Foreword
Welcome to our online pages and thank you for your attention to privacy policy!
At Fidia we are aware of how important the protection of personal data is, especially in the digital world, and we make every effort to treat your data with full transparency towards you, with the appropriate security measures, in compliance with the applicable regulations.
How to continue reading this Policy:
– Don’t have any kind of relationship with us yet? Then read the section ‘First contact with us’.
– Do you intend to register for one of our conferences or seminars or something similar? Then read the ‘Conferences’ section
– Are you a doctor or other health care professional? Then read the section ‘Health Professionals’
At the end of this Policy you will find the general sections with information that always applies, whatever your type of relationship with us. For any queries you may have about our data processing and to exercise your rights as provided by law, please contact our Data Protection Officer at: dpo@fidiapharma.it.
Data Controller
The Controller for the processing of your personal data is Fidia Farmaceutici S.p.A. (‘Fidia’ or ‘Company’ or ‘we’ or ‘us’ in the following), Via Ponte della Fabbrica 3/A – 35031 Abano Terme (PD) – Italy, parent company of the Fidia Group. If you have any questions concerning the personal data referred to in this Privacy Policy and to exercise your rights under the legislation on the protection of personal data, please contact Fidia Data Protection Officer (DPO) by the following means: by e-mail at dpo@fidiapharma.it or by post at Fidia addressed above reported, at the attention to DPO.
In relation to the use of cookies, please read the related Cookie Policy reported in any Fidia online resource. Our essential law references about personal data protection are: the European Union (EU) Regulation 2016/679, the local data protection regulations in your Country.
Main definitions used in this privacy policy
Consent: consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
(personal data) Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
Data subject: identified or identifiable natural person to whom personal data is related
Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
(personal data) Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller
First contacts with us
You have typically landed on a Fidia online page because you have shown an interest in our initiatives and want to learn more about certain subject areas or receive documentation about it. On the landing page there is a form where you can fill in your identification and contact details, and a check box where you can tick, if you wish, one or more of the entries.
Categories of data processed and their sources
We may process – as appropriate and where necessary for the purposes described below -the following categories of personal data:
a) personal data (e.g. first name, surname, date of birth, address)
b) contact details (e.g. email, telephone number, mail address)
c) identification code as a registered doctor in case you are a health care professional
This data is collected when you voluntarily and directly:
– fill in a form at on line web/application pages regarding Fidia
– provide us the data in the occasion of congresses or information events
– provide us the data when you contact us, asking information to our Company
Data regarding your identification and contact details can also be collected from:
– data brokers specialised in the health sector who are contractually obliged to provide us with the data only if: they have legitimately obtained the data from official public registers, or if they have collected the data from the data subjects only if they have obtained specific consent from the latter to communicate the data to companies operating in the pharmaceutical sector, or if they have and are able to prove that they have another legal basis to be able to lawfully communicate the data to third parties.
Purposes and legal basis of processing
In this regard the purposes of processing and related legal basis are the following.
| Purpose | Related Legal Basis |
| Responding to your request for further information: Your data will be processed in order to provide you with information on the topics of your interest | The data is necessary in order to be able to provide you with the information you are interested in. In order to be able to send you the information, it is first essential that you have read and accepted our Privacy Policy |
| Marketing: If you give your consent, we may send you newsletters/emails about our conferences/seminars/trade fairs in our sector, requests to participate in surveys always relevant to health matters, and information about our products and services and topics that we deal with and that we hope will be of interest to you, always in compliance with the laws governing advertising in the health sector | We will email you this information only if you provide your specific consent, which you can revoke at any time and without giving any justification by accessing the ‘Unsubscribe’ option or also via the “Privacy Management Page” in the footer of each email you receive from us |
| Profiling: If you give your consent, we may analyse/predict aspects of your personal preferences and interests that you might express (e.g. by choosing to attend certain types of conferences, attention to certain therapeutic areas and/or medical products and services,…) in the course of your relationship with us | We will make such processing only if you provide your specific consent, which you can revoke at any time and without giving any justification by accessing the “Privacy Management Page” in the footer of each email you receive from us |
Additional information about further specific cases of personal data processing is reported at the Company website at the section dedicated to the Privacy Policies. Furthermore, we could provide you supplemental information, regarding personal data processing, where carried out in the occasion of any specific event (in person or remotely).
Conferences
You have typically landed on a Fidia on line page as you have shown an interest in one of our initiatives i.e. conferences, seminars, trade fairs and want to make your registration. On the landing page there is a form where you can fill in your identification and contact details, and a check box where you can tick, if you wish, one or more of the entries.
Categories of data processed and their sources
We may process – as appropriate and where necessary for the purposes described below -the following categories of personal data:
a) personal data (e.g. first name, surname, date of birth, address)
b) contact details (e.g. email, telephone number, mail address)
c) data referring to your professional specialisations
d) any other data prodromal and/or related to the establishment and/or execution a contractual relationship with you
This data is collected when you voluntarily and directly:
– fill in a form at on line web pages regarding Fidia,
– provide in the occasion of congresses or information events,
– provide when you contact us, asking information to our Company
Data regarding your identification and contact details and professional specialisation can also be collected from:
– data brokers specialised in the health sector who are contractually obliged to provide us with the data only if: they have legitimately obtained the data from official public registers, or if they have collected the data from the data subjects only if they have obtained specific consent from the latter to communicate the data to companies operating in the pharmaceutical sector, or if they have and are able to prove that they have another legal basis to be able to lawfully communicate the data to third parties.
Purposes and legal basis of processing
In this regard the purposes of processing and related legal basis are the following.
| Purpose | Related Legal Basis |
| Registering and handling your participation: Your data will be processed in order to acquire your registration to and handle your participation to one of our initiatives. | In order to acquire your data for registration and handle the participation to the initiative you have decided to attend. It is first essential that you have read and accepted our Privacy Policy. |
| Marketing: If you give your consent, we may send you newsletters/emails about our conferences/seminars/trade fairs in our sector, requests to participate in surveys always relevant to health matters, and information about our products and services and topics that we deal with and that we hope will be of interest to you, always in compliance with the laws governing advertising in the health sector. | We will email you this information only if you provide your specific consent, which you can revoke at any time and without giving any justification by accessing the ‘Unsubscribe’ option or also via the “Privacy Management Page” in the footer of each email you receive from us. |
| Profiling: If you give your consent, we may analyse/predict aspects of your personal preferences and interests that you might express (e.g. by choosing to attend certain types of conferences, attention to certain therapeutic areas and/or medical products and services,…) in the course of your relationship with us. | We will make such processing only if you provide your specific consent, which you can revoke at any time and without giving any justification by accessing the “Privacy Management Page” in the footer of each email you receive from us. |
| Event and Congress photo: If you give your consent, we can take pictures/video of you during your attending the Event and Congress initiative (Event). Possible footage may be published through the following channels: (i) online in specific areas of Fidia’s websites and Fidia’s social accounts relating to products/lines/therapeutic areas in relation to the Event; (ii) online on the website and social platforms managed by Fidia’s partners, where involved in the Event; (iii) in the Fidia’s intranet; (iv) press and billboards. In the case of personal data published online, let us recall that search engines (e.g. Google) may take and further disseminate such data, without any possibility of warning, as is already the case for any data available on the Internet, for whoever has published them. The footage may be carried out by designated Fidia departments and their suppliers of video services, where involved, and will be accessible to the personnel in charge of carrying out the relevant internal and/or external communications within the company, including the other companies of the group to which it belongs, always depending on the specific needs regarding the Event in question and during which the footage was carried out. Fidia will not publish or disseminate the data in contexts that undermine the personal dignity and decency of the subjects filmed and will not carry out profiling or apply automated decisionmaking processes which could produce legal edects concerning you or similarly significantly adect you. | We will make such processing only if you provide your specific consent, which you can revoke at any time and without giving any justification by accessing the “Privacy Management Page” in the footer of each email you receive from us. |
Additional information about further specific cases of personal data processing is reported at the Company website at the section dedicated to the Privacy Policies. Furthermore, we could provide you supplemental information, regarding personal data processing, where carried out in the occasion of any specific event (in person or remotely).
Health Care Professionals
The information reported below is intended exclusively for the Healthcare Professionals authorized to prescribe or dispense medicines.
Categories of data processed and their sources
We may process – as appropriate and where necessary for the purposes described below -the following categories of personal data:
a) personal data (e.g. first name, surname, date of birth, address)
b) contact details (e.g. email, telephone number, mail address)
c) identification code as a registered doctor in case you are a health care professional
d) data referring to your professional specialisations
e) any other data prodromal and/or related to the establishment and/or execution a contractual relationship with you
This data is collected when you voluntarily and directly:
– fill in a form at on line web pages regarding Fidia
– provide it in the occasion of congresses or information events
– provide it when you contact us, asking information to our Company
Data regarding your identification and contact details and professional specialisation can also be collected from:
– official public registers where it is listed, as provided for the national laws – identification data of doctors and their contact details and specialisations in therapeutic areas. When collecting data from official public registers the legal basis is our legitimate interest in establishing and maintaining professional relationships with health care professionals, in compliance with and within the limits of applicable regulations.
– data brokers specialised in the health sector who are contractually obliged to provide us with the data only if: they have legitimately obtained the data from the above-mentioned official public registers, or if they have collected the data from the data subjects only if they have obtained specific consent from the latter to communicate the data to companies operating in the pharmaceutical sector, or if they have and are able to prove that they have another legal basis to be able to lawfully communicate the data to third parties.
Purposes and legal basis of processing
In this regard the purposes of processing and related legal basis are the following.
| Purpose | Related Legal Basis |
| Safety vigilance: your personal data may be processed as necessary in order to fulfil any legal obligation the Company has to comply with in the pharmacovigilance, medicovigilance,…(as a whole: Safety vigilance) sector. | This processing will be carried out based on the legal obligations that the Company has to fulfil about Safety Vigilance. |
| Responding to your request for further information: Your data will be processed in order to provide you with information on the topics of your interest. | The data is necessary in order to be able to provide you with the information you are interested in. In order to be able to send you the information, it is first essential that you have read and accepted our Privacy Policy. |
| Marketing: If you give your consent, we may send you newsletters/emails about our conferences/seminars/trade fairs in our sector, requests to participate in surveys always relevant to health matters, and information about our products and services and topics that we deal with and that we hope will be of interest to you, always in compliance with the laws governing advertising in the health sector. | We will email you this information only if you provide your specific consent, which you can revoke at any time and without giving any justification by accessing the ‘Unsubscribe’ option or also via the “Privacy Management Page” in the footer of each email you receive from us. |
| Profiling: If you give your consent, we may analyse/predict aspects of your personal preferences and interests that you might express (e.g. by choosing to attend certain types of conferences, attention to certain therapeutic areas and/or medical products and services,…) in the course of your relationship with us. | We will make such processing only if you provide your specific consent, which you can revoke at any time and without giving any justification by accessing the “Privacy Management Page” in the footer of each email you receive from us. |
| Event and Congress photo: If you give your consent, we can take pictures/video of you during your attending the Event and Congress initiative (Event). Possible footage may be published through the following channels: (i) online in specific areas of Fidia’s websites and Fidia’s social accounts relating to products/lines/therapeutic areas in relation to the Event; (ii) online on the website and social platforms managed by Fidia’s partners, where involved in the Event; (iii) in the Fidia’s intranet; (iv) press and billboards. In the case of personal data published online, let us recall that search engines (e.g. Google) may take and further disseminate such data, without any possibility of warning, as is already the case for any data available on the Internet, for whoever has published them. The footage may be carried out by designated Fidia departments and their suppliers of video services, where involved, and will be accessible to the personnel in charge of carrying out the relevant internal and/or external communications within the company, including the other companies of the group to which it belongs, always depending on the specific needs regarding the Event in question and during which the footage was carried out. Fidia will not publish or disseminate the data in contexts that undermine the personal dignity and decency of the subjects filmed and will not carry out profiling or apply automated decisionmaking processes which could produce legal edects concerning you or similarly significantly adect you. | We will make such processing only if you provide your specific consent, which you can revoke at any time and without giving any justification by accessing the “Privacy Management Page” in the footer of each email you receive from us. |
Additional information about further specific cases of personal data processing is reported at the Company website www.fidiapharma.com at the section dedicated to the Privacy Policies. Furthermore, we could provide you supplemental information, regarding personal data processing, where carried out in the occasion of any specific event (in person or remotely).
General sections with information that always applies, whatever your type of relationship with us
Other purposes and related legal basis for processing
| Purpose | Related Legal Basis |
| Online resources technical management: During their normal operation, the computer systems and software procedures used to operate our Website/Application (online resources) you are interacting with, acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This includes IP addresses or the domain names of computers and terminals used by users, addresses in URI/URL (Uniform Resource Identifier/Locator) notation of requested resources, the time the request is made, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the response status from the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment. This data, necessary for the operation of the on line resources, is also processed in order to control the proper functioning of the services provided. | The legal basis is to meet your requests when you interact with our online resources. |
| Technical operations about our information systems: Your data is processed by electronic tools (data bases, network elements, application, information facilities in general) and this means it is assigned to you internal identifiers in order to manage the databases and also to allow you interactions, as it is for example the case of accessing the ‘Privacy Management page’. | It is our legitimate interest processing personal data in order to technically manage the information systems where your data is processed for all the purposes stated in this Privacy Policy. |
| Security management of our information systems: Your data is processed by electronic tools (data bases, network elements, applications, information facilities in general) that need to be technically operated and protected from security incidents against malicious attacks and attempted fraud, also in line with the security requirements provided for by law. In this regard, we could process data collected from your use of our facilities (eg: on line application forms, access to privacy management pages). | It is our legitimate interest processing personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services odered by, or accessible via, those networks and systems. This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems. |
| Management of contractual relationship: In order to process the data necessary in the precontractual stage and during the contract performance, when you purchase our products and services as well as when we acquire any of your professional/consultancy services, according to the applicable national laws about the allowed business relationship in the healthcare sector, and related fulfilment of all administrative, accounting and legal contractual obligations. | We will make such processing as it is necessary for the performance of a contract to which you will be party with our Company or in order to take steps at your request prior to entering into a contract as well as the basis of complying with legal obligations to which we are subject in the administering and accounting activities required by law. |
| Commercial information to those who are parties to a contractual relationship with us In case we obtain your email address in the context of the sale of a product or a service, we may use these electronic contact details for direct marketing of our own similar products or services. You have always the opportunity to object, at any time, free of charge and in an easy manner. | We provide you clearly and distinctly the opportunity to oppose, free of charge and in an easy manner, to such use of electronic contact details (email) when they are collected and on the occasion of each message in case you have not initially refused such use. You can make opposition at any time and without giving any justification by accessing the ‘Unsubscribe’ option or also via the “Privacy Management Page” in the footer of each email you receive from us. |
| Answering Authority requests: Respond to any requests for information from the competent Authorities. To this end, we will use the data requested by the Authority under applicable law. | Such processing is necessary for compliance with any legal obligation to which our Company, as personal data controller, is subject. |
| Safety vigilance: whatever is your relationship with Fidia, you could report any information about or you could be involved in an adverse event occurred or likely to occur regarding Fidia products. In this context, your personal data may be processed as necessary in order to fulfil any legal obligation the Company has to comply with in the pharmacovigilance, medicovigilance, …(as a whole: Safety vigilance) sector. | This processing will be carried out based on the legal obligations that the Company has to fulfil about Safety Vigilance. |
| Company rights and interest in case of litigation and legal proceedings | The Company has the legitimate interest of defending its rights and interests before the competent courts. |
| Data Subjects Exercise of Privacy Rights: Respond to requests of exercise privacy rights of data subjects, as provided for by current data protection laws. | Such processing is necessary for compliance with any legal obligation to which our Company, as personal data controller, is subject |
| Transfer of branch, business mergers, incorporation, related due diligence: in case of transfers of business branches, mergers and or company incorporations the data relating to data subjects in our databases as customers, suppliers, health care professionals, subjects interested in our activities and initiatives, may be communicated to third parties involved in the aforementioned operations. | The Company has the legitimate interest in such processing, in order to be part of these business operations, conducted in compliance with the applicable laws and regulations about transfer of branch, business merging and incorporations. |
Necessity of data processing and data retention
The processing of personal data for purposes under the legal basis of Contract and of Company’s law obligation is necessary. The processing of personal data for purposes under the legal basis of Consent is always optional, in case of Consent withdrawal the processing for that purpose is terminated. The withdrawal of Consent shall not affect the lawfulness of processing based on consent before its withdrawal. In case of data subject opposition to processing purposes under legitimate interest as legal basis, we shall no longer process the personal data unless we, as personal data controller, demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, including the establishment, exercise or defence of legal claims.
Your personal data will be retained:
– for the time necessary to respect data retention periods stated by the applicable specific laws, as it is the case of processing based on contracts or law obligations.
– until the Consent is not revoked, for the processing where the Consent is the legal basis
– until it remains valid the specific legitimate interest of the Company, as general rule: retained 3 years have elapsed since the individual’s last interaction with us, unless other conditions arise that allow the data to still be retained (e.g. consent, participation in a congress organised by Fidia).
Data may be kept for a longer period if necessary for following requests from the competent authorities for the prevention and prosecution of criminal offences or to assert or defend a legal claim. Once the applicable data retention period is expired, your personal data will be deleted or anonymised.
In particular, regarding processing for Marketing purpose and Profiling purpose: the personal data used at these purposes shall be retained until the specific consent is withdrawn or 3 years have elapsed since the individual’s last interaction with our us.
Processing method, security measures
All data will be processed mainly in electronic form. Personal data is collected and processed using technical and organisational security measures for protecting the data with a level of security appropriate to the estimated risks, taking into account the state of the art and the costs of implementation, and the security measures when prescribed by the relevant legislation.
Categories of recipients
Your personal data will be processed by designated persons, exclusively on ‘strict-to-know’ basis, expressly authorised by the Company and instructed, belonging to the Company functions involved by specific needs inherent to the aforementioned purposes.
Your personal data may be processed by third parties outside the Company organisation, such as service providers, including Information Technology and repair services, legal advisors, law enforcement agencies, judicial public authorities and competent authorities pursuant to the regulations on Safety Vigilance and competent authorities pursuant to the regulations on post-market surveillance when applicable.
Such third parties could include other affiliate of the Fidia Group and potential acquirers and other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures
According to the data protection laws, we, in our role of personal data Controller, will designate as personal data Processor, with a specific Personal Data Agreement required by law, those third-party companies that process the personal data on behalf of the Controller.
International data transfers
Where the Company needs to carry out international transfer of personal data in connection with the processing described in this Privacy Policy, we ensure the adequate safeguards are implemented as required under applicable data protection legislation.
In case of transfers of data to third countries outside the European Economic Area (including EU member states, Iceland, Liechtenstein and Norway), shall be necessary in order to operatively make some parts of the personal data processing above described, they will be carried out either on the basis of an Adequacy Decision of the European Commission (Article 45 of the EU General Data Protection Regulation – GDPR, if applicable) or on the basis of appropriate safeguards in terms of Standard Contractual Clauses adopted by the European Commission (Article 46 of GDPR). Other safeguards admitted by the GDPR for the data transfers to non-EEA countries shall be applied exclusively on a case by case analysis and in the respect of the applicable national data protection laws. Further information on the safeguards adopted by the Company for such transfers may be requested at the following address: dpo@fidiapharma.it.
Your privacy rights
With regards to the processing of personal data covered by this Privacy Policy, you as Data Subject, may exercise your rights under the data protection legislation and subject to limitations which may apply by exceptions or legal requirements, by writing to our Company or our Data Protection Officer contact details given above:
– access your personal data, obtaining evidence of the purposes pursued by the Controller, the categories of data concerned, the recipients to whom the data may be disclosed, the applicable retention period, the existence of automated decision-making processes, including profiling, and, at least in those cases, meaningful information about the logic used, as well as the relevance and possible consequences for the data subject, where not already indicated in the text of this notice
– obtain without delay the rectification of inaccurate personal data concerning you; – obtain, in the cases provided for by law, the deletion of your data;
– to obtain the limitation of processing or to object to processing, where the provisions of the law applicable to the specific case so allows
– in the cases provided for by law, to request the portability of the data you have provided to the Controller, i.e. to receive it in a structured, commonly used and machine-readable format, and also to request the transmission of this data to another controller, if this is technically possible;
– when processing is based on Consent, the right to withdraw it at any time
You have also the right to lodge a complaint with the competent data protection authority – the Italian Data Protection Authority www.garanteprivacy.it as well as the data protection supervisory authority in the State of your habitual residence, place of work or place of the alleged infringement – if you consider that your rights have been infringed.
Policy published on October 15, 2024