Privacy Policy

Dear Customer,

This document has been specifically prepared to inform you about the processing of your personal data that will be carried out on this website in order to provide you with the service and/or product you have requested.

ALETHEIA PHARMA SRL, with registered office at Via Domenico Annibali, 31/L (int.18), Macerata MC, VAT No. 02145960437 and registered with the Macerata Companies Register, REA MC-303620, is the Data Controller of personal data, in accordance with the obligations relating to the processing of personal data as defined pursuant to Article 4, paragraph I, no. 1) of European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”).

TYPES OF PERSONAL DATA PROCESSED

1) Browsing data: the computer systems and software procedures used to operate this website acquire, during normal operation, certain personal data that are then implicitly transmitted through the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. All our activities are governed by strict ethical principles and we are committed to protecting the privacy of all visitors to our website. For this reason, the way in which we collect and store data is strictly connected to the ways in which our website and related services are used.

2) Data voluntarily provided by users/visitors: if users/visitors, by connecting to this website, send their personal data to access certain services or to make requests by email, this involves the acquisition by the seller of the sender’s address and/or any other personal data, which will be processed exclusively to respond to the request. Personal data provided by users/visitors will be disclosed to third parties only where such disclosure is necessary to comply with the requests of the users/visitors themselves.

3) Cookies: various technologies may be used on our website to improve it and make it easier to use, more effective and secure. Such technologies allow us, or third parties acting on our behalf, to automatically collect data. Examples of these technological solutions include cookies. Cookies are not used to transmit personal information, nor are any so-called persistent cookies or user tracking systems used. The use of so-called session cookies, which are not stored persistently on the user’s computer and disappear when the browser is closed, is strictly limited to the transmission of session identifiers, consisting of random numbers generated by the server, necessary to allow secure and efficient browsing of the site. The so-called session cookies used on this site avoid the use of other IT techniques that could potentially compromise the confidentiality of users’ browsing and do not allow the acquisition of personally identifying user data.

4) Data provided by you: in addition to automatically collected data, we also process the data provided by you. Below is an illustrative but non-exhaustive list: your contact details, including company name and VAT number or, for natural persons, first name and last name and tax code, address (to be indicated on the invoice and delivery address for shipment of the goods), email address and fax, website and date of birth, your telephone number or mobile phone number for natural persons, should there be a need to ask you questions or for any requests for information regarding your order; other information necessary to process your order, for example information on the products you have ordered, bank account information, IBAN and SWIFT; if you have contacted customer support, the related information and the history of these contacts. All these data have in common the fact that they have been provided by you, and this information will be used exclusively for the purposes described in this Policy. You have the right to rectify your personal data at any time or to prevent their processing.

PURPOSES OF PROCESSING AND LEGAL BASIS

We inform you that the processing of your data is carried out in compliance with the GDPR and the current regulatory provisions on the processing of personal data, which form an integral part of this policy and can be consulted here at the following address (http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2013:165:0001:0012:IT:PDF).
We inform you that the processing in question is based on the principles set out in Article 5 of the GDPR, in particular the principles of fairness, lawfulness, transparency and protection of confidentiality and of the rights of the person whose data are processed.
Depending on the service requested by you, the personal data provided by you are processed by the Controller for the purposes listed below:

  1. compliance with obligations imposed by Laws or Regulations;
  2. browsing this website;
  3. access to your reserved area, after registration and completion of the relevant form;
  4. any contact request or information request made by you by completing the relevant form;
  5. sale and delivery of the product requested by you, through the storage and transfer of your personal data;
  6. sending commercial communications through digital contact channels;
  7. analysis of your habits and consumer choices, aimed at sending personalized commercial offers based on products that may be of interest to you;
  8. carrying out statistical analyses.

The processing activity carried out by the Controller referred to in the preceding letters b); c); d) and/or e) is necessary for the provision of the services requested by you. Your consent for the aforementioned purposes is optional; however, failure to provide such consent will prevent you from using the requested services.
As indicated below, among the other rights granted to you by the GDPR and applicable Law, you will have the right to withdraw any consent given at any time. In such case, the Joint Controllers will no longer be able to use your personal data for the purpose for which you have withdrawn your consent.

METHODS OF PROCESSING AND RETENTION PERIODS

Your personal data will be processed using paper, IT and telematic tools, with methods suitable to guarantee their security and confidentiality in accordance with the provisions of Article 32 of the GDPR.
We inform you that your data will be processed for the period strictly necessary to achieve the purposes for which they were collected, and in any case for a period not exceeding ten years as provided for accounting records pursuant to Article 2220 of the Italian Civil Code.

DISCLOSURE OF YOUR PERSONAL DATA

To achieve the purposes described in point 1 above, the Controller may need to disclose your personal data to the following categories of third parties:

  1. Authorities and supervisory and control bodies;
  2. entities appointed by the Controller pursuant to Article 28 of the GDPR as data processors, namely the natural or legal person who processes personal data on behalf of the Controller;
  3. entities that provide services for the management of the digital and non-digital communication system, and entities that manage the payment service selected by the Customer;
  4. entities used in various capacities by the Joint Controller for the provision of the requested service, or with whom it collaborates.


TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION

We inform you that your personal data will be processed by the Controller exclusively within the national territory. The data provided by you will therefore not be transferred by the Controller to third countries located inside or outside the European Union and/or to international organizations

RIGHTS OF THE DATA SUBJECT

By sending a specific request to the Controller’s addresses, you may exercise, at any time, pursuant to Articles 15 to 22 of the GDPR, the right to:

  1. request confirmation of whether or not your personal data exist;
  2. obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom your personal data have been or will be disclosed and, where possible, the retention period;
  3. obtain the rectification and erasure of your personal data;
  4. obtain the restriction of the processing of your data;
  5. obtain data portability, namely receive them from a data controller in a structured, commonly used and machine-readable format, and transmit them to another data controller without hindrance;
  6. object to processing at any time, including in the case of processing for direct marketing purposes;
  7. object to automated decision-making relating to natural persons;
  8. request access to the data from the Joint Controllers and the rectification or erasure of the data or the restriction of processing concerning you, or object to their processing, in addition to the right to data portability;
  9. withdraw consent at any time without affecting the lawfulness of processing based on consent given before withdrawal;
  10. lodge a complaint with a supervisory authority.