Privacy Policy


This page describes the way Bioline S.r.l. (the “Data Controller”) manages its website in relation to the personal data belonging to any user (“Data Subject” or “User”) browsing the website and/or registering for the Data Controller’s e-mail services (by sending Newsletters and/or communications relating to the Data Controller’s activities).
This is a privacy policy (pursuant to Article 13 et seq of EU Regulation 679/2016 - the “Regulation”) made available to anyone interacting with web services and relating to the protection of personal data, accessible on line at http://www.bioline-jato.com, which is this Website’s (the “Website”) home page. The privacy policy only concerns this Website and does not apply to any other website which a user may browse via links. The privacy policy is also based on Recommendation no. 2/2001 which the European Data Protection Authorities, together in the Working Party instituted by Article 29 of EC Directive 95/46/EC, adopted on 17th May 2001 to identify minimum requirements for the collection of personal data on-line, and, in particular, the methods, the timescales and the nature of information that Data Controllers must provide to users when they access web pages, regardless of the purpose of access.
Personal data, collected during navigation and/or registration on this website and/or through e-mail messages (“data”) are processed in accordance with national and European legislative requirements and with the data subject’s legally recognised rights.



Purposes of processing and legal basis


After consulting the Website, data relating to identified or identifiable persons may be processed. Data are processed for the following purposes: a) to facilitate navigation of the Website and technical usage of the services described here, to carry out web analysis, to check the number of visitors to the Website, to check the status of relationships with Users of the Website; in these cases, the legal basis for processing is to pursue the Data Controller’s legitimate interests in managing the Website, to ensure that the Website functions correctly and to protect the Data Controller’s rights; b) to reply to any information requests and/or to perform services requested via the Website; in this case, the legal basis for processing is to execute the measures adopted on request of the Data Subject, to execute a contract to which the Data Subject is a party or pre-contractual measures adopted on request of the Data Subject; c) to send, via e-mail, communications regarding initiatives such as meetings, workshops, training courses, gatherings and/or new services offered by the Data Controller, to send newsletters, where the Data Subject has made an express request to do so and on following expression of specific consent, which will be requested separately; in this case, the legal basis for processing is to obtain the User’s consent, but also to pursue the Data Controller’s legitimate interests (as indicated by Consideration 47 of the Regulation) to raise awareness and to develop its activities, without prejudice to the rights of the Data Subject indicated below; d) to fulfil the obligations resulting from laws, regulations, EU laws; in the latter case, the legal basis for processing is to fulfil a legal obligation binding upon the Data Controller.
Further information on the purposes of processing is available in the “Privacy policy relating to cookies” below.



Processing location, categories of recipient and transferring personal data to a third country


Processing relating to web services on the Website is carried out at the Data Controller’s offices. Data are processed, for the purposes set out above, by the Data Controller’s staff, employees and contract workers who are tasked/authorised and/or appointed as external individuals who process data and not by third parties. Data will not be disclosed publicly.
Data may be communicated and processed by the Data Controller’s businesses and consultants – and/or by their representatives – to plan and/or maintain the technological parts of the Website and to carry out activities that are instrumental to, in support of or functional to the execution of contracts or services requested by a Data Subject. In any case, these individuals will process data for and communicate data to further third parties as autonomous “Data Controllers” or as “Data Processors” (in accordance with Article 28 of the Regulation) based on the Data Controller’s directives, including with regard to security, for the purposes set out above.
Data may be transferred to countries within and outside the European Union exclusively for the purposes set out above (data will only be transferred to third countries in accordance with the Regulation and therefore based on a European Commission decision on the suitability of the level of personal data protection guaranteed by the third country – e.g. based on the 1250/2016 EU-USA decision – or based on appropriate guarantees ‑ constituted by ad hoc agreements between the Data Controller and the third-party supplier –, or where none exists, based on the Data Subject’s consent).



Types of data processed


Navigation data
The computer systems and software procedures put in place to make this Website function will acquire, during normal operation, some personal data for which transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated to identified Data Subjects, but by their nature could enable users to be identified, by means of processing and association with data held by third parties.
This category of data includes: IP addresses or the domain names of computers used by users who connect to the Website, URI addresses (Uniform Resource Identifier) for the requested resources, the time of the request, the method used to make the request to the server, the size of the file received in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relating to the operating system and the User’s computing environment.
These data will only be used to receive anonymous statistical information regarding use of the Website (e.g. to obtain statistical information on use of services ‑ pages most visited, number of visitors by time of day or by day, geographical area of origin, etc. ‑; to check that services offered are functioning correctly) and to check that the Website functions correctly. Data could be used to ascertain responsibility in the event of hypothetical computer offences committed against the Website.

Data provided voluntarily by the User
The voluntary sending of e-mail to the e-mail addresses indicated on the Websites requires the subsequent acquisition of the sender’s e-mail address, which is necessary for responding to requests, as well as any other personal data included in the communication.
Specific summary information will be subsequently made available on the Website pages provided for particular services to be requested.

Cookies and other tracking systems
Cookies will not be used to profile users, nor will any other method of tracking be used.
Session cookies (non-permanent cookies) will be used instead for strictly limited purposes which ensure that the Website can be navigated safely and efficiently. Storage of session cookies on computers or in browsers can be controlled by the user, where, at the end of the HTTP session, information regarding cookies will remain stored on service logs on servers for no longer than seven days, as with other navigation data.



Voluntary provision of data


Apart from what is specified for navigation data, a User is free to provide the personal data listed on Website request forms, e.g. to request newsletters, privacy policy information or other communications to be sent. If these personal data are not provided, it may only mean that it is impossible to obtain what has been requested. For completeness, it must be pointed out that in some cases (not related to the ordinary management of this Website), the Italian Data Protection Authority (Garante) may also ask the Data Controller, the Data Processor, the Data Subject or any third party, to provide information and to present documents in accordance with Article 58 of the Regulation, for the purposes of checking the processing of personal data. In these cases, failure to provide this information will result in administrative penalties.



Method of processing data and storing personal data


Data will be processed in a way that will guarantee its security and confidentiality and may be processed on paper or through electronic means or means that are in any way automated, computerised, manual and using approaches that are aimed at ensuring that data are processed securely, are always complete and available and will be processed in accordance with the principles of EU Regulation 679/2016 and only for the purposes set out in this policy. Specific security measures are taken to prevent loss, illegal or improper use of or unauthorised access to data.
Data will only be stored for the amount of time that is strictly necessary to pursue the above purposes (which are set out above under letters a, b and d).



Rights of Data Subjects


A Data Subject has the right to exercise the following rights (specifically described in Articles 15 to 22 of EU Regulation 679/2016), by contacting the Data Controller (at the e-mail address indicated below): to ask the Data Controller to confirm whether or not data regarding them have been processed and, if so, to obtain access to the data that has been processed; to ask the Data Controller to rectify and/or supplement, delete or limit the processing of their data; to oppose processing; to ask for the data to be made portable; to lodge a complaint with a supervisory authority; to obtain all the information available on the origin of data and the categories of data, where these have not been collected from the Data Subject; to obtain information as to whether automated decision-making processes, including profiling, have been used, significant information on the approach used, and the importance and consequences these processes have for the Data Subject; to not be subject to a decision based solely on automated processing, including profiling.
In cases where the legal basis for processing is consent (e.g. for sending electronic communications inherent in the activities carried out by the Data Controller, transfer of data to non-EU countries without suitability decisions or appropriate guarantees), a Data Subject has the right to revoke consent at any time without affecting the legality of the processing based on consent given prior to revocation.



The Data Controller


The Data Controller is Bioline S.r.l., with registered office in Trento, viale Bolognini 78. A Data Subject may exercise the rights indicated above and obtain further information by contacting the Data Controller by phone on + 39 0461933209, by e-mail to: bioline@bioline-jato.com or by visiting the website: www.bioline-jato.com under Privacy.