Notice on the processing of personal data (EU Regulation 679/2016 – Art. 13)
Pursuant to Article 13 of EU Regulation 679/2016 (GDPR) regarding the processing of personal data (hereinafter the “Regulation”), and with respect to the personal data you have submitted that will be processed[1], we wish to inform you that any personal data you provide will be processed in compliance with current legislation and the confidentiality to which the undersigned is bound.
The EU Regulation sets out forms of protection to ensure that data is processed lawfully, fairly and in a transparent manner in relation to the data subject, is collected for specific, explicit and legitimate purposes, is adequate, relevant and restricted to what is necessary in relation to the purpose for which it is processed, and is accurate and, if necessary, kept up to date, and stored only for as long as needed. In compliance with the purposes for which data is collected, processing must ensure the adequate security of personal data.
Registration on the www.giuripharma.it website is subject to the user’s prior reading and acknowledgment of this privacy notice and the data subject’s authorisation for the personal data to be processed.
1. Data Controller
The Data Controller is Mercurio GP Srl, the owner of the mercuriogp.eu website, with registered office in via Orefici, 2, 20123 Milan – email address: mercuriogp@mercuriogp.eu
The Data Controller, taking into account present circumstances and implementation costs, as well as the nature, scope of application, context and purposes of processing, both when determining its means and at the time of processing (so-called risk analysis – accountability), has established appropriate technical and organisational measures aimed at effectively implementing data protection principles and incorporating the necessary safeguards, in order to meet the requirements of EU Regulation 679/2016 and protect data subjects’ rights.
2. Data Processor
Guido Ponti, who has been appointed as Data Processor, may be contacted regarding any query related to data processing and its procedures.
3. Processing location
The processing operations related to this website’s services take place at the Data Controller’s premises and are exclusively carried out by staff with specific data processing responsibilities.
4. Types of data processed
[1] Processing refers to any operation or set of operations that is performed on personal data or sets of personal data, by manual or automated means. It includes the collection, recording, organisation, structuring, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
4.1. Dati di navigazione
During their normal operation, the computer systems and software procedures used to operate this website acquire certain personal data whose transmission is entailed by the use of internet communication protocols. This data is not collected to be associated with identified data subjects, but by their very nature, via processing and association with data held by third parties, could enable users to be identified.
This category of data includes the IP addresses or domain names of the computers used to connect to the website, the Uniform Resource Identifier (URI), the time of the request, the method used to submit the request to the server, the size of the file delivered in response, the numerical code indicating the status of the response provided by the server, and other parameters related to the user’s operating system and computer environment. This data is exclusively used to obtain statistical information on the use of the website and to monitor its correct operation and is deleted immediately after processing.
The data could be used to determine liability in the event of potential cybercrimes committed against the website. With the exception of such circumstances, internet contact data is not retained for more than seven days.
4.2. Cookie
See the Cookie Policy attached to this notice.
4.3. Dati forniti volontariamente dall’utente
Optional, explicit and voluntary sending of electronic mail to the addresses provided on this website, as well filling in any data entry forms and/or newsletter subscription forms, entails subsequent acquisition of the sender’s address, which is needed to reply to requests, as well as any other personal data included in the message.
4.4. Curriculum
Optional, explicit and voluntary sending of electronic mail to the addresses provided on this website, as well filling in any data entry forms and/or newsletter subscription forms, entails subsequent acquisition of the sender’s address, which is needed to reply to requests, as well as any other personal data included in the message.
5. Purposes of data processing
Any personal data provided by users, including their email addresses, will be processed, unless users raise any objections, for the following purposes:
– Browsing on the www.mercuriogp.eu website;
– Email contacts, including submission of data and notification of any relevant new initiatives;
– Consultation and use of the Mercurio GP Srl database;
– Performance of administrative activities to manage contractual relations with clients, financial and accounting tasks, and agenda management.
6. Processing procedures
Personal data is processed using automated tools for as long as is strictly necessary to achieve the purposes for which it was collected. Specific security measures are implemented to prevent loss of data, unlawful or inappropriate use, and unauthorised access.
To ensure an appropriate level of security to counter risk, so as to constantly guarantee the confidentiality, integrity, availability and resilience of the GDPR 679/2016 processing systems and services, suitable technical and organisational measures will be applied by specially appointed persons, in compliance with the provisions of Article 29 of GDPR 679/2016.
7. Scope of communication and dissemination
Processed data will not be disclosed to, sold to or exchanged with third parties without the express consent of the data subject. The scope of communication of data is exclusively limited to persons responsible for carrying out contractual operations and compliance with legal obligations. Therefore, they may be disclosed to the following third-party categories:
– Information system management service providers;
– Firms providing assistance and consulting services;
– Administrative organisations, public bodies and competent authorities, in order to comply with legal obligations and/or public entity provisions.
In any event, only the necessary data related to the relevant purposes of processing will be communicated to the above-mentioned parties, which determines the related retention period.
8. Transfer of data to third countries
We hereby inform you that your personal data will not be transferred either to Member States of the European Union or to third countries outside the European Union.
9. Optional nature of data provision
Notwithstanding the specifications regarding browsing data, users are free to enter personal data in the forms on the website in order to receive newsletters, information material, invitations to events or other communications.
If personal data is not disclosed, the requested services may be unobtainable.
10. Data retention period
Personal data is stored in accordance with the following criteria:
– No longer than necessary to fulfil legal obligations (e.g. document storage);
– No longer than necessary to provide any services you may have requested;
– No longer than necessary to achieve the purposes for which it is being processed.
11. Data Subjects’ rights
The Regulation enables you to exercise specific rights, including requesting the following from the Data Controller:
– Confirmation as to whether or not your personal data is being processed and, if so, to obtain access to them (right of access), pursuant to Article 15 of the Regulation;
– Rectification of inaccurate personal data, or the supplementation of incomplete personal data (right of rectification), pursuant to Article 16 of the Regulation;
– Deletion of the data, if one of the reasons for so doing provided for in the Regulation (right to be forgotten) obtains, pursuant to Article 17 of the Regulation;
– Restriction of processing in the event of occurrence of one of the instances set out in the Regulation (right of restriction), pursuant to Article 18 of the Regulation;
– Being able to receive the personal data you have provided to the Data Controller in a well organised, commonly used and machine-readable format, and transfer such data to another Data Controller (right to portability), pursuant to Article 20 of the Regulation.
For any queries regarding the processing of personal data, and to exercise your rights under Articles 15-22 of EU Regulation 679/2016, please contact:
Data Controller: Mercurio GP Srl
Address: Via Orefici, 2
Telephone: 02 76 39 85 34
E-mail: mercuriogp@mercuriogp.eu
Data Processor: Guido Ponti
Data subjects have the right to lodge a complaint with the Data Protection Authority if the Data Controller does not respond to their requests.
Users also have the right to request removal from the list of registered users of www.mercuriogp.eu, at any time, in order to no longer receive any services or information. Users may submit a removal request to mercuriogp@mercuriogp.eu. The Controller undertakes to remove a user from the above list within 24 hours of receipt of the request.
12. Amendments
The Controller reserves the right to amend, update, add or remove parts of this notice, at its own discretion and at any time. The persons concerned should periodically check for any amendments. To facilitate such verification, this notice includes the date of the latest update. Use of the website after publication of any amendments, implies acceptance thereof.
Updated on: 13 settembre 2024
Mercurio GP Srl