1. Home
  2. Supplier Customer Information

Supplier Customer Information

CLIENTS AND SUPPLIER PRIVACY NOTICE

under Articles 13 and 14 of EU Reg. No. 679/2016 on the General Data Protection ("GDPR")

 

The pharmaceutical company Dompé farmaceutici S.p.A. ("Dompé" or "Company" or "Data Controller") provides you with the following information about how collects and uses your Personal Data in the context of the contractual relationship.

 

1. Identity and contact details of the Data Controller and DPO

Data Controller: Dompé farmaceutici S.p.A., with registered office in via San Martino 12, 20122, Milan, Italy

E-mail: privacy@dompe.com

Phone: 0258383249.  

Data Protection Officer (DPO) can be contacted by email at: dpo@dompe.com

 

2. Purpose, legal basis and data retention of processing

Your Personal Data are processed for the following purposes:

 

    a) Execution of the contract, including the execution of pre-contractual activities related to the selection (including the phase prior to the stipulation of a contractual agreement and/or registration in the Company's portal), formalization and implementation of the contractual relationship. In addition, they will be processed for the management of the existing relationship with the Company.

The legal basis for the processing is Art. 6.1 (b), GDPR: the processing is necessary for the performance of a contract to which you are a party or for the performance of pre-contractual activities 

Duration of processing: Personal Data related to the contract will be stored for the entire duration of the contract and the following 10 years at the end of the same.

 

    b) Fulfilment of legal obligations to which Dompé is bound, including tax and accounting obligations, obligations arising from procurement or occupational health and safety legislation and for the qualification of supplier and for the exercise of rights in judicial and extrajudicial proceedings.

The legal basis for the processing is Art. 6.1 (c) GDPR, for compliance with legal obligations.

The duration of the processing is defined by the individual applicable regulations (e.g. 10 years for the storage of accounting records).

 

    c) If necessary, ensure the exercise and protection of the rights of the holder, including the recovery of the credit through judicial and massacre procedures. 

The legal basis of the processing is art. 6.1 (f) GDPR, the legitimate interest of the controller in obtaining the protection of rights.

The duration of the processing is commensurate with the duration of the legal proceedings or the obtaining of a final judicial decision. 

 

3. Nature of the provision

The provision of your Personal Data for the above purposes is necessary and failure to provide it will not allow the Data Controller to conclude or manage your contractual relationship during negotiation or already in place with the Company. 

 

4. Categories of personal data processed

The Data Controller collects the following personal data as part of the contractual relationship established: 

  • Identification data referring to you or the legal representative of your company: name, surname, professional qualification, personal identification data such as: tax code, VAT number, as well as other data contained in the identity document or curriculum vitae/portfolio; 
  • Contact data: place of residence or domicile, telephone number (landline or mobile), email address;
  • Other data: bank data, data that make it possible to verify the regular fulfilment of contribution and salary obligations, as well as the regularity of the obligations in the contract (e.g. punctuality in payments).
  • Where applicable, where there is a legal obligation (e.g. anti-corruption law), data relating to criminal convictions and offences may be collected in relation to senior management of the company such as members of the board of directors, attorneys, lawyers), in order to comply with the legal obligations to which we are subject (e.g. anti-corruption law).

 

5. Data sources

Personal Data are collected directly from the data subject, in cases where you provide them directly (for example by indicating them in the contract) or may refer to the legal representatives and/or attorneys of your company or other employees, where their names are indicated. In this case, you undertake to inform the data subjects of the contents of this policy.  

In addition, some data may be legitimately acquired from public or publicly accessible sources, as well as from commercial information companies, authorized to disseminate them on the basis of a special prefectural license pursuant to Article 13 of the TULPS (e.g. Infocamere).

 

6. Methods of data processing

Your Personal Data is processed in accordance with applicable data protection, confidentiality and data security laws both through electronic and paper means, including access to company portals or telephone contacts.

 

7. Authorized to processing

Your personal data may be processed, for the purposes indicated in section 2 of this policy, by employees and collaborators of the Company, in the context of their job activity, who have received appropriate instructions pursuant to art. 29 GDPR and 2-quaterdecies of the  Privacy Code, as well as by third parties, specifically appointed as data processors pursuant to art. 28 GDPR, belonging to the following categories:

1. Companies of the Dompé Group, located, even outside the EU, to which the Data Controller belongs;

2. Service providers (technical or professional services, like audits, invoicing and document archiving services, providers of IT platform services such as the SAP system, third parties providing platforms for the management of suppliers and tenders, distributors and third parties who manage the solvency of customers, third parties in charge of managing debt collection). 

In addition, we inform you that any reports associated with requests for medical investigation or relating to adverse events or complaints about product quality will be forwarded to the relevant functions that will manage the data for the purposes provided for by law according to the applicable regulations and in line with the GDPR. 

In particular, in the event of complaints about product quality associated with adverse reactions and/or complaints about product quality, please refer to the Privacy Notices on https://www.dompe.com/privacy-policy in the dedicated sections. 

 

8. Communication of personal data

In relation to the purposes indicated above, your Personal Data may also be communicated to third parties, independent data controllers, such as

a) public entities, agencies and authorities for institutional purposes (e.g. in the event of a tender);

b) banks, financial institutions, consultants also in associated form (e.g., lawyers, controllers and auditors);

c) third parties involved in extraordinary transactions in accordance with applicable law.

d)judicial authorities (foreign or national) for the management of any disputes, government bodies,

In any case, your Personal Data are not disclosed to unspecified subjects.

 

9. Transfer of data outside the European Union

Your Personal Data may be transferred to countries located outside the European Union, which do not benefit from an adequacy decision, such as, but not limited to, the United States of America, Albania and Kosovo, where companies of the Dompé group are based. Data transfers outside the European Union are carried out through the adoption of appropriate safeguards (e.g. the Standard Contractual Clauses approved by the EU Commission) and any additional measures. 

To find out the countries to which we carry out transfers, you can write to privacy@dompe.com

 

10. Rights of the data subjects

At any time you may obtain confirmation of the existence or otherwise of your Personal Data with us and to know its content and origin; moreover, where possible, you may request their integration, rectification, portability, limitation of use, cancellation, as well as to oppose their processing.  

 

To exercise your rights, you can contact the Data Controller at any time at the privacy@dompe.com email address or the DPO at the dpo@dompe.com email address.

 

You also have the right to lodge a complaint with the Data Protection Authority if you believe that your rights have not been respected or that you have not received a response to your requests according to the law.

 

Last revised: July 2024