Skip to content

Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) NO. 2016/679

- HEALTHCARE PROFESSIONALS -

Pursuant to Articles 13 and 14 of Regulation (EU) No. 2016/679 (hereinafter the "GDPR"), Doc Generici s.r.l. (hereinafter "Doc" or the "Controller") informs you that your personal data (hereinafter the "Data") will be processed in compliance with the provisions of the GDPR and in accordance with the following privacy policy.

A. DATA CONTROLLER, DATA PROCESSORS, DATA PROTECTION OFFICER

The Data Controller for the Data referred to in this privacy policy is Doc Generici s.r.l., with registered office in Milan, Via Turati 40, e-mail: privacy@docpharma.com.

The updated list of any Data Processors is available at the Controller's office.

The Data Protection Officer (DPO), designated by the Controller, can be contacted via:

• Mail: at the registered office address mentioned above, for the attention of the Data Protection Officer;

• Email: at DPO@docpharma.com.

B. CATEGORIES OF DATA PROCESSED

The Data that Doc will process for the purposes and with the methods indicated below belong to the following categories and will be acquired, processed, and stored as indicated in this policy.

a) Data Provided Directly by You

We acquire and store, in the manner and for the time indicated below, any Data provided directly by you, either verbally, in writing, or electronically, to us or to subjects operating on our behalf (medical representatives, agents). This includes your personal details, your contact details (including landline or mobile phone numbers, email address(es)), and data and information related to your profession (e.g., specialization, role held).

b) Data Obtained from Other Sources

We may also acquire Data from other sources, including other data controllers (in the latter case, after verifying compliance with legality conditions by third parties), or from public sources (e.g., databases of Professional Orders), but always in compliance with relevant regulations.

c) Data Collected Automatically

Your access to our websites, directly or through third-party sites, portals, or platforms, and the use of sections reserved for healthcare professionals (the "Restricted Sections") will allow us to automatically acquire the following categories of Data or information.

Navigation Data

The computer systems and software procedures used to operate our websites acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet, which is based on the TCP/IP protocol. This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow your identification.

This category of data includes "IP addresses" or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.), and other parameters relating to the user's operating system and IT environment.

First-Party Cookies

A cookie is a small "text file" that some websites, while being visited, can send to the user's address in order to track expressed preferences and collect data. Each user, if preferred, can still set their browser to receive a warning of the presence of a cookie and decide whether to accept or reject it. It is also possible to automatically refuse the reception of cookies by activating the specific browser option: however, not using cookies could lead to difficulties in interacting with our websites.

The Restricted Sections of our websites use the following types of cookies:

• Technical cookies: which ensure the possibility of Browse and using the website, and also to collect information, in aggregate form, on the number of users and how they visit the site; technical cookies will, in particular, also be used to remember that you have already given your consent and avoid asking you to express it again.

• Profiling cookies: used to attribute to specific, identified or identifiable subjects, specific actions or recurring behavioral patterns in the use of the offered functionalities (patterns) for the purpose of grouping different profiles within homogeneous clusters.

The complete list of cookies used by the Restricted Sections of our websites can be consulted at this link: https://www.docpharma.com/cookie-policy/ where you will also find instructions on how to change your browser settings and accept or reject cookies.

Third-Party Cookies

During navigation, you may also receive cookies from other sites or web servers on your terminal: this happens because our sites may contain elements such as images, maps, sounds, specific links to web pages of other domains.

C. PURPOSES AND LEGAL BASIS OF PROCESSING

Your Personal Data will be processed by Doc within its activities for the following purposes and with the following legal bases for processing:

a) Contracts and Legal Obligations

The acquisition and processing of Data necessary for the execution of contracts or to fulfill obligations provided for by tax, corporate, administrative, and accounting legislation or to fulfill contractual and/or supply obligations possibly assumed towards you, does not require your consent.

Refusal to provide such Data will make it impossible to meet your expectations or requests or to fulfill what has been agreed upon.

b) Access to Services

The acquisition and processing of Data necessary to allow you to use the services or utilities made available in the Restricted Sections of our sites or for the execution of contracts (including pre-contractual acts) is mandatory and does not require your consent.

Refusal to provide such Data will make it impossible to meet your expectations or requests or to fulfill what has been agreed upon.

c) Compliance with National and EU Regulatory Requirements - Transparency Obligations

The acquisition and processing of Data necessary to comply with regulatory requirements - other than those referred to in point a) - is mandatory and your consent is not required. Processing is mandatory, for example, when required by legislation on access to information on medicines, reporting of expenses incurred for meetings, congresses, events, symposiums, laboratory visits, and similar events ("Events"), for anti-corruption purposes, or to comply with provisions or requests from supervisory and control authorities.

Your consent is necessary to comply with the transparency obligations regarding transfers of value provided for by law or by the provisions of codes of conduct approved by trade associations and to proceed with the publication of the data in non-anonymous form.

d) Invitations to Events

The processing of Data carried out in order to contact you to invite you to participate in Events through mail, telephone, email, Internet, SMS, MMS, and other remote communication systems, including video calls or multi-participant video conferencing systems, requires your consent.

In the absence of your consent, Doc will not be able to contact you for the indicated purposes.

e) Sending Materials and Newsletters

The processing of Data carried out in order to send you reports, circulars, scientific or promotional materials, through mail, telephone, email, Internet, SMS, MMS, and other remote communication systems, including video calls or multi-participant video conferencing systems, requires your consent.

In the absence of your consent, Doc will not be able to contact you for the indicated purposes.

f) Profiling

With your consent, some Data (including Data transmitted by third parties and Data collected automatically following access and navigation in the Restricted Sections of our websites) may be used to identify, evaluate, or predict aspects concerning, among other things, your interests, preferences, consumption choices, and habits, and, among these, in particular, to identify the scientific areas for which you have greater interest or the IT functionalities you most appreciate, so as to be able to primarily suggest products, services, and Events that meet your preferences and inclinations.

If you wish to give us your consent, we also remind you to disable the refusal to receive profiling cookies possibly set in your browser, by clicking on the link: https://www.docpharma.com/cookie-policy/

g) Legitimate Interest of the Controller

The processing of Data may be carried out to pursue a legitimate interest of Doc, identified from time to time (including, where necessary, asserting or defending a right in court and preventing crimes or illegal acts). Such processing, to the extent that it does not compromise your fundamental rights and freedoms, does not require your consent.

D. RECIPIENTS OR CATEGORIES OF RECIPIENTS

The Data may be communicated or made accessible to the following subjects, some of whom have been appointed by the Controller, as the case may be, as processors or authorized persons:

• Companies belonging to the Controller's group (parent companies, subsidiaries, affiliates), employees and/or collaborators of any kind of the Controller or of companies belonging to the Controller's group.

• Public or private subjects, natural or legal persons, of whom the Controller makes use for the performance of activities instrumental to achieving the aforementioned purposes or to whom the Controller is obliged to communicate the Data, by virtue of legal or contractual obligations or within the scope of negotiations and procedures aimed at corporate operations or reorganizations.

E. TRANSFER OF DATA TO THIRD COUNTRIES

The Controller will process the Data without transferring it outside the European Economic Area ("EEA"). Should such a transfer become necessary or occur for technical or organizational reasons, even subsequent ones, the Controller will ensure that the Data is transferred in compliance with the provisions of the GDPR, and, in particular, its Articles 45, 46, and 49.

F. PROCESSING METHODS

Your Data is processed using manual, IT, and telematic tools, with methods designed to ensure the security and confidentiality of the data itself.

G. RETENTION PERIOD

Without prejudice to legal provisions, your Personal Data will be retained for a period not exceeding what is necessary to achieve the purposes for which they were acquired and processed. In particular:

• If negotiations have taken place with you or a contractual relationship has been established, and with reference to the Data processed for this purpose, the Data will be deleted 5 years after the interruption of negotiations or 10 years after the termination of the contractual relationship to which you were a party, unless an act interrupting and/or suspending the limitation period has occurred, justifying the extension of the period.

• Data other than those mentioned above will be deleted 4 years after the last contact or your last interaction.

The above limits do not apply to Data:

• that the Controller may from time to time obtain from public sources or publicly accessible databases;

• that the Controller uses to assert or defend a right in court or to prevent fraud.

H. RIGHTS OF ACCESS, ERASURE, RESTRICTION, AND DATA PORTABILITY

Data subjects are granted the rights referred to in Articles 15 to 20 of the GDPR. By way of example, each data subject may:

• Obtain confirmation as to whether or not personal data concerning them is being processed.

• Where processing is ongoing, obtain access to the personal data and information relating to the processing, as well as request a copy of the personal data.

• Obtain the rectification of inaccurate personal data and the integration of incomplete personal data.

• Obtain, where one of the conditions provided for by Article 17 of the GDPR applies, the erasure of personal data concerning them.

• Obtain, in the cases provided for by Article 18 of the GDPR, the restriction of processing.

• Receive the personal data concerning them in a structured, commonly used, and machine-readable format and request their transmission to another controller, if technically feasible.

I. RIGHT TO OBJECT. RIGHT TO WITHDRAW CONSENT

Each data subject has the right:

• to object at any time to the processing of their personal data. In case of objection, the personal data will no longer be processed, unless there are legitimate grounds for processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

• to withdraw consent already given at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

L. RIGHT TO LODGE A COMPLAINT WITH THE GARANTE

Each data subject may lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) in the event that they believe their rights under the GDPR have been violated, according to the procedures indicated on the Garante's website, accessible at: www.garanteprivacy.it.

M. PROCESSING CARRIED OUT AS A RESULT OF WEBSITE ACCESS

In relation to Data acquired while you visit our websites without accessing the Restricted Section, we invite you to consult the specific information on the page COOKIE POLICY.

N. UPDATES TO THIS PRIVACY POLICY

The contents of this privacy policy may be subject to updates due to changes in the type of Data processed or in the methods and purposes of processing. Such changes will be communicated to you via email before the date on which they are expected to become operative and, if necessary, you may be asked via email to confirm the consent already given.