The methods for managing the website with regard to the processing of personal data of users that, as data subjects, consult the website are described below.
The notice given below, under articles 13 and 14 of Regulation (EU) 2016/679 of the European and Parliament and of the Council of 27 April 2016 (hereinafter also the “GDPR”) and the new national laws on the protection of personal data, has been provided for the people that interact with Zhermack S.p.A. from the address:
Zhermack S.p.A. also manages the aforesaid website in joint ownership with the subsidiary companies Zhermack GmbH Deutschland, with registered office in Öhlmühle 10, D-49448 Marl, Germany, and Zhermapol Sp. z o.o, with registered office in ul. Augustówka 14, 02-981 Warsaw, Poland, limited to the performance of joint marketing activities, including profiling.
The data controller is Zhermack S.p.A., with registered office in Badia Polesine (RO), via Bovazecchino no. 100.
The contact details of Zhermack S.p.A. are: the Legal Specialist, namely Elena Mora, domiciled at Zhermack Spa, who may be contacted at the following address: firstname.lastname@example.org.
The contact details of the sole contact person in the event of the joint ownership with the abovementioned Companies with regard to the joint marketing activities performed are: the Legal Specialist, namely Elena Mora, domiciled at Zhermack S.p.A. and who can be contacted at the following address: email@example.com.
DATA PROTECTION OFFICER
The person appointed as the Data Protection Officer of the Dentsply Sirona Group (hereinafter “Group DPO”) is Augusta Speiser, to whom the user may direct any questions or requests for information, provided that the required conditions are met, at the email address firstname.lastname@example.org or on the number +46313764423.
PARTIES AUTHORISED TO PROCESS PERSONAL DATA
The processing of the personal data of users of the website is carried out exclusively by personnel authorised to process the data on behalf of the data controller or data processors.
The data subject is entitled to know the identity and contact details of the data processors, by sending a specific request via email to the addresses indicated above.
PROVISION OF DATA
The user is free to provide or to refrain from providing the requested personal data.
The types of personal data collected and processed are those necessary for the provision of the services offered and the activities carried out. Therefore, if this data is not provided, it may be impossible to provide or carry out the services and activities requiring the data.
In compliance with art. 13 of the GDPR, at the time of the possible provision of the data, the data subject is provided with an information notice indicating the data controller and the data processors and their contact details, the purposes and methods of processing, the mandatory or optional nature of the provision of the data, the consequences of the failure to provide the data, the parties or categories of parties to whom the personal data may be communicated and the scope of the disclosure thereof, the storage period of the data and the rights acknowledged to the data subject under the GDPR (the right to withdraw consent, to lodge a complaint with the Data Protection Authority, to access, to integrate, to update, to correct and to erase the data due to any breach of the law, the right to object to its processing, to restrict the data and to its portability, etc.).
The data subject is asked to give his/her free and informed consent, expressed in a specific form and documented in the form set out in the GDPR and national laws on the protection of personal data, where required by the latter. If the personal data is provided at a later date, additional information to the that already given previously may be provided and, if envisaged, new consent to the processing outlined in the GDPR and in national laws on the protection of personal data may be required.
PROCESSING PURPOSES AND METHODS (INCLUDING PROFILING) AND SECURITY MEASURES
The personal data collected is generally processed for the purpose of enabling the user to browse the website, to provide the services and activities requested and to improve the quality of the services on offer. With the express consent of the user, his/her personal data may be subsequently processed directly by Zhermack S.p.A. (and the Joint Controllers) for marketing purposes in compliance with applicable laws in force , using means of distance communication, such as telephone, also without operator, email, etc.
The provision of data for these purposes is optional and the processing thereof requires the consent of the data subject. The consent provided for the sending of business and promotional communications via automated tools is extended also to the traditional contact methods. In any case, the user can check, withdraw or confirm his/her choices by sending a request via email to the following address: email@example.com.
The data is processed using electronic and computerised methods strictly related to the purposes stated above and, in any event, in such a way as to guarantee the security and confidentiality of the data. Secure tools are used in order to protect the personal data from undue disclosure, alteration or improper use, for example, through the use of protected data networks, standard firewalls used in the sector and password protection. The protective measures put in place with regard to the personal data are targeted, in particular, at reducing to a minimum the risk of destruction or loss, including accidental destruction or loss, of the data, as well as any processing that is not permitted or that is non-compliant with the purposes for which it has been collected. The aforesaid security measures meet the requirements set out in art.32 of the GDPR.
With the express consent of the user, the data is analysed (“profiling”) using electronic tools, for the purpose of potential selective marketing activities related to the profile of the user, with the aim of making targeted offers. The consent to the aforesaid profiling is expressed through a specific option of the user on a screen containing the text of the information notice in which the main processing elements are summarised. In any case, the user can always check, withdraw or confirm his/her choices, at a later date, by sending a request via email to the following address: firstname.lastname@example.org.
The failure to consent to the profiling activities will make it impossible to improve the marketing offers with the aim of tailoring them to the interests of users.
The profiling of users is carried out with the use of identifiers (authentication credentials, etc.) required to connect certain identified or identifiable users to certain classes of personal data segmentation, also through cross-overs of the personal data collected in the provision of the service. As the processing is carried out with the assistance of electronic tools in order to define the profile of the data subject, it is subject to an impact assessment on the protection of data under art.35 and 36 of the GDPR. The data subject is entitled to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or that significantly affects him/her in a similar way, in accordance with the provisions of art.22 of the GDPR.
The software procedures that control the functioning of the website, in addition to enabling the profiling activities stated above to be carried out via cookies, may also acquire some personal data on browsing habits during the normal course of operation, the transmission of which is implicit in the use of Internet communication protocols, for the purpose of checking the correct functioning of the website and collecting information on its use. A log of the connections/browsing activities carried out is stored in accordance with the provisions of law in order to respond to any requests from the judicial authority or any other public body authorised to check possible liability in the event of computer-related crimes.
DATA PROVIDED BY THE USER
The optional, express and voluntary sending of email to the addresses indicated on this website will result in the subsequent acquisition of the address of the sender, required in order to respond to any requests, as well as any other personal data included in the message. This personal data will only be used to perform the requested service.
In addition to the data freely provided by the user, within the context and in relation to browsing, the following data will be collected:
- IP address
- file consulted
- date and time of access
- browser and operating system used
COMMUNICATION OF DATA
Personal data may be communicated to third parties in order to comply with legal obligations, to respect orders issued by public authorities authorised to do so, or to enforce or defend a legal claim.
If necessary in relation to particular services or products requested, personal data may have to be communicated to third parties that, as autonomous data processors, may perform functions closely connected and instrumental to the performance of the aforesaid services or the provision of the aforesaid products. These services and products may not be provided without the communication of this data, which is required for the performance of the services.
With the consent of the data subjects, if required by law, and in any event subject to adequate information specifying the various purposes, the personal data may be communicated to public and private third parties outside Zhermack S.p.A., which will process the data as autonomous data processors. Zhermack S.p.A. is in no way liable for the personal data processed by the aforesaid third parties.
Zhermack S.p.A. is a part of the multinational Dentsply Sirona, which has databases in countries all over the world. If necessary for the purposes for which the data has been collected, Zhermack S.p.A. may communicate the personal data to other companies within the Group. For a list of the aforesaid parties to whom the data is communicated, an email can be sent to: email@example.com.
The personal data will not be disclosed, unless the requested service requires the publication of the user’s name.
Within the context of the purposes stated above, the data may also be transferred outside the EU, in compliance with adequacy decisions or in compliance with the appropriate or opportune guarantees adopted by the EU Commission or in any case in compliance with any other provisions set out by the laws in force: to obtain a copy of this data or the place where it has been made available, please send an email to: firstname.lastname@example.org.
RIGHTS OF THE USER
Articles 15-22 of the GDPR grant the data subject a series of rights concerning him/her that can be exercised vis-à-vis the data controller.
In particular, the GDPR grants the right to access, rectify or erase personal data, and to obtain the restriction of its processing or the objection to its processing and its portability.
The right of access to the data can be exercised at reasonable intervals,in order to have correct and constant information on the processing and to verify the lawfulness thereof.
The right to erase the data applies to the personal data processed in breach of the law or in the other cases laid down in art.17 of the GDPR.
The data subject may obtain the restriction of the processing for the period necessary to check the personal data whose accuracy is contested, or when the processing is unlawful, restriction is preferred to the erasure of the data, or if there is the need to have this data at disposal for the establishment, exercise or defence of a legal claim, even if the data controller no longer requires it for the processing purposes, or for the period necessary to check the possible prevalence of the legitimate grounds of the data controller over those of the data subject and for which the latter objects to the processing. In the case of restriction, personal data is processed only with the consent of the data subject or for the establishment, exercise or defence of a legal claim or to protect the rights of another natural or legal person or for reasons of a substantial public interest of the European Union or a member State. In any case the data subject will be informed by the data controller before the latter removes the aforesaid restriction.
For reasons connected to his/her situation, the data subject is entitled to object to the processing of the data necessary for the performance of a task carried out in the public interest or connected to the exercise of official authority vested in the data controller, or for the pursuit of the legitimate interest of the data controller. The data controller will refrain from further processing this data, unless it provides evidence of imperative legitimate reasons that prevail over those of the data subject. The data subject may object to the processing of his/her personal data at any time when it is processed for direct marketing purposes, including profiling. The right to object to the processing of his/her personal data for marketing purposes using automated contact tools is extended to the traditional methods, without prejudice to the possibility of the data subject to exercise this right in full or in part, i.e. objecting only, for example, to the sending of promotional communications via automated means.
The data subject is entitled to the portability of the data (the possibility of receiving the data provided and possibly of sending it to another data controller) in the cases permitted by the GDPR (art.20).
The data subject is entitled not to be subject to a decision based solely on automated processing, including profiling. As an exception, this type of processing is possible if authorised by the laws of the Union or the member State to which the data controller is subject, or if permitted by the data subject or if necessary for contractual purposes. In the latter two cases, the data subject is entitled to obtain human intervention from the data controller, to express his/her opinion and to challenge the decision. With the consent of the data subject and adequate measures to protect rights, freedoms and legitimate interests, this type of processing may also concern special personal data.
In order to exercise these rights, please contact the Contact persons stated above.
The personal data is processed using automated tools for the time strictly necessary for the purposes for which it has been collected and the achievement of the stated purposes, afterwards it is usually made anonymous and/or erased. In particular:
- for any information requested, the time limit necessary for the documentation of the activities carried out in order to provide a response, namely 18 months;
- for the processing of data for marketing purposes and for profiling purposes, the storage time limit is 24 months from the collection of the data or from the last activity of the data subject.
Without prejudice to the right of the data subject to request the erasure of his/her data and/or the making anonymous of his/her data at any time, upon the expiry of the storage time limit stated above, Zhermack S.p.A. may request the data subject via email to expressly agree to the storage of the data (and its possible update) for a further two years. If specific consent is not given for the storage of data, it will be erased or made anonymous.
Cookies are used on the Zhermack S.p.A. website to make it easier to use, in compliance with the applicable laws, and in particular provision no.229 of 8 May 2014 issued by the Italian Data Protection Authority.
Cookies are text files that the websites visited by users send to their terminals, where they are stored to then be resent to the same websites when they are next visited.
Cookies are used for different purposes: electronic authentication; the monitoring of sessions; the storage of information on specific configurations regarding the users that access the server; the storage of preferences, etc.
The information collected with cookies is also gathered to increase security and/or improve the functions of the website, such as avoiding the repeated entering of data, making browsing easier and enhancing content.