Announcing: Chiesi Farmaceutici S.p.A. has acquired Amryt Pharma. View the press release to learn more

PRIVACY NOTICE

 

Dear User,

 

Thank you for visiting https://chiesirarediseases.com/, the "Chiesi Global Rare Disease" business unit ("Chiesi GRD") website. This website provides information about the vision, initiatives, and products supporting Chiesi's commitment to rare diseases. The website has many informational sections covering our therapeutic areas and products, a contact form to send inquiries to our experts, and a link to the career-dedicated site where you will learn more about job opportunities at Chiesi.

 

Essential information & definitions

 

Chiesi GRD is a business unit of Chiesi Farmaceutici S.p.A., an Italian company based in Via Palermo 26/A, Parma, Italy. Chiesi GRD operates from Italy and its international hub in Boston, USA. Therefore, be advised that some of the services offered on the website (e.g., contact forms, business or medical inquiries) may be addressed to and processed by Chiesi personnel based in the United States under the same data privacy obligations.

 

Please take a moment to read our privacy notice and be advised that we will process your Personal Data in compliance with the Regulation (EU) 2016/679 ("GDPR"), as well as any other applicable laws.

Personal Data" is any information related to an identified or identifiable living individual. It also constitutes different pieces of information, which assembled can lead to the identification of a person.

 

"Processing of Personal Data" covers a wide range of operations performed on personal data, including manual or automated means. It includes the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data.

 

"User" is the individual visiting our website ("Website").

 

(1) HOW WE COLLECT AND USE YOUR PERSONAL DATA

 

PROCESSING SCENARIOS & PURPOSES:

 

Technical and analytical purpose: we may process technical or usage data that may indirectly reveal your identity to guarantee a reliable user experience on the Website. Such data is automatically collected during the normal functioning of every website and are processed for technical purposes (including troubleshooting, testing, system maintenance, support, and reporting) or for statistical and analytical ones to improve the user experience on the Website.

Such data are usually processed in an aggregated and non-identifiable form to pursue statistical purposes. For example, usage data may measure the engagement rate or the time spent on a specific section or feature of the Website. 

"Contact Us", "Partner With Us": in this section, you will find our contact details to submit your request and contact us. For example, you will be able to send a general inquiry on one of our products, contact our press office, or propose a partnership with our Corporate Development department. The relevant team will receive and process your request in compliance with the purpose limitation and the data minimization principles. We will retain and process your data only for the time necessary to get back to you with a response.

By clicking on the "Contact Us" section, you will be redirected to chiesi.com.

Please note that you may find a dedicated notice under certain contact forms with specific information regarding the nature of requests and related personal data processing.

"Careers": in this section, you will have the chance to explore how it is to work for Chiesi, learn about our culture, and see the available job opportunities. You will find more information and the dedicated privacy notice for candidates during the application process. We may process your Personal Data if you want to apply for a job at Chiesi or register to our recruiting platform.

Social media and third-party links: our website may include links to third-party websites, plug-ins, and applications, such as hyperlinks to our Facebook, LinkedIn, and Twitter pages. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Pharmacovigilance: the Website has a section dedicated to Pharmacovigilance, where you can report any adverse reactions or safety issues with our products. More information is in the relevant section of the Website.

 

CATEGORIES OF PERSONAL DATA:

 

Technical data: including the IP address, type of browser and version, time zone and location based on the IP address, general information on the hardware, and the operating system of the device used to browse the Website. As detailed above, such data are used for technical and statistical purposes only.

Usage Data: including information on how you use the Website. For example, the time spent on certain sections.

Identification data: if you decide to register on the career site and apply for a job at Chiesi, submit a request through the Contact section of the Website or report a safety issue with a Chiesi product by contacting the Pharmacovigilance service. Please read the Privacy Notice of the career site and the dedicated notice of each contact form to find more information on how we process your Personal Data within those services.

Unless otherwise specified in dedicated notices of each section, the processing of so-called special data as defined by art. 9 of the GDPR (such as data relating to health) or data relating to minors is expressly excluded. These categories of data, if shared by the User, will be immediately deleted.

Your Personal Data is essential and mandatory to access the Website. If you provide incomplete or incorrect data, you may not be able to access the Website.

 

LEGAL BASIS OF THE PROCESSING:

 

Performance of contractual obligations: with the User who accesses and uses the Website and its services.

Consent: provided by the User by sending an inquiry through one of our contact channels (see "Contact" section).  

Legitimate interest: to ensure the website's security and prevent online fraud.

Legal obligation: to comply with applicable laws and regulations, address requests from the authorities, or manage reports of adverse events received through the Pharmacovigilance contact channels.

Your Personal Data will also be processed and stored should Chiesi need to protect its interests and carry out its defensive rights in legal proceedings.

 

(2) HOW WE SHARE AND PROTECT YOUR PERSONAL DATA

 

How We Protect Your Personal Data

Chiesi may share your Personal Data with other companies, organizations, and individuals if any of the following circumstances occur:

 

  • With your express consent: after obtaining your consent, we may share your Personal Data with certain third parties or categories of third parties;

  • In compliance with laws and regulations: we may share your Personal Data if required under the applicable laws and regulations to handle legal disputes or requests by administrative or judicial authorities;

  • Service providers: we may also disclose your Personal Data to companies providing services to us or on our behalf.

 

In the latter case, Chiesi will ensure the legitimacy of such processing and will sign appropriate data processing agreements with the relevant companies, organizations, and individuals with whom your Personal Data will be shared, requiring them to comply with applicable privacy laws, principles herein included, and implement appropriate security measures.

 

International Data Transfers

 

Chiesi assessed the impact of international transfers falling within the scope of this notice and implemented appropriate safeguards, including signing the standard contractual clauses with the relevant stakeholders. Chiesi Group companies also entered into an intercompany agreement ruling transfers among the USA affiliate and the European ones. Please note that we may need to share your data with other Chiesi Group companies in other countries, including non-EU ones. As Chiesi GRD may operate from its hub in Boston, be mindful that your data may be subject to the transfers outlined above and processed by our personnel in the United States.

 

How We Protect Your Personal Data

 

The security of your Personal Data is our priority. Chiesi implements appropriate security measures to safeguard your Personal Data against unauthorized access, disclosure, or loss, including:

 

  • Reasonable measures to ensure Personal Data collection complies with the minimization and purpose limitation principles. We retain your Personal Data for a limited time as specified in the following section (3) unless an extension of the retention period is required or permitted by law;

  • A set of technologies to ensure the confidentiality of Personal Data, ranging from encryption, strong passwords, and two-factor authentication to firewalls and dedicated software to protect servers from external attacks;

  • Our business partners and service providers are selected based on strict qualification criteria and obligation to comply with our Personal Data protection standards secured through specific contractually binding provisions. In addition, we perform audits and other assessments to verify their compliance with the above requirements;

  • We conduct privacy and data protection training, carry out tests to verify subject matter knowledge, and other activities to increase awareness of Personal Data protection among employees and contractors.

 


(3) RETENTION PERIOD OF YOUR PERSONAL DATA

 

Your Personal Data referred to in section (1) of this notice is stored on the servers of Chiesi or the servers of the suppliers (specifically appointed as data processors) based in Italy, within the European Union, or in the United States, as better detailed above.

We retain your Personal Data for a limited time under the purposes indicated in this Privacy Notice.

Technical, usage data, and cookies: the data processing is strictly limited to the User's browsing session on the Website. Please also refer to the Cookie Policy for more specific information regarding cookies and similar technologies.

Careers: please refer to its dedicated Privacy Notice.

Inquiries sent through the "Contact" or "Partner With Us" sections: the time necessary to process your request and provide feedback. For more information, please read the dedicated notice of each contact form.

Pharmacovigilance: as long as the product is authorized for sale and ten years from the expiry or revocation of the marketing authorization in the last country of marketing of the product, except for any defensive needs of the marketing authorization holder. For further information, we kindly invite you to consult the dedicated notice available in the relevant section of the site.

Your Personal Data will be processed for the time set out above or for a shorter period if you decide to exercise one of the rights listed in the "USER RIGHTS" section below.  


(4) USER RIGHTS

 

Access, rectification, cancellation, data portability, restriction of processing, objection to processing, and revocation of consent.

Chiesi provides specific channels so that you can access, modify, oppose, and limit the processing of your data and request their cancellation or portability to other parties and revoke your consent.

 

We invite you to contact the Data Protection Officer (DPO) to obtain the list of data processors, get the list of parties with whom your data has been shared and request the exercise of your rights listed above: dpoit@chiesi.com  

 

If you believe that Chiesi is not processing your Personal Data under the provisions of this notice or applicable law, you may exercise your rights by complaining to the Italian Data Protection Authority.

 

The Data Controller is:

Chiesi Farmaceutici S.p.A., with registered office in Via Palermo 26/A, 43122 Parma.


(5) UPDATES

This notice may be updated from time to time. Any update to this notice will become effective at its publication on the Website.