Privacy Notice – Chiesi Customer Web Suite


October 2020

Welcome to Chiesi Customer Web Suite. This website is owned and operated by Chiesi Farmaceutici S.p.A., an Italian company with registered office in Via Palermo 26/A, 43122 Parma, Italy. (hereinafter referred to as "Chiesi", "we", "us", or "our").

Please be mindful that we will always process your personal data in compliance with the applicable privacy laws – including but not limited to the Regulation (EU) 2016/679 (the “GDPR”) – and our data protection commitments. This privacy notice is provided under Article 13 of the GDPR and explains what kind of personal information we may collect when you use the Chiesi Customer Web Suite (hereinafter the “Website”), and how we will use them.


Definitions

Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Personal Data is any information relating to an identified or identifiable (directly or indirectly) natural person.

Personal Data Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

User is the company, the authorized person and/or individual using the services provided by the Website (hereinafter referred to as “User”, “you”, “your”).


Content of this Notice

  1. Personal data, purposes and legal basis
  2. Subjects involved & data sharing
  3. Data security
  4. Data retention time
  5. User rights
  6. Contact us
  7. Updates to this notice

(1) Personal data, purposes and legal basis

Purpose of the processing

The Website is a commercial platform where you can manage and keep track of your orders (the “Service”). Through the Website each registered User can: (i) place orders of Chiesi products; (ii) monitor the status of its orders and track the shipment; (iii) get the digital invoices of its orders, archive its relevant documents and confirm products receipt.

Your Personal Data will be processed for the sole purpose of providing you with the Service.

Categories of personal data

  • Contact information (e.g. email, password, customer ID and company name) to create your personal account and get access to the Website.
  • Invoice data to provide you the invoices of your orders.
  • Any other data included in the documents you may submit to us (e.g. as an attachment).

Legal Basis for processing

  • Performance of pre-contractual and contractual measures to which you are a party, to create your personal account and get access to the Website.
  • Compliance with legal obligations (administrative and accounting) to provide you the invoices of your orders.
  • Consent you have provided by submitting any document to us.

Your Personal Data is essential and mandatory to get access to the Website. If you provide incomplete or incorrect data, you may not be able to access to the Website.

The processing of special categories of data, as listed in Article 9 of the GDPR, is expressly excluded. In case any of your documents contain any special data, it will be immediately deleted from our databases.


(2) Subjects involved & data sharing

Your Personal Data will be processed by authorized persons specifically appointed and instructed by the Data Controller, and/or by third parties appointed as data processors under Article 28 of the GDPR.

Chiesi may also share your Personal Data in the following scenarios:

  1. We may share your Personal Data to the companies forming part of Chiesi group, in Italy and abroad (including non-EEA countries).
  2. We may share your Personal Data with third parties carrying out activities on our behalf, including logistic partners delivering the goods you purchased or website suppliers assuring the functioning of the Website.
  3. We may also share your personal information to defend our position in case of legal disputes or to comply with disclosure request from regulators, courts and government agencies.

Chiesi will always make sure third parties are meeting severe data privacy standards by entering into data processing agreements providing specific provisions in relation to technical and organizational measures that must be taken to safeguard your personal data.

Your Personal Data will normally be stored in servers based in the EEA. In case the affiliate company and/or the third-party are based in a non-EEA country, we will take appropriate contractual measures required to ensure an adequate level of data protection, including entering into agreements based on the standard contractual clauses for transferring data outside of the EEA.


(3) Data security

The security of your Personal Data is extremely important for us. We take all the necessary measures to ensure a high level of protection, keep your information secure, and avoid unexpected data incidents like unauthorized accesses and disclosures. We put in place reliable security measures and sophisticated technical means to keep your information confidential:

  1. We use only information which are strictly connected to each purpose and retain them for a limited period in compliance with the data minimization principle.
  2. We carefully select business partners and service providers and require them to comply with our data protection requirements. In addition, we conduct audits and other evaluation activities in order to verify compliance with these requirements.
  3. We foster a strong data protection culture among our employees and collaborators by providing trainings and activities to increase their awareness.

(4) Data retention time

Personal Data are processed electronically, via IT systems and manually, and they are stored by Chiesi and/or our service providers. Personal Data are stored rigorously to the extent required to fulfill our obligations and in the time frame that is required to meet the purposes for which the information has been collected, in accordance with the applicable laws. We will remove your Personal Data from our systems or records once it is no longer needed, and/or we will take steps to make sure it remains anonymous so that you can no longer be identified via these means (unless we need to retain your data to comply with legal or regulatory obligations to which we remain subject).

Personal Data you have provided to register to the Website will be stored for the entire period you are registered. If your account remains inactive for more than 24 months, it will be terminated, and all the Personal Data related to it will be deleted.

Invoice data will be stored for an appropriate period of time to ensure the performance of the contracts and in any case for an additional 10 years for the purposes of the fulfilment of the related administrative and tax obligations.


(5) User rights

You can contact our Data Protection Officer at any time to obtain an updated list of our data processors (e.g. our service providers), to get the list of subjects to which the data has been communicated, and to exercise the following rights at any time (Article 12 and 15-22 of the GDPR).

You may withdraw the consent you have given for a specific Personal Data Processing at any time. This withdrawal will not affect the legal implications of any Personal Data Processing which has been completed prior to the consent being withdrawn. According to the GDPR, you have the right to:

  • Access to your Personal Data.
  • Rectify your Personal Data.
  • Limit the processing of your Personal Data.
  • Erase your Personal Data.
  • Portability of your Personal Data.
  • Object to the processing of your Personal Data.

If you believe that Chiesi does not process your Personal Data in compliance with this notice or with the applicable law, you can always enforce your rights by lodging a complaint within the local Data Protection Authority.


(6) Contact us

Should you have any questions or complaints regarding personal data processed by Chiesi, you may contact the Data Protection Officer at any time you wish by writing an email to the following address: dpoit@chiesi.com.

The Data Controller is Chiesi Farmaceutici S.p.A., Via Palermo 26/A, 43122 Parma, Italy.


(7) Updates to this notice

This notice may be periodically updated. Any update to this notice will become effective at the time of its publication on the Website.

Cookie Policy – Chiesi Customer Web Suite

Cookies are small text files stored on your browser when using websites or applications. You can control how the use of cookies by websites configuring privacy settings in the browser (see the browser's help to learn more about the cookie control). Note that if you disable cookies altogether, websites and applications of Chiesi Farmaceutici S.p.A. (hereinafter “Chiesi”) may not work properly.

Chiesi and companies that help us manage our business make use of cookies in different ways, for example:

  1. authenticate and identify users on our websites and in our applications so they can provide the services required
  2. Remember user preferences, or where a previous session was interrupted during the use of a Chiesi website or application.
  3. Measure the use of Chiesi websites by the user to enable us to improve them, customize websites and online services according to your interests and conduct market research
  4. Understand the likely interests of users to provide more targeted messages and content on third party websites and applications.
  5. Perform analysis and personalization of Chiesi websites, advertising services and other hosted services provided to the customers. Our customers use these services to measure the use of its websites by users or to create websites and online messages targeted to the user.

To learn more about cookies by the Interactive Advertising Bureau.

Technologies like cookies

From the technical point of view, cookies are called "HTTP cookies." There are other technologies that can be used for similar purposes, such as HTML5 local storage. To authenticate users, keep track of the information provided by users and to remember user preferences (see the steps mentioned above) we can use HTML5.

Web beacons and embedded scripts

Web beacons and embedded scripts are other technologies that we use in our websites and in our applications, as well as in some of our emails and our messages.

Web beacons (or "tag") consist of simple programming code included in web pages, e-mails and messages that communicate to Chiesi (or companies that help us run our business) when such web pages, e-mails or messages have been seen or selected.

The scripts are embedded programming code inside of some of our web pages that measure how resources are utilized, for example, the links you click. We use this information to improve our web sites and online services, to tailor our web sites and online services to prospective users' interests and to conduct market research. Users can disable scripting capabilities, such as JavaScript, in the browser (see the browser's help feature). Keep in mind that if you disable scripting capabilities, some Chiesi websites and applications may not work properly.

Control method of cookies and similar technologies

Chiesi provides browser controls to facilitate the management of cookies. Cookies may also be accepted, but you can cancel the use for behavioral targeting of ads. For example, Chiesi preferences and cancellation controls are available on the following site http://choice.live.com/advertisementchoice/.

Browser controls to block cookies

Most browsers automatically accept cookies, but you can change your browser settings to block cookies. For example, in Internet Explorer 11, the cookies can be blocked with the following procedure:

  1. Click on "Tools", then select "Internet Options"
  2. Select the "Privacy" tab at the top of the window
  3. Move the cursor up or down to select the types of cookies to be blocked

Instructions for blocking cookies in other browsers are available at each browser's privacy statement.

Keep in mind that if you choose to block cookies, you may not access or use other interactive features of the sites and Chiesi cookie-based services.

Browser controls to clear cookies

If you want, you can set the browser through the available settings in order to reject the automatic installation of Cookies or delete all Cookies installed on your pc or mobile device.

The procedure is different according to the browser used. Here the link to the support pages of the main browsers:

Google Chrome: https://support.google.com/accounts/topic/2373959?hl=it&ref_topic=2373957

Mozilla Firefox: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie#firefox:win7:fx38

Internet Explorer: http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-11-win-7

Safari: https://support.apple.com/it-it/HT201265

ATTENTION: disabling and/or deleting technical Cookies may cause inconveniences to the navigation on the website.

Third party analysis control

As described below in detail, many Chiesi websites and online services are using third party analysis services with third-party cookies and web beacons to compile aggregated statistics regarding the effectiveness of promotional campaigns or other operations of the website. You can refuse the collection or use of data by analysis providers by clicking on the following links:

Google Analytics: http://tools.google.com/dlpage/gaoptout (requires installation of a browser add-on)

Usage of the IP address of the visitor by Google Analytics Cookies

Each computer and device connected to the Internet is assigned a unique number as an Internet protocol (IP) address. Since these numbers are usually assigned to countries in blocks, an IP address can often be used to identify the country, the province and the city from which a computer connects to the Internet. Google Analytics collects the IP address of the website visitors to provide an indication of their geographic location. This method is known as IP geolocation. Google Analytics does not report information related to the actual IP addresses of the visitors. Due to the use of a method known as IP masking, Google Analytics communicates information so that only a part of the IP address is used for geolocation, instead of the whole address. Google may disclose information to third parties where required by law or where such third parties process the information on Google’s behalf.

Browser add-on for deactivating Google Analytics Cookies

A browser add-on can be downloaded to disable Google Analytics. The add-on communicates to the JavaScript code of Google Analytics (ga.js) to indicate that the information about the website visit should not be sent to Google Analytics. The browser add-on for deactivating Google Analytics does not prevent information from being sent to the website itself. In addition, most browsers allow the control of most cookies through the settings of the browser itself. If the user does not wish to receive any type of cookies on his or her computer, the level of privacy protection of the browser can be enanched through the appropriate function. However, some areas of the websites may not function properly if cookies are refused.

Sharing, Communication and Disclosure of Data

The Data Controller may be required to communicate data referred to in this policy in case the Law Enforcement Authorities collect information by carrying out legitimate investigation and/or judicial police activities (on their own initiative in the case of preliminary investigations or under the direction of the Public Prosecutor). Apart from these cases and the scenarios expressly mentioned by the privacy notice of each specific website, the data will not be disclosed or transferred to any party.

COOKIE NAME PRESET EXPIRATION COOKIE DESCRIPTION
_ga Property Google Analytics. Used to distinguish users anonymously. 2 years
_gid Property Google Analytics. Used to distinguish users anonymously. 24 hours

cc_cookie_accept

Accept the site's internal cookies

1 year
cc_cookie_decline Do not accept internal site cookies 1 year
lang Save user preferred language 1 year

For more information about cookies in general and how to restrict or block cookies used by this website, please visit www.aboutcookies.org.
Note that if you limit or block the cookies used by this website, you may reduce its functionality and usability.