Dear Customer/User, thank you for visiting our website.
N.C.R. Biochemical S.p.A. has always focused closely on matters regarding the protection of the personal data processed by us, not only because this is regulated by specific legislation, but above all because data protection is an essential asset of our Company. It is therefore for these reasons that we constantly strive to provide our Customers/Users with an online experience that protects their Privacy and complies fully with their rights.

Why you are receiving this notice    
Below, the procedures used by the website to process the personal data of the users who consult it are described. This notice is also issued, pursuant to the GDPR, to those who interact with our web page www.ncr-biochemical.com.

Data Controller

The Data Controller is Headquarter N.C.R. Biochemical S.p.A. (hereafter the Company), with registered office in Castello d’Argile (BO)  – 40050, Via dei Carpentieri no. 8 – Italy – Tel: +39 051 6869611 Fax: +39 051 6869617 Email: info@ncr-biochemical.it

As Data Controller, we invite you to view our Privacy Policy as illustrated below. The Privacy Policy and Standards used by N.C.R. Biochemical S.p.A. for the protection of personal data are based on the following principles:

1) PRINCIPLE OF RESPONSIBILITY     
The personal data is processed over time by officers specifically appointed to do so, chosen from the company staff.

2) PRINCIPLE OF TRANSPARENCY      
The personal data are collected and subsequently processed in line with the principles expressed by the Privacy Policy adopted by our Company, indicated herein. Upon the conferral of any data, the Data Subject is provided with a synthetic yet complete notice, compliant with the provisions established by the GDPR.

3) PRINCIPLE OF THE RELEVANCE OF THE COLLECTION     
The personal data are processed lawfully and fairly; they are recorded for specific, explicit and legitimate purposes, are pertinent and are not processed for any other purposes than those for which they have been collected; they are stored for the time required in order to fulfil the purposes of their collection.

4) PRINCIPLE OF THE PURPOSE OF THEIR USE        
The Data Subjects are informed of the purposes of the processing of their personal data when the latter is collected. Any new processing of data, if performed for purposes other than those declared, is only commenced subject to the issuance of a new notice to the Data Subject and if required, of a request for consent, when required by the GDPR.

5) PRINCIPLE OF VERIFIABILITY          
The personal data are accurate and updated over time. They are also organised and stored in such a way that the Data Subject has the possibility of knowing, should they so wish, which data have been collected and recorded, of checking the quality of the same, of requesting, if necessary, that they be corrected, integrated and/or erased if processed unlawfully or without their consent, and of exercising all the other rights envisaged by the GDPR.

6) PRINCIPLE OF SECURITY     
The personal data are protected by technical, IT, organisational, logistic and procedural security measures against the risks of intentional or accidental loss destruction or loss, and of unauthorised access to, or processing of, the same. These measures are updated periodically based on the technical progress made, the nature of the data and the specific characteristics of the processing, constantly checked and verified over time.

The Privacy Policy is applied for the provision of the services by this company, in relation to which personal data processing operations are performed.

The processing related to the web services offered by this website takes place on the company’s premises and, if applicable, at the offices of the External Supervisors or autonomous Data Controllers, and is performed by persons appointed to manage the requested services, store the data and perform occasional maintenance operations.

Field of data communication

The personal data conferred can be communicated to third parties for the purpose of fulfilling legal obligations, in execution of orders issued by public authorities legally authorised to do so or to exercise or defend a right in legal proceedings. If necessary, in relation to particular requested services or products, the personal data can be communicated to third parties which perform, in their capacity as external Data Controllers, functions closely connected with and instrumental to the performance of the services.

If the data are not communicated, these services could fail to be provided. The personal data will not be disseminated, unless the requested service requires it.

Data provided voluntarily by the customer/user

The types of personal data collected and processed in the website and at our offices are those required for ensuring the provision of the various services supplied. The collected data are processed using paper, automated and digital means and in compliance with lines of reasoning connected with the purposes of the processing. Your telefax and telephone number, as well as your email address can be used to offer you the services. It is therefore clear that, should these data not be conferred, any services requiring the use of these tools cannot be provided to you. Should a user voluntarily send an email to the addresses indicated on the website, this will automatically lead to the acquisition of the sender’s email address and, if applicable, of any other information contained in the message; these personal data will only be used for the purpose of executing the service or task requested.

Browsing data

It is useful to know that, during their normal operations, the software procedures of the website acquire certain personal data (browsing data), the transmission of which is implicit in the use of internet communication protocols. Although this is information not destined to be associated with identified users, if it is associated with other data held by third parties (e.g. Your internet service provider), by its very nature, it could enable the users to be identified. This data category includes the following types of data: IP addresses or domain names of the computers used by the users who visit the website, URL addresses (Uniform Resource Locators) of the requested resources, the time of the request, the method used to send the request to the server, the size of the file received in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relative to the user’s operating system and IT environment. These data are only used for generating anonymous statistics about the use of the website and for verifying that it is working correctly.

The Data Controller and, depending on the service requested, the designated Data Supervisors, keep, for a limited period in line with the legal provisions in force, the LOG of the connections/browsing sessions opened to respond to any requests that may be received from the court authorities or from other public authorities entitled to request the same in order to verify the attribution of liability in the case of cyber crimes.

Data conferral

With the exception of that specified for browsing data, the user is free to choose whether or not to confer the personal data requested in the registration forms for the services. However, on these forms some data could be marked as compulsory and this means that these must be provided to ensure the provision of the requested service. Should these data not be conferred, the requested service cannot be provided and it will not be possible to benefit from the relative opportunities.

Should the data be conferred, at the time of their conferral, the Data Subject will be issued a notice containing all the instructions set forth by the GDPR. The Data Subject is then called upon to give their free, informed consent, expressed in a specific form and documented as envisaged by law, if requested by the same. Should the personal data be conferred in subsequent phases, addenda to the notices already issued previously can be provided and new consents for the processing requested.

Security measures implemented for the protection of the collected data

“Secure” architectures and technologies for protecting the personal data from unlawful disclosure, alteration or inappropriate use. The measures implemented to protect the personal data aim in particular to minimise the risks of both intentional and accidental destruction or loss of the data, of any unauthorised access to or processing of the same and of processing that is not compliant with the purposes of its collection.

“Risk assessment” activities are conducted regularly to verify compliance with the defined Standards and, if necessary, with a view to adopting new security measures following organisational changes and technological innovations, or changes in the type of data collected. The security measures are constantly monitored and regularly verified. The Data Subjects have the right to exercise their rights as envisaged by the GDPR at any time. The requests should be sent to the specific addresses indicated in the notices issued to the users if and when their personal data are collected.

Notice about cookies.

What are cookies?

A cookie is a small text file containing a certain amount of information exchanged between a website and your terminal (usually the browser). It is normally used by the manager of the website to memorise the information required to improve the user’s browsing experience within the site or to send advertising messages in line with the preferences expressed by the user while browsing online. When the user visits the same website again, or any other website, their device checks whether a recognised cookie is present, so that the information contained therein can be read. Different cookies contain different information and are used for different purposes (efficient browsing in the pages of the same website, profiling the user so that targeted advertising messages can be sent, analysing the number of visits to the website).

More generally speaking, certain cookies (defined as session cookies) are only assigned to the user’s terminal for the duration of their visit to the website and automatically expire when the browser is closed. Other cookies (known as persistent cookies) remain in the device for an extended period of time.

In our website, certain cookies are associated with your device and these do not identify the final user; besides, these cookies, memorised temporarily  until you finish browsing, can be associated with your user profile, if you are a registered user. The purpose of using the cookies is to facilitate, customise and speed up your browsing experience on our website and to generate anonymous statistics on site visits. If you decide to deactivate these cookies, you will lose many of the customisation functions and it may not be possible to use some of the services.

While browsing on a website, the user can also receive cookies sent by different websites or web servers to their terminal (so-called third party cookies) and these can contain certain elements (e.g. images, maps, sounds, specific links to pages of other domains) present on the website that the user is visiting.

The specific purposes of the various types of cookies installed in this website are described below in more detail.

You can deactivate the cookies by following the information stated below.

Characteristics and purposes of the cookies installed by the website

Technical cookies:

These are cookies used specifically to enable our websites to work and be used correctly. Technical cookies are used, for example, for the user login function. They are mainly issued by the servers of the website or, when external services such as social networks are integrated, by third parties.

How to deactivate this type of cookies? The main and most common browsers are automatically set to accept all cookies. You can change this option, using the settings on your browser, completely deactivating the function – as described below – or at least requesting that for each cookie in arrival your consent is explicitly requested upon its receipt.

Profiling cookies:     

These cookies are used to send advertising messages in line with the preferences expressed by the user when browsing online. They can be issued by our servers or via our website by third parties. The companies that offer or advertise their products via this website could assign cookies to the users’ terminals. The categories of cookies used and the type of personal data processing performed by these companies are regulated in conformity with the notice issued by the same.

To accept or refuse these cookies issued by our servers, go to the notice on the use of cookies.

To view the notices and to deactivate the profiling cookies issued by third parties, go to the website
www.youronlinechoices.com/it

Analytics cookies:    

These are cookies used for statistical analyses, to improve the website and simplify its use, and for monitoring that it works properly. This type of cookie anonymously collects information regarding the activity of the users on the website. This type of cookie is only issued by third parties.

To view the notices and to deactivate the profiling cookies issued by third parties, go to the website
www.youronlinechoices.com/it

How to give or revoke your consent

You can give your consent to the use of cookies initially in the following ways: closing the banner, scrolling the page that hosts the banner or clicking on any of its elements, and revoke it at any time as indicated above.

Options regarding the use of the cookies by the website through the browser settings

The use of all cookies, both first and third-party ones, can be deactivated by intervening on the browser settings in use; however, please note that this could make it impossible to use the websites should the cookies which are essential for the provision of the functions become blocked. Each browser has different settings for deactivating cookies; below you will find the links to the instructions for the most common browsers.

Use of IP addresses

An IP is a number that is automatically assigned to your computer each time you connect to Internet through your Internet Provider or from a company LAN/WAN network that uses the same Internet protocols. Like your home address, to which others can send you things, the IP address is used by the website to send you its pages.

Privacy notice on digital measurement issued by Nielsen,

https://priv-policy.imrworldwide.com/priv/browser/it/it/optout.html

Personal data protection notice

ABOUT US

The company Headquarter N.C.R. Biochemical S.p.A. (hereinafter the Company”), with registered office in Castello d’Argile (BO)  – 40050, Via dei Carpentieri no. 8 – Italy – Tel: +39 051 6869611 Fax: +39 051 6869617 Email: info@ncr-biochemical.it, when performing its activity, focuses the utmost attention on the safety and confidentiality of its customers’ personal data.

The Company is the Data Controller responsible for the personal data processing performed in our office or on this website.

TYPES OF PERSONAL DATA THAT CAN BE COLLECTED

The following categories of your personal data can be collected:

  • – Contact data– information about your name, place and date of birth, tax code, address, telephone number, mobile number, email address.
  • – Other personal data –information that you provide to us regarding your date of birth, education or professional situation.
  • – Use of the website – information about how you use the website, open or forward our communications, including any information collected by cookies (you can find our Notice about Cookies here, for more details).

HOW WE COLLECT YOUR PERSONAL DATA

The Company collects and processes your personal data in the following circumstances:

  • – if you register with the website to request that we contact you;
  • – at our offices:
  • – via email: info@ncr-biochemical.it .

If you provide personal data on behalf of someone else, you must ensure in advance that the data subjects have viewed this Privacy Notice.

Please help us to keep your personal data updated by notifying us of any changes..

PURPOSES FOR WHICH YOUR PERSONAL DATA CAN BE USED

  1. A) Establishment and execution of contractual relationships and any duties deriving from these.

The Company can process your contact data should it need to establish and execute contractual relationships, for providing the services you request and responding to comments and complaints.

The Company can also use your contact data, and in particular your email address, to provide you with information regarding the service.

Requisite for the processing: fulfilment of the contractual obligations.

Conferring your data is mandatory for managing the contractual relationship; without it we will not be able to do so.

  1. b) Operating management and purposes closely connected with this for gaining access to the website, particularly its reserved areas.

The Company collects your contact data and the data regarding your use of the website to allow you to use the services related to the same.

Requisite for the processing: fulfilment of the contractual obligations.

Conferring your data is mandatory for enabling us to respond to your requests; without it we will not be able to do so.

  1. B) Conformity with legally binding requests to fulfil a legal obligation, regulations or provisions issued by the court authority, and for defending a right in court.

The Company collects your contact data to fulfil a legal obligation and/or to defend its right in court.

Requisite for the processing: legal obligations, which the Company is obliged to fulfil.

HOW WE KEEP YOUR PERSONAL DATA SECURE

The Company uses all the necessary security measures for improving the protection and maintenance of the security, integrity and accessibility of your personal data.

All your personal data are stored on our protected servers (or appropriately filed paper copies) or on those of our suppliers or partners and they can be accessed and used based on our standards and our security policies (or equivalent standards for our suppliers or trading partners).

HOW LONG WE STORE YOUR INFORMATION FOR

We only store your data for the time required in order to fulfil the purposes for which they were collected, or for any other legitimate associated purpose. Therefore, if the personal data are processed for two different purposes, we will keep said data until the purpose which takes longer has been fulfilled. However, we will no longer process the personal data for the purpose for which the storage period has expired.

We limit the access to your personal data to those who need to use them for significant purposes.

Any of your personal data that is no longer required, or regarding which there is no longer any legal grounding for storage, are rendered irreversibly anonymous (and therefore can be stored) or securely destroyed.

Below we specify the storage times for the different purposes listed above:

  • Fulfilment of contractual obligations: the data processed in order to fulfil any contractual obligations can be stored for the entire duration of the contract and in any case for a period not exceeding the next 10 years, with a view to verifying any outstanding matters, including the relative accounting documents (for example invoices).
  • Operating management and purposes closely connected with this for gaining access to the website: the data processed can be stored for the entire duration of the contract and in any case not exceeding the next 10 years.
  • In case of disputes: in case we are called upon to defend ourselves or act or even make claims against you or third parties, we can keep the personal data that we deem reasonably necessary for us to process for these purposes for the period of time during which said claim can be pursued.

WHO WE CAN SHARE YOUR PERSONAL DATA WITH

Your personal data can be accessed by the employees duly authorised to do so, and by the competent external doctors, who provide support for the provision of the services, appointed if necessary, as data supervisors.

CONTACTS

The contact data of the Company, as Data Controller, and of the Data Supervisor can be requested by writing to the following email address:info@ncr-biochemical.it

YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO RAISE CLAIMS BEFORE THE SUPERVISORY AUTHORITY

Under certain conditions, you are entitled to ask the Company for/to:

  • – access to your personal data,
  • – a copy of the personal data that you have conferred to us (so-called portability),
  • – correct the data in our possession,
  • – erase any piece of data that we are no longer legally entitled to process,
  • – object to the processing, where envisaged by the applicable law
  • – revoke your consent, in case the processing is founded on your consent;
  • – restrict the way in which we process your personal data, within the limits envisaged by the personal data protection law.

Exercising these rights is subject to several exceptions designed to safeguard public interest (for example the prevention or detection of crimes) and our own interests (for example maintaining professional secrecy). Should you exercise any one of the above-mentioned rights, we will be responsible for verifying that you are entitled to do so and will usually send your our response within one month.

Should you have any complaints or reports to make about the ways in which you data are processed, we will do everything in our power to respond to your worries.

The The Data Controller is Headquarter N.C.R. Biochemical S.p.A. (hereinafter the Company”), with registered office in Castello d’Argile (BO)  – 40050, Via dei Carpentieri no. 8 – Italy – Tel: +39 051 6869611 Fax: +39 051 6869617 Email: info@ncr-biochemical.it certified email: amministrazione.ncr-biochemical.it@pec.it

The Data Controller has appointed a Data Protection Officer, who can be contacted in order to exercise the rights assigned by the European regulations, and for any information about the same and/or about this Notice, by sending an email to the kind attention of the Data Protection Officer Mr Mattia Fornero, lawyer at the address: mattiafornero.dpo@pec.it

The Data Controller, also via the designated departments, will take charge of your request and provide you with the information regarding the action taken in relation to your request, with no unjustified delay and in any case, at the latest, within a month from the receipt of the same.

Please note that should the Data Controller have any doubts about the identity of the physical person who is presenting the request, they can request the additional information needed to confirm the same.

However, if you wish, you can forward your complaints or reports to the authority responsible for data protection, using the relevant contact details:   Garante per la protezione dei dati personali – Piazza di Monte Citorio no. 121 – 00186 ROME – Fax: (+39 ) 06.69677.3785 – Telephone: (+39) 06.696771.

– Email: garante@gpdp.it – Certified email: protocollo@pec.gpdp.it.