PROCESSED DATA AND PURPOSES OF PROCESSING
c.01 - The term "Personal Data" refers to any information concerning an identified or identifiable natural person (Data Subject). An identifiable natural person is considered one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more elements characteristic of their physical identity.
c.02 - Personal Data may be collected independently by the Data Controller or through third parties. In this case, the computer systems and software procedures responsible for the operation of this Website acquire certain Personal Data of Users, of a technical and IT nature (e.g., IP address, type of browser used, operating system, domain name, and addresses of websites from which access or exit was made, etc.). The transmission of this data is inherent to the normal operation of the internet. Such data may be processed solely for the purpose of obtaining anonymous statistical information about the use of the site and/or to check its correct operation, and will be deleted immediately after processing.
c.03 - The Data that the Data Subject chooses to provide voluntarily will be processed in compliance with the conditions of lawfulness under Art. 6 of the GDPR and will be processed to allow the Website to provide its services.
c.04 - The purposes of processing are:
a) Responding to requests, providing information, and pre-contractual obligations: The Data will be processed to respond to requests or follow specific requests made by the Data Subject regarding communications related to the Services and/or Content of the Data Controller, via email or other communication tools such as phone or instant messaging.
Legal basis: This processing is optional and based on the Data Subject's consent, but the provision of data is necessary to achieve the specified purpose.
Data retention period: Until the Data Subject revokes consent.
b) Processing necessary within the framework of a contract: The Data will be processed to fulfill the obligations arising from the contract between the Data Subject and the Data Controller for the sale of Products on the Website, to contact the Data Subject in relation to the Contract, and for the management of the same, for the management of requests for legal warranties, assistance, withdrawal requests, and management and resolution of the Contract itself.
Legal basis: This processing is necessary for the performance of the contract to which the Data Subject is a party, for the performance of pre-contractual measures, or to fulfill a legal obligation to which the Data Controller is subject.
Data retention period: 10 (ten) years or different legal obligation.
c) Compliance with any obligations provided by current laws: The Data will be processed to fulfill any type of obligation provided and required by current laws, regulations, related regulations, business practices, and tax matters, including those provided by anti-money laundering legislation Legislative Decree 231/2007 and subsequent amendments.
Legal basis: This processing is necessary to fulfill a legal obligation to which the Data Controller is subject.
Data retention period: 10 (ten) years or different legal obligation.
d) Soft spam and Newsletter: The Data will be processed to allow the Data Controller to send commercial and promotional communications to the Data Subject via email, regarding Products and/or Services similar to the Products/Services subject to sale without the need for the Data Subject's express and prior consent, as provided for by art. 130, 4th paragraph, Privacy Code as amended by Legislative Decree no. 101 of 2018, and provided that the Data Subject does not exercise the right to object.
Legal basis: This processing is based on the legitimate interest of the Data Controller pursuant to art. 6, letter F and art. 6, paragraph 1, letter A of the GDPR.
Data retention period: Until the Data Subject objects or through a specific tool at the end of the newsletter or by requesting to the Data Controller.
e) Direct Marketing: The Data will be processed for the direct sale of Products/Services, market research, sending promotional, commercial, and advertising communications or relating to initiatives and events, via email, SMS, Whatsapp, Chat, Direct Messaging from social media, social networks or by phone, postal mail, and other informational material.
Legal basis: This processing is based on the Data Subject's freely given consent pursuant to art. 6, paragraph 1, letter A of the GDPR.
Data retention period: Until the Data Subject revokes consent.
f) Statistics and Profiling: The Data will be processed to carry out statistical analyses on aggregated and anonymous data to analyze the Data Subject's behaviors to improve the products and services provided by the Data Controller and to meet the expectations of the Data Subject. The Data will be processed for the analysis and evaluation of interests, habits, consumption choices, including the creation of profiles in order to send personalized informational and promotional material on the Services/Products offered by the Data Controller.
Legal basis: This processing is based on the Data Subject's freely given consent.
Data retention period: Until the Data Subject revokes consent.
TIMING AND DISCLOSURE OF PERSONAL DATA
c.01 - As expressly provided in Art. 5, paragraph 1, letter e) of the GDPR, Data is stored for the time necessary for its processing in relation to the provision of the service requested by the Data Subject or required by the Purposes described in this document. At the end of the retention period, Personal Data will be deleted, and therefore, the rights of access, cancellation, rectification, and portability of the Data can no longer be exercised.
c.02 - In addition to the Data Controller, in some cases, data categories of persons involved in the organization of the Website (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data. Employees and any related subjects are bound by principles of confidentiality and have accepted strict duties of conduct. The user can be reassured, therefore, that only authorized personnel can view and process personal data. However, given modern times, no operator can guarantee 100% security for any information transmitted over the network. For this reason, it is essential that the user is aware of this and accepts the associated risk by indemnifying the Data Controller.
c.03 - Without the need for express consent (pursuant to art. 24 letters a), b), d) of the Privacy Code and art. 6 letters b) and c) of the GDPR), the Data Controller may communicate your data for the purposes of this Information to supervisory bodies (e.g., Ministry of Health), judicial authorities, insurance companies for the provision of insurance services, and those subjects to whom communication is mandatory by law for the fulfillment of said purposes. These subjects will process the data as autonomous data controllers. Your data will not be disclosed.
COOKIE
c.01 - This Website uses cookies. Cookies are small text files that websites can use to make the user's experience more efficient and to personalize content and ads, provide social media functions, and analyze traffic. Cookies are small text files that can be used by websites to make the User's experience more efficient and are sent to their browser, where they are stored to be then retransmitted to the same Website on their next visit. Cookies have different functions. Cookies aim to improve the functionality and navigation of this Website. In other cases, Cookies are used to track users during navigation, recording information about what the User buys or may want to buy, to personalize the advertising shown when opening emails or browsing on a social network, and to personalize content, provide social media functions, and analyze traffic. In their browser, the User can set privacy preferences to not store cookies, delete them after each visit or each time they close the browser, or even accept only cookies from pharmaflex.com and not those from third parties.
c.02 - Technical Cookies - Technical cookies are those whose use does not require the User's consent. Technical cookies are used solely to enable the User to browse the Website and allow them to use its features. These are always first-party cookies since they are sent directly by the Controller to the Website. Navigation cookies are usually session cookies and, therefore, are automatically disabled once the browsing browser is closed. Other technical cookies are useful to allow the User to store some preferences without having to reset them during subsequent visits (so-called Functionality Cookies). For this reason, functionality cookies are often persistent cookies, as they remain stored on the User's computer even after closing the browsing browser until the expiration date provided for them or until the User decides to delete them.
c.03 - Third-Party Cookies - These cookies are used to collect information about the use of the Website by Users anonymously, such as pages visited, duration, traffic sources, geographical origin, age, gender, and interests, for statistical purposes and marketing activities. These cookies are sent by third-party domains external to the Website.
c.04 - With the exception of strictly necessary technical cookies for normal browsing, the provision of Data is at the User's discretion who decides to browse the site after having read the brief information contained in the appropriate banner and to use third-party services that involve the installation of cookies. The User can avoid the installation of cookies by keeping the banner or through the specific functions available in their browser or in this policy. The User can manage cookie preferences directly in their browser and prevent third parties from installing them. It is important for the User to know that by disabling all cookies, the operation of this Website may be compromised. Each browser has different procedures for managing settings.
USER RIGHTS
c.01 - The Data Controller wishes to inform the User of the existence of a fairly wide range of rights under Regulation (EU) 2016/679. Specifically, according to:
Article 15, the right of the data subject to request from the controller access to personal data;
Article 16, the possibility of rectifying the data provided;
Article 18, the possibility of supplementing or limiting the processing of data concerning the user or objecting, for legitimate reasons, to the processing;
Article 21, the right to data portability in accordance with Article 20 of Regulation (EU);
Article 17, the right to request the deletion, transformation into anonymous form, or blocking of data processed in violation of the law, including those for which conservation is not necessary in relation to the purposes for which the data were collected or subsequently processed;
The right to obtain certification that the operations of updating, rectification, integration of data, deletion, blocking, or transformation have been correctly or have been initiated.
In case of violation of the regulations, the User must be aware that they have the right to lodge a complaint with the Data Protection Authority, as the authority responsible for the control of the processing in the Italian State.
c.02 - The User may exercise their rights at any time by sending a registered letter with acknowledgment of receipt to the Data Controller's office.
CONCLUSIONS AND ACCEPTANCE
c.01 - By providing any personal data, using our Portal and services in any way, and expressly accepting this Information when required, the User establishes a binding relationship with the Controller. As such, the User agrees that any email sent by us or by third-party affiliates, even unsolicited emails, should not be specifically considered as SPAM, according to the legal definition of that term.
c.02 - By continuing to use the Portal, the User acknowledges having had the opportunity to review and consider this Privacy Policy and acknowledges acceptance. This means that the User also consents to the use of the information and the disclosure method described. If the User does not understand or accept this Privacy Policy, they must immediately stop using the site and services.
c.03 - This document may be subject to changes or updates.
This document was updated on 07.12.2023 to comply with regulatory provisions, particularly Regulation (EU) 2016/679.