), who can be contacted directly at the following addresses: Data Protection Officer - DPO c/o Angelini Pharma S.p.A., Viale Amelia n. 70, 00181 – Rome, Italy, email: dpo.italia@angelinipharma.com.
  2. Purposes and legal basis of the processing
    Your personal data will be processed, in compliance with the law in force, in a fair, lawful and transparent manner for the purposes set out below and according to the following prerequisites of lawfulness (legal bases of the processing).
Purpose of the processing Legal basis of the processing
a) Proper and comprehensive management of your registration with the Reserved Area and your use of the contents and services reserved to registered users (for example workshops and webinars) including related communications [registration with the reserved area and use of the related contents and services]. Processing of your personal data for this purpose is necessary to the execution of a contract or to the execution of precontractual measures (reference is made to the conditions of the contract regulating registration with the Reserved Area and use of the related contents and services) (Art. 6.1.b of the GDPR).
b) Proper and comprehensive management of your request (for example, a request for information or assistance) [management of your requests]. The processing of your personal data for this purpose is necessary for the execution of a contract or the execution of pre-contractual measures (herein intended as a "legal relationship" established between You and the Controller following a possible request from you) (art. 6.1.b, GDPR).
c) Proper and comprehensive management of pharmacovigilance reports [pharmacovigilance]. The processing of your personal data for this purpose is a legal obligation (art. 6.1.c, GDPR).
d) Compliance with legal obligations. In certain circumstances, legislation obliges us to use your personal data (for example to inform you of a potential security breach involving your data and the measures we have taken to address the situation) [compliance with legal obligations]. The processing of your personal data for this purpose is a legal obligation (art. 6.1.c, GDPR).
  1. Categories of data processed
    The Controller will process the following categories of personal data concerning You:
    • your personal data necessary for your correct identification, to verify that you meet the subjective requirements necessary and to use the contents and services reserved to registered users including related communications (in particular name and surname, email, telephone, profession, country, status (i.e. whether or not You have ceased professional activities), OneKey ID (i.e. identification code used by the database of IQVIA Commercial GmbH & Co. KG and affiliates, see paragraph 4 below)) (for the purpose pursuant to paragraph 2, letter a);
    • all and any personal data you may have “uploaded” or communicated to the Reserved Area (for example any videos/images you may have “uploaded” to the platform in order to take part in teaching activities, any personal data you may have disclosed to other registered users) (for the purpose pursuant to paragraph 2, letter a);
    • in the event that you should submit communications or requests to Angelini, your personal data necessary to the correct management of your communication or request (in particular, name and surname, postal address, e-mail address and telephone number) and any other personal data you may include in your message or in any materials you send to us (for the purpose pursuant to paragraph 2, letter b);
    • all data necessary for the fulfillment of legal obligations (for the purposes pursuant to paragraph 2, letter c and d) such as, for example, your contact data for communications required by the law or the authority.
  2. Source of data
    Your personal data will be obtained by the Controller:
    • directly from You and your interaction with us;
    • from another company belonging to the business group of which Angelini is the parent company (“Angelini Pharma Group”);
    • from private databases of third parties, in particular, of the company IQVIA Commercial GmbH & Co. KG and its affiliates (whose privacy notice can be consulted on the following web page https://www.iqvia.com/about-us/privacy/privacy-policy).
  3. Nature of the provision
    The provision of your personal data for the registration with the reserved area and use of the related contents and services (purpose referred to in paragraph 2, letter a) is a contractual obligation: failure to provide such would make it impossible for You to register with the reserved area and use the contents and services reserved to registered users.
    The provision of your personal data for the management of your requests (purpose referred to in paragraph 2, letter b) is a necessary requirement for the Controller to be able to respond to your request: failure to provide them would make it impossible for You to see your request fulfilled (in particular, to receive a response to a request You make for information or assistance).
    The provision of your personal data for pharmacovigilance (purpose referred to in paragraph 2, letter c) and for the compliance with legal obligations (purpose referred to in paragraph 2, letter d) is mandatory insofar as it derives from legal provisions.
  4. Nature of the provision
    The provision of your personal data for the registration with the reserved area and use of the related contents and services (purpose referred to in paragraph 2, letter a) is a contractual obligation: failure to provide such would make it impossible for You to register with the reserved area and use the contents and services reserved to registered users.
    The provision of your personal data for the management of your requests (purpose referred to in paragraph 2, letter b) is a necessary requirement for the Controller to be able to respond to your request: failure to provide them would make it impossible for You to see your request fulfilled (in particular, to receive a response to a request You make for information or assistance).
    The provision of your personal data for pharmacovigilance (purpose referred to in paragraph 2, letter c) and for the compliance with legal obligations (purpose referred to in paragraph 2, letter d) is mandatory insofar as it derives from legal provisions.
  5. Processing methods
    Data processing is carried out using both automated and non-automated tools, with logic strictly related to the purposes of the processing and, in any case, with methods and procedures able to ensure the security and confidentiality of the data.
  6. Categories of recipients of personal data
    For the purposes indicated above (paragraph 2), your personal data may be communicated:
    • to persons authorized by the Controller to carry out personal data processing operations (employees or collaborators of the Controller);
    • to the Processors appointed by the Controller (for all purposes: providers of computer, technological and telematic services, including data storage and management, technical security measures and technological infrastructure);
    • to other data controllers (for the management of your requests: couriers and dispatch companies; for pharmacovigilance: national and European medical and pharmaceutical agencies, other pharmaceutical companies, including companies of the Angelini Pharma Group, tied to the Controller by license contracts and distribution agreements for pharmaceutical products or in the case of transfer of marketing authorizations for the pharmaceutical product; for the compliance with legal obligations: public authorities).
    Your data may also be transmitted in accordance with the law to tax authorities, police forces and judicial and administrative authorities, for the assessment and prosecution of crimes, prevention and protection from threats to public security, to allow the Controller to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.
  7. Data retention period
    We store your personal data for a limited period of time, different depending on the purpose of processing. After this period, your data will be permanently deleted or in any case made anonymous in an irreversible way.
    Your personal data will be stored in compliance with the terms and criteria specified below:
    • for the registration with the reserved area and use of the related contents and services (purpose referred to in paragraph 2, letter a), if a registered user, until (i) deletion of your account, which you may request at any time by contacting the Controller or until (ii) loss, by yourself, of the subjective requirements needed to use the service (Reserved Area) and, in any case, until (iii) deletion of the Reserved Area (including its contents and services);
    • for the management of your requests (purpose referred to in paragraph 2, letter b) for a maximum period of 6 (six) months from the proper and comprehensive management of your request;
    • for pharmacovigilance (purpose referred to in paragraph 2, letter c) as long as the medical product is authorised and for at least 10 (ten) years after the marketing authorisation has expired;
    • for the compliance with legal obligations (purpose referred to in paragraph 2, letter d) for a maximum period of 10 (ten) years from when the calendar year ends during which the Controller has complied with the legal obligation, in order to document and be able to show correct compliance with the law (for example having correctly informed you of any security breaches that may have involved your data and the measures we took to address such situations).
    For technical reasons, the cessation of the processing and the consequent cancellation or anonymization of your personal data will take place within 30 (thirty) days from the terms indicated above.
    This is without prejudice to cases in which storage for a later period is required for any litigation, requests by the competent authorities or in accordance with applicable legislation.
  8. Transfer of personal data outside the EU/EEA
    Your personal data may be transferred in countries outside the European Union (EU) or the European Economic Area (EEA) that nevertheless offer an adequate level of data protection, as established by specific decisions of the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
    The transfer of your personal data to countries that do not belong to the European Union and that do not ensure adequate levels of protection will be performed only after conclusion between the Controller and the recipient of the data of specific agreements, containing safeguard clauses and appropriate safeguards for the protection of your personal data which are so-called "standard model clauses", also approved by the European Commission, or if the transfer is necessary for the conclusion and execution of an agreement between You and the Controller or for the management of your requests.
  9. Data subject rights
    The data subject, i.e. You, may exercise, in relation to the processing of the data described herein, the rights provided for by the applicable legislation on the protection of personal data, including the right to:
    • have confirmation as to whether or not personal data concerning You are being processed and, if so, to obtain access to the data and related information (in particular, the purposes of the processing; categories of personal data processed; recipients or categories of recipients to whom the data have been or will be communicated; the period of retention of the data or the criterion for determining it; the existence of the rights to rectify or delete the data or to limit or oppose the processing; the right to lodge a complaint with a supervisory authority; the origin of the data; the possible existence of an automated decision-making process, including profiling and, in such cases, significant information on the logic used and the importance and expected consequences of such processing for the data subject; the appropriate safeguards in case of transfer of personal data outside the EU/EEA), as well as a copy of such personal data provided that this does not harm the rights and freedoms of others (right of access);
    • obtain the rectification of your personal data, i.e. to obtain the correction, modification or updating of any inaccurate or no longer correct data, and to obtain the integration of incomplete personal data, including by providing a supplementary statement (right to rectification);
    • request the deletion of your personal data when, in particular, (i) they are no longer necessary with respect to the purposes for which they were collected or processed, or (ii) they have been processed unlawfully, or (iii) they must be deleted in order to comply with a legal obligation (right to be forgotten). Deletion may not be carried out if, in particular, the processing is necessary for the fulfilment of a legal obligation or for reasons of public interest or for the ascertainment, exercise or defense of a right in court;
    • obtain the restriction of the processing of your personal data, i.e. that the Controller retains such data without being able to use them. This right can be exercised only when, in particular, (i) You contest the accuracy of your personal data, for the period necessary for the Controller to verify the accuracy of such data, or (ii) the processing of the data is unlawful and You request the restriction of their use, rather than their deletion, or (iii) although the Controller no longer needs them for the purposes of processing, the personal data are necessary for You to ascertain, exercise or defend a right in court (right to restriction);
    • obtain from the Controller your personal data processed on the basis of a contract, in a standard format, as well as that they are transferred, where technically possible, directly to a third party indicated by You (right to data portability).
    To exercise these rights you can contact the Data Controller at any time, writing to Angelini Pharma S.p.A., viale Amelia n. 70, 00181 - Rome (Rome), Italy or at the email address privacy.italia@angelinipharma.com or by writing to the Data Protection Officer (DPO) c/o Angelini S.p.A., viale Amelia n. 70, 00181 - Rome (Rome), Italy, or to the email address dpo.italia@angelinipharma.com.
  10. Complaint
    If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the data protection authority (in Italy, the Garante per la protezione dei dati personali, for more information www.garanteprivacy.it).
    The complaint can also be made to a data protection authority other than that of Italy, if said data protection authority is that of the EU Member State in which you have your habitual place of residence or of the place where the alleged breach took place.
  11. Changes to this notice
    The constant evolution of our activities could lead to changes in the characteristics of the processing of your personal data described above. As a result, this privacy notice may be subject to changes and additions over time, which may also be necessary with regard to new legislation on the personal data protection.
    In the event of significant changes to this notice, we will notify You accordingly.