Cookie disclosure – Website users

 Who are we and what do we do with your personal data?

As Data Controller (hereinafter also referred to as the “Controller”), Kedrion S.p.a. protects the confidentiality of your personal data and guarantees its protection from any event that may put it at risk of violation.

To this end, the Controller implements policies and practices regarding the collection and use of personal data and the exercise of the rights assigned to you under applicable legislation. The Controller updates the policies and practices applied for the protection of personal data each time this becomes necessary and in any case any time legislative or organisational changes take place, which may affect the processing of your personal data.

The Controller has appointed a Data Protection Officer (DPO), whom you may contact if you have any questions about the policies and practices adopted. The Data Protection Officer can be contacted at:

[email protected]

How does Kedrion S.p.a. collect and process your data?

The Controller collects and/or receives information about you, such as IP address and cookies released through browsing the www.kedrion.com website. This is used by the Controller to manage the website and collect aggregated information. Your personal data is mainly disclosed to third parties and/or addressees whose activities are necessary in order to fulfil the activities relating to said purposes, and also to comply with certain legal obligations or requirements laid down for the control and supervision of working activities. Any communication for different purposes will be subject to your consent.

Your personal data will not be in any way disseminated or disclosed to unidentified entities.

What cookies are and why they may be used

A “cookie” is a small text file generated by some websites on the user’s computer when he/she accesses a certain website, with the aim of storing and conveying information. The cookies are sent by a web server (which is the computer on which the website visited is being run) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and saved to the latter’s computer; they are therefore sent back to the website at a next visit.

Some operations would not be possible without the use of cookies, which, in some cases, are therefore technically necessary. In other cases, the website uses cookies to facilitate and simplify browsing by the user or allow the user to benefit from services that have been specifically requested.

Cookies can also remain on the system for long periods of time and can also contain a unique identification code. This allows the websites using them to keep track of user browsing within the website, for statistical or advertising purposes, to create a personalised profile of the user starting from the pages he/she visited and show and/or send him/her specifically-targeted advertising (referred to as “behavioural advertising”).

Which cookies are used and for what main purposes

This website uses different types of technical cookies, but it does not use profiling cookies.

The Controller hereto provides information on the specific categories of cookies used, the purpose for such and the consequences of disabling them:

COOKIE TYPE  

PURPOSE

 

STORAGE TIME

CONSEQUENCE IN THE EVENT OF DISABLING
 

Technical cookies

 

Website management. These allow for the working and secure, efficient use of the website

 

Valid for the browsing session

These cookies are necessary to use the website, blocking them makes it impossible for it to work
 

Function cookies

Facilitating browsing and the service provided to the user according to a series of criteria selected by the latter  

Valid for the browsing session

It would not be possible to maintain the choices made by users during browsing
 

Analytics cookies

Collect information in aggregated form on user browsing, to optimise the browsing experience and services offered.  

Established by the third party

It would no longer be possible for the Controller to acquire the aggregated information

Third party cookies

Third party cookies also operate on this website. These are cookies created by a website other than that currently being visited by the user.

The Data Controller is required to provide an updated link to the disclosures and consent forms of the third parties with which specific agreements have been stipulated for the installation of cookies through its website.

More specifically, users should please note that the website uses the following services that release cookies:

– the “Google Analytics” web analysis service supplied by Google, Inc. Google Analytics is a web analysis service that uses cookies that are downloaded to the user’s computer to allow the website visited to analyse how users use it. The information generated by the cookie on the use of the website visited by the user (including the IP address) is transmitted to Google and deposited with the Google servers in the United States of America. Google will use this information in order to track and examine the user’s use of the website, to fill in reports on website activity for the website operators and to provide other services connected with the website activity and internet use. To read the privacy disclosure of the company Google on the Google Analytics service and to give or refuse your consent to the use of said cookies, please refer to the website http://www.google.com/intl/en/analytics/privacyoverview.html, and click on the following link: Privacy Policy. If you wish to disable these cookies, please click on the following link: Opt Out.

Social buttons

The website www.kedrion.com also features special “buttons” (called “social buttons/widgets”), showing the icons of social networks (e.g. linkedin). These buttons allow users browsing websites to interact by clicking directly with those social networks. In this case, the social networks acquire the data relating to the user’s visit, whilst the Controller will not share any browsing information or data of the user acquired through its website with the social networks that can be accessed thanks to the social buttons/widgets.

Disabling and enabling of cookies

By accessing the website and continuing past the initial banner containing the brief information, the user has given specific consent to the use of third party cookies as described above.

Individual cookies can be enabled/disabled freely via the browser (accessing the settings menu, clicking on internet options, opening the privacy tab and choosing the desired level of cookie blockage). For more information, visit the following links: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Windows Explorer.

The “Do Not Track” option is also available in most latest-generation browsers.

Third party cookies can be disabled by reading the third party privacy policy, using the above link or contacting the third party directly. The disabling of third party cookies in no way compromises browsing.

Secondary purposes:

  1. communication to third parties and addressees

Your personal data is processed according to the contract and the ensuing legal and/or regulatory and/or other obligations.

Your data will not be disclosed to any third parties/addressees for their own autonomous purposes, unless:

  1. you should authorise this;
  2. this should be necessary in order to fulfil obligations arising from the contract and provisions of law governing it (e.g. to protect your rights, );

The personal data processed by the Controller to this end includes:

o IP address and cookies released through browsing

2. IT security

Both directly and through its suppliers (third parties and/or addressees), the Controller processes your personal, computer (e.g. logical accesses) or traffic data collected or obtained in the case of services offered on the website, as strictly necessary and proportional to guarantee the security and capacity of a network or servers connected with it to withstand, at a given security level, unforeseen events or unlawful or wilful acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.

To this end, the Controller shall envisage procedures to handle personal data breaches.

What happens if you do not supply your data?

Please note the consequences deriving from disabling individual cookies, as shown in the table above.

How

Data is processed using computerised procedures by internal subjects who are specifically authorised and trained to this end. They are granted access to your personal data to the extent and within the limits that this is necessary in order to perform the relevant processing. Your data is processed separately from the other data including by means of pseudonymisation or aggregation techniques that make it difficult to identify you.

The Controller regularly checks the tools used to process your data and the security measures envisaged for them, which it also ensures are kept constantly up-to-date; it verifies, both directly and through the authorised processors, that no personal data is collected, processed, stored or kept of which processing is not necessary; it further verifies that data is kept with a guarantee of integrity and authenticity and that it is only used for the actual processing purposes.

Where

Data is kept in computerised and telematic archives held within the European Economic Area.

How long

Please read about the storage terms of personal data, as indicated in the table above.

What are your rights?

In short, you, at any time and free of charge, at no cost and with no particular formalities for your request, you can:

  • obtain confirmation of the processing performed by the Controller;
  • access your personal data and know their origin (when the data is not obtained from you directly), the purposes and aims of the processing, the data of the subjects to which it will be disclosed, the time for which your data will be kept or the criteria useful to determining this;
  • update or rectify your personal data so as to ensure that it is always exact and accurate;
  • erase your personal data from back-up and other databases and/or archives of the Controller if, amongst other situations, it is no longer necessary for the purpose of the processing or if this is assumed to be unlawful and as long as the legal conditions are met; and in any case if processing is not justified by another equally legitimate reason;
  • limit the processing of your personal data in some circumstances, for example where you have challenged its exactness, for the period necessary to the Controller to verify its accuracy. You must be informed, in time, also of when the suspension period has expired or the cause for the limitation to processing ceased applying and, therefore, said limitation has been revoked;
  • obtain your personal data, if received or processed by the Controller with your consent and/or if its processing takes place in accordance with a contract and using automated tools, in electronic format, also so as to send it to another data

The Controller must proceed in this sense without delay and in any case at the latest within a month of receiving your request. The terms may be extended by two months, if necessary, considering the complexity and number of requests received by the Controller. In these cases, the Controller shall, within a month of your request, inform you and make you aware of the reasons for the extension.

For any further information and in any case to send your request, please contact the Controller at [email protected].

How and when can you object to the processing of your personal data?

 For reasons relating to your specific situation, you may object at any time to the processing of your personal data if your objection is based on a legitimate interest, sending any such request to the Controller at [email protected].

You are entitled to have your personal data erased if there is no legitimate reason that prevails over the reason that gave rise to your request.

To whom should you submit a complaint? 

Without prejudice to any other administrative or legal action, you may submit a complaint to the competent control authority or to the one carrying out its duties and exercising its powers in Italy where you have your normal place of residence or where you work, if different from the Member State where the violation of Regulation (EU) 2016/679 took place.

You will be informed of any update to this disclosure promptly using appropriate means. You will also be informed if the Controller should follow up on the processing of your data for purposes over and above those pursuant to this disclosure before proceeding with this and sufficiently ahead of time as to allow you to give your consent, where necessary.