Pursuant to art. 13 of the European Regulation 679/2016 relating to the protection of personal data, as well as the free movement of such data (the “ Regulation ” GDPR “ ”, we inform you that the Data Controller communicated by the user or otherwise obtained due to the use of the website https://www.checkmab.eu/en/homepage/ and related subdomains ( the “ Site ” ) is CheckmAb S.r.l. (below “ Company ” or “ Owner ”), with registered office in Milan, Viale Luigi Majno n. 26, 20129, contactable at the e-mail address email@example.com. The Company has appointed a Data Protection Officer (the “ DPO ” ), as data protection officer, who can be contacted at the e-mail address: firstname.lastname@example.org.
The presence of the information in the footer of the page ensures the user to be on the Company page.
1. Types of data processed
- Navigation data
The IT systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols or is used to improve the quality of the service offered. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and associations, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users who connect to the Site, addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (good end, error, etc.) and other parameters relating to the user’s operating system and IT environment.
These data are used in order to obtain anonymous statistical information on the use of the Site and to check the correct functioning of the IT systems. The data could also be used to ascertain responsibility in the event of hypothetical computer crimes or in the event that damage occurs to the Company or to third parties.
- Data provided voluntarily by the user concerned
Users are not required to provide personal data to visit the Site. However, contacts between users and the Company, by filling in the contact forms, in the section “ CONTACTS ”, sending e-mails, messages or any type of communication to the addresses indicated on the Site, entail the consequent acquisition of common personal data, such as, by way of example, name, surname, e-mail, as well as any other personal data that will be provided by the user spontaneously by interacting with the Company through the Site. Therefore, if the user wishes to avoid the processing of their data by the Company, he is invited not to forward any request or, at least, to provide the least possible number of personal data.
2. Purpose and legal basis of the treatment
Personal data may be collected and processed for the following purposes:
a) to manage user requests for information;
b) fulfill the legal obligations to which the Company is subject;
c) for the correct management and fulfillment of the pre-contractual measures you have requested and / or the contracts you have entered into with our Company in relation to the services and/or products offered by the Owner;
d) for the protection of the Company’s rights, in the event of any legal disputes;
e) for the prevention and repression of illegal acts.
In relation to the purposes referred to in points a), b) and c) above, the provision of personal data is necessary and does not require your consent. Moreover, the processing of data for the purposes referred to in points a) and c) is necessary for the execution of a contract of which the interested party is a part or of pre-contractual measures adopted at the request of the same, pursuant to art. 6, par. 1, lett. b), of the GDPR, and the processing of data for the purposes referred to in point b) is necessary for the fulfillment of legal obligations to which the Data Controller is subject, pursuant to art. 6, par. 1, lett. c) of the GDPR. Any refusal to provide data may determine the impossibility for the Company to comply with the requested service, to fulfill legal obligations and to fulfill and respond to your requests. Providing personal data through the contact forms on the Site is not a legal or contractual requirement; however, the provision of data is necessary to respond to your request.
In relation to the purposes referred to in points d) and e) above, the provision of personal data is necessary and does not require your consent. In particular, the processing is necessary for the pursuit of a legitimate interest of the Owner, pursuant to art. 6, par. 1, lett. f ) of the GDPR.
3. Treatment mode
As part of the Company’s organizational structure, personal data will be processed by persons authorized to process who act under the authority of the Data Controller, adequately instructed by the Data Controller himself, mainly with electronic systems in accordance with the principles applicable to the processing of personal data pursuant to art. 5 of the Regulation.
4. Data retention periods and criteria used to determine these periods
Your data will be kept for the period necessary to fulfill legal obligations.
The data retention period depends on the purposes for which they are processed and therefore may vary. The criteria used to determine the applicable retention period are as follows: the retention of the personal data subject to this information will take place for the time necessary (i) to manage the contractual relationship with the user, (ii) to manage complaints or specific user requests, (iii) to assert rights in court as well as (iv) for the time required by applicable law.
5. Communication, dissemination and transfer of data
Personal data will not be disclosed and may be communicated to the competent authorities or to public or private bodies for the fulfillment of obligations established by law.
The personal data collected may be processed by third party suppliers, as data processors in relation to the services provided on behalf of the Company on the basis of specific contractual agreements, possibly for occasional maintenance operations and as far as necessary to perform services under specific requests.
Your personal data will not be transferred outside the European Union and / or the European Economic Area (“SEE ”).
6. Rights of the interested party
The user, as an interested party, may exercise the following rights, in relation to the processing of personal data – described above –, pursuant to articles. 15 to 22 and 77 of the GDPR:
- Right of access: to know which data is processed and all information relating to the processing.
- Right of rectification: to be able to request the modification of data because they are incorrect or obsolete.
- Right to portability: to obtain a copy of the data that is processed, in a structured format, commonly used and readable by an automatic device, in order to facilitate a possible transfer of data to another data controller, other than the Company.
- Right to limit the processing: in order to limit the processing of your data, provided that one of the hypotheses provided for by the applicable regulations occurs.
- Right to erasure: request data erasure.
- Right to object: request the cessation of data processing.
- Right to lodge a complaint with the supervisory authority: to promote any reports, or complaints to the Guarantor for the protection of personal data.
The exercise of these rights can be carried out, by contacting the Company, through postal, electronic means or any additional communication tools chosen by the interested party, using the contacts indicated above and attaching the necessary documents to the request (e.g. a copy of the identity document ) to identify the interested party, entitled to promote the request.