This
Privacy Policy aims to illustrate the means and purposes of the
processing of personal data carried out by Orthofix Srl, in its quality
of data controller (hereinafter the "Controller" or the "Company"), in connection and through the website http://web.orthofix.com/sites/Country/uk/Pages/Home.aspx (hereinafter the "Website").
Please
note that this Policy shall apply to anyone who navigates and/or uses
the Website, or otherwise interacts with the contents and services
accessible through the Website (hereinafter the "User").
The
processing of personal data of the Users will take place full
compliance with the applicable data protection legislation, including
the Regulation (EU) 2016/679 (the "GDPR").
1. REDIRECT TO OTHER WEBSITES
The
Website incorporates links which allow you to connect to other websites
run both by other companies of Orthofix Group and by third parties. The
Company assumes no responsibility regarding the processing of personal
data which may take place through and/or in connection with
third-parties' websites.
Therefore, each User who accesses such
web pages and/or social platforms through the Website must carefully
read the relevant privacy policies in order to better understand how
their personal data will be processed by the third parties which, as
autonomous controllers, will provide and manage such websites.
2. CATEGORIES OF PERSONAL DATA COLLECTED
A) Traffic data
The
computer systems and software procedures used to operate this Website
need to acquire, during their normal operation, some personal data whose
transmission is implicit in the use of Internet communication
protocols.
This category of data
includes: IP addresses, browser type, operating system, the domain name
and website addresses from which you are logged in or out, the
information on pages visited by User within the Website, the time of
access, time period of User's staying on a single page, the internal
path analysis and other parameters regarding the User's operating system
and computer environment.
This technical / IT data is collected
and used only in an aggregated and not immediately identifiable manner
and can be used to ascertain liabilities in case of hypothetical crimes
committed within or against the Website or upon competent authorities'
request.
B) Personal data provided directly from User
There
are few sections of the Website (e.g. "Request for information",
"Customer Service" and "Newsletter") which allow the collection only of
those personal data which the User will decide to share with the
Company. It remains understood that, in this case, the Controller must
collect the data provided by the User in order to fulfil the requests
received. Accordingly, if the User prefers that the Controller does not
collect his/her personal data, he or she is invited not to send any
request.
In any event, the Users will always be free, after
having read this Policy in order to understand in detail how and for
which purposes their personal data will be processed by the Company, to
share his/her own data by filling out the specific forms available on
the Website.
3. PURPOSES OF THE PROCESSING
The
Website has been designed with the main goal of providing information –
and therefore as an interactive window – regarding the activities,
products and services offered by the companies belonging to Orthofix
Group. This is the reason why, in most cases, the collection of the
User's personal data is not required.
In
any case, according to the principles set forth by the GDPR, the
Website is also set to minimize the collection of personal data, as well
as to exclude the processing of such data in all cases when the
purposes described hereunder can be achieved with different means and/or
by anonymous data.
Your personal data will be processed by the Company for the sole purposes of:
a) allowing an appropriate navigation on the Website;
b)
allowing the Users to better explore and get more information regarding
the activities, services and products offered by the Company and other
legal entities of Orthofix Group;
c) answering and fulfilling the Users' requests;
d) to run the recruitment process and collect the CVs delivered through the Website;
e) to comply with obligations provided for by applicable laws and/or requests or orders made by competent authorities;
f) delivering promotional newsletter regarding the products and services of the Company.
Should
the data be collected in the future also for purposes other than those
described above, it will be duty of the Company, on one hand, to provide
adequate information to the User relating to such new purposes in order
to enable transparency and user awareness and, on the other hand,
ensure that a valid legal basis (such as the User's consent) exists,
where needed, to undertake the relevant processing.
4. LEGAL BASIS OF THE PROCESSING
The
provision of personal data by the User - unless otherwise noted - is
optional, but it must be highlighted that in case of refusal to make
some data available to the Company, it could be impossible to fulfill
the User's request or provide certain specific services (such as the
newsletter).
The processing activities
listed from a) to e) above do not require the acquisition of the User's
consent, as they are based on different legal bases, i.e. the need to
perform and provide the services which have been directly requested by
the User and the need to ensure compliance with a legal obligation
applicable to the Controller.
On the contrary, the although
sending promotional newsletters requires the User's registration, the
Company will not be able to deliver this kind of communication in
absence of the User's prior specific consent.
5. METHODS OF THE PROCESSING AND DATA SECURITY
The
personal data are collected and processed lawfully and fairly, for the
above purposes and in accordance with the fundamental principles
established by the applicable legislation.
Processing
operations may take place both manually and electronically, or by
information technology tools, always under technical and organisational
measures that ensure the security and confidentiality of the data,
especially in view of reducing the risks of accidental or unlawful
destruction, loss, alteration, unauthorized disclosure of, or
unauthorized access to the personal data or, more generally, processing
that is not compliant with the purposes of the collection.
The
processing will be carried out under the authority of the Controller
only by those subjects who have been duly authorized to access and
process the data in accordance with the instructions provided for by the
Company and the applicable data protection laws and regulations.
On the contrary, the although sending promotional
newsletters requires the User's registration, the Company will not be
able to deliver this kind of communication in absence of the User's
prior specific consent.
6. COMMUNICATIONS TO THIRD PARTIES
The
personal data collected through the Website will not be shared or
communicated to third parties, unless upon specific consent of the User.
Should
the data be made available by the Company to third-party suppliers or
partners (such as service providers, mail carriers, hosting providers,
IT companies, communication agencies) in order to enable them to perform
specific services connected to or necessary for the fulfilment of the
purposes listed above, it will be responsibility of the Controller to
appoint such third parties as data processor by virtue of their
capacity, experience and reliability and to provide them with specific
instructions regarding the security of the data. The updated list of
appointed data processors can be accessed at any time by sending a
written request to the Company, as specified below.
It remains
understood the Users' personal data must be communicated to third
parties, such as public or judicial authorities, to comply with binding
orders and request, as well as with applicable legal provisions.
7. DATA RETENTION
Personal
data collected by the Website will be kept in a format that allows
User's identification for no longer than necessary to fulfill the
purposes for which the data have been originally collected and, in any
case, within the time limits set forth by applicable laws and
regulations, as well as to enforce or protect the rights of the
Controller (consistent with the retention periods and statutes of
limitations provided for by the law), where necessary.
When no longer necessary in accordance with the above, the data will be cancelled or anonymized.
It remains understood the Users' personal data must
be communicated to third parties, such as public or judicial
authorities, to comply with binding orders and request, as well as with
applicable legal provisions.
8. COOKIES (CROSS-REFERENCE)
To get more detailed
information regarding the installation and use of cookies by this Website,
please refer to the applicable Cookie Policy.
9. TRANSFER OF DATA ABROAD
Given
the international nature of the Controller's business activities, the
data will be transferred and so processed abroad, still for the sole
purposes described above, by the companies belonging to Orthofix Group
which are established both inside and outside the territory of the
European Union (mainly in the U.S.).
In all cases when the data
will be transferred to non-EU countries, the relevant transmission will
be subject to specific data protection guarantees, as required by the
law, e.g. through the adoption of Standard Model Clauses as approved by
the European Commission, or other equivalent safeguards.
10. DATA SUBJECTS' RIGHTS
The User can at any time exercise his/her rights, including:
a)
accessing his/her personal data, obtaining evidence of the purposes
pursued by the Controller, the categories of data involved, the
recipients to whom they may be disclosed, the applicable storage period,
the existence of automated decision-making processes;
b) having incorrect personal data referred to him/her rectified without delay;
c) having his data erased in the cases provided for by the law;
d) obtaining restrictions to processing, where possible;
e) requesting portability of the data provided to the Controller, i.e.
receiving them in a structured, commonly used and machine-readable
format, also for transmitting such data to another controller, without
any hindrance by the Company, in all situations where it is required by
the law in force;
f) lodge a complaint to the competent Supervisory Authority.
To exercise these rights, or for any further information and/or clarifications, please write to privacy@orthofix.it
11. DATA CONTROLLER
The
Data controller is Orthofix Srl, a company duly incorporated under the
Italian law, with registered office at Via Vittor Pisani 16, Milan
(Italy).
The Data controller may be contacted by writing to privacy@orthofix.it
12. POLICY UPDATING
The
Controller shall have the right to amend and/or integrate this Privacy
Policy over time in order to comply with new legal provision and/or
include new services. For this reason, each User is invited to
periodically visit this page.
Below is highlighted the date when the last version of this policy has been uploaded.
Last Update: May 25, 2018