Privacy policy

The Istituto Gentili S.r.l. (hereinafter the "Company"), as Data Controller, wishes to provide the following specific information relating to the management methods of the site (www.istitutogentili.com) with reference to the processing of personal data of users who visit it. This is the information provided pursuant to art. 13 of EU Regulation 2016/679 "GDPR" (hereinafter the "Privacy Policy")

This information does not extend to other websites that may be visited by the user through the use of the links on the Gentili Institute’s website. With respect to the sites that can be visited through the links, Istituto Gentili has no control and remains a third-party and extraneous to it, therefore the User / Interested party is required to verify the privacy policies / information of the sites which, on each different occasion, he accesses.

Data Controller

Istituto Gentili S.r.l. (VAT and Tax Code. 07921350968) with headquarters in via San Giuseppe Cottolengo n. 15, 20143, Milan, Italy, e-mail: privacy@istitutogentili.com

The Parent Company has appointed a Data Protection Officer (DPO) who can be contacted at the email address: dpo@medilanum-farma.com

Type of data processed

The types of data and information collected and processed by the Company are:

  • navigation data (collected automatically);
  • data provided by the user for the authentication in the "section for physicians" (username / email and password) in order to be authenticated through the "OneKey" system of IQUVIA. Failure to provide such data does not allow the submission of the request and, consequently, makes it impossible for the Company to receive requests for information and to respond to them;
  • data collected through the use of cookies, for which please refer to https://www.istitutogentili.com/it/cookie-policy/;
  • for reports relating to adverse events at phv@istitutogentili.com, please refer to the link https://www.istitutogentili.com/it/farmacovigilanza/

Navigation data

During their normal operation, the IT systems and software procedures used to operate the site acquire some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified interested parties but, by its very nature, it could allow the identification of users through processing and association with data held by third parties.

This category of data includes the IP addresses or domain names of the computers being used by users connecting to the website, and other parameters relating to the operating system and the user's computer environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and they are kept for the period strictly necessary for statistical analysis.

The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Use of cookies

The site uses cookies in accordance with the Cookie Policy adopted.

Purpose of the data processing

Personal data will be processed for the following purposes:

  • allow navigation and consultation within the site;
  • exercise of defence in case of abuse in the use of the site or attempted fraud;
  • internal controls, management control, certification, reporting to Group companies;
  • processing of individual requests.

Methods of data processing

The Data Controller adopts the appropriate security measures to prevent the destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed from occurring accidentally or unlawfully.

The data processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.

To achieve the purposes described here, the Data Controller will operate by means of specifically designated natural persons who operate under their own authority (persons in charge of / designated for the processing) and it may be necessary that you communicate your data to third parties who may belong to the following categories:

  • Associate companies, subsidiaries / parent companies, investee / investor companies;
  • physical and legal subjects involved in the organization of this Site (e.g. system administrators, supplier / maintainer; hosting provider, IT companies);
  • subjects to whom the communication is due because of legal obligations;

In turn, the subjects to whom your data are communicated will act as: a) Data controllers, i.e. self-determining the purposes and means of processing the collected Data; b) Data processors, i.e. those who process data on behalf of the Data Controller. The updated list of Managers can always be requested from the Data Controller.

Legal basis of the data processing

The Data Controller processes your data A) on the basis of the legitimate interest of the Data Controller in the regular operation of the site (regular navigation, defence in court, administrative and litigation management, relations with the Parent Company and associate companies); B) to execute pre-contractual measures adopted at the request of the User / Interested party.

Retention period

The storage of your data will therefore take place for the period strictly necessary to achieve the purposes for which they are requested with attention to the terms allowed and according to the principles of minimization of processing in compliance with contractual and legal obligations.

Place of the data processing

The data processing in question will take place in the European territory; however, the Data Controller reserves the right to transfer your personal data to a non-EEA country on the basis of the adequacy decisions of the European Commission or on the basis of the adequate guarantees provided by current legislation. Your data will not be disclosed.

Rights of the interested parties

At any time you will have the right to exercise the rights referred to in articles 15 and ss. of EU Regulation 2016/679, that is:

  1. to access personal data (art 15 GDPR);
  2. to obtain the correction (art 16 GDPR) or cancellation of personal data (art 17 GDPR) or the limitation of the data processing (art 18 GDPR) that concerns you;
  3. to oppose the processing (art 21 GDPR);
  4. to data portability (art 19 GDPR);
  5. to revoke consent, if provided, without prejudice to the lawfulness of the data processing based on the consent given before the revocation;
  6. to lodge a complaint with the supervisory authority (Guarantor for the Protection of Personal Data) (art 77 GDPR).

To exercise the aforementioned rights, make a report or receive information on how personal data is processed, requests can be made by writing, either to privacy@istitutogentili.com or to dpo@medilanum-farma.com

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by making available to Users the updated version on this site.

Last modification: 17.02.2020