PRIVACY POLICY

PRIVACY NOTICE FOR USERS OF PHDLIFESCIENCE.EU

This Privacy Notice has been written in accordance with Article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”). It tells users of this website how and why their personal data is collected and processed when they access the website.

Data Controller

The Controller for your data is Healthcare Network Partners Italy S.r.l., a private limited company with its registered address at Via Nazario Sauro 8, Bologna, Italy and VAT number 06671690482. You can contact the Data Controller by writing to info@hnpgroup.eu.

Purpose of the processing, legal bases and requirement to provide data

PURPOSE OF THE PROCESSING

LEGAL BASIS

REQUIREMENT TO PROVIDE DATA

A

Allowing users to browse the website. Browsing data such as IP addresses or computer domain names is collected only for the purposes of compiling anonymous statistics on how the website is used and checking that the site is working correctly.

The legal basis for processing is the legitimate interests of the Controller, namely allowing users to access the website and making navigation quick and easy.

For this purpose, user data is sent automatically to the Controller when you browse the website. You are free to withhold your data by not accessing the website, and this will have no negative consequences for you.

B

Answering questions and responding to requests sent by users, as well as contacting users who have provided their data via the web form.

The legal basis for processing is the legitimate interests of the Controller in responding promptly to users’ requests and providing information.

For this purpose, you are free not to provide your data, but in that case the Controller will not be able to respond to requests or contact you.

Data recipients

Users’ personal data may be processed by third parties acting as Data Controllers or acting on behalf of the Controller as Data Processors.

These data recipients include, for example:

• companies in the PHD Group;
• service providers (communications services, web hosting, etc.);
• companies working on the website;
• marketing companies.

You can request the complete list of data recipients by contacting the Controller. Users’ personal data will not be disclosed or published.

Data transfers outside the European Union

Users’ data may be sent to countries outside the European Union. If your data is transferred outside the EU, this will be done in one of the ways permitted by the applicable laws, for example by using Standard Contractual Clauses that have been approved by the European Commission or with other guarantees that ensure an adequate level of protection. For processing that involves cookies, please see the Cookie Notice.

How long your data is kept

The Controller will keep your personal data for no longer than is necessary to achieve the purposes of processing. More specifically, your data will be kept for the time required to perform the service you have requested. At the end of that period, the Controller will either erase the data permanently – by destroying it or using secure deletion methods – or store it in an anonymous form that does not allow you to be identified directly or indirectly.

Profiling

Under no circumstances will your data be used to obtain information about your behaviour or preferences, and you will never be subject to any decision based solely on the automated processing of your personal data. For processing that involves cookies, please see the Cookie Notice.

Users’ rights

As a user of this website, you have the following rights:

• Right of access: the right to find out from the Controller whether your personal data is being processed and, if so, to access your personal data, receive a copy of it and be given information about processing.
• Right to rectification: the right to have the Controller correct inaccurate personal data concerning you without undue delay and to have incomplete personal data completed, including by providing a supplementary statement.
• Right to erasure (right to be forgotten): the right to have the Controller erase your personal data without undue delay in any of the following situations:
• if your personal data is no longer necessary in relation to the purposes for which it was collected or processed;
• if you object to the processing, and there are no overriding legitimate grounds to continue this processing;
• if your personal data has been processed unlawfully;
• if your personal data has to be erased for the Controller to meet a legal obligation.
• Right to restrict processing: the right to have the Data Controller restrict processing in any of the following situations:
• if you contest the accuracy of your personal data, for a period enabling the Controller to verify the accuracy of the data;
• if your data has been processed unlawfully and you do not wish it to be erased but request the restriction of its use instead;
• if the Controller no longer needs the personal data for the purposes of the processing, but you need to keep it to establish, exercise or defend a legal claim;
• if you have objected to the processing, pending verification of whether the Controller’s legitimate grounds override yours as the data subject.
• Right to data portability: the right to receive the personal data that you have provided to the Controller in a structured, commonly used and machine-readable format and to transmit that data to another data controller, if the processing is based on consent or performance of contract and the processing is carried out by automated means.
• Right to object: the right to object to processing for the performance of a task carried out in the public interest or in the exercise of official authority, or for the legitimate interests pursued by the Data Controller or by a third party, as well as the right to object to processing of your personal data for direct marketing purposes, including profiling that is related to direct marketing.
• Right not to be subject to a decision based solely on automated processing, including profiling, that has a legal or similarly significant effect on you.

Users can exercise their rights by sending a request by email to the Controller (info@hnpgroup.eu). The Controller will reply as soon as possible and, in any case, within 30 days of the request.

Complaints

If you wish to complain about how your personal data is processed by the Controller or how a complaint you made has been handled, you have the right to lodge a complaint directly with a supervisory authority as indicated on the website of the Italian Data Protection Authority (www.garanteprivacy.it) or the data protection authority for your country.

Updates

This notice is updated periodically. The current version is dated 3 July 2023.