Pursuant to the legislation applicable to the protection of personal data (“Privacy Legislation”) including EU Regulation 2016/679 (“GDPR”), Recordati Industria Chimica e Farmaceutica S.p.A provides some information necessary to illustrate how personal data will be processed through the following domain recordati.com.
- Data Controller
Recordati Industria Chimica e Farmaceutica S.p.A. parent company of the Recordati Group, with registered office in Milano, Via M. Civitali n. 1, enrolled in the Register of Companies of Milan under number 00748210150 is the Data controller (hereinafter, the “Data Controller” or “Recordati“).
The Data Protection Officer of the Recordati Group can be contacted using the following contact details: Data Protection Officer – DPO, Recordati S.p.A., Via Matteo Civitali 1, Milan – Italy; e-mail: .
- Data Processed
The data which will be processed include:
Navigation data: language set in the user’s browser, name of the page the user viewed, screen resolution of the device the user is using, the Matomo ID that associates the hit with the right Analytics account, location of the user, characteristics of the browser, operating system and internet provider used by the user, source/media that directed the user to the Website;
Other data freely provided by users to access certain freely chosen services. Specific information notices and requests for consent, where required, can be found on the relevant sections of the Website.
- Purposes and legal bases of the processing
Navigation data are used to allow the navigation of the Website and use its features, as well as to obtain anonymous statistical information on the use of the Website, to check its correct functioning and to identify anomalies and/or abuses.
The legal basis of the processing is our legitimate interest to allow the proper functioning of the Website and to constantly improve its quality and attractiveness for users (Article 6.1. lett. f) GDPR). Based on our assessments, we believe that no interest, right or fundamental freedom of users prevail over this legitimate interest.
- Data Recipients – Data Transfer to Third Countries/International Organizations
As part of the data processing for the purpose referred to in paragraph above, the data may be disclosed or otherwise made accessible to the companies belonging to the Recordati Group and to third parties such as.
Where necessary, the Data Controller will appoint third parties as its Data Processors pursuant to Article 28 of the GDPR.
Data will not be transferred outside the Economic European Area. This said, any Data transfer outside the Economic European Area will be carried out in compliance with the applicable provisions of GDPR.
- Data retention period
Navigation data will be stored for 2 years from the relative registration. Only in the event of a request by the Public Authorities, the data may be stored for a longer period, in accordance with what will be ordered to the Data Controller.
- Data subject rights
Users will always have, in accordance with the law, the right to withdraw at any time their consent, where given, as well as to exercise, at any time, the following rights:
- the “right of access” i.e. the right to obtain confirmation as to whether or not personal data concerning the User are being processed and the communication of such data in an intelligible form;
- the “right to rectification” i.e. the right to request the rectification or, if interested, the integration of personal data;
- the “right to erasure” e. the right to request the erasure or the anonymization of personal data that have been processed unlawfully, including data whose storage is unnecessary for the purposes for which they were collected or further processed;
- the “right to restriction of processing” e. the right to obtain from the Data Controller the limitation of the processing in certain cases provided for under the Privacy Legislation;
- the right to request the Data Controller to indicate the recipients to whom it has notified any rectification or erasure or restriction of processing (carried out in accordance with Articles 16, 17 and 18 GDPR, in fulfillment of the notification obligation unless this proves impossible or involves disproportionate effort);
- the “right to data portability” e. the right to receive (or transmit directly to another data controller) personal data in a structured, commonly used and machine-readable format;
- the “right to object”, i.e. the right to object, in whole or in part:
- the processing of personal data carried out by the Data Controller for its own legitimate interest;
- the processing of personal data carried out by the Data Controller for direct marketing or profiling purposes.
In the above cases, where necessary, the Data Controller will inform the third parties to whom the users personal data has been disclosed of the their exercise of rights, unless it is not possible or is too onerous and, in any case, in accordance with the provisions of the Privacy Legislation.
Where processing is based on consent, the user is also entitled to withdraw, at any time, any consent given, whereby it is understood that the withdrawal of consent shall not affect the lawfulness of the processing based on consent given prior to the withdrawal.
The Data Controller hereby informs users that, pursuant to the Privacy Legislation, they have the right to lodge a complaint with the competent supervisory authority (in particular in the Member State of User’s habitual residence, place of work or place of the alleged breach), if they are of the opinion that their personal data are being processed in a way that would lead to breaches of the GDPR.
In order to facilitate the exercise of the right to lodge a complaint, the name and contact details of the European Union Supervisory Authority are available at the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Edition: July 2023