This page describes the way Bioline S.r.l. (the “Data Controller”) manages its website in relation to the personal data belonging to any user (“Data Subject” or “User”) browsing the website and/or registering for the Data Controller’s e-mail services (by sending Newsletters and/or communications relating to the Data Controller’s activities).
Personal data, collected during navigation and/or registration on this website and/or through e-mail messages (“data”) are processed in accordance with national and European legislative requirements and with the data subject’s legally recognised rights.
Purposes of processing and legal basis
After consulting the Website, data relating to identified or identifiable persons may be processed. Data are processed for the following purposes: a) to facilitate navigation of the Website and technical usage of the services described here, to carry out web analysis, to check the number of visitors to the Website, to check the status of relationships with Users of the Website; in these cases, the legal basis for processing is to pursue the Data Controller’s legitimate interests in managing the Website, to ensure that the Website functions correctly and to protect the Data Controller’s rights; b) to reply to any information requests and/or to perform services requested via the Website; in this case, the legal basis for processing is to execute the measures adopted on request of the Data Subject, to execute a contract to which the Data Subject is a party or pre-contractual measures adopted on request of the Data Subject; c) to send, via e-mail, communications regarding initiatives such as meetings, workshops, training courses, gatherings and/or new services offered by the Data Controller, to send newsletters, where the Data Subject has made an express request to do so and on following expression of specific consent, which will be requested separately; in this case, the legal basis for processing is to obtain the User’s consent, but also to pursue the Data Controller’s legitimate interests (as indicated by Consideration 47 of the Regulation) to raise awareness and to develop its activities, without prejudice to the rights of the Data Subject indicated below; d) to fulfil the obligations resulting from laws, regulations, EU laws; in the latter case, the legal basis for processing is to fulfil a legal obligation binding upon the Data Controller.
Processing location, categories of recipient and transferring personal data to a third country
Processing relating to web services on the Website is carried out at the Data Controller’s offices. Data are processed, for the purposes set out above, by the Data Controller’s staff, employees and contract workers who are tasked/authorised and/or appointed as external individuals who process data and not by third parties. Data will not be disclosed publicly.
Data may be communicated and processed by the Data Controller’s businesses and consultants – and/or by their representatives – to plan and/or maintain the technological parts of the Website and to carry out activities that are instrumental to, in support of or functional to the execution of contracts or services requested by a Data Subject. In any case, these individuals will process data for and communicate data to further third parties as autonomous “Data Controllers” or as “Data Processors” (in accordance with Article 28 of the Regulation) based on the Data Controller’s directives, including with regard to security, for the purposes set out above.
Data may be transferred to countries within and outside the European Union exclusively for the purposes set out above (data will only be transferred to third countries in accordance with the Regulation and therefore based on a European Commission decision on the suitability of the level of personal data protection guaranteed by the third country – e.g. based on the 1250/2016 EU-USA decision – or based on appropriate guarantees ‑ constituted by ad hoc agreements between the Data Controller and the third-party supplier –, or where none exists, based on the Data Subject’s consent).
Types of data processed
The computer systems and software procedures put in place to make this Website function will acquire, during normal operation, some personal data for which transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated to identified Data Subjects, but by their nature could enable users to be identified, by means of processing and association with data held by third parties.
This category of data includes: IP addresses or the domain names of computers used by users who connect to the Website, URI addresses (Uniform Resource Identifier) for the requested resources, the time of the request, the method used to make the request to the server, the size of the file received in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relating to the operating system and the User’s computing environment.
These data will only be used to receive anonymous statistical information regarding use of the Website (e.g. to obtain statistical information on use of services ‑ pages most visited, number of visitors by time of day or by day, geographical area of origin, etc. ‑; to check that services offered are functioning correctly) and to check that the Website functions correctly. Data could be used to ascertain responsibility in the event of hypothetical computer offences committed against the Website.
Data provided voluntarily by the User
The voluntary sending of e-mail to the e-mail addresses indicated on the Websites requires the subsequent acquisition of the sender’s e-mail address, which is necessary for responding to requests, as well as any other personal data included in the communication.
Specific summary information will be subsequently made available on the Website pages provided for particular services to be requested.
Cookies and other tracking systems
Cookies will not be used to profile users, nor will any other method of tracking be used.
Session cookies (non-permanent cookies) will be used instead for strictly limited purposes which ensure that the Website can be navigated safely and efficiently. Storage of session cookies on computers or in browsers can be controlled by the user, where, at the end of the HTTP session, information regarding cookies will remain stored on service logs on servers for no longer than seven days, as with other navigation data.
Voluntary provision of data
Method of processing data and storing personal data
Data will be processed in a way that will guarantee its security and confidentiality and may be processed on paper or through electronic means or means that are in any way automated, computerised, manual and using approaches that are aimed at ensuring that data are processed securely, are always complete and available and will be processed in accordance with the principles of EU Regulation 679/2016 and only for the purposes set out in this policy. Specific security measures are taken to prevent loss, illegal or improper use of or unauthorised access to data.
Data will only be stored for the amount of time that is strictly necessary to pursue the above purposes (which are set out above under letters a, b and d).
Rights of Data Subjects
A Data Subject has the right to exercise the following rights (specifically described in Articles 15 to 22 of EU Regulation 679/2016), by contacting the Data Controller (at the e-mail address indicated below): to ask the Data Controller to confirm whether or not data regarding them have been processed and, if so, to obtain access to the data that has been processed; to ask the Data Controller to rectify and/or supplement, delete or limit the processing of their data; to oppose processing; to ask for the data to be made portable; to lodge a complaint with a supervisory authority; to obtain all the information available on the origin of data and the categories of data, where these have not been collected from the Data Subject; to obtain information as to whether automated decision-making processes, including profiling, have been used, significant information on the approach used, and the importance and consequences these processes have for the Data Subject; to not be subject to a decision based solely on automated processing, including profiling.
In cases where the legal basis for processing is consent (e.g. for sending electronic communications inherent in the activities carried out by the Data Controller, transfer of data to non-EU countries without suitability decisions or appropriate guarantees), a Data Subject has the right to revoke consent at any time without affecting the legality of the processing based on consent given prior to revocation.
The Data Controller
The Data Controller is Bioline S.r.l., with registered office in Trento, viale Bolognini 78. A Data Subject may exercise the rights indicated above and obtain further information by contacting the Data Controller by phone on + 39 0461933209, by e-mail to: firstname.lastname@example.org or by visiting the website: www.bioline-jato.com under Privacy.