Data protection notice
Recordati Industria Chimica e Farmaceutica S.p.A. (“Recordati”, “we”, “us” or the “Data Controller“), in its capacity as data controller, has prepared this document (the “Notice“) to describe how it will process your personal data in relation to your interaction with the Investors section of our website www.recordati.com.
The processing is carried out in compliance with the legislation on the protection of personal data (“Data Protection Legislation“), including Regulation (EU) 2016/679 (“GDPR“), as well as Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (the “Privacy Code“).
Data Controller and Data Protection Officer (DPO)
The data controller is Recordati Industria Chimica e Farmaceutica S.p.A., a company of the Recordati Group, with registered office in Milan, Via Matteo Civitali 1.
Type of data processed
Recordati processes the following types of personal data concerning you:
- identification and contact detail, such as name, surname, e-mail;
- data relating to language preference, Italian or English;
- data related to your job, to choose among the following options: Buy-side, Sell-side, Private investor, Media, Other;
- name of your employer;
- data related to the geographical area of reference, to choose among the following options: US, Europe, UK, Asia, Other.
The information relating to letters a.-c. are mandatory for the purpose of subscription to the service, while those relating to letters d.-e. are optional, however, if you want to provide them you will help us get to know our audience better.
Purpose of the processing and legal basis
Your personal data will be collected, processed and used for the following purposes; next to each of them, we indicate the legal bases on which the processing is based:
|Purpose of the processing
|Legal basis for the processing
|a) Subscribe to the email alert service to receive the institutional and financial news and reports regarding Recordati directly in your mailbox.
|Performance of a contract with you at your request.
|b) Analysis of subscriber data to allow Recordati to better understand its audience
|Consent of the data subject.
The provision of data for the purposes referred to in letter a) is mandatory; failure to do so will result in the impossibility to sign-up for the service. The provision of data for the purposes referred to in letter b) is optional; failure to do so will not affect your subscription to the service.
Processing methods and retention period
The processing of your personal data will be based on the principles of lawfulness, fairness, transparency, proportionality and minimization and will be carried out electronically, using suitable tools to guarantee the security and confidentiality of your data.
The data will be stored until you request to unsubscribe, erasure of your data or withdrawal of your consent. You can unsubscribe using the link included at the end of each email; to request the erasure of your data or withdraw your consent, you can contact the DPO at the contact details indicated above.
Communication and transfer of personal data
Your personal data may be accessed by Recordati’s employees and collaborators, specifically designated as persons authorised to process the personal data, where necessary to pursue the purposes described above.
Your data may also be communicated or made accessible to consultants and providers of technical services, functional to the purposes described above, in their capacity as our data processors, duly designated and instructed on the basis of a specific contract, such as communication agencies, companies that provide technical support services for the website. The complete list of recipients is available upon request to the Data Controller.
Personal data will not be transferred outside the European Economic Area1. If, in the future, Recordati intends to transfer your personal data outside the European Economic Area, this transfer will take place in compliance with the conditions set out in the Data Protection Legislation.
The Data Controller informs you that you will always have the right to withdraw your consent at any time, as well as to exercise, at any time, the following rights (collectively, the “Rights“), by contacting the Data Controller or the DPO at the addresses indicated above:
- the “right of access” to your data and, in particular, to obtain confirmation of the existence or otherwise of personal data concerning you;
- the “right to rectification“, i.e. the right to request the rectification of inaccurate data or the completion of incomplete data;
- the “right to erasure“, i.e. the right to request the erasure, or transformation into anonymous form, of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the personal data were collected or subsequently processed;
- the “right to restriction of processing“, i.e. the right to obtain from the Data Controller the restriction of processing in certain cases provided for pursuant to the Data Protection Legislation;
- the “right to data portability“, i.e. the right to receive (or to transmit directly to another data controller) personal data in a structured, commonly used and machine-readable format;
- the “right to object“, i.e. the right to object, in whole or in part:
- to the processing of personal data carried out by the data controller for its own legitimate interest;
- to the processing of personal data carried out by the data controller for marketing or profiling purposes.
The exercise of the above Rights is not subject to any formal constraint and is free of charge. Recordati may ask you to verify your identity before taking further action following your request to exercise the above Rights.
You may also lodge a complaint with the competent Supervisory Authority (in particular in the Member State of your habitual residence, place of work or place of the alleged violation), if you are of the opinion that your personal data are processed in such a way as to result in violations of the Data Protection Legislation. You may also contact the Supervisory Authority if the exercise of your Rights is subject to delay, limitation or exclusion by the Data Cdw21\ontroller.
In order to facilitate the exercise of the right to lodge a complaint, the name and contact details of the Supervisory Authorities of the European Union are available at the following link: Our Members | European Data Protection Board (europa.eu). If you wish to lodge a complaint with the competent supervisory authority for the Italian territory (Guarantor for the Protection of Personal Data), the complaint form is available at the following link: Complaints – Italian Data Protection Authority.
1 The European Economic Area (EEA) consists of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Republic of Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden.