The purpose of this notice is to describe the processing of the personal data collected through this website (hereinafter the “Website”) owned by RECORDATI RARE DISEASES Fondation d’Entreprise.
This notice is provided pursuant to artt. 13 and 14 of the Regulation (EU) 2016/679 General Data Protection Regulation (hereinafter, “GDPR”) to those who interact with the services of the Website (hereinafter, “Data Subject”).
Where required, specific notices on personal data processing activities are provided in order to describe purposes and methods of processing activities for each specific service web page. As per processing activities described therein, the Data Subject can freely give his/her consent.
The “Data Controller”
RECORDATI RARE DISEASES Fondation d’Entreprise located at Immeuble Le Wilson - 70, avenue du Général de Gaulle - 92800 Puteaux, FRANCE is the Data Controller for the processing of personal data.
Personal Data assignment
Personal Data are collected from the Data Subject through the following methods:
- Direct submission (please refer to the section “Data voluntarily provided by Website users”);
- Automated collection (please refer to sections “Browsing data” and “Cookies”).
Type of data processed
The following data categories might be subject to data processing activities.
Browsing data
During the normal course of their activities, the IT systems and software applications provided for the functioning of the Website acquire some personal data (e.g. IP addresses or the domain names of the computers used by the Website users, the pages visited and the date and time of the visit) and their transmission is an intrinsic part of the use of internet communication protocols.
This information is not collected with the purpose of being associated with the identified persons, but by its nature it could allow the identification of data subjects, following data processing and association with other data held by third parties.
This data is used for the only purpose of acquiring anonymous statistical information on the use of the Website and to monitor its proper functioning. The data could be used to establish responsibility in the case of hypothetical computer crimes that may damage this site. Apart from this particular circumstance, data on web contacts are normally conserved for no longer than 30 days.
Cookies
In order to make the browsing on this Website faster and more efficient, cookies are used when users visit this Website. Cookies are short strings of text which allow the connection with the Website to be maintained.
Cookies do not retain any personal information related to the users, and any identifiable data will not be stored. If you want to disable the use of cookies, you must customize the settings in your browser, either by setting it to delete all cookies or by configuring a warning message to appear when cookies are stored.
Data voluntarily furnished by Website users
This refers to personal data freely given by a Website user in order to access specific services that have been freely chosen. Failure to provide this information may entail the impossibility to provide the service requested. Specific information and consent requests are reported on the pages of the Website used for particular on-request services.
Data processing activity purpose
Purpose of data processing activity is conduct data analytics related to Data Subjects’ website usage, with the exception of notices related to special initiatives that require the collection of specific personal data and are except in case of individual initiatives that require the acquisition of specific personal data, published from time to time on the Website.
Data Communication and disclosure
Personal data will not be disclosed.
Personal Data may be sent to other companies belonging to the RECORDATI Group or to associate companies of the Group, and to third parties which Recordati uses to improve the service offered through its Website. The company Webmaster has been appointed as external Data Processor in accordance with Art. 28 of the GDPR, as it treats personal data on behalf of the Data Controller and is responsible for the maintenance of the technological part of the website.
In case the Controller entrusts the processing operations to third parties, the latter will be appointed for this purpose - in accordance with Article 28 of the GDPR – and subject to verification of the third parties compliance with the provisions on personal data protection. The Data Controller will rely on Data Processors which provide sufficient guarantees to implement appropriate technical and organizational measures, so that the processing activity meets the requirements of the GDPR, and guarantees the protection of Data Subject’s rights.
This Website uses the web analysis service provided by Google Analytics. This is a web traffic analysis service provided by Google Inc (“Google”). Information generated by cookies is transmitted to Google and stored in their servers and IT systems in the USA. Google uses this information to track visitors and examine the use of the Website, to compile reports on the activities of the Website for the site administrators and to provide other services relating to the activities of the Website and the use of the internet. Google can also pass this information on to third parties where this is required by law or where these third parties process the aforementioned information on behalf of Google. Google will not associate your IP address with any other data possessed by Google. By using this Website, you consent to the processing of your navigation data by Google for the above purposes and using the above methods. Please see the Google privacy page for further information. You can prevent Google from acquiring cookies that are generated by visitors to this Website (including your IP address) and from processing that data by downloading and installing this plug-in for your browser http://tools.google.com/dlpage/gaoptout?hl=en
Personal Data may be passed to authorized persons - such as Pharmacovigilance, human resources, medical information departments as well as any appropriate departments of the Data Controller by the Data Controller for processing activities.
How data is processed
Data is processed using automated tools only for the time necessary to achieve the aims for which it has been acquired, as well as for any additional period necessary to fulfill specific legal obligations. Data relating to web contacts will not be stored for more than 30 days, except for ascertaining responsibility in the event of hypothetical computer crimes that may damage this site.
Cross-border data management
Personal data will be transferred across borders: information generated by cookies is transmitted to Google and stored in their servers and IT systems in the USA, based on Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield (notified under document C(2016) 4176).
Data Subject rights
The Data Subject is entitled to exercise his/her rights to require the Data Controller to access, rectify, erase or to restrict/object to Processing of his/her Personal Data; all the rights provided by artt. 15 ff. of GDPR are anyway applicable towards the Data Controller.
The Data Subject has also the right to lodge a complaint to the Supervisory Authority for the protection of Personal Data.
All requests related to personal Data processed by Data Controller may be forwarded to the following address Local Data Protection Representative: ckellquist@rrd-foundation.org