Privacy Policy
Policy for the Processing of Personal Data in accordance with Art. 13 and 14 of Regulation (EU) No 2016/679
The company Pirate Rocket S.r.l. (VAT number 02644170033) e Biopharmed S.r.l. (VAT number 13130800967) with legal address in Milan at Via Giovanni Battista Sammartini, 33 as Joint Controllers (hereinafter the ''Joint Controllers'') of the processing of personal data (hereinafter the ''Processing''), inform the visitors of the site www.biopharmed.it (hereinafter the ''Data Subjects'') in accordance with art. 13 of the European Regulation no. 2016/679, the General Data Protection Regulation.
The Joint Controllers are aware of the importance of the processing of the personal data of the Data Subjects, for this reason, they take care to indicate which data are processed and how they are processed. By proceeding to browse the Site or by indicating the wish to use the services provided by the same, the Data Subject declares to have read and accepted the present privacy policy (hereinafter referred to as ''Policy'').
For any information, questions or requests related to this Policy, the Joint Controllers make the following e-mail address available to the Data Subjects: [email protected]
What are the data subject's rights in relation to the processing of personal data?
The Data Subject has the following rights:
- right to be informed that data processing is in progress concerning him/her and, if so, to have access to the personal data processed;
- right to rectification of personal data;
- right to erasure (right to be forgotten) of personal data concerning him/her;
- right to the restriction of the processing of personal data concerning him/her;
- right to data portability to receive, or have transmitted to another Controller, personal data concerning him/her in a structured, commonly used and machine-readable format;
- right to object to the processing of personal data;
- right to withdraw previously given consent;
- right to lodge a complaint with the competent authorities about a personal data processing breach.
How to exercise the rights?
The Data Subject may exercise his or her rights by writing to the above-mentioned e-mail address.
The Joint Controllers may request specific information from the Data Subject in order to follow up on the Data Subject's communications in relation to the rights.
Such communications are usually acknowledged within 30 days of receipt of the communication itself, but in the event that this deadline cannot be met (for example, due to an excessive burden of requests or the complexity of the response) it is the responsibility of the Joint Controllers to inform the Data Subject and keep him/her informed of the progress of the communication sent.
What personal data is processed?
The Joint Controllers process the personal data provided to them by the Data Subject or by third parties in order to be able to follow up the Contact Requests of the Data Subject received through the Site (hereinafter, the "Services").
a) Data provided directly by the Data Subject
Category of personal data |
Data typology |
---|---|
Identification and contact details |
First name, surname, address, e-mail address, telephone number, current salary, CV |
Special data |
Be part of the so-called protected categories under Law 68/99 |
Technical data |
IP address |
b) Data provided by third parties
Category of personal data |
Data typology |
---|---|
Analysis providers |
|
Aggregate data
The Joint Controllers may collect, use and share aggregated data, such as statistical or demographic data, for any purpose.
Aggregated data may be derived from the Data Subject's personal data, but once aggregated it does not constitute personal data under the GDPR, as it cannot directly or indirectly identify the Data Subject. However, if the Joint Controller combines or connects the aggregated data with the Data Subject's personal data in a way that allows the identification of the Data Subject, either directly or indirectly, the Joint Controller will treat the resulting data in accordance with the provisions of this Policy.
Personal data
The Joint Controllers do not process any special categories of data relating to the Data Subject (special data means data relating to racial or ethnic origin, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, genetic, biometric and health data), just as they do not process any data relating to the Data Subject's criminal convictions and offences.
Why is personal data processed?
The Joint Controllers process personal data for the purposes set out in the table below. The GDPR requires that, for each purpose of the processing of personal data of Data Subjects, the Joint Controllers have a lawful basis for carrying out the processing. The Joint Controllers may process the personal data of the Data Subjects with the consent of the Data Subjects as the lawful basis for the processing. Consent may be withdrawn at any time, but the processing carried out until the consent is withdrawn cannot be affected.
A summary table of the purposes and a description of the purposes is set out below:
Purpose |
Type of data |
Content |
---|---|---|
Provision of services |
The Interested Party may, via the Site, request to be contacted to receive information, quotations or quantification of the activities carried out by the Joint Controllers. |
The data will be kept until the end of the provision of the individual Services. |
Assistance to the interested parties |
To resolve technical problems encountered by the interested parties during navigation, their requests for assistance, to improve the Services and the Site, and to provide support requested by the interested parties. |
The data will be retained until the interested parties’ request for assistance is processed. |
To comply with the legal, regulatory and business protection obligations of the Joint Controllers and the measures of judicial and administrative authorities. In addition, the Joint Controllers may process data to protect their rights and interests, such as, for example, in the case of judicial protection or due diligence in the case of assessments of changes in corporate structure. Personal data will be stored for the period of time determined by law, regulation and/or authority. |
The Joint Controllers may process the personal data of the Data Subject in order to comply with legislative and regulatory obligations, such as to comply with orders of judicial and administrative authorities. The Joint Controllers may also process them to protect their rights and interests, such as in the case of judicial protection or due diligence in the case of assessments of changes in corporate structure. |
Personal data shall be retained for the period of time determined by law, regulation and/or authority. |
What happens if the Data Subject does not provide the necessary personal data?
If the data is necessary for the provision of the Services and assistance to the Data Subject, the Joint Controllers will not be able to provide the Services and assistance to the Data Subject in its requests. In this case, the Joint Controllers may, alternatively, request the integration of the personal data or delete the personal data of the Data Subject preventing the provision of the Services.
For purposes other than the provision of the Services and assistance to the Data Subjects, the provision of data is optional and the failure to provide personal data shall not affect the above-mentioned purposes of the Processing.
To whom is personal data communicated and disseminated?
a) Communication
The personal data of the Data Subjects may be communicated to third parties other than the Correspondents, as best indicated in the table below:
Recipients |
Objective of the communication |
---|---|
Suppliers |
The suppliers of the Joint Controllers support them in the provision of the Services with, among others, the development of the Site, hosting, maintenance, backups, virtual infrastructure. |
External consultants |
In case of legal obligations or in connection with an established relationship with the Data Subject, the Joint Controllers may communicate personal data to external advisors, such as, for example, the accountant and the lawyer. |
Authorities and judicial proceedings |
The Joint Controllers may disclose the personal data of data subjects to state and/or administrative and/or judicial authorities if required to do so by law, regulation or order of the authorities or to defend their own rights and/or interests. |
b) Disclosure
The personal data of the Data Subjects will not be disclosed to unauthorized third parties.
The processed personal data will be used and shared with third parties engaged to perform ad measurement services on behalf of the Joint Controllers. The third parties will only have access to the personal data strictly necessary for the performance of their functions and will be bound to process such data in compliance with this policy and with the current legislation on the protection of personal data.
Where is personal data stored?
The Joint Controllers store personal data in paper archives within their premises, as well as in computer archives located both in the European Union and outside the European Union, if this is necessary for the achievement of the purposes indicated above. In the latter case, the Joint Controllers shall ensure that companies not established in the European Union treat personal data with the utmost confidentiality in compliance with the adequacy decisions of the European Commission, any Privacy Shield or, if necessary, by concluding agreements ensuring an adequate level of protection.
How is personal data handled?
The Joint Controllers process the personal data of the Data Subjects by adopting appropriate security measures to prevent unauthorised access, disclosure, modification and destruction.
Data processing is carried out by computerised procedures, telematic means and, residually, on paper media by specially authorised internal subjects, as well as by external data processors, if appointed, also on the basis of existing contractual agreements.
What is the policy on the processing of children's data?
The Joint Controllers are aware of the sensitivity of the processing of children's data. In particular, the Services are not intended to be provided to children under the age of 14, and the Joint Controllers do not voluntarily process data of children under this age: in this regard, Data Subjects are requested not to apply for the provision of the Services if they are under the age of 14.
The Joint Controllers invite those exercising parental responsibility over minors under 14 years of age to check that they do not request the provision of the Services and, in any case, to educate minors not to disclose their personal data via the Site.
In the event that the Joint Controllers become aware that certain personal data relate to children under the age of 14, the Joint Controllers will take steps to remove the personal data.
What happens if there are links to other websites?
The Joint Controllers inform the Data Subjects that this policy only applies to the site and, if there are links to other websites, the Data Subjects should check the policies of those sites before disclosing their personal data.
The Joint Controllers assume no responsibility for personal data provided by Data Subjects on other websites.
Policy changes
The Data Controller reserves the right to amend this Policy at any time. In the event of changes, it will be the Data Controller's responsibility to update this page and to this end, the Interested Party is urged to check the changes made to it. The history of the Policy will be deducible from the date affixed. By continuing to use the Site after the modifications, the Interested Party gives tacit consent and agrees to the Data Processing as modified.
Date of last update of the Policy: 23/09/2024