We would like to hereby inform you that the processing of your personal data will be in compliance with current privacy legislation and as such based on principles of integrity, lawfulness, transparency and data protection.
This policy, provided in compliance with art. 13 of EU Regulation 2016/679 ("GDPR"), contains below general information on the processing of personal data carried out through this website. If necessary, further specific policies will be provided on the web pages where the data is collected in order to provide the services requested.
This policy is provided only for the website www.hy-tissue.com (the “Website”) and does not apply to any other websites that may be reached by the user ("User") through links on the Website.
The Data Controller is Laboratorios Fidia Farmacéutica S.L.U. with registered office in Parque Empresarial de la Moraleja Edificio Torona, Avenida de Europa, 24 – Edificio A – 1 B Alcobendas 28108 - Madrid.
For any questions regarding the personal data processed through the use of this Website and to exercise the rights provided for by the legislation on the protection of personal data described in the text below, you may contact the Fidia Farmaceutici DPO in the following ways:
by email: firstname.lastname@example.org or by post at the following address: Parque Empresarial de la Moraleja Edificio Torona, Avenida de Europa, 24 – Edificio A – 1 B Alcobendas 28108 - Madrid, FAO: Data Protection Officer (DPO).
For any communications, the User’s details must be included in the request, since they are essential to be identified and contacted.
TYPE OF DATA PROCESSED AND PROCESSING PURPOSES
During normal operation, the computer systems and software procedures that are used to keep the Website operational collect certain personal data, the transmission of which is implicit in the use of Internet communication protocols or is used to improve the quality of the service provided. This information is not collected in order to be associated with the identified data subjects involved, however, due to its very nature, it may allow Users to be identified through processing and association with data held by third parties.
This category includes IP addresses or the domain names of computers used by users who connect with the site, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time the request is made, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the response status from the server (successful, error, etc.) and other parameters related to the user's operating system and computer environment.
This information is not collected to be associated with identified data subjects, since the data is used only to obtain anonymous statistical information on the use of the website and to monitor its proper functioning, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
It should be noted that the data could be used by the competent authorities to ascertain liability in the event of any computer crimes.
Data provided voluntarily by the user
In order to access certain services made available on the Website, it may be necessary to register and to enter certain personal data.
It may be envisaged that users can provide personal data by sending explicit and voluntary requests through the functionalities available on the Website (compilation of online forms, contact requests, etc.).
Specific policies are provided on the pages of the Website for particular services on request.
In general, personal data, however collected through the Website, is used to: 1) provide the service requested (e.g. requests for contacts and information, browsing the Website, etc.) providing information, updates and useful advice to the user on the products and initiatives of the Data Controller; 2) process statistical data regarding the performance of the Website.
LEGAL BASIS OF PROCESSING
The processing of personal data will be carried out based on one or more of the following conditions. In particular, processing carried out for the purposes described above, which concern:
* point 1: has as its legal basis the need to fulfil the express requests of the User to receive a service directly available through the Website: this therefore involves the provision of data strictly necessary and related to a functional phase in order to respond to a specific User request and, as such, the data collected case by case is mandatory and, if it is not provided, it will not be possible to provide the service or respond to the request. This case also includes browsing the Website as well as free access to the pages of the Website itself;
If your consent is required for specific processing of personal data carried out by the Website, this consent may be revoked at any time and, as from such revocation, the data will no longer be processed. If the User is below 14 years of age, in order to process data for these purposes, it will be necessary to acquire the authorisation of the person with parental responsibility over the latter. Should the Data Controller be able to make recourse to another legal basis (legitimate interest, public interest, etc.), an appropriate and specific Policy will be provided.
PROCESSING METHODS, SECURITY MEASURES AND RETENTION PERIODS
All data will be processed mainly in electronic format. Personal data as well as any other information that may be directly or indirectly associated with a specific User is collected and processed by applying technical and organisational security measures that guarantee a level of security appropriate to the risk, taking into account the state of the art and the implementation costs, or, where envisaged, security measures prescribed by specific legislation.
In using the functionalities of this Website and with reference to personal data protection aspects, in accordance with art. 33 of the GDPR, Users are invited to report to the Data Controller any circumstances or events that may result in a potential "data breach", in order to allow the Data Controller to assess the event and take any action to contain its effects, by sending a communication to email@example.com.
It should be noted that a data breach is “any security breach that involves the accidental or unlawful destruction, loss, modification, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed“. The measures adopted by the Data Controller do not exempt the User from paying the necessary attention, where required, to the use of passwords/PINs of adequate complexity, which the latter must periodically update and safeguard and make inaccessible to others, in order to avoid improper and unauthorised use.
The personal data processed will be retained for a period of time not exceeding the achievement of the purposes for which it is processed, except for the need to keep it for a longer period of time following requests from the competent authorities for the prevention and prosecution of crimes or, in any case, to assert or defend a right in court.
CATEGORIES OF PERSONAL DATA RECIPIENTS:
Personal data will be processed by personnel specifically authorised by the Data Controller, as well as by third parties, also possibly established in countries outside the European Union, only when this is necessary for the operational and maintenance needs of the Website and the services made available through the Website, without prejudice to any obligations provided for by law.
Data will not be disseminated in any way and, as a rule, it will not be exported to third countries outside the EU. In accordance with the GDPR, the Data Controller appoints the third party companies that carry out all or part of the activities in question exclusively on behalf of the Data Controller as Data Processors. In the case of involvement of third parties established in countries outside the European Union, for the related transfer of data abroad, the appropriate guarantees corresponding to the standard contractual clauses defined by the European Authority or the National Authorities and the adequacy decisions issued by the European Commission and/or the National Authority for the protection of personal data applicable from time to time will be adopted. Alternatively, the waivers provided for in the GDPR may be applied, also in this case as applicable from time to time in the specific case. Further information regarding possible transfers of data to countries outside the European Union and the related guarantees adopted, as well as information regarding the companies appointed as Data Processors, can be requested from the DPO.
RIGHTS OF DATA SUBJECTS
In relation to the processing of personal data carried out through the Website, as data subjects, Users may at any time exercise the rights provided for by the GDPR. In particular, they may:
* access their personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom it may be communicated, the applicable retention period, the existence of automated decision-making processes, including profiling, and, at least in such cases, significant information on the rationale used, as well as the importance and possible consequences for data subjects, if not already indicated in the text of this Policy;
* obtain, without undue delay, rectification of inaccurate personal data concerning them;
* in the cases provided for by law, obtain the erasure of their data;
* obtain restriction of processing or object the same, when admitted on the basis of the legal provisions applicable to the specific case;
* in the cases provided for by law, request portability of the data provided to the Data Controller, i.e. receive it in a structured, commonly used and machine-readable format and also request to transmit such data to another data controller, if technically feasible;
* where deemed appropriate, lodge a complaint with the Control Authority.
For the processing of personal data for which the legal basis is consent, this may always be withdrawn and in particular the User may exercise the right to object to direct marketing if carried out through the Website. In order to exercise these rights, simply contact the DPO by referring to the contact details at the beginning of this Policy.