1.1 EDRA S.p.A. aware of the importance of guaranteeing the security of private information, in compliance with the applicable Italian and European legislation, below describes the methods of processing the personal data of those ("User", "Users") who connect to this Site, directly , or even through a link from another site.
1.2 This Site contains links to other websites: this information does not apply to such other websites that may be consulted by the User through specific links. They may contain "information on the processing of personal data" diverging, in whole or in part, from this information. Edra S.p.A. therefore invites the User to examine the privacy policy of each site to which he connects, before entering any personal information on it.
1.3 This information applies exclusively to personal data processed through and on this Site: it does not, on the other hand, concern the processing of data through other tools (eg telephone, mail, etc.).
1.4 This is the current information, updated to the date that appears at the bottom: EDRA S.p.A. reserves the right, at any time, to modify and update it.
1.5 The statements of EDRA S.p.A. all listed below integrate the Legal Notes (Terms and Conditions of Use) of the Site but are not contractual in nature and therefore do not generate contractual obligations towards the User and corresponding User rights.
2.1 The Data Controller of personal data is: EDRA S.p.A. Tax Code and VAT number 08056040960, with registered office in Milan, via Spadolini 7, a company incorporated under Italian law.
3.1 The processing of personal data connected to the consultation of the Site takes place at the registered office of EDRA S.p.A. Indicated above. The data are stored at a Data Center located in the registered office of EDRA S.p.A. in Milan and at the Elmec Informatica Data Center located in via Pret n. 1 Brunello (VA), appointed External Data Processor pursuant to art. 28 GDPR.
Traffic and navigation data provided by the user's computer
4.1 The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by the Users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data constitute the access register.
4.2 The Site also acquires and stores the URL sequence data (Uniform Resource Locator) identifying the resources visited or searched by the User on the Internet (e.g. Web pages, documents, images, etc.), including the date and time of access and their content.
4.3 The Site also acquires data and information from the User's computer through the use of cookies: permanent and / or "session":
- persistent cookies: the computer system of the Site, during its normal operation, sends from the EDRA SpA server to the User's browser some data that are stored on the hard disk of the User's computer to allow him to navigate in some, specific, restricted areas of the Site.
- session cookies: the computer system of the Site sends some data consisting of random numbers generated by the server, the so-called session cookies, which are not stored permanently on the User's computer and therefore disappear when the computer is closed. The sending of such data serves to allow the transmission of session identifiers, necessary for the safe and efficient exploration of the site and to collect information on the use of the Site by the User.
Any profiling cookies are processed for the sole purpose of allowing the use of personalized banners. No targeted advertising will be sent instead thanks to the use of these cookies. Consent to use of the same must be expressed by accepting the use of the site as per the Provision of the Privacy Guarantor of 4 June 2014.
In particular, the cookies used are the following:
Permanent Cookies
Google Analytics _ga cookie: Used to distinguish users - necessary for third-party service
MK cookie: Used to store user authentication with a permanent login
Session cookies
Google Analytics_gat cookie: used for the analysis of visits to the site.
4.4 Most of the Users' browsers are designed to automatically accept cookies, but the User can set their browser to disable, once and for all or once at a time, the receipt and saving of new cookies; or you can set your computer to receive a warning when it is about to store a cookie. In case of deactivation of cookies, the User, while being able to access the Site, may not be able to navigate in specific and / or reserved areas.
4.5 In general, the Site acquires and stores - and sometimes communicates to third parties - all the navigation data described above exclusively in anonymous and aggregate form. The processing of such data allows the Owner to manage and control the proper functioning of the Site and to carry out statistics and samples for promotional or scientific purposes.
Data provided voluntarily by the User.
4.6 The Site may sometimes ask the User to provide some personal information such as, for example, name and surname, business address, telephone number, e-mail address, etc. The provision of such data depends only on the will of the User and is therefore absolutely optional.
4.7 The User, in order to have access to certain contents of the Site in specific reserved areas and to be able to take advantage of the full operation of the Site, has the responsibility of:
- obtain a pair of unique keys (Username and Password) through a registration procedure;
- subsequently, at each new session, enter your Username and Password for recognition by the authentication system.
4.8 The personal data collected by the form completed by the User at the time of his voluntary registration (Registration data) consist of information relating to the User's contacts and so, for example: name and surname or name of the company, association or body , professional title, postal address, e-mail address, telephone number, fax. The computer system of the Site automatically associates this data with the Username and Password chosen by the User and connects them to an account. In subsequent accesses, it will be possible to access personal registration data only by typing in Username and Password; the User is therefore fully responsible for the proper custody of their Username and Password.
Data provided by third parties
4.9 The computer system of the Site sometimes also processes personal data and contacts of Users published in public categorical lists (e.g. single database of telephone subscribers, databases of professional orders, databases of social security institutions of the medical-health categories, etc.). As such, these data can be processed by EDRA S.p.A. as independent data controller, in compliance with the provisions of the GDPR and in particular those provided for in the field of unsolicited communications (e-mail, SMS, Mms, electronic faxes).
The personal data provided will be processed for the following purposes:
5.1 Activities strictly connected and functional to the operation of the services: for example, allowing the User to access the services offered and view the contents of the Site; allow the User to receive the requested products or services, executing the orders received; respond to the User's questions and requests;
5.2 Technical management of the Site and its information system, including through the Medikey® certification platform: for example, acquisition, matching and management of information relating to the account; securing and checking the correct functioning of the Site; site activity monitoring;
5.3 Enrichment or customization of the contents, services, or design of the Site on the occasion of a single visit, or of repeated accesses;
5.4 Profiling in aggregate form (i.e. anonymous, without any prejudice to the privacy and confidentiality of the data of each registered owner), of Users and their access to confidential specialized pages, for the purpose of scientific and / or market research, analysis, and for the elaboration of reports, carried out directly by Edra SpA or also through specialized third-party companies;
5.5 Communication with the User regarding changes or updates to the Site and its services; advertising communications, communications of special offers and promotions; requests for market surveys to which the User can freely choose whether to join or not.
6.1 The processing of personal data takes place using IT, telematic, manual tools, both as EDRA S.p.A. that as Medikey® or with other names and commercial signs of the LSWR group.
6.2 Data processing takes place in compliance with the GDPR and the requirements defined within the organization of EDRA S.p.A. described in the treatment registers and in the Security Policy Document, which the Company continues to update.
7.1 The processing is carried out by the Data Controller and by his Appointees: employees, agents, representatives, third party suppliers (e.g. companies that provide data processing services, invoice printing, enveloping and labeling of products purchased online, shipping, etc.).
7.2 The processing is also carried out by the other companies of the EDRA S.p.A. group and by subjects (companies, associations, entities) for which the Data Controller operates as an agent, licensee, publisher for the purposes listed above. In the cases provided for by art. 28 of the GDPR (i.e. when the Company carries out processing on behalf of other independent Data Controllers) EDRA S.p.A. she was appointed External Manager.
7.3 Data processing by EDRA S.p.A. and its representatives may take place regardless of the User's consent in the following cases:
7.3.1 at the request of the Judicial Authority, or to defend or protect one's rights in administrative, judicial or arbitration proceedings;
7.3.2 in the event that the processing of data is necessary to allow investigations aimed at countering illegal activities, acts in fraud of the law, or to ensure the safety of people or things; in all cases, in general, in which the transmission of data is required by law;
7.3.3 in the event that EDRA S.p.A. is acquired by, transferred or merged with another company, or in the event that this Site or some of its contents are transferred to third parties.
8.1 The User registered on the Site is solely responsible for the veracity of the personal information entered therein. Pursuant to articles 15 to 21 of the GDPR, the interested party has the right:
The User can exercise these rights recognized by law by contacting EDRA S.p.A. to the Contacts indicated in point 11 below.
8.2 Starting from 25 May 2018, the interested party may also, pursuant to articles 15-21 of the GDPR, exercise the following specific rights:
8.3 EDRA S.p.A. reserves the right to communicate changes or updates to the Site to the User whenever necessary.
9.1 EDRA S.p.A. retains the personal data collected by the User for as long as such information is deemed relevant for commercial purposes, and in any case up to a maximum of two years from the last interaction or until the User requests the cancellation of their data by contacting EDRA SpA to one of the addresses indicated in point 11, below.
10.1 EDRA S.p.A. is aware of the importance of ensuring the security of private information of which it becomes aware and therefore strives to protect the privacy of the Users of its Site.
10.2 The personal and demographic information including the access credentials (username / login and password) of each User are sent and stored in servers equipped with firewalls and physically located in protected data centers.
10.3 Login and password transit on the Internet in encrypted form on SSL protocol. The other personal information transits between the data centers on an MPLS private line in encrypted form.
10.4 The implementation of lockout management systems (which provide for blocking access in the event of repeated incorrect access) also allow you to protect accounts from intrusion or hacking attempts by unauthorized third-party users.
10.5 Furthermore, EDRA S.p.A. adopts internal security procedures described in the Programmatic Security Document (DPS) including, for example, the filtering of access and use of data by its employees.
10.6 EDRA S.p.A. however, cannot be held responsible for any unauthorized access, for data loss (eg passwords), illicit / incorrect use, or for alterations of personal information that occur outside of its control, nor can it guarantee the correct and secure use of the User's personal data by third parties.
11.1 The User can exercise the rights recognized by art. 7 of Legislative Decree 196/2003 and submit any of your requests, questions, comments, or complaints regarding this Notice, or the way in which your personal data are processed on the Site to:
EDRA S.p.A.
via Spadolini n. 7, 20141 Milan
tel +39 02 88184.1;
fax +39 02 88184.301;
email privacy@lswr.it
The Data Controller pursuant to art. 37, co. 1, letter b) of the GDPR has appointed Monica Gobbato as Data Protection Officer (the "DPO") who can be contacted at the following addresses:
dpo@lswr.it
tel. 02.88.184.1