PRIVACY NOTICE

Under Article 13 of Regulation (EU) 2016/679 on the protection of individuals regarding the processing of personal data (hereinafter "GDPR")

This is a privacy notice provided by Chiesi Pharmaceuticals Gmbh ("Chiesi"), in accordance with the provisions of European Regulation No. 679/2016 (hereinafter "GDPR"), to inform you that your Personal Data or otherwise Personal Data provided by you will be processed by Chiesi as data controller, in full compliance with applicable law.

The "Privacy Notice for Healthcare Professionals" (in German language) can be found here.

“Personal Data” is information of any kind, including electronic information, that allows a person to be identified individually or in combination with other information.

With "Processing of Personal Data" we mean, pursuant to Article 4(2) of the GDPR, any operation or set of operations, carried out with or without the help of automated processes and applied to personal data, such as collecting, recording, organizing, storing, adapting or modifying, extracting, consulting, using and disseminating them.

"User" means is the company, the authorized person or individual using the services provided by the website www.chiesi.at (hereinafter the “Website”).

This notice describes the following aspects:

(1)     HOW WE COLLECT AND USE YOUR PERSONAL DATA

(2)     HOW WE SHARE YOUR PERSONAL DATA

(3)     RETENTION PERIOD OF YOUR PERSONAL DATA

(4)     USER RIGHTS

(5)     UPDATES TO THIS NOTICE

(1) HOW WE COLLECT AND USE YOUR PERSONAL DATA

PROCESSING SCENARIOS & PURPOSES:

Technical and analytical purpose: we may process technical or usage data that may indirectly reveal your identity to guarantee a reliable user experience on the Website. Such data is automatically collected during the normal functioning of every website and are processed for technical purposes (including troubleshooting, testing, system maintenance, support, and reporting) or for statistical and analytical ones to improve the user experience on the Website.

For the latter, such data are usually processed in an aggregated and non-identifiable form to pursue statistical purposes. For example, usage data may be used to measure the engagement rate, or the time spent on a certain section or feature of the Website.

“Contact”: in this section, you will find our contact details to submit your request and get in touch with us. For example, you will be able to send a general inquiry on one of our products or contact our office.  The relevant team will receive and process your request in compliance with the purpose limitation and the data minimization principles. Your data will be retained only for the time necessary to get back to you with a response.

Please note that you may find a dedicated notice under certain contact forms, with specific information regarding the nature of requests and related personal data processing.

“Working at Chiesi”: in this section, you will have the chance to explore how it is to work for Chiesi, learn about our culture, and see the available job opportunities. We may process your Personal Data if you want to apply for a job at Chiesi or register to our career portal. You will find more information and the dedicated privacy notice for candidates during the application process.

Social media and third-party links: our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Pharmacovigilance: the Website has a section dedicated to Pharmacovigilance, where you can report any adverse reactions or safety issues with our products. More information is in the relevant section of the Website.

CATEGORIES OF PERSONAL DATA:

Technical data: including the IP address, type of browser and version, time zone and location based on the IP address, general information on the hardware and the operating system of the device used to browse the Website. Such data are used for technical and statistical purposes only, as detailed above.

Usage data: including information on how you use the Website. For example, the time spent on certain sections.

Identification data: if you decide to register on our career portal and apply for a job at Chiesi, submit a request through the Contact section of the Website, or report a safety issue with a Chiesi product by contacting the Pharmacovigilance service. There can be a dedicated privacy notice for some contact forms where you can find more information on how we process your Personal Data within those services.

Unless otherwise specified in dedicated notices of each section, the processing of so-called special data as defined by art. 9 of the GDPR (such as data relating to health) or data relating to minors is expressly excluded. These categories of data, if shared by the User, will be immediately deleted. Your Personal Data is essential and mandatory to access the Website. If you provide incomplete or incorrect data, you may not be able to access the Website.

LEGAL BASIS OF THE PROCESSING:

Performance of contractual obligations: with the User who accesses and uses the Website and its services.

Consent: provided by the User by sending an inquiry through one of our contact channels (see “Contact” section). 

Legitimate interest: to ensure the security of the Website and prevent online frauds.

Legal obligation: to comply with applicable laws and regulations, to address requests from the authorities, or to manage reports of adverse events received through the Pharmacovigilance contact channels.

Your Personal Data will also be processed and stored should Chiesi need to protect its interests and carry out its defensive rights in legal proceedings.

(2) HOW WE SHARE YOUR PERSONAL DATA

Chiesi may share your Personal Data with other companies, organizations and individuals, if any of the following circumstances occur:

• We may share your Personal Data to companies forming part of Chiesi Group (including non-EEA countries).
• Sharing with your express consent: after obtaining your consent, we may share your Personal Data with certain third parties or categories of third parties.
• Sharing in accordance with laws and regulations: we may share information required under applicable laws and regulations to handle legal disputes or requests by administrative or judicial authorities.
• Sharing with service providers: we may also disclose your Personal Data to companies that provide services to us or on our behalf.

In the latter case, Chiesi will ensure the legitimacy of such sharing and will sign data processing agreements and / or clauses with the companies, organizations and individuals with whom your Personal Data will be shared, requiring them to comply with this notice and take appropriate security measures.

How We Protect Your Personal Data

Chiesi places extreme importance on the security of your Personal Data and has taken appropriate security measures to safeguard your Personal Data against unauthorized access, disclosure or loss.

For this purpose, Chiesi takes the following steps:

• We take reasonable steps to ensure that the Personal Data collected is as minimal and relevant as necessary in relation to the purposes for which it is processed. We retain your Personal Data for no longer than is necessary for the purposes set out in this notice, unless an extension of the retention period is required or permitted by law.
• We use a range of technologies to ensure the confidentiality of data during transmission. We use trusted protection mechanisms to protect data and data storage servers from attack.
• We rigorously select business partners and service providers and require them to comply with our Personal Data protection requirements through specific provisions in business agreements with such business partners and service providers. In addition, we perform audits and other assessment activities to verify compliance with the requirements.
• We conduct privacy and security protection training, testing, and informational activities to increase awareness of Personal Data protection among employees and contractors.

(3) RETENTION PERIOD OF YOUR PERSONAL DATA

Your Personal Data referred to in section (1) of this notice is stored on the servers of Chiesi or the servers of the suppliers (specifically appointed as data processors) based in the European Union.

We retain your Personal Data for a limited time in accordance with the purposes indicated in this Privacy Notice.

Technical, usage data, and cookies: the data processing is strictly limited to the browsing session of the User on the Website. Please also refer to the Cookie Policy for more specific information regarding cookies and similar technologies.

Career portal: please refer to the dedicated privacy notice of the "Job opportunities" section.

Inquiries sent through the “Contact” section: the time necessary to process your request and provide feedback. For more information, please read the dedicated notice of each contact form.

Pharmacovigilance: as long as the product is authorized for sale and ten years from the expiry or revocation of the marketing authorization in the last country of marketing of the product, except for any defensive needs of the marketing authorization holder. For further information, we kindly invite you to consult the dedicated notice available in the relevant section of the Site.

Your Personal Data will be processed for the time set out above or for a shorter period if you decide to exercise one of the rights listed in the "USER RIGHTS" section below. 

(4) USERS RIGHTS

Access, rectification, cancellation, data portability, restriction of processing, objection to processing and revocation of consent.

You have the right to access, modify, oppose and / or limit the processing of your data, as well as request their cancellation or portability to other parties and revoke your consent.

The Data Controller for the processing activities listed here is: Chiesi Pharmaceuticals GmbH, Gonzagagasse 16/16 | 1010 Vienna, Austria. We invite you to contact us in any form, including via dataprotection.cee(at)chiesi.com to obtain additional information and require the enforcement of your rights.

If you believe that Chiesi is not processing your Personal Data in accordance with this notice or applicable law, you may exercise your rights by lodging a complaint with a Data Protection Authority.

(5) UPDATES TO THIS NOTICE

This notice may be updated from time to time. Any update to this notice will become effective at the time of its publication on the Website.