THIS INFORMATION IS FOR HEALTHCARE PROFESSIONALS AND ORTHOFIX MEDICAL DEVICE REPRESENTATIVES ONLY
The Website may incorporate links which allow you to connect to other websites run both by other companies of the Orthofix Group and by third parties. The Controller assumes no responsibility regarding the processing of personal data which may take place through and/or in connection with all of these third-parties’ websites.Therefore, each User who accesses such web pages and/or social platforms through the Website must carefully read their applicable privacy policies, in order to understand how their personal data will be processed by the third parties, as autonomous controllers pursuant to the data protection legislation in force.
a. Traffic data
The computer systems and software procedures used to operate this Website need to acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data may include, by way of example: IP addresses, browser type, operating system, domain name and website addresses, information on the pages visited by User within the Website, time of access, time period of User’s staying on a single page, the internal path analysis and other parameters regarding the User’s operating system and computer environment.This technical / IT data is collected and processed only in aggregated manner, so that no User can be identified by the Controller, for the purpose to ascertain liabilities in case of hypothetical crimes committed within or against the Website, or upon competent authorities’ request. Should this information be used to single-out any data subject, then it will be Orthofix’s duty to comply with applicable requirements and identify the appropriate legal basis for such processing operations.
b. Personal data provided directly from User
There are some sections of the Website (e.g. ‘Request product info’, ‘Request service info’, ‘Request support’, or ‘Contact us’) which allow the collection of those personal data that the User will decide to share with Orthofix as part of the request.
The data provided by the User will be processed by the Controller exclusively to follow-up and fulfil the requests received. Accordingly, if the User prefers that Orthofix does not collect his/her personal data, he or she is invited not to send any request. However, in case of refusal to provide such data, Orthofix will likely be prevented from satisfying the User’s requests, or provide the latter with the services requested.
There are other sections of the Website which incorporate a specific form whereby the User is requested to provide some data (first and last name, email address, hospital the HCP works for, post code, city, country), on a totally spontaneous basis, in order to be allowed to access products’ interactive demos or download the products’ technical or guidance materials.
As said, the User will always be free to decide whether or not to share his/her personal data by filling out the specific forms available on the Website.
In any case, Orthofix will never request/collect particular categories of personal data.
The Website has been designed with the main goal of providing information regarding the activities, products and services offered by Orthofix, or in some cases by other companies belonging to Orthofix Group. This is the reason why, in most cases, the collection of the User’s personal data is not necessary.
In any case, according to the principles set forth by the GDPR, the Website is set to minimize the collection of personal data, as well as to exclude the processing of such data in all cases when the purposes described hereunder can be achieved with different means and/or by anonymous data.That being said, the Users’ personal data identified above will be processed by Orthofix for the purposes of:
The User is entitled to withdraw at any time the consent given in relation to the activities described under d) and e) above, it being understood that any processing operations carried out until the moment of such withdrawal shall remain fully lawful and valid.
Should the data be collected in the future also for purposes other than those described above, it will be duty of Orthofix, on one hand, to provide adequate information to the Users relating to such new purposes in order to enable transparency and user awareness and, on the other hand, ensure that a valid legal basis (such as the data subject’s consent) exists, where needed, to undertake the relevant processing activities.
The personal data are collected and processed lawfully and fairly, exclusively for the purposes described above and in accordance with the fundamental principles established by the applicable legislation, with special regard to the GDPR.
Processing operations may take place both manually and electronically, in any case under technical and organizational measures that ensure the security and confidentiality of the data, especially in view of preventing or however minimizing the risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to the Users’ personal data.The processing operations will be carried out, under the direct authority of the Controller, only by persons who have been duly authorized to access and process the Users’ data in accordance with the instructions provided by Orthofix, on a need-to-know basis, and the applicable data protection laws and regulations.
Except for the cases described in c) and e) above, the Users’ personal data will not be shared with third parties.
Should the data be made available by Orthofix to any other third-party suppliers or partners (such as marketing and communication agencies, service or hosting providers, IT companies or else) in order to enable them to perform specific services connected to or necessary for the fulfilment of the purposes listed above, it will be the responsibility of the Controller to appoint such third parties as data processor by virtue of their capacity, experience and reliability and to provide them with specific instructions regarding the needed level of protection and security of the data, according to Art. 28 of the GDPR. The updated list of data processors can be accessed at any time by sending a written request to Orthofix, as specified below.It remains understood that the Users’ personal data will be communicated to third parties, such as public or judicial authorities, to comply with their binding orders and requests, as well as with applicable legal obligations.
Personal data will be kept in a format that allows the identification of the User for no longer than necessary to fulfill the purposes for which the data have been originally collected.In more detail:
Subject to the above, the Users’ personal data will be kept in identifiable form for those further periods which are required or expressly permitted by the applicable laws, e.g. in order to fulfil orders issued by competent Authorities, as well as to enforce or protect the rights of the Controller (consistent with the retention periods and statutes of limitations provided for by the laws and regulations in force, also locally).
As soon as no longer necessary in accordance with the above, the data will be cancelled or definitively made anonymous.
Given the international nature of Orthofix’s business activities, the data may be transferred abroad, still for the sole purposes described above, to other companies belonging to the Orthofix Group and/or to the Controller’s or such other Orthofix Group companies’ distributors established outside the territory of the European Union.In these cases, it will be the Controller’s responsibility to ensure that the relevant transfer abroad is made in accordance with adequate data protection guarantees, as required by the law, e.g. through the adoption of Standard Model Clauses as approved by the European Commission, or other equivalent safeguards.
The User can at any time exercise his/her rights in accordance with the applicable data protection legislation, including:
Last Update: 01/09/2020