Effective Date: 25 May 2018
The EU 679/2016 General Data Protection Regulation (GDPR) includes rules on giving privacy information to data subjects in Articles 12, 13 and 14.
Data Controller for Althea Group S.p.A. and its subsidiaries (“Althea”):
ALTHEA GROUP S.p.A.
Via Papa Giovanni XXIII, 43
20090 Località Millepini
Rodano / Milan – Italy
Tel. +39 02 976791
Data Protection Officer (DPO) for Althea
How to contact us
Please contact us if you have any questions or concerns about your personal information or require assistance in managing your choices.
Personal data we collect and use
We collect personal information you choose to provide, e.g., through registrations, recruitment, applications and surveys, and in connection with your inquiries.
For example, you may choose to provide your name, contact information, health, insurance and/or financial information in connection with a promotion, a patient assistance or support program.
How we use personal data
We may use your personal information in the following ways:
• to respond to your inquiries and provide the products and services you request;
• to serve third parties you ask us to serve;
• to validate your ability to access / use certain products, services and information;
• to improve products and services and protect patients and consumers;
• to provide the products and services you request;
• to tell you about Althea products and services and those offered by our carefully selected business partners;
• to manage our sites and services.
We do not sell your personal information to external marketing companies.
Sharing personal data with others
We may share your personal data with service providers, business partners and other third parties, in accordance with applicable law.
If we are required by law to obtain your consent, or otherwise believe that your consent is appropriate in the circumstances, we will obtain your consent before we share your personal data.
In particular, we may share your information:
• with our carefully selected business partners for co-promotions or other joint programs, but only if we have
obtained your consent;
• with our third-party service providers who perform us business operations on our behalf;
• with our third-party service providers who work on behalf of us and our business partners to send you joint
communications that we hope you find of interest;
• to protect and defend us (including enforcing our terms and conditions);
• when required by law and/or government authorities.
Once you have provided us with your personal data, you have reasonable access to that information so that you can update, modify or, if legally possible, delete it.
the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in
particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the
criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
How we protects your personal data
We recognize and take seriously our responsibility to protect the personal data you entrust to Althea from loss, misuse or unauthorized access. Althea uses a variety of security technologies and organizational procedures to help protect your personal data. For example, we implement access controls, use firewalls and secure servers, and we encrypt certain types of data, such as financial information and other sensitive data.
Special information for parents
While our websites are not generally targeted at children under the age of 16, our policy to comply with the law when it requires parent or guardian permission before children’s information is collected, used or disclosed.
We strongly recommend that parents take an active role in supervising the online activities of their children. If you believe we have collected personal data from a person who is under the age of 16.
Changes to this privacy notice
From time to time, we may update and timely post revisions to this Privacy Notice.
Any changes will be effective immediately upon the posting of the revised Privacy Notice.
If the Privacy Notice changes in a way that significantly affects how we handle personal information, we will not use the personal information we previously gathered in the manner described in the new policy without providing notice and/or obtaining your consent, as appropriate.
Minor changes to the policy may occur that will not significantly affect our use of personal information without
notice or consent.
We encourage you to periodically review this page for the latest information on our privacy practices.
This Privacy Notice was updated as of the effective date listed above.