Privacy Information Notice – Relife Menarini Group

PRIVACY INFORMATION NOTICE

PRIVACY INFORMATION
NOTICE

Menarini Pharmaceuticals Ireland Ltd. wishes to inform you that the processing of your personal data, performed by way of the website (“Website”) or collected by way of this contact form (“Form”) takes place in compliance with the applicable data protection law (Regulation (EU) 2016/679 – hereinafter referred to as “GDPR”) and the Website’s Privacy Policy.

Data Controller and DPO

Data Controller is A. Menarini Pharmaceuticals Ireland Ltd. with registered offices in Castlecourt, Monkstown Farm, Monkstown, Glenageary, Co. Dublin, Ireland, email: ireland@menarini.ie (“Controller”).

The Data Protection Officer (“DPO”) can be contacted at: dpo@menarini.com

The data we process

With your consent, we process the following ordinary and sensitive personal data which you provide when you interact with the Website and use the related services and functions. These data include, in particular name and surname, contact details, areas of interest and content of your specific requests or reports and the additional data which the Controller may acquire, also from third parties, in the course of business (“Data”).

In order to enable us to fulfil the requests you send by means of the contact form and/or manage adverse event notification it is necessary to consent to the processing of the data marked with an asterisk (*). Without those mandatory data or the consent we cannot proceed any further. Conversely, the information requested in fields not marked with an asterisk is optional: failure to provide them shall have no consequence.

In any event, even without your prior consent, the Controller may process your data to comply with legal obligations stemming from laws, regulations and EU Law, to exercise rights in legal proceedings, to pursue its own legitimate interests and in all cases provided by Articles 6 and 9 of the GDPR, where applicable.

Processing shall take place both using computers and on paper, and shall always entail the implementation of the security measures provided by current law.

Why and how we process your data

The Data are processed for the following purposes:

(i) to handle your requests for information submitted through the Website and the Form; the legal basis for the processing of personal data for this purpose is your consent (Articles 6.1.a and 9.2.a of the GDPR);

(ii) to manage adverse event reports submitted through the Website or the Forms; the legal basis for processing for these purposes are your consent (Articles 6.1.a and 9.2.a of the GDPR), as well as the pursuit of a public interest in the healthcare sector (Article 9.2.i of the GDPR).

By ticking the appropriate boxes you agree to processing for these purposes.

Your data may in any case be processed, even without your consent, for the purpose of complying with laws, regulations, EU Law (art 6.1.(c) of the GDPR, to perform statistics on the Website’s usage and ensure its proper functioning (art. 6.1.(f) of the Regulation), to enforce the Code of Conduct of the Menarini Group and to establish or defend the legal claims in the interest of the Company.

The personal data are entered into the Company computer system in full compliance with data protection law, including security and confidentiality profiles and based on principles of correct practice, lawfulness and transparency in processing.

Data shall be stored for as long as strictly necessary for the attainment of the purposes for which they were collected. In any event the criterion used to determine that period is based on compliance with the time limits set by law and with the principles of data minimisation, storage limitation and rational management of archives.

All your data will be processed on paper or by means of automated instruments, which in any case ensure an appropriate level of security and confidentiality.

Persons who have access to the Data

The Data are processed electronically and manually according to procedures and logics relating to the abovementioned purposes and are accessible by the Controller’s staff authorised to process personal Data and their supervisors, and in particular to staff belonging to the following categories: technical, IT and administrative staff, product managers, vigilance staff, as well as other individuals who need to process the data to perform their job duties. The Data may be communicated, also in countries outside the European Union (“Third Countries ”) to: (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, independent consultants –individually or in partnerships- and other third parties and providers which supply to the Controller commercial, professional or technical services required to operate the Website (e.g., provision of IT and Cloud Computing services), in order to pursue the purposes specified above and to support the Company with the provision of the services you requested; (iii) third parties in the event of mergers, acquisitions, transfers of business -or branches thereof-, audits or other extraordinary operations; (iv) the Supervisory Board, based at the Controller’s address, in the pursuit of its supervisory activities and for the enforcement of the Menarini Group Code of Conduct, pursuant to Article 6.1.f and Recital 48 of the GDPR.

The mentioned recipients shall only receive the Data necessary for their respective functions and shall duly undertake to process them only for the purposes indicated above and in compliance with data protection laws. The Data can furthermore be communicated to the other legitimate recipients identified from time to time by the applicable laws. With the exception of the foregoing, the Data shall not be shared with third parties, whether legal or natural persons, who do not perform any function of a commercial, professional or technical nature for the Controller and shall not be disseminated. The individuals who receive the data shall process them, as the case may be, in the capacity as Controller, Processor or person authorised to process personal data, for the purposes indicated above and in compliance with data protection law.

Regarding any transfer of Data outside the EU, including in countries whose laws do not guarantee the same level of protection to personal data privacy as that afforded by EU Law, the Controller informs that the transfer shall in any event take place in accordance with the methods permitted by the GDPR, such as, for example, on the basis of the user’s consent, on the basis of the Standard Contractual Clauses approved by the European Commission, by selecting parties enrolled in international programmes for free movement of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission.

Your Rights

By contacting the Controller at the addresses indicated above you can, at any time, exercise the rights pursuant to Articles 15-22 of the GDPR such as, for example, obtaining an updated list of the individuals who can access your data, obtain confirmation of the existence or otherwise of personal data which relates to you, verify their content, origin, correctness, location (also with reference to any Third Countries ), request a copy, request their rectification and, in the cases provided by the GDPR, request the restriction of their processing, their erasure, oppose to direct contact activities (including limited to some mediums of communication). Likewise, you can always report observations on specific uses of the data regarding particular personal situations deemed incorrect or unjustified by the existing relationship to the DPO or submit complaints to the Data Protection Authority. You may withdraw your consent at any time - however that shall not impair the lawfulness of the processing carried out before consent withdrawal.

The Company A. Menarini Pharmaceuticals Ireland Ltd. (“Company”, or “we”) takes its users’ privacy very seriously and undertakes to comply in full with the applicable law (Regulation (EU) 2016/679 – hereinafter defined as the “GDPR”).

This document (“Privacy Policy”) provides information on how the personal data collected by the Company through this website (“Website”) are processed, and constitutes “an information notice to the data subjects” under the terms of art. 13 of the GDPR. Specific privacy information notices are normally published in the Website sections in which users’ personal data are collected; in any event these are supplemented by this Privacy Policy.

Our site is intended for healthcare professionals, patients and the public. It is directed at an adult audience and should not be used by children under the age of 18. We do not knowingly collect information from or about children under the age of 18.

Data Controller and DPO

The Data Controller is A. Menarini Pharmaceuticals Ireland Ltd. with registered offices in Castlecourt, Monkstown Farm, Monkstown, Glenageary, Co. Dublin, Ireland, email: ireland@menarini.ie (“Controller”).

The Data Protection Officer (“DPO”) can be contacted at the following address: dpo@menarini.com.

The Data we process

The following data can be processed:

1) Ordinary personal data, such as name, surname, email address and contact details, IP address, professional information, etc., which you may provide when interacting with website functions, including browser data or requests to use services offered on the Website (e.g. registration in any restricted-access areas, competitions and other initiatives which may be present on the Website, use of any Apps, requests for information and reports submitted also through contact forms, etc.) as well as data collected by cookies as specified in the Cookie Policy[A1]

2) Special categories of data such as those relating to health status (Article 9 of the GDPR). Where that occurs, processing is performed on the basis of the user’s consent, to comply with the obligations connected to adverse event reporting, to fulfil legal or regulatory obligations or contractual or pre-contractual obligations involving the supply of goods or services (including requests for information on our products and their correct use). In any event, the legal basis for processing of particular categories of data is Article 9.2 (a) and (i) of the GDPR.

Why and how we process your personal data

With your consent, the Company may process your ordinary personal data to enable you to benefit from the available services and functionalities and optimise their performance, to make statistics on its usage, to manage requests and reports received through the Website, to manage your registration to any restricted-access areas and initiatives which may be present on the Website, pursuant to Article 6.1.a of the GDPR. The Company may also process your ordinary personal data to fulfil obligations stemming from laws, regulations and European Union law (pursuant to article 6.1.(c) of the GDPR), and to verify your status as a healthcare professional (pursuant to arts. 6.1.(c) of the GDPR).

Furthermore, with your optional consent, your ordinary and/or sensitive data may be processed to manage job applications pursuant to arts. 6.1.(a) and 9.2.(a) of the Regulation.

Your ordinary and sensitive data may also be processed to handle notifications of adverse events (i.e. so called vigilance/pharmacovigilance) in accordance with legal requirements in line with EU Regulation 679/2016, which may be contained in communications received from you via the Website, pursuant to arts. 9.2.(a), (g) and (i) of the GDPR.

Data on adverse events may be transferred to the European Medicines Agency and to the competent health authorities as required by the applicable laws, to Menarini Group Companies and their staff authorised to process personal data; to the Companies from which the product in question has been in-licensed or to which it has been out-licensed; service providers which support the Companies with pharmacovigilance fulfillments as well as to other legitimate recipients as prescribed by the applicable law. The Company may also use the data to establish, exercise or defend legal claims in court.

Finally, the Company may process your ordinary and sensitive personal data to protect its rights in legal proceedings or to apply the Menarini Group Code of Conduct (Articles 6.1.(f) and 9.2.(f) of the GDPR).

All your data are processed using automatic and electronic instruments suitable to ensure full security and confidentiality.

Necessary processing and optional processing

The forms available on this website require you to confer some personal data which are strictly necessary to handle your communications and requests. Such Data are marked with an asterisk [*]. If you do not wish to confer them, we will not be able to handle your communication/request.

Conversely, the forms may also provide the possibility to confer personal data which are not strictly necessary to handle your requests: providing such data is optional - failure to do so has no consequence.

Browsing data

If you only visit the Website (i.e., without sending communications or using any of the available services/functions), the processing of your data is limited to browsing data i.e., data whose transmission to the Website is necessary for the functioning of the computers which operate the Website and of the Internet communication protocols. This category includes, for example, IP addresses or computer domain used to visit the Website and other parameters pertaining to the operating system used to connect to the Website. The Company collects these and other data (such as, for example, number of visits and time spent on the Website) merely for statistical purposes and in anonymous form in order to monitor the functioning of the Website and improve its performance. Such data is not collected to be associated with other information regarding, or for the identification of, users; however, such information, by its very nature, may enable the Company to identify users through processing and association with data held by third parties. Browsing data are normally deleted following processing in anonymous form but can be stored and used by the Company to detect and identify perpetrators of any computer offences committed to the detriment of the Website or using the Website. Without prejudice to this possibility and to the provisions of the Cookie Policy [A2] the browsing data described above are stored only temporarily, in compliance with law.

Links to other websites

This Privacy Policy applies only to the Website as defined above. Even though the Website may contain links to other websites (known as third party websites), please be informed that the Company does not perform any access or control over cookies, web beacons or other user-tracking technologies that may be active on such third party websites, on the contents and materials published thereon, or on their methods of processing of your personal data; for this reason, the Company expressly declines any liability for such matters. You should therefore verify the privacy policies of such third party websites and collect information about their terms and conditions and about how they process your personal data.

How we store data and for how long

In compliance with Article 5.1.(c) of the GDPR, the computers and programmes used by the Company are set up in such a way to reduce the use of personal and identifying data to a minimum. Such data are processed only to the extent required to achieve the purposes indicated in this Policy, and will be stored for as long as strictly necessary for achievement of the specific purposes pursued - in any event, the criterion used to determine the storage period is based on compliance with time limits permitted by law and the principles of data minimisation, storage limitation or rational management of our records.

How we ensure your personal data’s security and quality

The Company undertakes to ensure security of the user’s personal data and comply with provisions on security provided by law to avoid data loss, illegitimate or unlawful uses of data or unauthorised access to data, with particular but not exclusive reference to Articles 25-32 of the GDPR. The Company uses many types of advanced security technologies and procedures intended to aid protection of the user’s personal data; for example, personal data are stored on secure servers situated on premises with protected and controlled access. The user can assist the Company to update and correct their personal data by communicating any change of address, qualifications, contact information, etc.

Persons who have access to the data

Persons belonging to the following categories are authorised to process the user’s data: technical and administrative staff, IT staff, Internal Audit staff, product managers, pharmacovigilance staff, as well as other staff members who require processing the data for performance of their job duties.

The Data can be communicated also in countries outside the EU (“Third Countries”) to other companies of the Menarini Group for the same purposes and/or for administrative and accounting purposes pursuant to Article 6.1.(f) and Recital 48 of the GDPR.

Additionally, the Data can be communicated, also in Third Countries, to: (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, independent consultants –working individually or in partnerships- and other third parties and providers which supply to the Company commercial, professional or technical services required to operate the Website (e.g., provision of IT and Cloud Computing services) for the purposes specified above and to support the Company with the provision of the services you requested; (iii) third parties in the event of mergers, acquisitions, transfers of business -or branches thereof-, audits or other extraordinary operations; (iv) the Supervisory Board, based at the Controller’s address, in the pursuit of its supervisory activities and for the enforcement of the Menarini Group Code of Conduct[A3] . The mentioned recipients shall only receive the Data necessary for their respective functions and shall duly undertake to process them only for the purposes indicated above and in compliance with data protection laws. The Data can furthermore be communicated to the other legitimate recipients identified from time to time by the applicable laws. With the exception of the foregoing, the Data shall not be shared with third parties, whether legal or natural persons, who do not perform any function of a commercial, professional or technical nature for the Controller and shall not be disseminated. The parties who receive the Data shall perform processing as Data Controller, Processor or persons authorised to process personal data, as the case may be, for the purposes indicated above and in compliance with the applicable data protection law.

Your Rights

You may at any time exercise the rights afforded by Articles 15-22 of the GDPR, including the right to obtain confirmation of the existence of personal data which relate to you, check its content, origin, correctness, location (also with reference to any Third Countries), request a copy, request correction and in cases provided by law, restriction of processing, deletion, oppose to direct contact activities (also limited to particular means of communication). Likewise, you may always withdraw consent and/or make observations on specific issues regarding processing operations of your personal data which you regard as incorrect or unjustified by your relationship with the Company, or lodge a complaint with the Data Protection Authority. You may contact the Controller and/or DPO at the addresses displayed above to make any requests regarding personal data processing by the Company, to exercise your legal rights and to obtain an updated list of the parties who have access to your data.

Privacy Notice for HCPs