Privacy Policy

Notice on personal data processing. Effective from 15/12/2023

INTRODUCTION

This privacy notice complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and with the Italian Privacy Code (Legislative Decree No. 196 of 30 June 2003). The document has also been drafted in accordance with the Guidelines of the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) (in particular, the Guidelines on countering spam issued on 4 July 2013).

Data Controller: Nobil Bio Ricerche s.r.l.

Website covered by this privacy policy: https://www.nobilbio.it (Website).

The Data Controller has not appointed a Data Protection Officer (DPO). Therefore, any requests for information may be sent directly to the Data Controller.

GENERAL INFORMATION

This document describes how the Data Controller processes the personal data provided through the Website.

Below is an outline of the main processing activities. Specifically, it explains the legal basis, whether data provision is mandatory, and the consequences of failure to provide personal data. To better describe your rights, where relevant, we also specify when a certain processing activity does not occur.

Website Registration

The Website does not offer user registration. Therefore, the Data Controller does not process your personal data for this purpose.

Purchases on the Website

No purchases can be made through the Website. Consequently, your personal data will not be processed for this purpose. The Data Controller does not process user data to send reminder emails about the purchase of the Data Controller’s products or services.

Responding to Your Requests

Your data will be processed to respond to your information requests. Provision of data is optional; however, failure to provide it will make it impossible for the Data Controller to respond. The legal basis is the Data Controller’s legitimate interest in replying to user queries. This legitimate interest is equivalent to the user’s interest in receiving a response to the communications sent to the Data Controller.

Generic Marketing

The Data Controller will not send advertising materials or newsletters about its own or third-party products.

Profiling

The Data Controller does not carry out profiling of your personal data. Therefore, you will not receive advertising materials and/or newsletters concerning the Data Controller’s own products or those of third parties that may be of specific interest to you.

Data Transfer

The Data Controller does not sell or transfer your personal data to third parties.

Geolocation

The Website does not use IP-based geolocation tools.

Curriculum Vitae

The Website does not allow CV submissions; no personal data will be processed for this purpose.

Appointment Booking

The Website does not use third-party systems for booking appointments with the Data Controller. No personal data will be processed for this purpose. You may, however, contact the Data Controller directly using the contact details provided above.

Communication of Personal Data

As part of its normal business operations, the Data Controller may share your personal data with specific categories of recipients. In Article 2 you will find the list of entities to which the Data Controller discloses your personal data. To facilitate the protection of your rights, Article 2 may also specify, in certain cases, when your data are not disclosed to third parties.

The “disclosure” of personal data to third parties differs from the “transfer” (addressed in the preceding section). In the case of disclosure, the third party receiving the data may use them only for the specific purposes defined in its relationship with the Data Controller. In the case of transfer, however, the third party becomes an independent Data Controller of the personal data. Furthermore, your consent is always required for the transfer of your personal data to third parties.

Notwithstanding the above, it is understood that the Data Controller may in any case use your personal data to duly comply with legal obligations in force.

SPECIFIC PRIVACY NOTICE

Article 1 – Methods of Processing

1.1 The processing of your personal data will primarily be carried out using electronic or otherwise automated means, in accordance with methods and tools designed to ensure the security and confidentiality of personal data.

1.2 The information collected and the methods of processing will be relevant and not excessive in relation to the type of services provided. Your data will also be managed and protected in secure IT environments appropriate to the circumstances.

1.3 No “special categories” of personal data are processed through the Website. Special categories of data include information revealing racial or ethnic origin, religious, philosophical, or other beliefs, political opinions, membership of political parties, trade unions, associations or organisations of a religious, philosophical, political, or trade union nature, as well as data concerning health or sexual life.

1.4 No judicial data are processed through the Website.

Article 2 – Disclosure of Personal Data

The Data Controller may disclose your personal data to specific categories of recipients. The following are the entities to which the Data Controller reserves the right to disclose your data:

  • The Data Controller may disclose your personal data to all entities (including Public Authorities) that have access to personal data by virtue of legal or administrative measures.
  • Your personal data may also be disclosed to all public and/or private entities, natural or legal persons (e.g., legal, administrative, or tax consultants, judicial authorities, chambers of commerce, labour offices, etc.), when such disclosure is necessary or instrumental for proper compliance with legal obligations.
  • The Data Controller does not employ staff or collaborators in any capacity; therefore, your personal data will not be disclosed to such categories.
  • In its ordinary website management activities, the Data Controller makes use of companies, consultants, or professionals responsible for installing, maintaining, updating, and generally managing the hardware and software of the Data Controller, or systems used for the provision of its services. Therefore, solely for these purposes, your data may also be processed by such entities.
  • The Data Controller does not use CRM platforms (i.e., companies that specifically send automated communications to users). Consequently, your personal data are not disclosed to such companies.
  • The Data Controller does not rely on external companies to provide customer care services.
  • Buyers’ personal data are not disclosed to couriers or shipping companies.

The Data Controller reserves the right to amend the above list in line with its ordinary business operations. You are therefore encouraged to review this Privacy Notice regularly to verify to which entities the Data Controller may disclose your personal data.

Article 3 – Retention of Personal Data

3.1 This article describes how long the Data Controller may retain your personal data.

  • Your personal data will be retained only for as long as is necessary to ensure the proper provision of the services offered through the Website.

3.2 Notwithstanding Article 3.1 above, the Data Controller may retain your personal data for the period required by specific legislation, as amended from time to time.

Article 4 – Transfer of Personal Data

4.1 The Data Controller is based in a country that ensures an adequate level of protection under applicable regulations. Where the transfer of your personal data takes place to a non-EU country for which the European Commission has issued an adequacy decision, the transfer will in any case be deemed secure in regulatory terms. This Article 4.1 will specify, from time to time, the countries to which your personal data may be transferred and for which the European Commission has issued an adequacy decision.

  • Users are therefore invited to consult this article regularly to verify whether their personal data are transferred to such countries.

4.2 Notwithstanding the provisions of Article 4.1, your data may also be transferred to non-EU countries for which the European Commission has not issued an adequacy decision. You are therefore invited to review this Article 4.2 regularly to ascertain to which of these countries your data may be transferred.

4.3 In this article, the Data Controller specifies the countries in which it may specifically conduct its business activities. This may entail the application of the laws of the relevant country, in addition to those governing the relationship with the user as set out in the Introduction.

  • At the user’s request, the Data Controller will apply to the processing of personal data the most favourable provisions of the user’s own national legislation, where applicable.

Article 5 – Data Subject Rights

The Data Controller informs you that you have the right to:

  • request access to, rectification, or erasure of your personal data, restriction of processing concerning you, or to object to such processing, as well as the right to data portability;
  • withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  • lodge a complaint with a supervisory authority.

These rights may be exercised by submitting a request, without any formal requirements, using the contact details provided in the Introduction.

Article 6 – Amendments and Miscellaneous

The Data Controller reserves the right to amend this Privacy Notice at any time, giving appropriate notice to users of the Website and, in any event, ensuring an adequate and equivalent level of protection for personal data. To view any changes, you are invited to consult this notice regularly. In the event of substantial amendments to this Privacy Notice, the Data Controller may also notify users by email.