- WHICH DATA DO WE PROCESS AND FOR WHICH PURPOSE?
We process personal data that we receive from you as part of our business relationship, i.e. during the initiation, implementation and execution of the contract for the product or service you purchased or personal data that we collect about you in connection with the use of the product or service. We also process data that you voluntarily provide to us, including while attending tradeshows or through our web forms or surveys. Additionally, we process personal data we received from third party websites in case you fill out a form from one of our advertisements for example to receive a download or sign up for a newsletter.
1.1 Browsing our websites
By browsing our websites, you provide us with automatic information. The term “Automatic Information” is information automatically collected by our web server that your web browser makes available whenever you visit one of our websites. The browsing data we collect includes the website you are accessing, the time and duration of your visit, the pages you have visited, your searches and temporarily, your IP address as well as the items you have added to your cart, if applicable. Your IP address is used to identify the city of from which you are accessing the site as well as the company to which the IP address has been registered. We use browsing data of our users for creating aggregated statistics, to learn what is of interest to users in order to improve various aspects of our websites and to provide services like troubleshooting, and to recognize users who have already visited our websites in order to customize their website experiences for their future visits. We also use the browsing data to study traffic patterns and maintaining or restoring the security of our websites or to detect and correct technical defects and errors.
1.2 Providing you with services you requested
In order to provide you with access to some services on our websites, we ask for information from you like your name or an email address, for example, when you register for an account on one of our websites. We use your data to provide you with information or services that you have requested such as providing information about relevant products, services and/or promotions, answering questions about our products or services or sending you newsletters or other marketing/promotional materials based on your selections or providing access to an on-line platform or application. In order to provide you with the information that you have requested or that you may be interested in, we may individualize the content you requested based on the information we collect about you. We use your information like your name, address, email address, financial information, job profession, area of expertise and your purchasing history to complete the sales transaction if you purchased one of our products via a website or to offer you any of our services you requested.
Please note that the provision of some information will be necessary in order for us to take action regarding an order for products or services that you have purchased. For example, we need your address to be able to send you the product you ordered. Our online forms clearly identify which fields are required in order for us to complete the transaction. If you don’t provide these information to us, we will not be able to complete the transaction.
1.3 Customer Management
We process your personal data like your contact information in order to provide you with a satisfactory customer management experience, e.g. sales transaction follow-up or process your inquiries. For this purpose we also process your personal data as part of our management and development of our client relationships in order to provide you with individualized content and to assess your needs as a customer. We process your personal data to analyse your preferences and habits to improve our services and to ensure that we can deliver the highest quality services and support to our customers.
1.4 Legal obligation and legal enforcement
In some cases, we are under a legal obligation to process personal data. A typical example is providing data to a government agency which has identified the potential misuse of a drug or the processing within the scope of the so-called pharmacovigilance, i.e. the obligation to investigate and share data when potential side effects of drugs become known.
Where required, we can also use your data to enforce our or third party rights (such as copyright infringements).
1.5 Providing you with information that may interest you
We aim to present you information that could be of interest to you and to communicate seamlessly over various channels (phone, email, SMS, mail, social media messages) without sending redundant information.9 Our communication with you is based on the information we collect about you and are permitted to use. For example, we use the combination of your email address and your browsing data so we can provide you with information about a product you look up on one of our websites. Based on the information we collect, we may internally indicate that you are interested in certain categories of information.
Generally, we will use collected information to inform you about our new products, innovations, promotions, seminars, webinars and events like trade and vendor shows.
We only provide you with such information where we are permitted to, for example when you have chosen to receive our promotional emails and where you did not object to our use of your data for marketing-related purposes.
We use profiling procedures to optimize and personalize our customer relationship management and our advertising measures.10 To optimize and personalize our advertising measures, we create customer profiles and assign customers to specific customer segments on the basis of these customer profiles. On the basis of this segmentation, we can manage the type, content and frequency of specific advertising measures for specific target groups. For profiling purposes, we use data that we receive from you as part of our business relationship. This includes personal data like your purchasing behaviour and browsing behaviour. Profiling may be based in particular on usage data that we create with the customer’s consent by measuring and evaluating the customer’s interaction with electronic advertising, in particular by measuring and evaluating the opening and click rate in email newsletters.
- COOKIES, ANALYTICS TOOLS, SOCIAL PLUGINS AND ADVERTISING
The following categories of cookies are concerned:
- cookies that optimize the presentation or display of country-specific content (e.g. the presentation of the website in your national language and corresponding country-specific product availability and pricing),
- cookies that help us to remember your settings
- web audience cookies
You can disable or block cookies in your browser software; however, this may result in restrictions regarding the usability of our websites.
2.2 Google Analytics:
Our websites use Google Analytics, a web analysis service provided by Google Inc. (“Google”) to store “analytical cookies” on your device. This means that information about users and the use of our websites is transmitted to Google and processed on our behalf for the purpose of compiling reports on website activity, measuring website visits and visitors and providing similar services for us. This includes the transmission of your IP address, but it will not be merged with other Google data. In addition, your IP address is shortened (usually within the European Union) and saved by Google only in an abridged form. For data storage in the United States, Google’s self-certification according to the Privacy Shield provides an appropriate level of data protection.
You can object to the processing of your data for these purposes by installing a browser plugin (https://tools.google.com/dlpage/gaoptout). Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html.
2.3 Adobe Analytics:
Our websites use Adobe Analytics, a web analytics service provided by Adobe Systems Software Ireland Limited (“Adobe”) to store “analytical cookies” on your device. This means that information about users and the use of our websites is transmitted to Adobe and processed by us on our behalf for the purpose of compiling reports on website activity, measuring website visits and visitors and providing similar services to us. This includes the transmission of your IP address, but will not be merged with other Adobe data. In addition, it is pseudonymized prior to the geolocalization and replaced by a generic IP address before storage.
You can object to the processing of your data for statistical purposes by using the following link (“Use of Adobe Marketing Cloud by our business customers” section): https://www.adobe.com/privacy/opt-out.html.
2.4 Social Plugins
We use the following social plugins on our websites:
2.4.1 Facebook Social Plugins
2.4.2 Twitter Social Plugins
2.4.3 Pinterest Social Plugins
2.4.4 Google+ Social Plugins
2.4.5 LinkedIn Social Plugins
We work with third party online marketing services (e.g. Google Adwords, ResearchGate, Sprinklr, Facebook custom audience, LinkedIn Contact Targeting and Doubleclick), which provide our advertising to internet users who have previously visited our websites on their network or websites. The purpose of these services is to create advertising based on the needs and interests of the relevant internet users.
2.6 Links to other websites
Our websites contain links to third party websites. If you follow a link to any of these websites, please note that they have their own privacy policies which should be reviewed. We have no liability or responsibility for the content or practices of these websites.
- RECIPIENTS OF PERSONAL DATA
3.1 Data transfer to our affiliates
3.2 Data transfer to third parties
We pass on your personal data as set forth below:
- Service Providers: We share your personal data with third party service providers who use this data to perform services for us, such as payment processors, hosting providers, marketing technology providers, auditors, advisors, consultants, customer service and support providers.
- Legally required: We may disclose your personal data if we are required to do so by law or where it is necessary to respond to claims asserted against us or comply with legal processes.
- Business transfers: We may disclose or transfer personal data as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy, or similar event.
- DATA TRANSFER TO THIRD COUNTRIES
We are transferring your personal data outside the EU/EEA. We will take all steps reasonably necessary to ensure that appropriate safeguards are in place to guarantee that your personal data are adequately protected according to the requirements of the data protection laws of the European Union by means of Standard Contractual Clauses approved by the EU Commission.
You have the right to contact email@example.com for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal data when it is transferred as mentioned above.
- DATA RETENTION
We store data for as long as necessary for the provision of the service requested by you. For example, when you subscribe to a newsletter we will store the associated data at least until you unsubscribe. Based on the information we collected, we may internally indicate that you are interested in certain categories of information. This information will be kept and updated as long as we consider engaging with you.
Your IP address which is collected while browsing our websites and which can legally be considered personal data is stored for a period of time of 7 days unless a reasonably justified incident indicates a longer storage period (e.g. due to a hacking attack).
Under certain circumstances, your data must also be kept longer, e.g. if a so-called Legal Hold or Litigation Hold (i.e. a ban on deleting data for the duration of the procedure) is ordered in connection with official or legal proceedings. Data without any personal identifiable information may be stored permanently.
- CHILDREN’S PERSONAL DATA
We do not knowingly process personal data of children under the age of 16, unless where we process personal data of children intentionally for our campaigns or events. If this is the case, we will inform you separately. Parents and legal guardians shall ensure that their children do not transmit any personal data through our services or websites without permission. If personal data has been transmitted by children, please inform us so that we can delete the personal data and any associated account.
- YOUR RIGHTS
As a data subject you have the following rights:
- You can request access to your personal data, including the provision of a copy of the personal data undergoing processing
- You can ask us to update or correct any inadequate, incomplete or inaccurate data
- You can request the erasure of your personal data, if the legal requirements are satisfied. This is the case, in particular, if:
- your personal data is no longer needed for the purposes of which it was collected;
- the sole legal basis for processing such data was your consent, and you have withdrawn such consent;
- you have objected to processing on the legal grounds relating to your particular situation, and we cannot prove that there are overriding legitimate grounds for processing;
- your personal data were processed unlawfully; or
- your personal data must be erased in order to comply with legal requirements
- You can restrict the processing of personal data under certain conditions. The requirements are:
- the accuracy of your personal data is contested by you and we must verify the accuracy of the personal data;
- the processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead;
- We no longer need the personal data for the purposes of processing, but you require the data to establish, exercise or defend your legal claims;
- you have objected to processing pending the verification of whether our legitimate grounds override your legitimate grounds.
- You have the right to data portability, e.g. you can ask us to provide your personal data in a structured, commonly used and machine-readable format for your use or transfer to another controller
- You can lodge a complaint with a supervisory authority
- Where processing is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
- Right to object - to the extent that we are relying on our legitimate interests to use your personal data, you have the right to object to such use, and we must stop such processing unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims. In addition, you can object to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing without providing any reason. We will then cease the processing of your personal data for direct marketing purposes.
If you want to exercise any of these rights or have any questions or concerns about how we treat your personal data, please contact firstname.lastname@example.org.
- CONTACT DETAILS
If you have any requests or questions, please feel free to contact our Group Data Protection Officer:
Group Data Protection Officer
Via Monte di Pietà 1/A
20121 Milano, Italy