This section of the site aims to describe how the site is managed with regard to the processing of personal data of users who consult it. This is also a disclosure made pursuant to Art. 13 of Legislative Decree 196/2003 and Reg. EU 2016/679 of the European Parliament and of the Council of April 27, 2016- to those who interact with the web services that can be accessed electronically from the address www.pnkfarmaceutici.it corresponding to the home page of the PNK Farmaceutici Company website
The disclosure is also inspired by the principles of transparency and lawfulness for the processing of personal data, aimed at ensuring the minimum requirements for the collection of personal data online and, in particular, the manner, timing and nature of the information that data controllers must provide to users when they link to pages web, regardless of the purposes of the connection.
The policy concerns only this site and not also other websites, portals, sections/pages/spaces connected through links for which please refer to their respective policies.
THE DATA CONTROLLER
As a result of consulting this site, data relating to identified or identifiable persons may be processed. The “Holder” and the place of their processing is PNK Farmaceutici with registered office in Via Tevere 16 – 64020 Castel Nuovo Vomano (TE) – Industrial Zone
PURPOSE OF PROCESSING
The personal data of the interested parties (non-sensitive identification data such as, but not limited to, name and surname, company name, tax code and VAT number, address, telephone/fax, e-mail, bank and payment references) are processed in compliance with the GDPR, in order to carry out the service requested by the user and fulfill the obligation undertaken towards the same, such as, for example, manage and execute the purchase orders of the products respond to requests for information or the request for sending the newsletter having as object informative messages and commercial and promotional communications related to the activity carried out by the Owner, allow and manage the registration to the site, in full compliance with the principles of lawfulness and correctness and the provisions of the law. In any case, the data subject will always be asked for consent for each type of processing of his or her data.
TYPES OF DATA PROCESSED
The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, addresses in notation URI (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computing environment.
This data is used for the sole purpose of obtaining anonymous statistical information about the use of the site and to check its correct operation and is deleted immediately after processing. The data could be used to ascertain liability in case of hypothetical computer crimes against the site.
Data voluntarily provided by the user
The optional, explicit and voluntary sending to this site of the user’s personal data through the methods indicated in this information involves the subsequent acquisition by the Data Controller for the purposes referred to in this processing.
Personal data will be disclosed to third parties only if the disclosure is necessary to comply with the requests of the users themselves, as specified in this policy statement.
Health data and, in general, special categories of personal data recalled by Article 9 of the GDPR (sensitive, biometric, genetic, and criminal) will not be requested.
Failure by the user to provide data may result in the inability to obtain the requested service.
MODE OF TREATMENT
Personal data are processed by collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data and by automated means for the time strictly necessary to achieve the purposes for which they were collected.
Data are collected as a result of being sent directly to the Owner, by filling out forms or forms generally prepared for this purpose, via the Web or included in contractual documents, or collected by telephone as part of any product ordering activities
Specific and adequate security measures are taken to prevent data loss, illegal or incorrect use and unauthorized access in compliance with obligations to comply with minimum security measures. We inform that in order to provide a complete service our portal contains links to other websites, not operated by us. We are not responsible for errors, content, cookies, publications of unlawful moral content, advertisements, banners or files that do not comply with current regulatory provisions and compliance with the Privacy regulations by sites operated by us to which reference is made. In order to improve the service offered, immediate reporting of malfunctions, abuses or suggestions to the e-mail address: firstname.lastname@example.org is welcome.
RECIPIENTS OR POSSIBLE CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Data processing is carried out by employees of the Owner (employees, collaborators). When necessary for the purposes of the processing, the data may be processed by third parties appointed as third party data processors, to all those entities (including public authorities) who have access to personal data by virtue of regulatory or administrative measures; to companies or third parties in charge of printing, enveloping, shipping and/or delivery and/or collection services of the products purchased through the site, to post offices, couriers or shippers in charge of the delivery of the products purchased through the site; to banking institutions and companies that manage the national or international payment circuits through which online payments of products purchased through the site are made; to companies, consultants or professionals that may be entrusted with the installation, maintenance, updating and, in general, the management of the hardware and software of the site or which it uses for the provision of its services; to all those public and/or private individuals and/or legal entities (legal, administrative and tax consultancy firms, Judicial Offices, Chambers of Commerce, Chambers and Labour Offices, etc.), if the communication is necessary or functional for the proper fulfillment of contractual obligations undertaken, as well as obligations arising from the law
RIGHTS OF INTERESTED PARTIES
The subjects to whom the personal data refer have the right at any time to access their personal data in order to obtain confirmation of the existence or non-existence of such data and to know its content and origin, verify its accuracy, request its integration or updating, or rectification (Art. 13 EU Reg. 679/2016).
- The data subject also has the right to object to the processing of data for legitimate reasons and, in particular, for those indicated in Art. 21 of the GDPR, to request data restriction as well as data portability. A data subject may request the deletion of his or her data if any of the reasons stated in Art. 17 of Reg. EU 679/16, which is quoted in full:
- personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) and if there is no other legal basis for the processing;
- the data subject objects to processing under Article 21(1) and there is no overriding legitimate reason for processing, or objects to processing under Article 21(2);
- personal data have been unlawfully processed;
- personal data must be deleted in order to comply with a legal obligation under Union or Member State law to which the data controller is subject;
- personal data were collected in connection with the provision of information society services referred to in Article 8(1).
- Where a data controller has made personal data public and is obliged under paragraph 1 to erase it, taking into account available technology and implementation costs, it shall take reasonable measures, including technical measures, to inform data controllers who are processing personal data of the data subject’s request to erase any link, copy or reproduction of his or her personal data.
- Paragraphs 1 and 2 do not apply to the extent that the treatment is necessary:
- for the exercise of the right to freedom of expression and information;
- for the performance of a legal obligation requiring processing provided for by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
- For reasons of public interest in the field of public health in accordance with Article 9 (2) (2) (h) and (i), and Article 9(3);
- for archiving purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89(1), insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of such processing; or for the establishment, exercise or defense of a right in judicial proceedings.
The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or non-existence of these data and to know their content and origin, verify their accuracy or request their integration or updating, or rectification (Article 7 of the Personal Data Protection Code).
Requests should be addressed to:
- via PEC email@example.com
- or by registered mail with return receipt, to the registered office of PNK Farmaceutici , headquartered at Via Tevere 16 – 64020 Castel Nuovo Vomano (TE) – Industrial Zone
This document will also be subject to periodic updates related to the evolution of the national privacy regulatory framework.