Data controller for the website
The Data Controller is F2I MEDTECH SPA (“Althea” – “Althea Group” or “Controller”) with registered office in Rodano/Milan, (MI), Via Papa Giovanni XXIII, 43, 20053, Millepini, Italy and can be contacted through the following addresses:
F2I MEDTECH SPA
Via Papa Giovanni XXXIII, no. 43
20090 Rodano (MI)
Tax code and VAT No.: 09909510969
Tel. +39 02 976791
E-mail: [email protected]
PEC: [email protected]
Althea has appointed a Data Protection Officer (“DPO”) in accordance with Articles 37 and following of the GDPR, who can be contacted at [email protected].
Type of data processed
The Data that Althea may process relate to the following categories:
- Site visitor browsing data: this is anonymous browsing data for the purpose of monitoring and ensuring the technical operation and performance of the site.
- Data provided voluntarily by the user: this is mainly Data provided by you, functional to the identification of your person and necessary for the correct management of your commercial information requests, such as, for example: name, surname, telephone number, e-mail address.
- Data provided by candidates: this is mainly Personal Data provided by you in the course of the recruitment process, such as, for example: name, surname, e-mail, address, telephone number, data relating to your educational and professional background as included in your CV, including, if voluntarily included in your CV, Personal Data disclosing your health status (e.g. belonging to protected categories).
Purpose of processing your personal data
The User Data is collected to enable the Controller to provide the Service, to comply with legal obligations, to respond to requests or enforcement actions, to protect its rights and interests (or those of Users or third parties), to detect any malicious or fraudulent activities, and in particular for the following purposes:
- Management of the contact form: Althea processes your Data, voluntarily provided, in order to manage all commercial information requests for Althea products and services received by filling in the contact form in the “Contact us” section of the site.
- Furthermore, Althea processes your Data, voluntarily provided, to handle all other requests it receives via the e-mail addresses available to users on the various pages of the site for the provision of specific services and/or information requested.
- Management of the spontaneous application form: Althea processes your data, voluntarily provided by filling in the form and contained in the curriculum vitae (“CV”) sent to us through the “Work with us” section of the website, in order to assess your application and carry out all related recruitment and selection activities. For the above purpose, please note that your Data will also be processed as part of Human Resources (HR) and personnel management activities.
Unless otherwise specified, all Data requested by this application is mandatory. If you refuse to communicate such Data, it may be impossible for this Application to provide the Service. In cases where this Application indicates certain Data as optional, you are free to refrain from communicating the Data, without this having any consequence on the availability of the Service or its operation.
Legal basis for processing
The Controller processes Personal Data relating to the User if one of the following conditions is met:
- the User has given consent for one or more specific purposes;
- processing is necessary for the performance of a contract with the User and/or the performance of pre-contractual measures (e.g. responding to a request for a quotation or information on a product or service offered);
- processing is necessary to comply with a legal obligation to which the Controller is subject;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- processing is necessary for the pursuit of the legitimate interest of the Controller or of third parties.
However, the data controller may always be requested to clarify the specific legal basis of each processing operation and in particular to specify whether the processing is based on law, required by a contract or necessary to conclude a contract.
According to Article 8, paragraph 1 of Eu Regulation 2016/679, if the user is under sixteen years of age, he or she must legitimise his or her consent through the authorisation of his or her parents or legal guardian.
How we process your Personal Data?
The Controller takes appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data.
Your Personal Data will be processed using both electronic and paper-based tools, in accordance with the principles of lawfulness, fairness and transparency and, in any case, with tools that guarantee security and confidentiality.
Althea uses a variety of security technologies and organisational procedures to protect your Personal Data in case of loss, misuse or unauthorised access. For example, we implement access controls, use firewalls and secure servers and encrypt certain types of Data, such as financial information and other sensitive Data.
Your data will be kept for a period of time permitted and not longer than is necessary to achieve the purposes for which it is processed and for the time necessary to provide you with the service and the information requested.
When the processing is based on the User’s consent, the Controller may keep the Personal Data for a longer period until such consent is revoked. Furthermore, the Controller may be required to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this period, the right of access, cancellation, rectification and the right to Data portability can no longer be exercised.
Place of data processing
Data is processed at the Controller’s premises and at any other place where the parties involved in the processing are located. For further information, please contact the Data Controller.
The User’s Personal Data may be transferred to a country other than the country where the User is located. To obtain further information on the location of the processing, the User may contact the Data Controller.
The User has the right to obtain information about the legal basis for the transfer of Data outside the European Union or to an international organisation under public international law or consisting of two or more countries, such as the UN, as well as about the security measures taken by the Data Controller to protect the Data .
You can check whether one of the transfers described above has taken place by asking the data controller.
Disclosure of your Personal Data
In addition to the Data Controller, in some cases, categories of authorised persons involved in the operational activities carried out by the Data Controller (administrative staff, lawyers, system administrators) or external parties, appointed as Data Processors by the Data Controller pursuant to Article 28 GDPR, to whom Althea outsources part of its activities, may have access to your Personal Data. The updated list of Processors may always be requested from the Data Controller.
Moreover, your Personal Data may be disclosed to persons, entities or authorities to whom disclosure of the Data is required by law, for example, if this request stems from orders from public and/or judicial authorities.
Your Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages of such proceedings in order to defend against improper use of this application or related services by the user. You declare that you are aware that the Data Controller may be obliged to disclose your Data by order of public authorities.
As Data Controller, Althea will not transfer your Personal Data to third countries outside the European Economic Area.
At any time, you are entitled to:
- obtain confirmation from Althea as to whether or not your Personal Data is being processed and, if so, to obtain access to the information referred to in Article 15 of the Regulation;
- obtain the rectification of inaccurate Data or, taking into account the purposes of the processing, the integration of incomplete Personal Data;
- obtain the deletion of your Personal Data if one of the reasons indicated in Article 17 of the Regulation applies;
- obtain the limitation of the processing of your Personal Data in cases provided for by applicable law;
- oppose the processing of your Personal Data for particular reasons where there are no compelling legitimate interests of Althea;
- receive your Personal Data in a structured (e.g. dvd, usb), commonly used and machine-readable format as well as the right to transmit such Data to another data controller without hindrance by Althea if technically possible, in the cases and within the limits indicated in Article 20 of the Regulation. Depending on the cases and the amount or complexity of the information requested, you may be required to pay a proportionate fee.
To exercise these and the other rights indicated in Articles 15-22 of the GDPR, you can send an e-mail to [email protected]. It will be the responsibility of the Controller to provide appropriate feedback within 1 month of receipt.
You also have the right to appeal to the judicial authority or to the Data Protection Authority, in the latter case, by means of a complaint regarding the processing of your Personal Data, pursuant to Article 77 of GDPR 679/2016, by following the instructions published on the Authority’s official website .
System logs and maintenance
For operation and maintenance purposes, this application and any third-party services used by it may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User’s IP address.
Information not contained in this policy
Further information in connection with the processing of Personal Data may be requested at any time from the Data Controller using the contact details given in this notice.
Responding to “Do Not Track” requests
This application does not support “Do Not Track” requests.
To find out whether any third-party services used support them, you are invited to consult their respective privacy policies.
If the changes affect processing for which the legal basis is consent, the Controller will collect the user’s consent again, if necessary.