1. Data Controller
Aesculapius Farmaceutici S.r.l. headquartered in Via Cefalonia, 70 – 25124 Brescia – P.IVA 02845800172 – C.F. 00826170334, hereinafter referred to as “Data Controller”, guarantees compliance with the regulations on the protection of personal data by providing the following information about the processing of data communicated or otherwise collected while browsing this website in accordance with Article 13 of EU Regulation 2016/679 (General Data Protection Regulation – GDPR) and its subsequent amendments.

2. Processed Data, purposes, and legal basis of the processing
2.1. Data generated by accessing the site.
During their customary use, the computer systems and software procedures that enable the functioning of the website automatically acquire a certain amount of data, the transmission of which is implicit in the use of Internet communication protocols.
The data collected may include the following:

• Domain names;
• Internet Protocol (IP) addresses;
• Operating System used;
• The type of browser, along with the parameters of the device used to connect to the website;
• The name of the Internet Service Provider (ISP);
• The date and time of the visit;
• The web page of origin of the visitor (referral) and exit web page;
• The number of clicks.

The aforementioned data are processed automatically and collected in a purely aggregate form for the purpose of ensuring the proper functioning of the website and for security purposes.
The legal basis that legitimizes this processing is the legitimate interest of the Data Controller.

2.2 Data collected for security purposes.
For security purposes (anti-spam filters, firewalls, virus detection), the data that has been automatically collected may also potentially include personal data, such as the IP address, which could be used, in accordance with current applicable laws, for the purpose of impeding attempts to damage this site or cause harm to other users, or otherwise harmful or criminal activities. Said data are never used to identify or profile the user, but solely for the purpose of protecting the site and its users.
The legal basis that legitimizes this processing is the legitimate interest of the Data Controller.

2.3 Data provided voluntarily by the user.
Consulting the website does not require the user to provide any personal data. However, the optional, explicit, and voluntary sending of electronic mail to the addresses on this website, as well as the entry of their personal data in the form found in the “Contacts” section, involves the subsequent acquisition of the sender’s address and the data entered by the user, which is needed to respond to requests. We urge users not to provide their own personal data, or personal data of third parties, that are not strictly necessary when requesting services or sending their queries.
The personal data supplied by the user through said form are collected and processed for the following purposes:

1. to conduct customer relations activities in accordance with contractual agreements and/or pre-contractual negotiations;
2. for administrative purposes;
3. to comply with any requests from judicial authorities;
4. in the case of a curriculum vitae submission, exclusively for selection purposes.

The legal basis for the processing is the execution of a contract to which the Data Subject is a party, the execution of pre-contractual actions taken at the Data Subject’s request, or a legal obligation. In the cases expressly stated, the legal basis is the consent freely given by the Data Subject.

3. Nature of Data submission
Apart from what is specified with regard to browsing data, the submission of data regarding the purposes set out in point 2.3 (a), (b), (c), (d) is optional, but any refusal will make it impossible for the Data Controller to carry out any pre-contractual and contractual commitments undertaken.

4. Location and data processing methods and data retention time
The data collected through the site are processed in the Data Controller’s headquarters.
The data collected shall be processed using electronic or otherwise automated, computerized and telematic means, or processed through manual means with methods strictly relating to the purposes for which the personal data were collected and in a way that guarantees the security of the data under any and all circumstances.
The data shall be retained solely for the period of time strictly required to fulfill the purposes for which they are being processes (“Storage limitation principle”:, art. 5 of EU Regulation 2016/679) or in compliance with the deadlines provided by current regulations and legal obligations.
However, the Controller has implemented rules that prevent data from being stored indefinitely, thus limiting the amount of time for which it is retained in accordance with the minimization principle of data processing.

5. Persons authorized to process data, Data Processors, and data submission
The processing of the data collected is carried out by internal staff of the Data Controller that has been specifically appointed and authorized to process said data in accordance with specific instructions issued in compliance with current regulations.
The data collected, insofar as they are relevant to the stated purposes of the processing and where necessary or instrumental for the fulfillment of those purposes, may be processed by third parties appointed as external Data Processors, or, as applicable, disclosed to the same as autonomous Controllers, namely:

• individuals, companies, associations or firms that provide support and consulting services to our Company, for the purposes laid out in point 2.3 (b);
• companies, entities, and associations that carry out services connected and instrumental to the fulfillment of the aforementioned purposes (e.g., IT systems maintenance).

In the event of a legitimate request by Judicial Authorities, the data collected may be disclosed, only as required by law.
Your data will not be disseminated in any way under any circumstances or for any reason.
The existing Data Processors and those Appointed are promptly identified in the Privacy Document, which is updated periodically.

6. Data transfer to countries outside the EU
The data collected may also be transferred abroad, even outside the European Union in the manner and form prescribed by current regulations, ensuring in all cases an adequate level of protection.
This website may share some of the collected date with services located outside the European Union. Namely, the Google Analytics service. The data transfer is authorized on the basis of specific decisions by the European Union and the Italian Data Protection Authority, specifically the decision 1250/2016 (Privacy Shield –  here you will find the page containing the relevant information by the Italian Data Protection Authority), for which no further consent is required. The aforementioned company (Google) guarantees that it adheres to the Privacy Shield.

7. Rights of the data subject
The data subject always has the right to request from the Data Controller what data it possesses, the rectification or erasure of said data, the restriction of processing or the possibility to object to processing, to request data portability, to withdraw consent to processing by asserting these and other rights under EU Regulation 2016/679 (General Data Protection Regulation – GDPR) by sending an e-mail to the following address: info@aesculapius.it.
The Data Subject may also file a complaint with a supervisory authority.

Last update: 15/04/2019