Privacy Policy
Updated on: 17/01/25
Table of Contents
1) PREAMBLE
This document describes the ways in which we operate the website www.recordatirarediseases.com (“Website”) with respect to the processing of the personal data of its users. The Website is managed by Recordati AG, Rare Diseases Branch, with registered office in Uferstrasse 90, 4057 Basel, Switzerland.
When you browse our Wesbite, interact with us, or use our services (“Services”), we may collect and process information and personal data about you. For this reason, in accordance with the applicable provisions of data protection laws, we have created this document (“Privacy Policy”) to describe what personal data we collect, the purposes and methods for processing it and the security measures we take to protect it.
This Privacy Policy constitutes the information that is provided pursuant to applicable laws and exclusively concerns this Website and the processing of data performed by Recordati. Any third-party websites referred to by this Website, including through links, are not covered by the information indicated in this Privacy Policy.
2) WHO PROCESSES YOUR PERSONAL DATA
The data controller is Recordati AG, Rare Diseases Branch with registered office in Uferstrasse 90, 4057 Basel, Switzerland, which is the branch of Recordati AG, with registered office in Lindenstrasse 8, 6340, Baar, Switzerland, (“Recordati”, “we”, “us”) a company of the Recordati Group.
Recordati Industria Chimica e Farmaceutica S.p.A., with registered office in Milano, Via M. Civitali n. 1, enrolled in the Register of Companies of Milan under number 00748210150 shall be the local point of contact and representative in the EU for individuals and data protection authorities.
The Data Protection Officer of the Recordati Group can be contacted for any privacy issue arising or in connection with the processing of Personal Data at the following email address: .
3) WHAT TYPES OF PERSONAL DATA WE PROCESS
- Navigation data: The computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or MAC addresses of the computers used by users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and IT environment. These data are used to obtain statistical information on the use of the Website and to check its correct functioning. These data could be used to ascertain responsibility in the event of cyber-crimes against the Website, to the extent permitted by applicable legislation.
- Data necessary to access to the website, cookies and other similar technologies: Our Website uses cookies and other tracking technologies; for more information, please visit our Cookie Policy.
4) FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA
We process your personal data for the following purposes and set out the corresponding legal bases below:
|
# |
Purpose of processing |
Legal basis |
Types of data |
|
1 |
To operate, provide you with access to our Website, improve our Site, and troubleshoot any issues. |
The processing is based on Recordati’s legitimate interest in presenting its activities to the public, ensuring the functioning of the Website, improving its appearance and user experience. |
For this purpose we process data under par. 3, letter a. above. |
|
2 |
To get to know our visitors through the use of cookies and similar tracking technologies. For more information visit our Cookie Policy. |
The processing is based on your consent, where necessary, or on Recordati’s legitimate interest consisting of the interest in ensuring that the Site functions properly, is visible and accessible to users. |
For this purpose we process data under par. 3, letter .b above. |
Provision of your personal data is not mandatory and will not affect your ability to visit the Website. It may, however, result in the impossibility of sending a request to us.
5) HOW WE PROCESS YOUR PERSONAL DATA
Your personal data will be processed using electronic means.
The security of your personal data is important to us. We adopt – and expect our service providers to adopt – appropriate technical and organizational security measures to prevent the loss or destruction of data, illicit or incorrect use and unauthorized access to data, in compliance with applicable legislation. In addition, the IT systems are configured in such a way that personal and identification data are used only when necessary to achieve the specific processing purposes pursued from time to time.
We implement multiple security technologies and procedures to protect your personal data from the risks described above. However, we would like to point out that electronic transmissions or storage of information are not 100% secure. Therefore, despite the security measures we have put in place to protect your personal data, we cannot guarantee that data loss, misuse or alteration will never occur.
We do not use automated individual decision-making that would have legal effects on you or, similarly, significantly affect you.
6) HOW LONG WE PROCESS YOUR PERSONAL DATA
Personal data is processed for the time necessary to provide the requested information or Services and, in any case, in accordance with any applicable legal or regulatory obligations. Notably:
- For information on the storage of cookies and other technologies, please visit our Cookie Policy.
7) TO WHOM AND WHERE WE TRANSFER YOUR PERSONAL DATA
Your personal data will be processed by our duly authorised staff, based on their respective needs. Your data will also be processed by our suppliers for technical and organizational services functional to the processing purposes indicated above, such as providers of technical assistance services for the Website and hosting services. All the mentioned service providers act as our data processors on the basis of our instructions and in accordance with the provisions of the contracts they have entered into with us.
We may disclose your personal data to public authorities or bodies and to any other legitimate recipient in accordance with the law. In this case, the recipients will act as independent data controllers according to their respective institutional purposes.
If we are involved in a reorganization, acquisition, or sale of our company or parts of it, we will disclose your personal data to the third parties involved in the process, in accordance with applicable law. Any third party that is the recipient of your personal data as part of this procedure may only use it within the limits established by this Privacy Policy and applicable legislation. To receive the updated list of recipients of your personal data, you can contact us using the contact details indicated above.
If your data is transferred abroad to countries that do not provide the same level of data protection as your country, we will ensure that the transfer is carried out in accordance with applicable law, i.e. by obtaining your consent, when necessary, or by taking any other measures necessary to ensure equivalent protection of the data being transferred, including, but not limited to, through the signing of standard contractual clauses according to the model developed by the European Commission and recognized in Switzerland. You can receive a copy of the relevant safeguards by contact us using the contact details set out in section 2 of this Privacy Policy.
At this stage, we do not transfer your personal data outside of the European Union and Switzerland.
8) WHAT ARE YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM
Recordati informs you that you will always have the right to withdraw your consent at any time, as well as to exercise, at any time, the following rights (subject to certain limitations/restrictions) by contacting the data controller or the DPO at the addresses indicated above:
- the “right of access” to your personal data and, in particular, to obtain confirmation of the existence or otherwise of personal data concerning you;
- the “right to rectification“, i.e. the right to request the rectification of inaccurate personal data or the completion of incomplete personal data;
- the “right to erasure“, i.e. the right to request the erasure, or transformation into anonymous form, of personal data processed;
- the “right to restriction of processing“, i.e. the right to obtain from the data controller the restriction of processing in certain cases provided for pursuant to data protection legislation;
- the “right to data portability“, i.e. the right to receive (or to transmit directly to another data controller) personal data in a structured, commonly used and machine-readable format;
- the “right to object“, i.e. the right to object, in whole or in part:
- to the processing of personal data carried out by the data controller for its own legitimate interest; and
- to the processing of personal data carried out by the data controller for marketing or profiling purposes.
The exercise of the above rights is free of charge. However, we may charge a reasonable fee for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if an individual requests further copies of their data.
All enquiries, requests or concerns regarding this notice or relating to the processing Personal Data including all requests detailed above, should be sent to .
Recordati may ask you to verify your identity before taking further action following your request to exercise the above Rights.
You may also lodge a complaint with the competent supervisory authority (in particular with Swiss Federal Data Protection and Information Commissioner or, for EU countries, with the Data Protection Authority of the Member State of your habitual residence, place of work or place of the alleged violation) if you are of the opinion that your personal data are processed in such a way as to result in violations of applicable data protection legislation. You may also contact the relevant supervisory authority if the exercise of your rights is subject to delay, limitation or exclusion by the data controller.
In order to facilitate the exercise of the right to lodge a complaint, the name and contact details of the supervisory authorities of the European Union are available at the following link: Our Members | European Data Protection Board (europa.eu). You can exercise your right to lodge a complaint to the Swiss Federal Data Protection and Information Commissioner (FDPIC) at the following link Data protection services.
9) CHANGES TO THIS PRIVACY POLICY
We may update and amend all or part of this Privacy Policy at any time. The version published on the Website is the version currently in force. In the event of a change in the text of this Privacy Policy, we will inform you of such changes with a specific banner, link or pop-up on the home page of the Website.
