Information pursuant to the European Data Protection Regulation No.2016/679
In accordance with the provisions of Articles 12, 13 and 14 of General Data Protection Regulation (EU) 2016/679 (hereinafter also GDPR), the text below indicates the methods we adopt in respecting the privacy of users to this web site, describing how we collect, use and protect personal information, the rights granted to them and the ways in which it is possible to contact us.
The Data controller is Cosmo Pharmaceuticals N.V. with headquarter in Riverside II – Sir John Rogerson’s Quay Dublin 2, Ireland.
The Data Controller informs that the processing of personal data collected directly from the website https://www.cosmopharma.com/, also through the dedicated contact form, is aimed at:
- manage specific requests forwarded by the user (request for information and/or clarification, for informative material, to get in touch with Cosmo Group, as well as to access specific chosen services);
- Subscribe to the newsletter that allows you to receive news, updates, informative communications or press.
Whereas the collection of personal data through the job application form is aimed at:
- Allowing the submission of a job application for open positions indicated on the site (this may result in the candidate being contacted later, using the contact information provided, to further the information provided and/or receive additional information).
The completion of forms, and/or the sending of data by e-mail to the addresses indicated in the various areas of the site, as well as to any e-mail address of the Data Controller, for the aforementioned purposes, may entail the subsequent acquisition of the sender’s e-mail address, as well as any further personal data through subsequent communications.
Such processing of personal data is based on the principle expressed in Art. 6 of the Regulations, according to which processing is lawful if it is necessary for the performance of a contract to which the data subject is a party, of pre-contractual measures, as well as for the performance of the service requested by the data subject.
Regarding the processing of the aforementioned data for marketing activities, the processing is lawful as it is carried out following your specific and explicit consent, which you are free to give or not and which can be revoked at any time, either by clicking on the “unsubscribe link” in our emails or by sending an email to email@example.com.
The provision of the aforementioned data is optional in nature, however, it is necessary in order to satisfy the request of the data subject: without such data from you, in fact, it is not possible to follow up on requests, as well as to initiate business or commercial relationships.
The same data indicated above may also be collected by the Data Controller through the email addresses made available to users via the website.
Typologies of personal data collected
It involves information that is not collected to be associated with identified data subjects but which, by its very nature, could allow users to be identified through processing and association also with data held by third parties. This category of data includes IP addresses or the domain names of the computers used, URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the requests, the methods used in submitting requests to the server, the size of the files obtained in response, the numerical codes indicating the statuses of the responses given by the server (successful, error, etc.) and other parameters relating to the users’ Operating System and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.
Methods of processing
The processing of personal data means their collection, recording, organization, storage, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, diffusion, deletion and destruction, or the combination of two or more of these operations, including by means of automated tools designed to store, manage and transmit the data.
As far as security is concerned, we inform that the database is accessible only by personnel authorized to process data on behalf of the Data Controller or by external personnel in charge and appointed, and that the processing of the data of the data subject will be carried out by means and instruments suitable to guarantee their confidentiality and may be carried out through electronic or automated means and through non-automated means (paper archives), both provided with adequate security measures, as provided for in the EU Regulation 2016/679 on the Protection of Personal Data, to prevent data loss, illicit or incorrect use and unauthorized access. In addition, data will be processed only for the time strictly necessary to achieve the purposes for which it was collected.
Through the website, it is possible to directly access its social channels, in order to allow the sharing of content and/or news present. Any processing, necessary to access and use the social platform, remains the sole responsibility of the social network itself used.
Data transfer outside the EU
No personal data collected at this site will be subject to transfer outside the European Union. However, Cosmo Group is composed of companies with offices located throughout Europe and in Switzerland and it may transfer some data.
It should be noted that the transfer of personal data to non-EU countries is permitted only in cases where:
- the State of the recipient company of the data is considered adequate by the EU Commission;
- there is a subscription with the recipient company of a standard contractual clauses for the transfer of data outside the EU, as defined by the European Commission, in order to ensure a safe and lawful transfer and subsequent processing of data outside the EU.
Communication to third parties
The Data Controller will communicate the personal data provided by users only to internal subjects, formally appointed as authorized to process personal data, and to external suppliers selected to support the requested service, also appropriately appointed as Data Processors, such as:
- Individuals who provide IT services to the Data Controller, such as companies that perform maintenance and technical support activities for the information systems, databases, telecommunications networks, and the website.
- Consultants and collaborators;
- Marketing companies;
- Consulting firm;
- Personnel recruitment and selection companies;
- Companies of the group Cosmo;
- Additional parties to whom the communication of your data is necessary or in any case is functional for the performance of the activity envisaged by the pre-contractual or contractual relationship;
- Competent authorities, judicial authorities and/or other public bodies, should they request it or should the need or obligation to do so exist.
Any information collected through the website will be disclosed.
The personal data provided when submitting a request to the dedicated email addresses or through this website will be kept by the Data Controller for the duration necessary to fulfill your request.
In the case of a request to subscribe to our newsletter, your personal and contact data will be processed until you request to unsubscribe from the service (or revoke your consent) and for a maximum period of two years.
Instead, the data collected from candidates who apply for a job position will be kept for a maximum of one year from the time of receipt of the same.
Data subject’s rights
Pursuant to EU Regulation 679/2016, the following are recognized and guaranteed to the data subject: the right to ask the Data Controller for access to personal data (Art. 15), rectification (Art. 16), erasure or to be forgotten (Art. 17), restriction of the processing of personal data concerning him/her (Art. 18), the right to data portability (Art. 20) or to object to the processing of data (Art. 21), as well as the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects him or her (Art. 22). Where the processing of personal data is based on the express consent provided, pursuant to Article 7 paragraph 3 of the Regulation, the possibility of withdrawing consent is recognized at any time.
Requests may be exercised against the Data Controller by the following means:
- by registered mail to the Controller’s address: Riverside II – Sir John Rogerson’s Quay Dublin 2, Ireland.
- by writing to the e-mail address: firstname.lastname@example.org
Likewise, it is recognized that the data subject has the right to lodge a complaint with the supervisory authority in charge (art. 77 of the Regulation) if he/she considers that the processing carried out by the Controller is not compliant.
Data protection officer
The Data Controller has appointed a Data Protection Officer (DPO), conferring a mandate to the company Getsolution di Paola Generali. The DPO can be contacted at the e-mail address: email@example.com.