(Art. 13 European Regulation 2016/679)
The DPO designated by SIFI S.p.A. can be contacted at the email address email@example.com
Your personal data will be processed for the following purposes:
• Managing your requests and providing you with a feedback
• Managing your complaints and providing you with a feedback
• Because it is in the legitimate interest of the Data Controller to provide feedback to users' requests in the context of its freedom of enterprise
• In the event of a complaint about our products, the processing of your common data (email address) is based on a legal obligation for the Data Controller; the processing of special categories of personal data (i.e. data related to the state of health) that you may have provided is necessary to ensure high standards of quality and safety of our medicines and medical devices.
The conferment of your data is optional, but if you are not willing to provide the data requested in the contact form, it won’t be possible to send your request to SIFI and consequently you won’t be able to receive any reply.
Your data will be communicated to external companies that are in charge of the management/maintenance of our website. A full list of the recipients of your personal data can be obtained at the following address firstname.lastname@example.org
In any case, your personal data will not be disseminated.
Your data will be processed within the European Union.
The data will be kept for the time strictly necessary to achieve the purposes for which they were collected and, more specifically, until the service you requested has been performed or, in case you made a complaint, for 10 years from the date of its receipt. At the end of this period, the Data Controller will erase the data irreversibly - by means of methods of destruction or secure erasure - or store them in an anonymous form that doesn’t allow, even indirectly, your identification.
Under any circumstances your data will be used to obtain information about your preferences or behaviour, nor you will be subject to any decision based solely on the automated processing of your personal data.
As stated by the Regulation (EU) 2016/679, you have the following rights:
• Right of access: the right to obtain from the Data Controller a confirmation as to whether or not your personal data are being processed and, if so, to obtain access to your personal data - and a copy thereof - and to receive information about the processing;
• Right to rectification: the right to obtain without undue delay from the Data Controller the rectification of inaccurate personal data concerning you and the integration of incomplete personal data, also by providing a supplementary declaration;
• Right to erasure: the right to obtain without undue delay from the Data Controller the deletion of personal data concerning you in the event of one of the following cases:
- personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you revoked your consent to the processing of the data, in case they were processed on the basis of consent;
- you have objected to the processing and there is no overriding legitimate reason to proceed with the processing;
- personal data have been processed unlawfully;
- personal data must be deleted to comply with a legal obligation to which the Data Controller is subject;
- personal data were collected in relation to the provision of information society services.
• Right to restrict processing: the right to obtain a restriction of processing from the Data Controller when one of the following hypotheses occurs:
- you disputed the accuracy of personal data, for the period necessary for the Data Controller to verify the accuracy of such personal data;
- the processing is unlawful and you objected to the deletion of your personal data while instead requesting for their restriction;
- even though the Data Controller doesn’t need your personal data for processing purposes, you need the personal data for the establishment, exercise or defence of legal claims;
- you have objected to the processing pending verification of whether the legitimate reasons of the Data Controller may prevail over those of the data subject.
• Right to object to processing: the right to object to processing conducted for the execution of a task of public interest or connected to the exercise of official authority or on the basis of the legitimate interest of the data controller or a third party, as well as the right to object to processing of personal data concerning you conducted for direct marketing purposes, including profiling to the extent that it is related to such direct marketing;
• Right to portability: the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you provided to the Data Controller and to transmit them to another Data Controller if the processing is based on consent or on a contract and is conducted by automated means;
• The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or could significantly affect you in a similar way.
Requests concerning the exercise of your rights can be sent to the PEC address email@example.com or to the email address firstname.lastname@example.org. We will get back to you as soon as possible and, in any case, no later than 30 days after your request.
You may file a complaint about the way in which your data are being processed by the Data Controller, or about the management of a proposed complaint, by submitting a request directly to the Data Protection Authority using the methods indicated in the link https://www.garanteprivacy.it/modulistica-e-servizi-online/reclamo