top of page

PROCESSING OF PERSONAL DATA RELATING TO CUSTOMERS / USERS ("interested parties")

EU Regulation 2016/679

​

As part of the continuous updating of our procedures aimed at respecting the privacy of our Customers/Users and the obligations imposed by the legislation on the protection of personal data, we have deemed it appropriate to summarize in this document all the elements concerning the processing of personal data already present in the documentation made available to users, integrated with more specific indications in order to give maximum transparency to our work.

​

1. WHAT DATA IS PROCESSED

> data provided by the User/Customer, or by a person/entity acting on your behalf including personal data (name and surname, residence/domicile, place and date of birth, nationality) tax code, identity document details, Contact details (telephone/fax number, e-mail address);

> data, always provided by the interested party, contained in any reports/requests;

> data relating to payments made by the Customer.

The legislation establishes particular safeguards for judicial data (relating to criminal convictions and offenses) and for "particular categories of data" as defined by art. 9 of Reg. EU 2016/679: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, related data the health or sexual life or sexual orientation of the person.

FOR ORDERS RELATING TO specific immunotherapy products intended for identified and identifiable patients, ANALLERGO SpA will inevitably process data relating to health, which may also appear in reports sent by users to customer service, for this reason specific consent will be requested from the interested party in case the characteristics or methods of treatment should require it.

With regard to this point, particular attention is paid in requesting only the data and in carrying out only the treatments necessary to satisfy the requests of the interested parties.

The data may be processed exclusively in relation to the purposes indicated below:

> as necessary to fulfill obligations deriving from a contract with the interested party, and the related legal obligations (in particular for the purposes referred to in point 3 letters a,b, and c below)

> insofar as necessary for the pursuit of a legitimate interest of the data controller, consisting in the optimization of the organization of activities, system security, credit protection (in particular for the purpose referred to in point 3 letters d,e, f, h and i below)

> as necessary to assert or defend a right in court or to assess whether there is a right to be usefully protected in court

> insofar as it comes from public registers accessible to anyone and/or manifestly made public by the interested party;

> having the interested party expressed their consent, (in particular in relation to the processing of some particular categories of personal data communicated by the interested party and the use of addresses other than the e-mail address provided at the time of signing the commercial and advertising communications contract referred to in point 3 letters f, g, and h below)

 

2 ORIGIN OF THE DATA

Acquisition and updating of personal data can take place:

- through the person concerned or, if a minor, through whoever exercises parental authority (parents or guardians);

- through intermediaries authorized by the interested party (eg family members, attending physician, LHAs);

- from sources freely accessible to anyone.

​

3. PURPOSE OF THE PROCESSING - WHY THE DATA IS PROCESSED

The processing carried out has the following purposes:

a) to satisfy the requests of Institutions (Hospitals, Health Agencies, etc.), which order specific immunotherapy products for identified and identifiable patients, or of private customers who, by medical prescription, order specific immunotherapy products for themselves or their families; 

b) to fulfill obligations deriving from EU laws, rules and regulations, regional laws; fulfillment of provisions issued by the Judicial Authority, or by other Authorities to which the current legislation confers this right.

c) to fulfill contractual, accounting and tax obligations;

d) for the management of customer data, address books and statistical calculations internal to the company, - Statistical analysis carried out only through the aggregation of previously anonymous data;

e) to possibly protect a legitimate interest, assert or defend a right;

f) to feed the system for acquiring customer knowledge, necessary for the verification, improvement and therefore the design of a service increasingly suited to demand through surveys and detection, even anonymously, of the degree of customer satisfaction, also carried out with telephone interviews or requests to fill in questionnaires;

g) for purposes related to public relations, marketing, advertising, promotional proposals.

In particular, any contact details, postal and e-mail addresses provided may be used for sending communications in any case relating to promotional initiatives and/or ANALLERGO SpA products. It is understood that the user has the right to oppose this treatment at any time

In this regard, it should be noted that Paragraph 4 of art. 130 of Legislative  Decree 196/2003 allows the use for this purpose of the e-mail address provided by the interested party when purchasing a travel ticket/season ticket provided that they do not refuse such use;

And, as regards the management of reports from users:

h) To ensure a certain and timely response to user reports, facilitating the creation of an effective communication channel between the Company and the customer-user

i) To feed the registration system and for a systematic analysis of service discrepancies to correct any related issues

​

4. HOW THE DATA IS PROCESSED methods of treatment and storage

In relation to the aforementioned purposes, the processing of personal data may take place with paper, IT and telematic tools. Always guaranteeing absolute confidentiality, relevance and not exceeding the purposes described above, in terms of data recording and storage periods. 

 

The personal data referred to in point 1 above, without prejudice to the provisions of the regulations on the conservation of administrative documentation, will be kept exclusively for the time allowed/imposed by the current legislation applicable to the specific purpose for which the data is processed.

​

5. MANAGERS AND APPOINTEES

For the same purposes, the data may be processed by the following categories of appointees and/or managers: 

  • Direction and management,

  • production and logistics personnel, 

  • marketing and communication staff,

  • administrative staff for the management of administrative aspects, 

  • the corporate Information Technology which has the task of guaranteeing the functionality of the systems, data security and backup operations,

  • other offices of ANALLERGO SpA within the limits of their competences, again for the purposes indicated in point 3 above,

  • other subjects (companies/professionals appointed as Data Processors) who need to access some data insofar as they are responsible for carrying out activities ancillary to the above purposes, to the extent strictly necessary to carry out the tasks entrusted to them such as: assistance in carrying out or direct execution of fiscal/accounting fulfilments, management of information systems, financial services, online sales; in this regard, it should be noted that these subjects will always and in any case be bound to full compliance with the rules and procedures aimed at ensuring the broadest protection and safeguarding of personal data adopted and imposed by the Data Controller also and not only in compliance with current legislation.

  • for user reports: in addition to the personnel responsible for receiving user reports, the data may be processed, with the exclusion of the data subject's identification elements, by the company departments concerned with the topic of the report for the preparation/realization of internal investigations and for the resolution of the causes, always and only to the extent they prove necessary to carry out such functions.

  • ​

6. SCOPE OF COMMUNICATION TO WHOM THEY MAY BE COMMUNICATED

Without prejudice to communications made in compliance with legal obligations, the personal data in question may be communicated or made available:

  • to subjects who can access the data by virtue of a provision of law, regulation or community legislation, within the limits established by these rules,

- to the public or private body that placed the order for a specific immunotherapy product intended for the interested party

  • insofar as relating to accounting and tax data for banks, credit institutions, data processing companies and credit card issuers, for activities relating to the execution of the service provided to users and/or related administrative and financial aspects, 

  • to other subjects (companies/consultants) who need to access some data for purposes ancillary to the management of the services requested by the interested parties, within the limits strictly necessary to carry out the tasks entrusted to them such as: assistance in the fulfillment or direct execution of tax/accounting/assistance obligations, information systems management and financial services,

- to entities, consortia, professionals and companies with the purpose of credit recovery and protection; credit insurance companies, commercial information companies,

Naturally, all the communications described above are limited only to the data necessary for the recipient body/office (which will remain independent Data Controller for all subsequent processing) for the performance of its duties and/or for the achievement of the purposes connected to the communication itself. 

6.1 transfer abroad

Personal data will be transferred to subjects located outside the European Union to the country in which the interested party resides or is located exclusively in fulfillment of the legitimacy conditions referred to in point 1 and in compliance with current legislation.

​

6.2 DISCLOSURE

 

THE DATA IN QUESTION WILL NOT BE DISCLOSED 

 

​

7 COMMUNICATION AND UPDATING OF DATA - WHEN IT IS COMPULSORY TO COMMUNICATE YOUR DATA

The communication and updating of one's own data is compulsory only as far as it concerns the carrying out of contractual and fiscal fulfilments required by current legislation and the execution of the obligations deriving from the contract (ref. Letters a,b, and c of point 3). Failure by the interested party to comply with this obligation would make it impossible for ANALLERGO SpA to satisfy their requests and to process their order. Obviously, case by case, an indication is always given of the data whose communication is obligatory in relation to the aforementioned purposes depending on the means used. 

 

It is worth remembering that most of the processing carried out is not subject to the obligation to acquire consent since:

- the data is collected and held on the basis of obligations established by EU laws, rules and regulations

- the data comes from public registers, lists, deeds or documents knowable to anyone; 

- the data is necessary to satisfy the requests of the interested party or for the fulfillment of legal and/or contractual obligations; 

​

8. DATA CONTROLLER

The data controller is: Anallergo SpA Viale Nilde Iotti, 7 - 50038 Scarperia e San Piero (FI).

ANALLERGO SpA has appointed a Data Protection Officer, who has the task of supervising, in full independence and in the absence of conflicts of interest, compliance with the legislation on the protection of personal data. The Data Protection Officer can be contacted at the e-mail address: rpd@anallergo.it

With regard to the treatments necessary for the fulfillment of orders relating to specific immunotherapy products intended for the person identified by name, in some cases ANALLERGO SpA will act as Manager pursuant to art. 28  EU 679/2016 appointed by the body that forwarded the order, already known by the interested party, which will remain the Data Controller. 

 

9. RIGHTS OF THE INTERESTED PARTY

The interested party has the right:

> to request from the data controller access to and rectification or erasure of personal data or restriction of the processing of personal data concerning him/her and to object to their processing, 

< if the processing is carried out by automated (computer) means and on the basis of his or her own consent, to receive in a structured, commonly used and machine-readable format the personal data concerning him or her and/or to obtain their direct transmission to another data controller, if technically feasible,

> to withdraw their consent at any time (without prejudice to the lawfulness of the processing based on consent before the withdrawal), obviously for the processing carried out on the basis of this assumption,

> to lodge a complaint with a supervisory authority: Guarantor for the protection of personal data - Piazza di Monte Citorio n. 121 00186 ROME - Fax: (+39) 06.69677.3785 - Telephone switchboard: (+39) 06.696771 - E-mail: garante@gpdp.it - certified mail protocolLO@pec.gpdp.it

Interested parties can contact the Data Controller: by calling 055 293030 specifying to the operator the nature of the request or problem highlighted, via the e-mail address servizio.clienti@anallergo.it , bearing in mind that it will not be possible to respond to requests received by telephone if there is no certainty about the identity of the applicant.


 

bottom of page