Data privacy

PRIVACY INFORMATION NOTICE

Menarini Silicon Biosystems S.p.a.  wishes to inform you that the processing of your personal data performed by way of the websites www.siliconbiosystems.com, https://atlassian.siliconbiosystems.net and msbiosuite.siliconbiosystems.com (individually “Website” or “Site”, collectively “Websites” or “Sites”) or request the services available thereon, e.g. by means of contact forms (“Forms” or “Form”), is carried out in compliance with the applicable data protection law (Regulation (EU) 2016/679 – hereinafter referred to as “GDPR”).

The information below refers to all three websites, unless otherwise specified. 

1. Data Controller and DPO

Data Controller is Silicon Biosystems S.p.a., with registered offices in Via G. Di Vittorio 21 b/3, 40013 Castel Maggiore (Bologna), Italy (hereinafter the “Controller”, the “Company”, or “we”).

The Data Protection Officer (“DPO”) can be contacted at: dpo@menarini.com 

2. The data we process

With your consent, we process the following personal data, which you provide when you:

• surf on the Websites (without using any services);
• interact with the Websites and use the available services and functions, including: Forms, newsletter, registration to any restricted areas, registration and use of remote assistance platforms related to our products/services, etc;
• send email messages to us.

These data include, in particular, your name, surname, contact details (including email address), professional qualifications, the information submitted via the various fields of the Forms and/or requested to register into the restricted areas, as well as the specific content of your requests or messages. The data may also include additional data which the Controller may acquire, also from third parties, in the course of business (“Data”).

In order to enable us to fulfil your requests, you must confer the data marked with an asterisk (*) in said Forms. Without those mandatory data we cannot proceed any further. Conversely, the information requested in fields not marked with an asterisk is optional: failure to provide them shall have no consequence.

In any event, even without your prior consent, the Controller may process your data to comply with legal obligations stemming from laws, regulations and EU Law, to exercise rights in legal proceedings, to pursue its own legitimate interests and in all cases provided by Articles 6 and 9 of the GDPR, where applicable.

Processing shall take place both electronically and with “traditional” methods, and shall always entail the implementation of the security measures provided by current law. 

3. Why and how we process your data

The Data are processed for the following purposes:

- Website www.siliconbiosystems.com

1.  handling your requests for information on our products and services (including quotes), as well as handling of orders. The legal basis for the processing in such cases is the performance of a contract or of pre-contractual measures (art. 6.1.b of the GDPR);
2. handling requests or subscriptions to newsletters/other publications, webinars, press releases, share comments/experiences about products, updates about the companies etc. The legal basis for the processing in these cases is your consent, which you express by submitting the message/form or subscription request (art. 6.1.a GDPR) –please note that our newsletters contain a “pixel tag”, see below, bullet point c);
3. performing additional promotional activities about products/services in which we think you may be interested. This includes contacting you face-to-face, providing you with promotional communications, materials and/or commercial information relating to the Company’s products and services, by traditional methods (for example: hard copy mail, phone operator calls, etc.). The legal basis for the processing is the company’s legitimate interest (art. 6.1.f of the GDPR). Please note that you may oppose to the processing of your data for this purpose by contacting us at dpo@menarini.com
4. performing additional promotional activities via automated methods (for example: e-mail, on-line re-targeting by means of cookies –see also letter e below). Please be informed that our promotional emails and newsletters may contain “Pixel Tags”, which provide information about whether and when you open, delete and trash our messages, and also the IP address or email client used to view them; if the emails we have sent contain links to any online content, Pixel Tags also convey to us information about which links you have clicked –to prevent this from happening, please check your browser, email client or email account settings and block automatic image loading. The legal basis for the processing for this purpose is your consent, pursuant to art. 6.1.a of the GDPR. Please note that you may prevent pixel tags from being activated by operating your browser’s or email client’s options.
5. To carry out on-line advertising activities addressed to specific clusters of users (“profiling”): these activities may include sending targeted pop-up ads, to users falling within specific clusters (e.g., healthcare professionals with a given specialisation). The data regarding the users’ profiles will be collected by means of cookies, that will be placed on your device via our Website, and cross-checked with the information displayed by users on their LinkedIn profile. To receive the ads, you will need to have consented to “social media cookies” on our website (see also our cookie policy). We will not have access to either your LinkedIn profile or the information about who views our ads (only aggregate information will be received by the Company), but the pop-up will ask whether you are interested in our initiatives, and provide links to receive further materials from us via email or other methods:
   
        - in case you are interested, you will be asked to fill out an on-line form and consent to the processing of your data by us. We will then receive the data you enter in the form, store it in our systems, and process it in line with this document and our “Information Notice for business contacts on the processing of their personal data in Menarini Silicon Biosystems s.p.a. Client Relationship Management database”,
        - in case you are not interested, you can opt-out from receiving such banners.
   
   If you do not submit additional information, we will receive aggregate statistics regarding our campaign, where we will not be able to identify you. Please note that LinkedIn will act as independent controller of the data processed on your LinkedIn profile, and will share data with us and/or direct our ads based on their privacy policy and your privacy settings. For more information about how LinkedIn uses and shares your personal data, please refer to their privacy policy, accessible via your profile. The legal basis for the processing is your consent (art. 6.1.a GDPR).
6. handling your job applications and queries related to professional vacancies; the legal basis for this purpose is your consent (art. 6.1.a and 9.2.a GDPR);

 

- Website https://atlassian.siliconbiosystems.net

1. handling of registration to the client support portal, as well as of assistance requests from clients/users of our products. The legal basis of the processing is the performance of a contract (art.6.1.(b) GDPR).

- Website msbiosuite.siliconbiosystems.com

1. handling of registration to the portal, as well as of assistance requests from clients/users of our products. The legal basis of the processing is the performance of a contract (art.6.1.(b) GDPR). Please also refer to the relevant terms and conditions, where available, which address the rules regarding the use of the portal, including the upload of personal data.

 

For all three Websites:

By submitting messages, requests and/or ticking the appropriate boxes (where available) you acknowledge these terms and consent to the processing of your data in line with the above.

Your data may in any case be processed, even without your consent, for the purpose of complying with laws, regulations, EU Law (art 6.1.(c) of the GDPR, to perform statistics on the Website’s usage and ensure its proper functioning (art. 6.1.(f) of the Regulation), to enforce the Code of Conduct of the Menarini Group  and to establish or defend the legal claims in the interest of the Company (6.1.f. GDPR and 9.2.f GDPR).

The personal data are entered into the Company computer system in full compliance with data protection laws, including security and confidentiality profiles and based on principles of correct practice, lawfulness and transparency in processing.

Data shall be stored for as long as strictly necessary for the attainment of the purposes for which they were collected. In any event the criterion used to determine that period is based on compliance with the time limits set by law and with the principles of data minimisation, storage limitation and rational management of archives. If you send us your CV in connection to a job opening or speculative job application, we keep it for 2 years after receipt.

All your data will be processed on paper or by means of automated instruments, which in any case ensure an appropriate level of security and confidentiality.

4. Browsing data

If you only visit the Websites (i.e., without sending communications or using any of the available services/functions), the processing of your data is limited to browsing data i.e., data whose transmission to the Websites is necessary for the functioning of the computers which operate the Websites and of the Internet communication protocols. This category includes, for example, IP addresses or computer domain used to visit the Websites and other parameters pertaining to the operating system used to connect to the Websites. The Company collects these and other data (such as, for example, number of visits, number of clicks of any published contents and time spent on the Websites) merely for statistical purposes and in anonymous form in order to monitor the functioning of the Websites and improve their performance, as well as the quality of our contents. Such data is not collected to be associated with other information regarding, or for the identification of, users; however, such information, by its very nature, may enable the Company to identify users through processing and association with data held by third parties. Browsing data are normally deleted following processing in anonymous form but can be stored and used by the Company to detect and identify perpetrators of any computer offences committed to the detriment of the Website or using the Website. If you also access the restricted areas of our Website, the processing of your data includes also additional information (such as user’s last date of access to any restricted areas). The Company traces such other data to verify the effectiveness of its services and therefore to improve them. Without prejudice to this possibility and to the provisions of the Cookie Policy the browsing data described above are stored only temporarily, in compliance with law.

5. Links to other websites

This Information Notice applies only to the Websites and the Forms as defined above. Even though the Websites may contain links to other websites (known as third party websites), please be informed that the Company does not perform any access or control over cookies, web beacons or other user-tracking technologies that may be active on such third party websites, on the contents and materials published thereon, or on their methods of processing of your personal data; for this reason, the Company expressly declines any liability for such matters. You should therefore verify the privacy policies of such third party websites and collect information about their terms and conditions and about how they process your personal data.

6. Persons who have access to the Data

Data are processed electronically and manually according to procedures and logics relating to the above-mentioned purposes and are accessible by the Controller’s staff authorised to process personal Data and their supervisors, and in particular to staff belonging to the following categories: technical, IT and administrative staff, marketing and field force staff, internal audit and compliance staff, as well as other individuals who need to process the data to perform their job duties. The Data may be communicated, also in countries outside the European Union (“Third Countries ”) to: (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, independent consultants –individually or in partnerships- and other third parties and providers which supply to the Controller commercial, professional or technical services required to operate the Website (e.g., provision of IT and Cloud Computing services), in order to pursue the purposes specified above and to support the Company with the provision of the services you requested; (iii) third parties in the event of mergers, acquisitions, transfers of business -or branches thereof- audits or other extraordinary operations; (iv) company supervisory bodies, based at the Controller’s address, in the pursuit of their activities (oversight over the enforcement of legal obligations, ethical standards, the Menarini Group’s Code of Conduct, etc.); (v) other Companies of the Menarini Group for internal administrative purposes, pursuant to Recital 48 and art. 6.1.(f) of the Regulation.

The mentioned recipients shall only receive the Data necessary for their respective functions and shall duly undertake to process them only for the purposes indicated above and in compliance with data protection laws. The Data can furthermore be communicated to the other legitimate recipients identified from time to time by the applicable laws. With the exception of the foregoing, the Data shall not be shared with third parties, whether legal or natural persons, who do not perform any function of a commercial, professional or technical nature for the Controller and shall not be disseminated. The individuals who receive the data shall process them, as the case may be, in the capacity as Controller, Processor or person authorised to process personal data, for the purposes indicated above and in compliance with data protection law.

Regarding any transfer of Data outside the EU, including in countries whose laws do not guarantee the same level of protection to personal data privacy as that afforded by EU Law, the Controller informs that the transfer shall in any event take place in accordance with the methods permitted by the GDPR, such as, for example, on the basis of the user’s consent, on the basis of the Standard Contractual Clauses approved by the European Commission, by selecting parties enrolled in international programmes for free movement of data or operating in countries considered safe by the European Commission.

7. Your Rights

By contacting the Controller at the above address, you can, at any time, exercise the rights afforded by Articles 15-22 of the GDPR such as, for example, obtaining an updated list of the individuals who can access your data, obtain confirmation about whether we process or not your personal data, verify their content, origin, correctness, location (also with reference to any Third Countries ), request a copy of your data, request their rectification and, in the cases provided by the GDPR, request the restriction of their processing, their erasure, oppose to direct contact activities (including limited to some mediums of communication), including Newsletters and promotional materials (direct marketing) from the Company or withdraw your consent to their processing (although that will not impair the lawfulness of the processing carried out before consent withdrawal). Likewise, you can always make observations about processing of your personal data which you regard as inappropriate by sending a message to our DPO (dpo@menarini.com) or submit a complaint to the Italian Data Protection Authority (Garante per la Protezione dei dati personali).