Farmacia Aperta – Privacy policy

PRIVACY POLICY (simplified)

The personal data protection officer (DPO) of Federfarma Lombardia is SYSTEMA CONSULTING. To contact them, please send an email to DPO@scitalia.com

The subsequent details outline the processing of personal data for Data Subjects utilizing the Platform.

1 Data Controller

The data controller is Federfarma Lombardia, with registered office in Viale Piceno, 18, Milan, tel. 02/99770970, box@federfarmalombardia.it

2 Types of personal data processed and purposes of processing

Following the use of the Platform, the Data Controller may process the following different types of personal data of the Data Subject

2.1 Navigation data

Under typical functioning, the IT systems and software processes that run the Platform collect certain personal data, the transmission of which is inherent in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the users’ terminals connecting to the site, MAC (Media Access Control) addresses, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the file size received in reply, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This data is used for the following purposes:

– to collect anonymized statistical data on website usage and to ensure its proper operation. Such data is deleted immediately after processing. The legal basis for this processing is Art. 6 (1) (b) of the Regulation, as it is necessary to enable the Data Subject to use the requested service;

– to fulfil legal obligations or requests from judicial authorities. The legal basis for this processing is Article 6 (1) (c) of the Regulation, as it is necessary to comply with a legal obligation to which Federfarma is subject;

– exercise or defend a right, in particular where cybercrimes have been committed and it is necessary to ascertain responsibility. The legal basis for this processing is Article 9(2)(f), as it is necessary to enable Federfarma to protect a right.

2.2 Data provided voluntarily by Data Subjects

By voluntarily submitting e-mails to the addresses listed on the Platform or to the Controller’s postal address, you consent to the processing of your data, which includes your postal or e-mail address and any identification data contained within your correspondence. This data will be processed for the following purposes:

– respond to requests made by Data Subjects. Specific privacy policies will in any case be disclosed when using particular tools provided by the Website. The legal basis for this processing is Article 6 (1) (b) of the Regulation, as it is necessary to provide the Data Subject with the requested service;

– to fulfil legal obligations or requests from judicial authorities. The legal basis for such processing is Article 6 (1) (c) of the Regulation, as the processing is necessary to fulfil a legal obligation to which Federfarma is subject.

Data Subjects are advised not to use the Website’s tools to provide any special categories of personal data, such as those concerning racial or ethnic origin, political views, religious or philosophical beliefs, trade union activities, or health information, according to the current laws. Such data, if provided, will be immediately deleted.

It is acknowledged that if the user writes to the addresses of the pharmacies listed on the Platform (“Pharmacies“), the relevant data will be processed directly by the Pharmacies themselves as independent data controllers.

2.3. Data relating to the geolocation of the Data Subject

The Platform provides support to its users in finding information about open pharmacies in Lombardy. To ensure better assistance and allow Data Subjects to find the nearest pharmacies, the Platform can geolocate them, subject to their consent upon first access. Users’ selections are saved through specific cookies and can be modified by them whenever they wish.

Geolocation data is therefore processed for the following purposes:

– identify the pharmacies geographically closest to the Data Subject, after obtaining their explicit consent. The processing is legally based on Art. 6 (1) (a) of the Regulation insofar as the Data Subjects have given their consent.

2.4. Cookies

The Website uses technical (session and navigation) cookies to ensure normal navigation and use of the website (allowing, for example, authentication to access restricted areas). The Website incorporates third-party analytical cookies (with limited identification capability) to track how users interact with the website, aiding in the enhancement of the web platform and for statistical analysis purposes. To find comprehensive details on how personal data is processed through cookies, please review the extended cookie policy, which can be accessed by clicking here or via the dedicated Cookie Policy link found in the footer of every page on the Website.

3 Data Retention

Navigation data will be retained for as long as necessary to provide the service. Data submitted independently by Data Subjects through the tools on the Website will be deleted after providing the requested service or responding to them, except for data needed to comply with tax, accounting and administrative regulations or to fulfil other legal obligations and to document activities carried out. Geolocation data will be retained solely for the duration of the service.

4 Optional nature of data provision

The provision of navigation data is necessary and mandatory to supply the requested service (navigation on the Platform): failing this, Federfarma will be unable to allow navigation on the Platform.

The provision of data for additional purposes is optional: failing this, there will be no consequences for the Data Subject, except for the impossibility of providing any feedback requested. For example, without consent to geolocation, the Data Subject will not be able to check which Pharmacy is closest to them.

5 Method and place of processing

Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected.

Specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorised access.

The processing operations connected with the Platform’s services and the data voluntarily provided by the user take place at the headquarters of Federfarma Lombardia and are handled only by personnel in charge of processing.

6 Disclosing and sharing data

The data may be disclosed to identified and, if necessary, appointed subjects, solely for the needs related to the achievement of the aforementioned purposes.

The data will not be disclosed.

7 Rights of the Data Subject

Users may contact the Data Controller to exercise their rights under Article 7 of the Privacy Code, the key provisions of which are outlined below:

• the right to receive confirmation regarding whether one’s personal data exists and to access it in an easily understandable format;
• the right to be informed of the origin of the data, the purposes and methods of processing, the logic applied to the processing, the identification details of the data controller and the subjects to whom the data may be disclosed;
• the right to obtain the updating, rectification and integration of data, the deletion, transformation into anonymous form or the blocking of data processed in violation of the law;
• the right to object, on legitimate grounds, to the processing of data;
• the right to access their data; the request will be processed within 30 days.